How to check ASA version:

asa# show version | inc Version
Cisco Adaptive Security Appliance Software Version 9.2(4)8
Device Manager Version 7.5(2)153

How to check ASA hardware:

asa# show version | inc Hardware
Hardware:   ASA5545, 12288 MB RAM, CPU Lynnfield 2660 MHz, 1 CPU (8 cores)

How to check connection details on ASA between a particular source and destination:

ASA# show conn detail address address

How to check vpn users in ASA:

ASA# show vpn-sessiondb anyconnect

Username     : xxxx             Index        : 65098
Assigned IP  : xxxx             Public IP    : xxxx
Protocol     : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License      : AnyConnect Essentials
Encryption   : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)RC4  DTLS-Tunnel: (1)AES128
Hashing      : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)SHA1  DTLS-Tunnel: (1)SHA1
Bytes Tx     : 38535932               Bytes Rx     : 13850530
Group Policy : xxxxxx   Tunnel Group : xxxxx
Login Time   : 14:14:05 GMT Mon Feb 20 2017
Duration     : 1d 17h:47m:52s
Inactivity   : 0h:00m:00s
VLAN Mapping : N/A                    VLAN         : none
Audt Sess ID : 0xxxx
Security Grp : none

ASA#show vpn-sessiondb webvpn

How to check webvpn configuration:

show run webvpn

How to use packet trace in cisco ASA:

ASA#packet-tracer input inside icmp 8 0

How to turn on pager in ASA:

terminal pager 0

Clear IPsec site to site tunnel:

ASA#clear crypto ipsec sa peer

Test AAA authentication on ASA:

test aaa-server authentication Our-Server host x.x.x.x username xxxxx password xxxxxx

How to forward logs to syslog in ASA:

logging enable
logging trap informational
logging asdm informational
logging host Inside x.x.x.x
logging permit-hostdown

How to check failover history:

show failover history

How to check traffic/packet rate on interface:

ASA#show traffic

How to check CPU on ASA:

show processes cpu-hog

Configure vlan/subinterface on ASA:

interface gigabitEthernet x.x
vlan x
nameif DMZ1
security-level 50
ip address x.x.x.x standby x.x.x.y

How to check embryonic connection on ASA:

show conn state tcp_embryonic

How to create address object and ACL:

object-group icmp-type icmp-type8-echo-request
  icmp-object 8

object-group network Internal-host-1
network-object host

object-group network Internal-host-2
network-object host
network-object host

access-list inside_acl line 1 extended permit tcp object-group Internal-host-1 object-group Internal-net object-group Internal-service-1
access-list inside_acl line 1 extended permit udp object-group Internal-host-1 object-group Internal-net object-group Internal-service-2
access-list inside_acl line 1  extended permit icmp   object-group Internal-net object-group Internal-host object-group icmp-type8-echo-request

object-group service Internal-service-1 tcp
 port-object range 1 100
 port-object eq 80

object-group service Internal-service-2 UDP
 port-object range 1 100
 port-object eq 80

object-group service my-services
 service-object tcp eq 135
 service-object udp eq 135
access-list inside_access_out extended permit object-group my-services host object-group DMZ-NET

How to enable ASDM:

http inside
 http server enable


This entry was posted in ASA and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s