Category Archives: ASA

Understanding ASA commands

How to interpret show route output in ASA: ASA# show route Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP        D – EIGRP, EX – EIGRP external, O – … Continue reading

Posted in ASA | Leave a comment

CISCO ASA How to:

How to check ASA version: asa# show version | inc Version Cisco Adaptive Security Appliance Software Version 9.2(4)8 Device Manager Version 7.5(2)153 How to check ASA hardware: asa# show version | inc Hardware Hardware:   ASA5545, 12288 MB RAM, CPU Lynnfield … Continue reading

Posted in ASA | Tagged , , | Leave a comment

Take packet captures on ASA

If we need to take packet capture during some troubleshooting on ASA we can take captures on ASA as follows. We can take capture on interface where the traffic will hit and on interface where traffic will go i.e ingress … Continue reading

Posted in ASA | Tagged , , , , , , , | Leave a comment

Allow ping through ASA

R1 wants to ping to R3 but is not able to ping. By default CISCO ASA doesn’t inspect icmp it means that if you want to ping to some server from LAN ping reply will not come. To allow ping … Continue reading

Posted in ASA | Tagged , , , , , | Leave a comment

IPSec (IKEv1) on ASA 8.2

The default configuration on ASA 8.2 for phase 1 is as follows: Authentication: Pre-shared key Encryption : 3des Hash: sha Group: DH group 2 Lifetime: 86400 The default configuration for ASA 8.2 for phase 2 is: Encryption: esp-3des Hashing: esp-sha-hmac … Continue reading

Posted in ASA | Tagged , , , , , | Leave a comment

ASA 8.4 Example

Access webserver from outside: object network real-host-obj  host 192.168.1.2 object network mapped-host-obj  host 1.1.1.1 nat (inside,outside) source static real-host-obj mapped-host-obj access-list allow-webserver-inside extended permit ip any host 192.168.1.2 access-group allow-webserver-inside in interface outside

Posted in ASA | Tagged , , | Leave a comment

ASA 8.4 NAT

Network object NAT rule: All NAT rule having network object are considered to be as network object NAT rule. In Network object NAT rule we cannot specify when traffic is coming from this host going to this host translate the … Continue reading

Posted in ASA | Tagged , , , | Leave a comment