Category Archives: ASA

Resolving ASA 8.4 NAT mystery

Static NAT/PAT: object network dynamic-nat-ip host 12.12.12.16 object network R3 host 13.13.13.13 nat (dmz,outside) static dynamic-nat-ip service tcp telnet ftp For traffic from dmz to outside this rule says that when 13.13.13.13 is trying to go to outside with source … Continue reading

Posted in ASA | Leave a comment

Cisco AnyConnect configuration

If you are accessing firewall via ASDM through outside interface then after configuring anyconect you will not be able to manage ASA via ASA on port 443 you need to change the management port: http server enable 8080 http 0.0.0.0 … Continue reading

Posted in ASA | Tagged , , , , , | Leave a comment

ASA HA configuration active-passive

Purpose of this post is to configure HA in ASA (Active-Passive). Firewall will in active-passive mode. We need to have two firewall with same hardware , same no. interfaces, same RAM size, same modules. In following example we have used … Continue reading

Posted in ASA | Tagged , , , | Leave a comment

Log allowed traffic in ASA

ASA access control list by default only logs every denied packet. The default access list logging behavior, which is the log  keyword not specified, is that if a packet is denied, then message 106023 is generated, and if a packet … Continue reading

Posted in ASA | Tagged , , | Leave a comment

IPSec between ASA and SRX Policy based

Following is the topology: 12.12.12.0/24 is behind ASA and 192.168.4.0/24 is behind SRX. SRX configuration: Step 1> Define the phase 1 parameters: set security ike proposal phase-1-proposal authentication-method pre-shared-keys set security ike proposal phase-1-proposal dh-group group2 set security ike proposal … Continue reading

Posted in ASA, Juniper SRX | Leave a comment

Configure IPSec (IKEV1) on ASA 9.x

Configure phase 1 policy: crypto ikev1 policy 1 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 Enable phase 1 on interface: crypto ikev1 enable outside Specify the preshared key: tunnel-group 192.168.3.2 type ipsec-l2l tunnel-group 192.168.3.2 ipsec-attributes ikev1 pre-shared-key … Continue reading

Posted in ASA | Leave a comment

Understanding ASA commands

How to interpret show route output in ASA: ASA# show route Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP        D – EIGRP, EX – EIGRP external, O – … Continue reading

Posted in ASA | Leave a comment