Category Archives: ASA

IPSec between ASA and SRX Policy based

Following is the topology: 12.12.12.0/24 is behind ASA and 192.168.4.0/24 is behind SRX. SRX configuration: set security ike proposal phase-1-proposal authentication-method pre-shared-keys set security ike proposal phase-1-proposal dh-group group2 set security ike proposal phase-1-proposal authentication-algorithm md5 set security ike proposal … Continue reading

Posted in ASA, Juniper SRX | Leave a comment

Configure IPSec (IKEV1) on ASA 9.x

Configure phase 1 policy: crypto ikev1 policy 1 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 Enable phase 1 on interface: crypto ikev1 enable outside Specify the preshared key: tunnel-group 192.168.3.2 type ipsec-l2l tunnel-group 192.168.3.2 ipsec-attributes ikev1 pre-shared-key … Continue reading

Posted in ASA | Leave a comment

Understanding ASA commands

How to interpret show route output in ASA: ASA# show route Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP        D – EIGRP, EX – EIGRP external, O – … Continue reading

Posted in ASA | Leave a comment

CISCO ASA How to:

How to check ASA version: asa# show version | inc Version Cisco Adaptive Security Appliance Software Version 9.2(4)8 Device Manager Version 7.5(2)153 How to check ASA hardware: asa# show version | inc Hardware Hardware:   ASA5545, 12288 MB RAM, CPU Lynnfield … Continue reading

Posted in ASA | Tagged , , | Leave a comment

Take packet captures on ASA

If we need to take packet capture during some troubleshooting on ASA we can take captures on ASA as follows. We can take capture on interface where the traffic will hit and on interface where traffic will go i.e ingress … Continue reading

Posted in ASA | Tagged , , , , , , , | Leave a comment

Allow ping through ASA

R1 wants to ping to R3 but is not able to ping. By default CISCO ASA doesn’t inspect icmp it means that if you want to ping to some server from LAN ping reply will not come. To allow ping … Continue reading

Posted in ASA | Tagged , , , , , | Leave a comment

IPSec (IKEv1) on ASA 8.2

The default configuration on ASA 8.2 for phase 1 is as follows: Authentication: Pre-shared key Encryption : 3des Hash: sha Group: DH group 2 Lifetime: 86400 The default configuration for ASA 8.2 for phase 2 is: Encryption: esp-3des Hashing: esp-sha-hmac … Continue reading

Posted in ASA | Tagged , , , , , | Leave a comment