Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [cisco-asa]

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality.

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality as standard. This is Cisco's replacement line for the PIX range, but has additional functionality, mostly related to security, through additional modules.

772 questions
6
votes
5 answers

Monitoring Bandwidth Usage (Per Internal IP) - Cisco ASA 5505

I manage a small network with a Cisco ASA 5505 and a shared DSL connection. I would like to be able monitor the bandwidth usage of the various users/devices on my network (by IP address). Can I do that using the ASA? Has anyone got this working? …
Joseph Sturtevant
  • 1,274
  • 3
  • 15
  • 17
6
votes
1 answer

How do I configure NAT rules when using ASA IP-SLA when leveraging post-ASA-8.3 NAT syntax?

We are currently running ASA9 at a location with redundant ip connectivity. We'd love to configure ip sla so that internet access survives a single carrier outage. I'm aware of the ip sla commands, however when I've tried to prepopulate the…
Peter Grace
  • 3,456
  • 1
  • 27
  • 43
6
votes
1 answer

ASA site-to-site IPSec vpn to linux ipsec-tools endpoints stops working after a random period of time

We swapped to ASA's over the weekend, and we replaced our VPN infrastructure which was previously based on openvpn and are now using IPSec between our ASA 5520's and our other sites that have linux (CentOS) routers. The VPNs connect just fine, but…
Peter Grace
  • 3,456
  • 1
  • 27
  • 43
6
votes
1 answer

Cisco ASA Config for PCI Compliant Office

We have a small business office, but due to PCI compliance we need to segment this into two internet networks (one 'compliant' and one for any other devices to use). We currently have a Draytek modem/wan load balancer which also has firewalling but…
Ben
  • 101
  • 1
  • 7
6
votes
5 answers

Outbound ports to allow through firewall - core requirements

If I only want to allow HTTP, POP3, IMAP4, SMTP functionality for outbound traffic (i.e. no servers hosted at site) are there any additional ports that need to be open to allow those functions to work (e.g. DNS UDP ports)? See also: outbound ports…
dunxd
  • 9,632
  • 22
  • 81
  • 118
6
votes
2 answers

Cisco ASA5510 Bandwidth Shaping/Limiting

This question is in two parts: Shape How can I limit the bandwidth on a ASA5510 to less than 10Mbps? Currently I have: policy-map shape_policy class class-default shape average 9000000 36096 ! service-policy shape_policy interface outside But when…
lpfavreau
  • 439
  • 2
  • 8
  • 19
5
votes
1 answer

Overcome asymmetric routing while migrating between sets of ISPs

We are migrating from one set of addresses to another set, both /24, and trying to minimize any down time during the migration. Ideally we'd run both for a period of time as we shut down the old circuits. There are a total of 4 internet…
fullstop
  • 51
  • 5
5
votes
3 answers

How to allow UDP broadcast between interfaces on a Cisco ASA 5506-X

I have a CISCO ASA 5506-X with 4 configured interfaces and a set of access-lists etc. It is configured via CLI and is running in routed mode, not transparent. Everything is running well, but now I have a problem I could not yet solve: One of the…
Steffen
  • 688
  • 3
  • 10
  • 17
5
votes
1 answer

Nmap external scan shows port open, ASA says port is not open, but do get an socket

Folks, have a weird one, need your expert help. For one of our heavily used external facing server which came up in an audit, nmap -Pn scan shows the following: Starting Nmap 5.51 ... Host pub.ip is up (0.0032s latency). Not shown: 993…
user3196304
  • 51
  • 1
  • 4
5
votes
1 answer

How to set up Cisco AnyConnect VPN Client to only tunnel traffic for specific destinations?

I have an Ubuntu server that needs to be able to connect via Cisco AnyConnect VPN to another server for one of our applications. However, because we're using this server for multiple applications, we can't route all traffic through the VPN. So,…
404 Not Found
  • 153
  • 1
  • 4
5
votes
1 answer

ASA5505 slow downstream, fast upstream on VDSL PPPoE

We have recently switched our ADSL2+ connection for a VDSL Connection in our office. The only configuration change I have made to the Cisco ASA for this change, was to change the username/password on the PPPoE settings for the outside interface,…
Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
5
votes
1 answer

How do you allow ICMP Echo Requests on a Cisco ASA 55xx Router?

I'm very new to managing Cisco equipment, so bear with me. I'm configuring a Cisco ASA 5505 router for my office, and I am reasonably competent enough with the console to configure the basics -- our business needs are not extravagant. Our pings are…
Adam Lassek
  • 492
  • 1
  • 9
  • 18
5
votes
2 answers

Connecting to basic office network from the outside

Back Story: I work in the IT Department for a company that got its start by being given space to work out of from a warehouse when my company first got its start about a decade ago. Ever since then, the owners of my company have provided "favors" to…
David W
  • 3,453
  • 5
  • 36
  • 62
5
votes
2 answers

Cisco ASA Command length

Whenever I write some command in ASA , it hides the full command and show the bit of command . What is the way to increase the length of Commands I write in ASA, so it doesn't hide the command written on the Terminal Session? I tried to google it…
user121080
  • 53
  • 2
  • 4
5
votes
1 answer

How can I configure an ASA such that I can use a sub-priviledge 15 user to download the current config from http?

I am setting up our new ASA's at Stack Exchange and am trying to follow some best practices like using configuration management and minimum-permissions-necessary users. What I'm trying to do is utilize the https server to download the running…
Peter Grace
  • 3,456
  • 1
  • 27
  • 43
1
2
3
51 52