Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [cisco-asa]

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality.

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality as standard. This is Cisco's replacement line for the PIX range, but has additional functionality, mostly related to security, through additional modules.

772 questions
5
votes
6 answers

Fortinet: Is there any equivalent of the ASA's packet-tracer command?

I would like to know if there is not Fortigates an equivalent of the packet-tracer command that we can find on the ASA. Here is an example of execution for those who don't know it: NAT and pass : lev5505# packet-tracer input inside tcp 192.168.3.20…
Kedare
  • 1,786
  • 4
  • 20
  • 37
5
votes
3 answers

Why do I start at privilege level 1 when logging into a Cisco ASA 5510?

I have created a test user that is set to privilege 15 in the config: username test password **************** encrypted privilege 15 When I log in to the ASA 5510 I am in privilege 1 according to sh curpriv: login as: test test@192.168.1.253's…
Alain O'Dea
  • 645
  • 3
  • 12
  • 27
5
votes
2 answers

How to block a Countries IP range with a Cisco ASA?

To be more specific I have a request from a client to block China's IP range. I know how to do this. I would use the IPs from https://www.countryipblocks.net/e_country_data/CN_netmask.txt and make a ACL. Well if you take a look at that there are…
evolvd
  • 1,384
  • 6
  • 33
  • 58
5
votes
1 answer

IPv6 over Cisco IPSec VPN?

We use a Cisco ASA 5505 as the firewall and IPSec VPN endpoint on our network. We use split-tunneling to reduce the load on our internet link. In other words, when someone is connected to the VPN their DNS queries go through our internal DNS server,…
Martijn Heemels
  • 7,728
  • 7
  • 40
  • 64
5
votes
3 answers

Making an ASA TFTP backup through VPN

I have a site to site VPN configured between two ASA 5520s. I have a TFTP server behind ASA1, with an IP of 172.16.1.1 on the "inside" network. I'd like to be able to copy the running config of ASA2 through the VPN to 172.16.1.1, but am unable to…
Victor Trac
  • 277
  • 2
  • 3
5
votes
4 answers

Cisco ASA user authentication options - OpenID, public RSA sig, others?

My organization has a Cisco ASA 5510 which I have made act as a firewall/gateway for one of our offices. Most resources a remote user would come looking for exist inside. I've implemented the usual deal - basic inside networks with outbound NAT,…
Ryan
  • 81
  • 1
  • 8
5
votes
3 answers

PPTP pass through on Cisco ASA 5505 (8.2)

Is it possible to setup PPTP VPN traffic (clients outside and server inside) to passthrough a Cisco ASA 5505 if the outside IP address is also being used for PAT? The Cisco examples forward all NAT traffic from the outside to the inside VPN server. …
ITGuy24
  • 1,576
  • 1
  • 15
  • 29
4
votes
2 answers

Monitoring for most recent version of Cisco Adaptive Security Appliance (ASA)

How does one automatically check if your Cisco ASA is running the most recent or non-vulnerable version with external monitoring? With SNMP, you can get the version number of an ASA: $ snmpget -v2c -c password 1.2.3.4…
Halfgaar
  • 8,084
  • 6
  • 45
  • 86
4
votes
1 answer

Two public IPv4 addresses on single DMZ server

This is regarding a Cisco ASA 5510 router. We have two ISPs with a block of IPv4 addresses from each. I would like to map a single server in the DMZ such that two public IPv4 addresses point to it. Like so: ISP1 71.43.230.100 -> DMZ…
Chet
  • 143
  • 5
4
votes
0 answers

VLAN Communication between Cisco ASA 5510, and VMWare ESXi 5.5

I've having a problem, where my Cisco ASA 5510-v8.2 can't communicate with VM's in a VLAN specific port group. The Cisco ASA is currently sitting in front of a group of VM's that have public IP's. That part needs to stay the same. In addition,…
Shane Chambers
  • 41
  • 1
4
votes
3 answers

List of Cisco ASA pre-defined services

Where/How can I get a list of all the services that are pre-defined on a Cisco ASA device? For example, I can do the following in a config: object-group service ALLOWTOSERVER service-object tcp www service-object tcp https And the ASA will know…
DrStalker
  • 6,946
  • 24
  • 79
  • 107
4
votes
0 answers

Cisco ASA failback to preferred IPsec peer

I just configured my Cisco ASA 5505 to failover to a backup internet line when the main outside interface is down. This all works fine. Also, I have a site-to-site IPSEC VPN tunnel from this ISP-redundant ASA to our ASA in the datacenter. The…
Mbrouwer88
  • 163
  • 1
  • 3
  • 11
4
votes
3 answers

Can I use Cisco ASA's "NetFlow Security Event Logging" (NetFlow 9) for bandwidth monitoring

Cisco has introduced NetFlow 9 export in the latest software version for ASA firewalls. But it seems to be meant for event logging of security events only (as a replacement for syslog messages). But can it still be used for bandwidth monitoring,…
networker1
  • 61
  • 1
  • 1
  • 7
4
votes
1 answer

Cisco ASA VPN: Drop-reason: (acl-drop) Flow is denied by configured rule

During VPN reconfiguration we have met quite big issue with VPN traffic not passing to peer. Using packet-tracer we have have got following debug: Phase 1 to Phase 9 passed successfully. [...] Phase: 10 Type: VPN Subtype: encrypt Result:…
Jimmy Silver
  • 81
  • 1
  • 1
  • 4
4
votes
2 answers

IPSec tunnel on ASA keeps disconnecting

I have an ASA IPSec tunnel configured between an ASA5505 and Microsoft TMG 2010 SP2. The tunnel sometimes works for a few hours, and then disconnects, and other times it works for 5 minutes and then disconnects. When it disconnects, it sometimes…
Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
1 2
3
51 52