Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [cisco-asa]

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality.

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality as standard. This is Cisco's replacement line for the PIX range, but has additional functionality, mostly related to security, through additional modules.

772 questions
4
votes
1 answer

Protecting an ASA in a multi tenant environment

I'm interested to know what best practices are for setting limits and policies on an ASA to protect the device to maintain service when used as a multi tenant firewall. For example following several recent incidents of compromised servers we now…
SimonJGreen
  • 3,205
  • 5
  • 33
  • 55
4
votes
0 answers

Cisco ASA ipsec vs Anyconnect client issue

So I have an iPad that has a IPSec VPN created. I am able to connect from the outside fine and I can access my local LAN files just fine. When I connect with the Cisco AnyConnect client from the same device, it allows me to login but I can't access…
Richard
  • 153
  • 2
  • 2
  • 10
4
votes
2 answers

Cleanest, quickest way to generate a Cisco VPN .pcf file?

What's the most efficient way to generate Cisco VPN .pcf files for distribution to end-users? This is for ASA 5500-series firewalls. Coming from a Mac workstation, I no longer have access to a working Cisco VPN client. Can this be done outside of…
ewwhite
  • 197,159
  • 92
  • 443
  • 809
4
votes
3 answers

Opening Ports on a Cisco ASA 5505

I am trying to configure a new 5505 but I am having difficulties opening ports that allow traffic in from the outside. My setup is Comcast Business Modem (w/ single static IP) -> ASA (10.0.0.1) -> (dumb) Switch -> NAS (10.0.0.10). I am attemping to…
ids
  • 41
  • 1
  • 2
4
votes
1 answer

Outbound Traffic Logging on ASA 5520 possible?

Taking a look at the ASDM (6.4) for my ASA 5520, I get a nice summary of the traffic status, with items like "interface traffic usage", and "connections per second". This works well, but only shows the data for the last 5-6 minutes or so.…
j2k4j
  • 119
  • 1
  • 4
4
votes
1 answer

Cisco ASA ipsec IKEv1 remote access for Avaya VPN phone - no client address assigned

I'm having a strange issue with remote access VPN connectivity on our ASA cluster. Normal site-to-site tunnels and AnyConnect connections works just fine. However, a special ipsec ikev1 tunnel does not. It establishes, and stays up, but the client…
pauska
  • 19,620
  • 5
  • 57
  • 75
4
votes
3 answers

Can our firewall detect traffic sniffing inside the network?

We use Cisco ASA's firewall and NAT functions in our network (200 computers). Is there any possibility to configure Cisco ASA to detect traffic sniffering (for example wireshark) and network inspection(for example "nmap -sP 192.168.0.*") inside our…
Arthur Elimhanov
  • 41
  • 1
  • 2
4
votes
1 answer

Configure the management interface on a Cisco ASA to allow access from an existing management LAN

(Redefined the question to match actual LAN topology...) I have a new Cisco ASA-5512-X firewall, which is going into an existing network stack to separate some specific client servers from the rest of our LAN (i.e. not as the edge device). The…
jimbobmcgee
  • 2,675
  • 4
  • 27
  • 43
4
votes
1 answer

Cisco ASA: Prevent any single internal host from saturating bandwidth of outside Internet interface

We have an ASA 5510 at the edge of our network connected to a 10Mb Internet pipe. All internal IPs are private so we have external and internal interfaces. I'd like to prevent any single internal host from consuming more than 75% bandwidth on the…
Daniel Lucas
  • 1,192
  • 1
  • 14
  • 25
4
votes
1 answer

Cisco ASA LDAP Group Privilege Level

We have a pair of ASA 5510s (8.4.3) on which we use LDAP authentication for VPN and SSH access. On all of our Catalyst switches, which use RADIUS, we're able to set the shell:priv-lvl to 15 in the RADIUS config (2008R2 NPS). However, the best I…
bab
  • 443
  • 2
  • 6
  • 12
4
votes
1 answer

Configure Freeradius to check a connecting user against multiple LDAP groups

I'm setting up a Cisco ASA as a client vpn server. The appliance is relying on freeradius to authenticate the users. Freeradius has in turn been configured to query OpenLDAP. The modules/ldap file has been configured to check the groups ownership…
spidernik84
  • 319
  • 1
  • 5
  • 12
4
votes
3 answers

Denying ICMP type 3 code 4 traffic - good or bad?

Investigating a slow VPN connection (Cisco ASA IPSec) to a remote office, I noticed on our firewall a lot of access rule matches: Denied ICMP type=3, code=4 from *ip_address* on interface outside I noticed that a traceroute to the remote site…
dunxd
  • 9,632
  • 22
  • 81
  • 118
4
votes
1 answer

Is my ASA 5505 almost dead?

I just got a refurbished ASA 5505. It works fine until un need to reload it or unplug it from power and replug it, when I do this and it's warm (even after some minutes of uses, so still physicaly cold while touching it), in this case, it simply…
Kedare
  • 1,786
  • 4
  • 20
  • 37
4
votes
1 answer

Cisco ASA 5505, tcp window scaling (rfc1323)

I have a very odd issue with our cisco firewall, If on our osx machines we run the following to disable window scaling support: sudo sysctl -w net.inet.tcp.rfc1323=0 We see near 40% improvement in download speeds (tested using varying linux iso…
Oneiroi
  • 2,063
  • 1
  • 15
  • 28
4
votes
3 answers

QoS basics on a Cisco ASA

Could someone briefly explain how to use QoS on Cisco ASA 5505? I have the basics of policing down, but what about shaping and priorities? Basically what I'm trying to do is carve out some bandwidth for my VPN subnets (in an object-group called…
danieljimenez
  • 209
  • 3
  • 12
1 2 3
51 52