Questions tagged [cisco-asa]

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality.

The Cisco ASA (Adaptive Security Appliance) series of products provide Firewall and VPN functionality as standard. This is Cisco's replacement line for the PIX range, but has additional functionality, mostly related to security, through additional modules.

770 questions
16
votes
4 answers

Hardware firewall vs VMware firewall appliance

We have a debate in our office going on whether it's necessary to get a hardware firewall or set up a virtual one on our VMWare cluster. Our environment consists of 3 server nodes (16 cores w/ 64 GB RAM each) over 2x 1 GB switches w/ an iSCSI shared…
Luke
  • 1,892
  • 4
  • 22
  • 27
15
votes
2 answers

Strongswan vpn tunnel connected but the traffic is not routed through it

I have just set up a vpn tunnel site-to-site with strongswan (4.5). The tunnel looks fine and connected to the other side, but seems there is a problem routing traffic through the tunnel. Any idea? Thanks! Network…
telemaco
  • 251
  • 1
  • 2
  • 4
10
votes
2 answers

L2TP/IPSec from Windows 7 to ASA 5520

I am trying to setup L2TP/IPSec on our ASA5520 to support a fringe case for one of our developers. The Windows VPN subsystem apparently stores the kerberos or NTLM cookie for the login when you use the built-in vpn subsystem, and the Cisco VPN…
Peter Grace
  • 3,446
  • 1
  • 26
  • 42
10
votes
3 answers

How do I reach my internal server on the external IP?

We are trying to configure our Cisco 5505, and it has been done through ASDM. There is one big problem that we're not able to solve, and that's when you go from inside to outside and back in again. Example, we have a server "inside" and we want to…
Fore
  • 213
  • 1
  • 2
  • 6
9
votes
3 answers

Cisco ASA and multiple VLANs

I currently manage 6 Cisco ASA devices (2 pairs of 5510s and 1 pair of 5550s). They all work quite nicely and are stable so this is more of a best-practice advice question rather then "OMG it's broken help me fix it". My network is split into…
bart613
  • 548
  • 1
  • 6
  • 15
9
votes
1 answer

Cisco ASA Site-to-Site VPN Dropping

I have three sites, Toronto (1.1.1.1), Mississauga (2.2.2.2) and San Francisco (3.3.3.3). All three sites have ASA 5520. All the sites are connected together with two site-to-site VPN links between each other location. My issue is that the tunnel…
ScottAdair
  • 141
  • 2
  • 8
8
votes
1 answer

Strongswan VPN Established but no Packets Routed

I'm setting up a VPN using strongSwan between a Linux instance on an Amazon EC2 instance and a remote network via its Cisco concentrator. I need to route packets from the Linux instance itself a machine in the remote subnet. The connection is…
titusd
  • 181
  • 1
  • 1
  • 3
8
votes
2 answers

DMZ subnet: to NAT or not to NAT?

I'm looking at setting up a DMZ behind a Cisco ASA that will contain a large number of HTTP front-end load balancers and SSL offload services - over 100 IPs, concentrated on a smaller number of hosts. In the past I've kept all the hosts on RFC1918…
natacado
  • 3,317
  • 28
  • 27
7
votes
1 answer

How should DNS be configured for remote VPN access to a Windows Domain?

Suppose you have a small windows domain configured as follows: domain name is ad.example.com (as per these guidelines) DC1 is at 10.10.10.3 DC2 is at 10.10.10.4 DC1 and DC2 are running the AD-integrated DNS and DHCP Server roles AD DHCP is…
alx9r
  • 1,643
  • 3
  • 16
  • 37
7
votes
5 answers

Cisco ASA CLI/ASDM for Dummies

I'm kind of an idiot when it comes to Cisco stuff. I can usually figure out most firewalls and understand netmasks, IP addressing, DMZ's, NAT, etc. But for some reason I just don't get Cisco ASA's. Both CLI and the ASDM. Long story short, I'm…
Dayton Brown
  • 1,549
  • 2
  • 13
  • 23
7
votes
2 answers

Routing via Cisco ASA is changing TCP sequence/ACK numbers

Our network has a dedicated VPN appliance that sits inside the office network. We have a Cisco ASA with a static route that routes the VPN subnets to the VPN appliance. So a typical request from the client to the remote site (192.168.161.28 ->…
Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
7
votes
3 answers

show all users on a Catalyst Cisco switch

I am new to Cisco, I am having some difficulty: I'd like to list all user accounts. show users only displays currently logged in users. I have no problem changing the enable password, but I'd like to see all available users so I can change specific…
TryTryAgain
  • 1,112
  • 4
  • 22
  • 40
7
votes
3 answers

How to get Home, End, Delete keys working for PuTTY SSH sessions to Cisco ASA?

I want to be able to use Home, End and Delete keys when using PuTTY to access the CLI on my Cisco ASAs. Currently when I use these keys I see the ~ character. I have tried changing the PuTTY session Keyboard setting for Home and End from Standard…
dunxd
  • 9,482
  • 21
  • 80
  • 117
6
votes
2 answers

Recover from Cisco ASA 5508-X internal flash failure?

I was performing maintenance on a standby Cisco ASA 5508-X firewall that is part of a failover cluster. Upon reload, I noticed that the cluster status remained failed long after the unit should have recovered. I had datacenter staff connect a serial…
ewwhite
  • 194,921
  • 91
  • 434
  • 799
6
votes
5 answers

Monitoring Bandwidth Usage (Per Internal IP) - Cisco ASA 5505

I manage a small network with a Cisco ASA 5505 and a shared DSL connection. I would like to be able monitor the bandwidth usage of the various users/devices on my network (by IP address). Can I do that using the ASA? Has anyone got this working? …
Joseph Sturtevant
  • 1,234
  • 3
  • 15
  • 17
1
2 3
51 52