If for any reason the software image on your Cisco ASA appliance is corrupted and the device does not boot to normal operating mode, then you can load a new image using ROMMON (ROM monitor mode) and TFTP. Follow the steps below to get into ROMMON mode and then assign all necessary settings for uploading […]
Two paths for Getting your CCNA Certification – Which one is the best ?
If you are preparing for your CCNA certification then you might have been in the dilemma which path you should take for becoming a Cisco CCNA certified professional. As we know, Cisco is offering two “routes” for obtaining a CCNA. NOTE: As of 2020, there are new Cisco certifications as explained here. The “quick route” […]
Block Attacks with a Cisco ASA Firewall and IDS using the shun command
An Intrusion Detection system as we know can either work in Inline Mode (IPS) or in promiscuous mode (IDS). In inline mode, the IPS sensor can detect and block attacks by itself since all traffic passes through the sensor. However, in promiscuous mode, the IDS sensor can not block attacks by itself, but has to […]
Configuring NAT on Cisco IOS Routers
The depletion of the public IPv4 address space has forced the internet community to think about alternative ways of addressing networked hosts. Network Address Translation (NAT) therefore was introduced to overcome these addressing problems that occurred with the rapid expansion of the Internet. Even if NAT was suggested as a temporary solution, it has been […]
How To Download and Install Cisco Call Manager Express CME Software
The Cisco Call Manager Express (CME) software (its new name is Cisco Unified Communications Manager Express) provides IP Telephony services that run on Cisco Integrated Services routers (such as 1800, 2800, 3800 family series). I will start a series of posts in this blog about IP Telephony, starting today with the installation of CME on […]
Hardware Conference with PVDM Module on Cisco 2801 Call Manager Express
A PVDM (Packet Voice DSP Module) is a router hardware module card that looks like a computer memory chip and is used to provide Digital Signal Processing voice services to routers working as voice gateways or as Call Manager Express devices. The high-density PVDM2 module enables Cisco Integrated services routers (such as 2800, 3800 models) […]
Cisco ASA ftp inspection purpose
By default, the global policy used on a Cisco ASA firewall enables FTP inspection for all traffic passing through the appliance. Before discussing the usage of ftp inspection, let’s see how ftp works: In Active FTP (which is the default mode), we need two ports for communication. Port 21 is used for Command and Control […]
5 Reasons to Buy a Cisco ASA 5505 from Amazon
For advanced home users or for SOHO and Branch offices, the Cisco ASA 5505 Firewall appliance is an excellent choice to use for network protection. Its Adaptive Security software is the same used for the whole range of the ASA series, so you can be assured that the 5505 will offer you also top-class security […]
Cisco ASA QoS for VoIP Traffic
One of the new additions in the Cisco ASA 7.x and 8.x software image is the ability to configure Quality of Service for VoIP traffic, something that was found only on IOS routers in the past. The ASA supports now Low Latency Queuing (LLQ priority queuing) which lets you prioritize certain traffic flows (such as […]
Antivirus and Antispam protection with CSC SSM
The CSC-SSM module of the Cisco ASA 5500 Firewall offers content security inspection for FTP, HTTP, POP3, and SMTP traffic, thus protecting the network from viruses, spyware, worms, spam and phishing, and controls unwanted mail and Web content. In more detail, the capabilities of the CSC-SSM module include the following: Antivirus and Antispyware protection using the Trend […]
IP Phones behind a Cisco ASA 5505 Firewall
The Cisco ASA 5505 firewall is an excellent device for small branch office locations since it can offer several network services in one box. It can provide firewall security, IPSEC VPN lan-to-lan connectivity with a central office, and even power-over-ethernet connectivity for local IP phones (two of its network interfaces are power-over-ethernet ports). A common […]
Cisco IDS/IPS Module for Cisco ASA Firewalls (AIP-SSM)
The Cisco ASA 5500 security appliance is not just a plain firewall. With an add-on security module (AIP-SSM), you can transform the ASA 5500 into an IDS/IPS sensor as well. The AIP-SSM (Advanced Inspection and Prevention – Security Services Module) is a full-blown IDS/IPS sensor with the same software and functionality like the external standalone […]
User Authentication for Web Server Access on Cisco ASA Firewall
Imagine the following scenario: We have a web server on a DMZ protected by a Cisco ASA 5500 firewall. We would like to allow external Internet users to access this web server only after they successfully authenticate with a username/password credential. Maybe this scenario could be applicable in situations where we need to allow employees […]