Throughout my professional career in networking I was lucky to work with all Cisco firewall models and therefore I have experienced the “evolution” of every firewall product developed by Cisco. For the SMB/SOHO market, Cisco’s initial offering was the PIX 501, followed by the successful Cisco ASA 5505. The latter came to an End-of-Sale in […]
Cisco ASA Firewall Commands – Cheat Sheet
In this post I have gathered the most useful Cisco ASA Firewall Commands and created a Cheat Sheet list that you can download also as PDF at the end of the article. I have been working with Cisco firewalls since 2000 where we had the legacy PIX models before the introduction of the ASA 5500 […]
Cisco ASA as DHCP Server with Multiple Internal LANs
In this tutorial I will describe the configuration of an interesting network scenario that I’m sure many of you will find helpful. This scenario is applicable in many real world situations, mainly in small to medium networks. The network scenario is as follows: We have three different internal LAN networks which host user computers and […]
Configuration of Cisco ASA for ASDM Access
I have created the following video on youtube a few months ago and thought about embedding the video here as well. It is about configuring the Cisco ASA in order to install the ASDM image (Adaptive Security Device Manager) and hence be able to manage the device with the graphical ASDM GUI. The video shows […]
New Cisco ASA 5506-5508 models with FirePOWER
Cisco announced more details about its new ASA models (5506, 5508) which are using FirePOWER services and are geared towards small and medium size businesses. According to Cisco, the new ASA models are “industry’s first threat-focused Next Generation Firewalls” and offer application visibility and control, advanced malware protection (using AMP Threat Grid), next generation intrusion […]
Ping TCP Command on Cisco ASA – a great troubleshooting tool
The “ping” command has been the “de facto” troubleshooting protocol used mainly for testing connectivity and communication between two hosts. As we all know, the ping command sends “ICMP” packets to the other end and waits for ICMP reply packets to come back. From ASA 8.4(1) and later, Cisco introduced an enhanced version of the […]
Cisco ASA VPN Hairpinning
EDIT: My Book “Cisco ASA Firewall Fundamentals-3rd Edition” is now available on Amazon as Paperback physical book. MORE INFORMATION HERE Some time ago a visitor of my website asked me to help him on a special Cisco ASA VPN configuration and thought about sharing it here to help other people as well. The specific network […]
How to pass authenticated BGP Sessions through Cisco ASA (BGP Pass Through)
The following article describes the proper way to allow BGP sessions between two routers to pass through a Cisco ASA firewall appliance. Especially if the BGP configuration between the two routers uses MD5 authentication (which is a good security practice), you need some special “treatment” on this session in order to pass it successfully through […]
Cisco ASA5510 Vs ASA5512-X or 5515-X
The Cisco ASA product line for small and branch offices includes 4 ASA models: ASA5505 (either Basic License or Security Plus License) ASA5510 (either Basic License or Security Plus License) ASA5512-X (either Basic License or Security Plus License) ASA5515-X In this article I will describe the main differences between the ASA5510 and the newest generation […]
Cisco ASA CX Security Module
The new series of Cisco ASA devices (ASA 5500-X models which include 5512-X, 5515-X, 5525-X, 5545-X, 5555-X and 5585-X) have the capabilities to support Next Generation Firewall Security Services. They support these security services as cloud-based services (such as Cloud Web Security and Web Security Essentials) or as software based modules which do not need […]
Configuring site-to-site IPSEC VPN on ASA using IKEv2
The scenario of configuring site-to-site VPN between two Cisco Adaptive Security Appliances is often used by companies that have more than one geographical location sharing the same resources, documents, servers, etc. The Cisco ASA is often used as VPN terminator, supporting a variety of VPN types and protocols. In this tutorial, we are going to […]
How to configure EIGRP on a Cisco ASA Firewall
The Cisco Adaptive Security Appliance is an integrated security equipment that can perform a variety of functions like firewall, intrusion prevention, VPN, content security, unified communications, and remote access. Among these functions, the ASA can also perform routing using popular routing protocol like Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest […]
Cisco ASA 5505 DMZ with Private VLAN Configuration
The ASA 5505 is the only model that has an 8-port switch embedded in the device. All interfaces of the ASA5505 are Layer2 switch ports and thus they support some features that you can find on Cisco switches. One of these features is called “Private Vlan”. The concept of “Private VLAN” is very useful in […]