Although the Cisco ASA appliance does not act as a router in the network, it still has a routing table and it is essential to configure static or dynamic routing in order for the appliance to know where to send packets. When a packet arrives to a network interface on the ASA firewall, the packet […]

The following article describes how to configure Access Control Lists (ACL) on Cisco ASA 5500 and 5500-X firewalls. An ACL is the central configuration feature to enforce security rules in your network so it is an important concept to learn. The Cisco ASA 5500 is the successor Cisco firewall model series which followed the successful […]

On my previous post I talked about Cisco ASA Active/Active configuration. In this post I will describe Active/Standby redundancy which is used much more frequently compared with the active/active scenario. ASA Active/Standby failover/redundancy means connecting two identical ASA firewall units via LAN cable so that when one device or interface fails then the second one […]

It is a good security practice to configure a Warning login banner on your Cisco ASA firewall appliance for unauthorized access attempts. In this article we will describe how to configure such a banner for different ways available for connecting to the appliance such as using the graphical interface (ASDM), session, login etc. The command […]

The Cisco ASA appliance retains clock settings in memory via a battery on the device motherboard. Even if the device is turned off, the clock is retained in memory. Configuring accurate time settings on the appliance is important for logging purposes since syslog messages can contain a time stamp according to the device clock time […]

The Cisco Adaptive Security Appliance (ASA) is an integrated security equipment that can perform a variety of functions like firewall, intrusion prevention, VPN, content security, unified communications, and remote access. Among these functions, the ASA can also perform routing using popular routing protocol like Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP), Open […]

The usage of object groups (network objects, service object etc) is becoming more popular on Cisco ASA firewalls especially with newer OS versions ( 8.3(x) and later) . In the newer versions, network object groups are used extensively for the configuration of NAT mechanisms in addition to other uses. In this post I will show […]

When it comes to authentication services in networking and IT systems in general, the best practice is to have a centralized authentication system which contains the user account credentials in a secure way and controls all authentication and authorization. This is why Active Directory in Microsoft environments is such a useful and powerful authentication scheme. […]

In this tutorial I will describe the configuration of an interesting network scenario that I’m sure many of you will find helpful. This scenario is applicable in many real world situations, mainly in small to medium networks. The network scenario is as follows: We have three different internal LAN networks which host user computers and […]

A Cisco ASA Firewall is ideal for Broadband access connectivity to the Internet since it provides state of the art and solid network security protection. Especially for small business or home use, the ASA 5505 model is ideal for broadband ADSL access connectivity. Some ISPs provide Point to Point over Ethernet access, which is abbreviated […]

The Microsoft Point to Point Tunneling Protocol (PPTP) is used to create a Virtual Private Network (VPN) between a PPTP client and server. It is used for remote access from roaming users to connect back to their corporate network over the Internet. A PPTP client connects and authenticates to the PPTP server which assigns an […]

The scenario of configuring site-to-site VPN between two Cisco Adaptive Security Appliances is often used by companies that have more than one geographical location sharing the same resources, documents, servers, etc. The Cisco ASA is often used as VPN terminator, supporting a variety of VPN types and protocols. In this tutorial, we are going to […]

Cisco Adaptive Security Appliance (ASA) is quite a versatile device integrating application-aware firewall, SSL and IPsec VPN, intrusion prevention system (IPS), antivirus, antispam, antiphishing, and web filtering services. Cisco ASA also supports routing protocols such as Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP), and last but not least, Open Shortest Path First […]