I have created the following video on youtube a few months ago and thought about embedding the video here as well. It is about configuring the Cisco ASA in order to install the ASDM image (Adaptive Security Device Manager) and hence be able to manage the device with the graphical ASDM GUI. The video shows […]

Cisco announced more details about its new ASA models (5506, 5508) which are using FirePOWER services and are geared towards small and medium size businesses. According to Cisco, the new ASA models are “industry’s first threat-focused Next Generation Firewalls” and offer application visibility and control, advanced malware protection (using AMP Threat Grid), next generation intrusion […]

EDIT: My Book “Cisco ASA Firewall Fundamentals-3rd Edition” is now available on Amazon as Paperback physical book. MORE INFORMATION HERE Some time ago a visitor of my website asked me to help him on a special Cisco ASA VPN configuration and thought about sharing it here to help other people as well. The specific network […]

The following article describes the proper way to allow BGP sessions between two routers to pass through a Cisco ASA firewall appliance. Especially if the BGP configuration between the two routers uses MD5 authentication (which is a good security practice), you need some special “treatment” on this session in order to pass it successfully through […]

The new series of Cisco ASA devices (ASA 5500-X models which include 5512-X, 5515-X, 5525-X, 5545-X, 5555-X and 5585-X) have the capabilities to support Next Generation Firewall Security Services. They support these security services as cloud-based services (such as Cloud Web Security and Web Security Essentials) or as software based modules which do not need […]

The Cisco Adaptive Security Appliance is an integrated security equipment that can perform a variety of functions like firewall, intrusion prevention, VPN, content security, unified communications, and remote access. Among these functions, the ASA can also perform routing using popular routing protocol like Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest […]

The ASA 5505 is the only model that has an 8-port switch embedded in the device. All interfaces of the ASA5505 are Layer2 switch ports and thus they support some features that you can find on Cisco switches. One of these features is called “Private Vlan”. The concept of “Private VLAN” is very useful in […]

There are several configuration features on Cisco ASA that require some sort of password or secret-key that you need to enter. Some examples include: VPN pre-shared keys (either for site-to-site IPSEC VPN or for Remote Access). AAA server secret key when communicating with a RADIUS server. Routing Protocols keys (for OSPF, EIGRP). Secret key for […]

Cisco released a new Cisco ASA software version 9.0 recently and I wanted to inform you about the most notable new features of this release and also about some other important changes you need to keep in mind before upgrading. Upgrade Notes If you upgrade to version 9.0 from any previous ASA version (8.x) then […]

If you administer any of the Cisco ASA 5500 firewall family products some things should be noted about the differences in configuration for 8.3 and newer versions of code.  One of the most significant changes to be noted is NAT (Network Address Translation). In the Cisco ASA 8.3 version of code Cisco has introduced the […]

IETF proposed an updated Internet Key Exchange (IKE) protocol, called IKEv2, which is used to simplify and improve the legacy IKE protocol (IKEv1). Cisco ASA introduced support for IPSEC IKEv2 in software version 8.4(1) and later. In this ASA version, IKEv2 was added to support IPsec IKEv2 connections for AnyConnect and LAN-to-LAN VPN implementations. Of […]