The Cisco Adaptive Security Appliance (ASA) is an integrated security equipment that can perform a variety of functions like firewall, intrusion prevention, VPN, content security, unified communications, and remote access. Among these functions, the ASA can also perform routing using popular routing protocol like Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP), Open […]
Configuring Object Groups on Cisco ASA (Network, Service Objects etc)
The usage of object groups (network objects, service object etc) is becoming more popular on Cisco ASA firewalls especially with newer OS versions ( 8.3(x) and later) . In the newer versions, network object groups are used extensively for the configuration of NAT mechanisms in addition to other uses. In this post I will show […]
Cisco ASA as DHCP Server with Multiple Internal LANs (Configuration)
In this tutorial I will describe the configuration of an interesting network scenario that I’m sure many of you will find helpful. This scenario is applicable in many real world situations, mainly in small to medium networks. The network scenario is as follows: We have three different internal LAN networks which host user computers and […]
Cisco ASA Firewall with PPPoE (Configuration Example on 5505)
A Cisco ASA Firewall is ideal for Broadband access connectivity to the Internet since it provides state of the art and solid network security protection. Especially for small business or home use, the ASA 5505 model is ideal for broadband ADSL access connectivity. Some ISPs provide Point to Point over Ethernet access, which is abbreviated […]
Allowing Microsoft PPTP through Cisco ASA (PPTP Passthrough)
The Microsoft Point to Point Tunneling Protocol (PPTP) is used to create a Virtual Private Network (VPN) between a PPTP client and server. It is used for remote access from roaming users to connect back to their corporate network over the Internet. A PPTP client connects and authenticates to the PPTP server which assigns an […]
Configuring site-to-site IPSEC VPN on ASA using IKEv2
The scenario of configuring site-to-site VPN between two Cisco Adaptive Security Appliances is often used by companies that have more than one geographical location sharing the same resources, documents, servers, etc. The Cisco ASA is often used as VPN terminator, supporting a variety of VPN types and protocols. In this tutorial, we are going to […]
How to Configure OSPF on Cisco ASA Firewall (Example Config and Troubleshooting)
Cisco Adaptive Security Appliance (ASA) is quite a versatile device integrating application-aware firewall, SSL and IPsec VPN, intrusion prevention system (IPS), antivirus, antispam, antiphishing, and web filtering services. Cisco ASA also supports routing protocols such as Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP), and last but not least, Open Shortest Path First […]
Ping TCP Command on Cisco ASA – Great Troubleshooting Tool
The “ping” command has been the “de facto” troubleshooting protocol used mainly for testing connectivity and communication between two hosts. As we all know, the ping command sends “ICMP” packets to the other end and waits for ICMP reply packets to come back. From ASA 8.4(1) and later, Cisco introduced an enhanced version of the […]
How to Configure SNMP on Cisco ASA 5500 Firewall
SNMP stands for Simple Network Management Protocol. Up to ASA software 8.1, the SNMP version supported was v1 and v2c. The newest ASA software 8.2 supports also SNMP v3 which is the most secure snmp protocol version. The ASA works as an SNMP server (or agent), so you need also a Network Management System (NMS) […]
How to Configure VLAN subinterfaces on Cisco ASA 5500 Firewall
One of the advantages of the Cisco ASA firewall is that you can configure multiple virtual interfaces (subinterfaces) on the same physical interface, thus extending the number of security zones (firewall “legs”) on your network. Each subinterface must belong to a different Layer2 VLAN, with a separate Layer3 subnet. There are limits on the number of […]
How to configure DHCP Relay on Cisco ASA Firewall
The ASA 5500 and 5500-X series firewall can work as DHCP relay agent which means that it receives DHCP requests from clients on one interface and forwards the requests to a DHCP server on another interface. Usually the DHCP server is located in the same layer 3 subnet with its clients. There are situations however […]
Permitting Traffic to Enter and Exit the Same Interface on Cisco ASA
With the older Cisco PIX firewall appliances, there was no way for traffic to enter a specific interface and then exit back from the same interface again. With the new Cisco ASA models, this is also not supported by default, but you can enable this functionality with the same-security-traffic permit intra-interface command. The schematic above […]
Cisco ASA Policy Based Routing (PBR) Configuration
Policy Based Routing (PBR) is a feature that has been supported on Cisco Routers for ages. However, Cisco ASA firewalls didn’t support this until version 9.4.1 and later. Finally Cisco acknowledged the usefulness of PBR on firewall devices and has implemented this on ASA as well. In this article I will show you how to […]