The new series of Cisco ASA devices (ASA 5500-X models which include 5512-X, 5515-X, 5525-X, 5545-X, 5555-X and 5585-X) have the capabilities to support Next Generation Firewall Security Services. They support these security services as cloud-based services (such as Cloud Web Security and Web Security Essentials) or as software based modules which do not need […]

The Cisco Adaptive Security Appliance is an integrated security equipment that can perform a variety of functions like firewall, intrusion prevention, VPN, content security, unified communications, and remote access. Among these functions, the ASA can also perform routing using popular routing protocol like Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest […]

The ASA 5505 is the only model that has an 8-port switch embedded in the device. All interfaces of the ASA5505 are Layer2 switch ports and thus they support some features that you can find on Cisco switches. One of these features is called “Private Vlan”. The concept of “Private VLAN” is very useful in […]

There are several configuration features on Cisco ASA that require some sort of password or secret-key that you need to enter. Some examples include: VPN pre-shared keys (either for site-to-site IPSEC VPN or for Remote Access). AAA server secret key when communicating with a RADIUS server. Routing Protocols keys (for OSPF, EIGRP). Secret key for […]

Cisco Adaptive Security Appliance (ASA) is quite a versatile device integrating application-aware firewall, SSL and IPsec VPN, intrusion prevention system (IPS), antivirus, antispam, antiphishing, and web filtering services. Cisco ASA also supports routing protocols such as Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP), and last but not least, Open Shortest Path First […]

Cisco released a new Cisco ASA software version 9.0 recently and I wanted to inform you about the most notable new features of this release and also about some other important changes you need to keep in mind before upgrading. Upgrade Notes If you upgrade to version 9.0 from any previous ASA version (8.x) then […]

In this first Video Tutorial I will show you how to enable initial access to the ASA device in order to connect with ASDM graphical interface or with SSH. The network topology is shown below: First we need to have console access (with a serial console cable) to the device in order to configure some […]

If you administer any of the Cisco ASA 5500 firewall family products some things should be noted about the differences in configuration for 8.3 and newer versions of code.  One of the most significant changes to be noted is NAT (Network Address Translation). In the Cisco ASA 8.3 version of code Cisco has introduced the […]

IETF proposed an updated Internet Key Exchange (IKE) protocol, called IKEv2, which is used to simplify and improve the legacy IKE protocol (IKEv1). Cisco ASA introduced support for IPSEC IKEv2 in software version 8.4(1) and later. In this ASA version, IKEv2 was added to support IPsec IKEv2 connections for AnyConnect and LAN-to-LAN VPN implementations. Of […]

The cloud technology is spreading like wild fire all over the world. And like everything else in technology, unfortunately security is the last thing that vendors consider while developing technology. The same happened with the cloud. At the beginning, nobody thought about security in the virtual cloud. After several security weaknesses have been identified related […]

This is a question that I get from time to time in my work environment either from colleagues or customers. I will show you a couple of ways to do this. In ASA, for traffic to pass through interfaces, several conditions must be met. Since we are talking here for inside and outside interfaces, this […]

What is Cisco ASA Identity Firewall? Traditionally, Cisco ASA policies and rules are enforced mainly using an Access Control List (ACL) which allows or denies access to certain network resources based on the source/destination IP addresses and port numbers. For example, lets say we want source IP 10.1.1.1 to be able to access server with […]

A normal Layer3 Routing device, when receiving a packet on one of its ingress interfaces, first checks the destination IP address of the packet and then consults its routing table in order to forward the packet to the proper outgoing interface. This is the most basic operation of a router. A stateful firewall (like the […]