In this article I will show you how to deny access to specific websites (domain names) with a normal Cisco ASA firewall. This works on either the older 5500 models or the new 5500-X series devices. The only pre-requisite for the firewall is to run software version 8.4.2 and later. Also, you don’t need to […]
DNS Doctoring – Access Internal WebSite using its public URL
In this post we will discuss DNS Doctoring on Cisco ASA firewalls. This is a useful feature and although it’s very simple to configure, not many people know about it. DNS Doctoring is helpful in the following situation: Assume you have a Web Server connected to a DMZ zone on a Cisco ASA firewall and […]
ExtraBacon Cisco ASA Vulnerability
A new serious vulnerability was discovered on Cisco ASA devices, called “EXTRABACON”, and was recently patched by Cisco by releasing several software updates for the device. You need to carefully read the following security advisory (CVE-2016-6366) from Cisco and patch your devices as soon as possible. At the end of the article above there is […]
No switch option on Cisco ASA 5506-X
The new ASA 5506-X and 5508-X were released a few months ago from Cisco and are the models which will replace the very successful ASA5505 SOHO firewall. Especially the 5506-X is marketed as the ideal replacement for the 5505 which was very popular and successful in small network deployments. As you might know already, the […]
New Cisco ASA 5506-X / 5508-X will replace ASA 5505
Currently the smallest ASA appliance is the 5505 which has been in the market for several years with millions of installations worldwide. This small, passively cooled firewall still receives all the latest ASA software upgrades and features and has been a favorite firewall appliance for SOHO or Small/Medium Businesses. The ASA 5505 is equipped with […]
Comparison of Cisco ASA5500 Vs ASA5500-X
Although Cisco created a new series of ASA appliances (5500-X series), there are hundreds of thousands of older Cisco ASA 5500 models installed and working in networks all over the world. If you are one of those professionals who are considering to upgrade your older ASA5500 appliances with the new “X” models, I have prepared […]
Comparison of Cisco ASA Software Versions
With the expansion of Cisco ASA models and the addition of new types of devices, it is inevitable to have also a confusion about which software version is supported for each model. A few years ago we had only the Cisco PIX series which were replaced by the successful Cisco ASA 5500 series firewalls. Now […]
How to block HTTP DDoS Attack with Cisco ASA Firewall
Denial of Service attacks (DoS) are very common these days. Especially Distributed DoS attacks (called also DDoS) can be executed quite easily by attackers who own large networks of BotNets. Thousands of malware-infected computers (which comprise the so called “BotNets”) are controlled by attackers and can be instructed to start attacks at any target. Usually […]
How to Install CSC SSM on Cisco ASA 5510
I have found the following informative video which shows how to physically install a Content Security Services (CSC) Module in a Cisco ASA 5510 firewall appliance, and also how to create the initial setup configuration of this module using the graphical ASDM GUI of ASA firewall. The CSC module provides protection against Viruses, Spam, Spyware […]
Cisco ASA CX – Next Generation Firewall Vision from Cisco
New business requirements, the evolvement of social networking and web 2.0 and new generation technologies are driving new requirements for network and information security. Gartner has recently published their definition for next-generation firewalls, and they have noted that their famous “magic quadrant” reports for enterprise firewalls will now be taking into account the Next Generation […]
Upgrading Memory of Cisco ASA Firewall
After the introduction of Cisco ASA software version 8.3 last year, the device’s memory requirements for low-end models have been doubled. Many firewall administrators have been discouraged from this move from Cisco because they had to upgrade their firewalls RAM memory in order to upgrade to the newest versions. Upgrading the memory not only costs […]
How to Recover a preshared key of IPSEC VPN on Cisco ASA
One of the ways to configure authentication between two Cisco ASA firewalls having a site-to-site IPSec VPN tunnel between them is to configure a pre-shared key under the tunnel group attributes. This is actually the most common implementation of IPSEC lan-to-lan authentication that you will find in most real life networks. The pre-shared key must […]
Comparison Between Cisco ASA WebVPN Technologies
Cisco ASA supports two major WebVPN modes: Clientless WebVPN and Anyconnect WebVPN. Let’s see the differences between the two WebVPN modes and I’m sure you will understand why the AnyConnect mode is much better in my opinion. Clientless WebVPN does not require any VPN client to be installed on user’s computer. It uses a normal […]