asa

No Image

How to block web messenger on hotmail using Cisco ASA

Often times you may find that you need to block web messengers due to corporate security policies. Conventional ACLs work for messenger clients that communicate using specific ports, however, you may find some instant messengers run via a web browser…


No Image

Cisco ASA 8.3 RAM upgrade

The Cisco ASA 8.3 is quite a major release despite the minor version number update. One of the major feature overhaul is the NAT. NAT and statics are no longer bound to an interface. It has moved towards an network…


Cisco ASA license missing after format flash and how to recover!

Cisco ASA license gone!? Today I experienced a failure during an upgrade of an ASA5505 which resulted in my Cisco ASA license disappearing. The ASA complained about error writing to flash. %Error opening disk0:/.private/startup-config (Read-only file system) Error executing command…




Troubleshooting VPN slowness – A look at MTU

Problem: Troubleshooting vpn slowness and packet retransmits could be a puzzling task, especially when it’s over an IPsec tunnel. Last week I had the opportunity to troubleshoot a problem with slow website loading times on a webserver across the link….


No Image

Demystifying ASA/PIX Nat 0 vs Static

Firstly, Nat 0 and static can be used to achieve the same result of bypassing NAT, at least logically 🙂 However both are fundamentally different. Take a look at the following example: nat (inside) 0 192.168.1.1 255.255.255.255 and static (inside,dmz)…


No Image

Cisco ASA allowing management-access from VPN

The inside interface of the PIX (also applies to ASA) cannot be accessed from the outside or from the other side of the VPN tunnel unless the management-access is configured. Once management-access is enabled, Telnet, SSH, or HTTP access must…


Cisco ASA Failover Tips and misc.

When setting up a Cisco ASA failover pair, try to follow the following rules & tips: Do not use a crossover Ethernet cable or a fiber-optic patch cable to directly connect the two failover LAN interfaces if the firewalls are…


No Image

Cisco ASA/PIX Firewall inside interface routing problem

If you are having issues routing your traffic within the inside interface, or hair-pining your traffic, chances are you need to enable the “same-security-traffic permit intra-interface” command. Take a look at the picture below which explains this problem: Basically when…