How to clear CLI screen on ASA and IOS?
Problem: How do you clear CLI screen on ASA? Solution: Answer: You CAN’T! In case you came here asking for the clear CLI screen on IOS. Answer: You CAN’T! SecureCRT I wished there was a way to clear the CLI…
pix
How to kill, logoff, or disconnect a Cisco ASA remote access VPN session
Problem: Have you ever wondered how you logoff or disconnect a remote access VPN user on a Cisco ASA? Well there are two ways to do it. One is to use the GUI – Cisco’s ASDM and the other by…
How to view the pre shared key on a Cisco ASA/PIX configuration
Ever noticed when you issue a show running-config on a ASA to look up the VPN tunnel pre shared key and it appears as a “*”? Well here’s how to find out what the key is! more system:running-config This will…
Troubleshooting VPN slowness – A look at MTU
Problem: Troubleshooting vpn slowness and packet retransmits could be a puzzling task, especially when it’s over an IPsec tunnel. Last week I had the opportunity to troubleshoot a problem with slow website loading times on a webserver across the link….
Demystifying ASA/PIX Nat 0 vs Static
Firstly, Nat 0 and static can be used to achieve the same result of bypassing NAT, at least logically 🙂 However both are fundamentally different. Take a look at the following example: nat (inside) 0 192.168.1.1 255.255.255.255 and static (inside,dmz)…
Cisco ASA allowing management-access from VPN
The inside interface of the PIX (also applies to ASA) cannot be accessed from the outside or from the other side of the VPN tunnel unless the management-access is configured. Once management-access is enabled, Telnet, SSH, or HTTP access must…
Cisco ASA Failover Tips and misc.
When setting up a Cisco ASA failover pair, try to follow the following rules & tips: Do not use a crossover Ethernet cable or a fiber-optic patch cable to directly connect the two failover LAN interfaces if the firewalls are…
Cisco ASA/PIX Firewall inside interface routing problem
If you are having issues routing your traffic within the inside interface, or hair-pining your traffic, chances are you need to enable the “same-security-traffic permit intra-interface” command. Take a look at the picture below which explains this problem: Basically when…
Cisco ASA/PIX Bandwidth limiting
Today, I got a chance to setup some bandwidth limiting on our Cisco ASA Firewall. The goal was to choke the speed of traffic going to our backup server to 250Mb/s. As our backup traffic goes through a firewall here’s…
How to allow ICMP through your Cisco ASA/PIX firewall
ICMP packets are not stateful, how does the ASA handle them by default? Internet Control Message Protocol (ICMP) pings and traceroute on the PIX Firewall are handled differently based on the version of PIX and ASA code. Inbound ICMP through…