How to setup Cisco ASA in High Availability Active/Standby Failover
1671
In a highly critical environment, we strongly recommend to setup Cisco ASAs in high availability mode. This way, if the Active ASA unit fails, the Standby unit takes over the role and becomes Active. Before we proceed, you need to ensure that following pre-requisites are met Both Cisco ASA units must .. Apply and Activate Cisco ASA License
1181
On every purchase of ASA firewall, Cisco ships product authorization key known as PAK in printed format along with delivery. The steps remain same irrespective of ASA license feature. 1.Login to Cisco registration portal – http://www.cisco.com/go/license and enter PAK key and ASA serial number, .. Can’t ping ASA inside interface over IPSec VPN
920
Even though, IPSec VPN is successfully established between 2 ends of your network, you can’t ping ASA inside over IPSec VPN from the other end. Basically, you cannot remotely manage Cisco ASA through the VPN tunnel. You also noticed that inside interface is reachable from LAN. The problem is with .. 
Configure IKEV1 Site to Site VPN between Cisco ASA and Paloalto Firewall
1418
In this guide, we are configuring IKEV1 VPN between Cisco ASA and Paloalto firewall. This is applicable to all models of Cisco and PA firewalls. Configure Cisco ASA: 1) Phase 1: IKE policy ciscoasa(config)# crypto ikev1 policy 10 ciscoasa(config-ikev1-policy)# authentication pre-share ciscoasa(config-ikev1-policy)# .. 
Copy image to standby Cisco ASA
1119
Copy IOS image to standby Cisco ASA unit, for example in order to copy asa942-6-smp-k8.bin from tftp server (10.10.10.10) to Standby ASA disk0, execute following command asa/pri/act#failover exec mate copy /noconfirm tftp://10.10.10.10/asa942-6-smp-k8.bin disk0:/asa942-6-smp-k8.bin Here is useful ..
Running Commands on Standby Cisco ASA
1104
In order to execute Cisco ASA commands on Standby unit, use failover exec as prefix. failover exec is used to execute commands on a specific unit in a failover pair, the syntax is failover exec {active | standby | mate} cmd active – means the command is executed on active ASA unit standby ..
Configure Cisco ASA Firepower Services for the first time
701
Before you proceed with configuration, ensure that Source FirePower (SFR) service is up and running on your ASA ASA# sh module Mod Card Type Model Serial No. —- ——————————————– —————— ..
Unable to SSH to ASA
876
We had an issue in SSH to Cisco ASA firewall that was recently purchased and setup in network. While troubleshooting further, we could see some error logs in ASDM as SSH session from 192.168.109.77 on interface inside for user “Unknown” disconnected by SSH server, reason: “Internal ..
Traffic between ASA interfaces of same security level
765
Error: Deny inbound UDP from 192.168.109.77 to 8.8.8.8/53 due to DNS query This problem occurs when you have configured 2 or more interfaces of Cisco ASA with same security-level. In such case, you need to configure and allow traffic between them. (config)# same-security-traffic permit inter-interface ..
Cisco ASA cannot ping any hosts on outside
589
Out of the box Cisco ASA firewall doesn’t permit ICMP traffic, that means the firewall permits ping traffic out but it won’t let the reply traffic to come inside. The solution is to add “inspection icmp” to global policy map ASA(config)# policy-map global_policy ASA(config-pmap)# .. 
