In a highly critical environment, we strongly recommend to setup Cisco ASAs in high availability mode. This way, if the Active ASA unit fails, the Standby unit takes over the role and becomes Active. Before we proceed, you need to ensure that following pre-requisites are met Both Cisco ASA units Continue Reading
Cisco ASA
Apply and Activate Cisco ASA License
On every purchase of ASA firewall, Cisco ships product authorization key known as PAK in printed format along with delivery. The steps remain same irrespective of ASA license feature. 1.Login to Cisco registration portal - http://www.cisco.com/go/license and enter PAK key and ASA serial number, then you will get the license key Continue Reading
Can't ping ASA inside interface over IPSec VPN
Even though, IPSec VPN is successfully established between 2 ends of your network, you can't ping ASA inside over IPSec VPN from the other end. Basically, you cannot remotely manage Cisco ASA through the VPN tunnel. You also noticed that inside interface is reachable from LAN. The problem is with Continue Reading
Configure IKEV1 Site to Site VPN between Cisco ASA and Paloalto Firewall
In this guide, we are configuring IKEV1 VPN between Cisco ASA and Paloalto firewall. This is applicable to all models of Cisco and PA firewalls. Configure Cisco ASA: 1) Phase 1: IKE policy ciscoasa(config)# crypto ikev1 policy 10 ciscoasa(config-ikev1-policy)# authentication pre-share ciscoasa(config-ikev1-policy)# encryption 3des ciscoasa(config-ikev1-policy)# hash sha ciscoasa(config-ikev1-policy)# group 2 Continue Reading
Cisco ASA Error - AnyConnect package on the secure gateway could not be located
You might be experiencing a similar issue while connecting through Cisco ASA AnyConnect to your remote network. Even though you have loaded the proper AnyConnect image to flash, reason for this problem is because Cisco ASA is unable to locate AnyConnect package in the device. In order to fix this issue, Continue Reading
Copy image to standby Cisco ASA
Copy IOS image to standby Cisco ASA unit, for example in order to copy asa942-6-smp-k8.bin from tftp server (10.10.10.10) to Standby ASA disk0, execute following command asa/pri/act#failover exec mate copy /noconfirm tftp://10.10.10.10/asa942-6-smp-k8.bin disk0:/asa942-6-smp-k8.bin Here is useful link to run commands on standby ASA Running Commands on Standby Cisco ASA
Running Commands on Standby Cisco ASA
In order to execute Cisco ASA commands on Standby unit, use failover exec as prefix. failover exec is used to execute commands on a specific unit in a failover pair, the syntax is failover exec {active | standby | mate} cmd active - means the command is executed on active ASA Continue Reading
Alternate to Cisco Client VPN for Windows 10
If you are looking for an alternate software for Cisco Client VPN software, here is the step by step guide to set it up.This worked for me in Windows 10 Pro 64 bit edition computer. Download Shrew VPN Client for Windows. In this guide I used 2.2.2 release. 2. Install the Continue Reading
Packet Tracer Phase 9 Type:VPN Subtype:encrypt Result:DR
We have an issue of no traffic flow over IPSec VPN, however the VPN is successfully established between Cisco ASA firewalls in Site A and Site B. Using packet-tracer, we are trying to find out the path and status of an icmp packet leaving the firewall. For ICMP, you need Continue Reading
Configure Cisco ASA Firepower Services for the first time
Before you proceed with configuration, ensure that Source FirePower (SFR) service is up and running on your ASA ASA# sh module Mod Card Type Model Serial No. ---- -------------------------------------------- ------------------ ----------- 1 ASA 5506-X with SW, 8GE Data, 1GE Mgmt, AC ASA5506 JAD101600GX sfr FirePOWER Services Software Module ASA5506 JAD101600GX Continue Reading