Configuration guides for IT Administrators
Cisco ASA
-
Unable to SSH to ASA
⏱︎
Read time:
Read More →: Unable to SSH to ASAWe had an issue in SSH to Cisco ASA firewall that was recently purchased and setup in network. While troubleshooting further, we could see some error logs in ASDM as SSH session from 192.168.109.77 on interface inside for user “Unknown” disconnected by SSH server, reason: “Internal error” (0x00) This was caused by lack of local AAA authentication…
-
Traffic between ASA interfaces of same security level
⏱︎
Read time:
Read More →: Traffic between ASA interfaces of same security levelError: Deny inbound UDP from 192.168.109.77 to 8.8.8.8/53 due to DNS query This problem occurs when you have configured 2 or more interfaces of Cisco ASA with same security-level. In such case, you need to configure and allow traffic between them. (config)# same-security-traffic permit inter-interface You can also perform the same section via ASDM. Go to Configuration > Device…
-
Cisco ASA cannot ping any hosts on outside
⏱︎
Read time:
Read More →: Cisco ASA cannot ping any hosts on outsideOut of the box Cisco ASA firewall doesn’t permit ICMP traffic, that means the firewall permits ping traffic out but it won’t let the reply traffic to come inside. The solution is to add “inspection icmp” to global policy map ASA(config)# policy-map global_policy ASA(config-pmap)# class inspection_default ASA(config)# inspect icmp ASA(config)# exit ASA# write memory After adding the above command, you…
-
Cisco ASA ASDM in Windows 10
⏱︎
Read time:
Read More →: Cisco ASA ASDM in Windows 10This error occurred in Windows 10 computer while trying to connect Cisco ASA 5506-x via ASDM. Error: ASDM did not get a response from the ASA in the last 60 seconds. Please check the configuration and your connection and then try again by clicking Refresh. Here are couple of workable solutions in Windows 10 The easiest way…
-
Cisco ASA as DHCP Server for Guest Network
⏱︎
Read time:
Read More →: Cisco ASA as DHCP Server for Guest NetworkThis is one of the most common deployment where you want Cisco ASA to lease IP address for your wireless Guests. We have a Windows Server in internal network, however for security reason, we want to completely isolate Guest network and do not want an internal server to lease IP address for Guests.Gigabit Interface 1/3 in…
-
Create CSR and Install certificate in Cisco ASA Firewall
⏱︎
Read time:
Read More →: Create CSR and Install certificate in Cisco ASA FirewallGenerate CSR via Cisco ASA CLI Commands 1. Before generating a CSR request, you must create a private key (config)# crypto key generate rsa label itadminguide.key modulus 2048 INFO: The name for the keys will be:itadminguide.key Keypair generation process begin. Please wait… 2. Once the private key is created, you will then need to create a…
-
Cisco ASA AnyConnect Configuration and Troubleshooting
⏱︎
Read time:
Read More →: Cisco ASA AnyConnect Configuration and Troubleshooting1.Create Network Objects (config)# object network office-subnet subnet 172.20.100.0 255.255.255.0 (config)# object network anyconnect-subnet subnet 192.168.210.0 255.255.255.0 2.Create DHCP Pool for Anyconnect client (config)# ip local pool anyconnect-pool 192.168.210.50-192.168.210.200 mask 255.255.255.0 3.Create ACL and NAT (config)# access-list InternalHosts-SplitTunnelAcl standard permit 172.20.100.0 255.255.255.0 (config)# nat (inside,outside) source static office-subnet office-subnet destination static anyconnect-subnet anyconnect-subnet 4.Enable AnyConnect.…
-
Static bidirectional NAT on Cisco ASA firewall
⏱︎
Read time:
Read More →: Static bidirectional NAT on Cisco ASA firewallIn this configuration, 192.168.100.255 is an SMTP Server that we would like to publish on internet with public IP address 221.200.200.51 and open port tcp/25. STATIC NAT: (config)# access-list outside_access_in extended permit tcp any host 192.168.100.235 eq smtp (config)# access-group outside_access_in interface outside (config)# object network srv_192.168.100.235 (config)# host 192.168.100.235 (config)# nat (inside,outside) static 221.200.200.51 service tcp…
-
Configure IKEv1 Site to Site VPN between Cisco ASAs
⏱︎
Read time:
Read More →: Configure IKEv1 Site to Site VPN between Cisco ASAsStep 1: Configure Phase 1 and Phase 2 In ASA of both sides Phase 1: IKE policy In Phase 1, single bi-directional SA (Security Association) is created between VPN peers and is a control channel for Phase-1 keepalives, DH-Key Calculation and Phase-2 SA creation and rekey. ciscoasa(config)# crypto ikev1 policy 10 ciscoasa(config-ikev1-policy)# authentication pre-share…
-
Configure IKEv2 Site to Site VPN between Cisco ASAs
⏱︎
Read time:
Read More →: Configure IKEv2 Site to Site VPN between Cisco ASAsWe are using the following topology, the most popular one. 2 sites in different geographical location and both have static IP address configured in their ASA firewall. Before we begin, you should also know the advantages of using IKEv2 IKEv2 uses fewer messsages to establish tunnel thus saves bandwidth IKEv2 has built-in mechanism against DoS attacks. ASA uses minimum…
Lucas Brey
I’m Lucas Brey, a travel blogger sharing practical guides, hidden gems, and honest tips from the road. Follow along for smart itineraries, great food finds, and stories worth bookmarking.
Categories
- Active Directory
- AWS
- BIG-IP F5
- BlueHost
- CCNA 200-301
- CCNA Practice LAB
- Cisco
- Cisco ASA
- Cisco Router
- Cisco Switch
- Cisco TelePresence
- Cisco UCS
- Cisco Wireless
- Cloud
- Commands
- Cyberoam Firewall
- DevOps
- Docker
- Elasticsearch
- Firewall
- FortiGate
- General
- HP Switch
- Huawei Router
- Hyper-V
- Linux
- Microsoft365
- MongoDB
- Oracle Cloud
- Paloalto Firewall
- PSExec
- Python
- SEO
- Solaris
- Symantec Messaging Gateway
- Tiny Core Linux
- TM Deep Security
- Tomcat
- tp-link
- Uncategorized
- VMware
- Wordpress
- Zabbix
Tags
- .m4a to .wav
- /bin/false
- /sbin/nologin
- 301 permanent response
- Access Control List
- activation-key
- Active
- AD Group
- Add member to Switch Stack
- airmon-ng
- APN
- ASA allow ping
- ASA AnyConnect Package
- ASA FirePower Services
- ASA IKEv1 Site to Site VPN
- ASA IKEv2
- ASA license
- ASA SFR Setup
- audacity merge
- Auto start stop
- Azure AD
- Azure AD Connect
- Azure AD Join
- AzureAD
- backup mobility express
- Bidirectional Static NAT Cisco ASA
- Bluehost
- Bootstrap
- Brackets
- Cannot start microsoft outlook
- CCNA
- CentOS
- Certificate
- certificate chain expiry
- Certs
- Checklist
- Chrome
- circuit breaking exception
- Cisco
- Cisco 1850
- Cisco 887 WAN
- Cisco AnyConnect
- Cisco ASA
- Cisco ASA Active/Standby
- Cisco ASA AnyConnect
- Cisco ASA Anyconnect SSL
- Cisco ASA CSR
- Cisco ASA Failover
- Cisco ASA High Availability
- Cisco ASA IKEv1 VPN
- Cisco ASA IKEv2 VPN
- Cisco ASA VPN
- Cisco ASDM Windows 10
- cisco cucm user logged in
- Cisco Mobility Express
- cisco router
- cisco stack switch upgrade
- Cisco Switch
- Cisco Switch DHCP
- Cisco Switch Stack
- Cisco Switch tips
- Cisco Telepresence
- cisco ucs ESXi purple error
- Cisco VPN Alternate
- Cisco VPN encrypt drop
- Cisco Wireless
- Cisco WLC
- Cisco WLC Tips
- Cisco WLC upgrade
- cli
- commands
- Commands on standby ASA
- content exists
- Convert CAPWAP to Mobility Express
- could not start pcpu 1 TSC sync timed out
- Country Code F5
- csv mysql
- cyberoam
- Cyberoam Firewall upgrade
- Cyberoam firmware upgrade
- cyberoam GUI access
- Cyberoam IPSec VPN
- Cyberoam Static NAT
- cyberoam WAN
- Data Group iRule
- date
- debug php errors
- debug wordpress
- Deep Security
- default interface
- delegate
- dev fd0
- DHCP in Cisco ASA
- Diagnostic Package
- difference
- Disable
- Disable HTTPS Redirect
- Disable or Forced Offline Pool member
- dlink
- Docker
- double dash
- double hyphen
- Download
- Dynamic NAT
- DynDNS
- Elasticsearch
- empty()
- Enable SSH
- enterprise vault
- err-disabled
- Error
- exchange
- ExchangeOnline
- exit-code
- Expand Disk
- external dynamic list
- F5
- f5 active connections
- F5 APM
- F5 clear LCD
- F5 Data Group
- F5 deployment topology
- F5 Exchange CAS Hostname
- F5 Geo-location
- F5 High Availability
- F5 HSTS
- F5 LACP
- F5 load balancing methods
- F5 logging
- F5 PFS
- F5 SSL offload
- F5 tcpdump
- file empty
- Firefox
- Firewall Feed
- font
- forticlient
- FortiGate
- FortiGate Block Country
- FortiGate Category
- FortiGate CLI
- FortiGate CLI Address Objects
- Fortigate Conflict With Subnet
- Fortigate difference threat feed
- Fortigate GUI Access
- Fortigate IP Address
- Fortigate IP Address Feed
- Fortigate IP Feed
- Fortigate IP Pools
- Fortigate IP Text File
- Fortigate Management Interface
- Fortigate one-to-one NAT
- Fortigate Same Subnet
- FortiGate Security Fabric
- Fortigate Static NAT
- Fortigate Virtual IP
- Free
- Free Tool
- free wav merge files
- FSSO upgrade
- GAL
- Geolocation F5
- get list of program
- get_query()
- get_results()
- get_row()
- get_var()
- Get-MessageTrace
- Global Address List
- GoDaddy
- Google Search Console
- growpart
- Gutenberg
- HP Cisco switch trunk
- HP Switch CLI
- HP switch intervlan routing
- HSRP
- HSTS
- http monitor f5
- https to http redirect
- Hyper-V
- Hyper-V Convert VM
- IKEV1 VPN
- image
- image on standby asa
- Install
- Install-Module
- Installation
- Integrate
- interface bandwidth
- internet
- IPSec between Paloalto and Cisco Router
- IPSec Cisco Router Dynamic IP
- IPSec VPN
- iptables
- IPv6
- iRule
- iRule Commands
- iRule logging
- iRule order
- isset()
- Jasper
- Jetpack
- kali
- kill process in remote pc
- KRACK Attack
- Lab
- Large files
- lcdwarn
- libseccomp2
- Linux
- Linux command
- log rotation
- logging console
- Login Banner
- Loop
- LTM inline character error
- mac-address
- Mailbox
- MailboxPermission
- Manual Install
- Menu
- Meraki Facebook WiFi
- merge wav files
- Microsoft 365
- Mobility Express
- mobility express AP
- Mobility Express CLI Commands
- MongoDB
- Monitor Website
- Move OU
- Msol
- multi-SSID
- multiple SSID
- multiple VLAN
- mysql
- MySQL table size
- NAT
- netplan
- Network Missing
- networkmanager
- new line
- New Outlook
- next line
- No Skype for Business
- Notifications
- ntp
- Office365 Deployment Tool
- Ooredoo
- Ooredoo fiber
- openssh
- Oracle Access Rules
- Oracle Cloud
- Oracle Cloud DB Access Rule
- Oracle Database Cloud Service
- Oracle Java Cloud Firewall
- Orange
- Outlook
- Outlook Classic
- Outlook Rules using powershell
- pa 8.1.0 upgrade
- Packet Tracer
- PacketTracer
- page role
- Palo Alto
- Paloalto
- paloalto firewall
- paloalto firewall upgrade
- Paloalto OpManager
- Paloalto SNMP MIB
- Paloalto Tunnel Monitor
- parsedmarc
- Pass Country Code using iRule
- password reset
- Permission
- php
- php class COM
- ping ASA inside
- PoE vs PoE+ vs UPoE
- Pool members traffic
- port forward
- Port Forwarding in HG8247
- port-channel
- PowerShell
- ppk version 2
- ppk version 3
- Practice LAB
- predownload AP
- preg_split
- Priority
- privilege
- PsExec
- PSSession
- PUTTY
- Python
- remote access vpn
- remotely reboot windows
- Replace
- ReplicaSet
- resize2fs
- route-lookup
- Router
- router factory default
- Routes
- rsyslog
- S3 bucket
- SAN Certificate Symantec Messaging Gateway
- Script error
- Search
- Secure
- Secure Boot
- server
- serverside SSL
- Shrew soft VPN Setup
- Slack
- SNMP
- SNMP v3
- software
- Solaris
- SPF
- ssh
- SSL
- stack upgrade
- Static
- Static NAT Cisco ASA
- subdomain
- Subscription
- Sucuri
- Sudoers
- switch autostate
- Switch back
- switch bandwidth
- Switch DHCP 150
- switch etherchannel
- SX80 Codec 4x Cam
- symantec
- syslog
- tcpdump nnn
- Teams
- Teams PowerShell Module
- Telepresence Firewall Ports
- terminal monitor
- text file
- Themes Editor
- time
- timezone
- tiny core
- tomcat
- tp-link
- Trace email logs
- Trap
- Trend Micro
- Ubuntu
- uccx .wav
- uccx audacity
- uccx audio free converter
- UCCX Master/Slave
- uccx script error
- uninstall ap
- upgrade
- Use Data Group in iRule
- useful
- User
- UUID
- v1
- v2c
- v3
- vCenter 6.5
- Vi
- virtualbox
- VMware
- vpn
- w32tm
- WAN Access
- Weblogic Plugin Enabled
- Website
- Windows Service
- without plugin
- WL-Proxy-Client-IP
- WL-Proxy-SSL
- WLC 8.3.133 Upgrade
- WLC upgrade
- Wordpress
- WordPress Javascript
- WordPress URL Parameter
- wpdb last_error
- wpdb last_query
- wpdb last_result
- X-Forwarded-For
- XAMPP
- XAMPP Control Panel
- xpack.security.encryptionkey
- Zabbix
- Zabbix Port
- Zabbix_get