Go to the top

ASA

SFR Install
Thursday / Nov 29, 2018 /

Re-image Cisco ASA Firepower module SFR

Ziaul / ASA, Firepower, Network Security /

Re-image Cisco ASA Firepower module SFR Re-imaging the SFR module on ASA would set everything to factory default. Normally, its done when something has gone horribly wrong or the module is not behaving correctly i.e FMC cannot contact the module after ticking all the boxes. All upgrades to SFR should be performed using FMC or other […]

Continue reading
Firepower-FMC
Wednesday / Nov 28, 2018 /

Configuring Cisco NGIPS – ASA with Firepower and FMC

Ziaul / ASA, Firepower, Network Security /

Cisco Firepower Management Center (FMC):    Cisco Firepower Management Center (formerly FireSIGHT Management Center) is the administrative nerve center for Cisco security products running on a number of different platforms. It provides complete and unified management of firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. The Management Center is the centralised point for […]

Continue reading
Firewall-Security
Monday / Nov 19, 2018 /

Harden Cisco ASA Firewall – Best Practice

Ziaul / ASA, Network Security /

Cisco ASA is a security device that combines firewall, intrusion prevention, virtual private network (VPN) capabilities, and other security features. It provides proactive threat defense that stops attacks before they spread through the network. It is used as a security solution for both small and large networks. Below are the config snippets that can be […]

Continue reading
VPN_Preempt
Thursday / Jan 11, 2018 /

Cisco ASA VPN failover & Preempt

Ziaul / ASA, Cisco, VPN /

In a situation where VPN failover feature on same encryption domain and preempt feature is needed, the following solution can be used. This is done using EEM script and supported from IOS 9.2+. Embedded Event Manager (EEM) feature enables debugging problems and provides general purpose logging for troubleshooting. The EEM responds to events in the […]

Continue reading
IKE Phase1 Negitiation MSGs
Sunday / Feb 21, 2016 /

Troubleshooting IKEV1 (ISAKMP) – Phase 1 of Site-To-Site (L2L) VPNs

Ziaul / ASA, Cisco, VPN /

Troubleshooting a site-to-site VPN tunnels that is not working can be a difficult task, luckily most VPN appliances provide ample debugging information to diagnose the issue. When viewing this debugging information, a good set of steps can be taken to isolate the exact issue. Each functional VPN Tunnel consists of two tunnel processes, Phase 1 […]

Continue reading
SSL_VPN
Wednesday / Feb 10, 2016 /

Configuring Cisco Anyconnect over SSL on ASA 8.4+ & LDAPS Auth – CLI

Ziaul / ASA, Cisco, VPN /

Prerequisites for tidy implementation: A DNS record mapped to the outside IP address of the ASA firewall.(For example: access.example.co.uk) SSL Certificate installed on the ASA firewall for this domain name, ideally from 3rd party supplier. Appropriate type and number of anyconnect licenses are installed on the ASA. By default 2 licenses are available on base […]

Continue reading