Asa | Baldwin Sung

Posts Tagged ‘asa’

Cisco ASA Description & Part Numbers

From: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html

Cisco ASA 5505 Solution Description	Firewall/VPN Performance	Part Number
Cisco ASA 5505 10-user bundle Includes 10-user license, 8-port Fast Ethernet switch, stateful firewall, 10 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion slot	150 Mbps/100 Mbps	ASA5505-BUN-K9
Cisco ASA 5505 50-user bundle Includes 50-user license, 8-port Fast Ethernet switch, stateful firewall, 10 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion slot	150 Mbps/100 Mbps	ASA5505-50-BUN-K9
Cisco ASA 5505 unlimited user bundle Includes unlimited user license, 8-port Fast Ethernet switch, stateful firewall, 10 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion slot	150 Mbps/100 Mbps	ASA5505-UL-BUN-K9
Cisco ASA 5505 Security Plus bundle Includes Cisco ASA 5505, unlimited users, 8-port Fast Ethernet switch, stateful firewall, 25 IPsec VPN peers, 2 SSL VPN peers, stateless Active/Standby high availability, dual ISP support, DMZ support, 3DES/AES license, and 1 expansion slot	150 Mbps/100 Mbps	ASA5505-SEC-BUN-K9
Cisco ASA 5510 Solution Description
Cisco ASA 5510 Content Security bundle Cisco ASA 5510 Appliance with CSC-SSM provides firewall, VPN, and content security services to stop viruses, spyware, and provide file blocking. Includes 1 yr subscription for the content security features. Additional content security services (anti-spam, anti-phishing, and URL blocking and filtering) available with the ASA-CSC10-PLUS license.	300 Mbps/170 Mbps	ASA5510-CSC10-K9
Cisco ASA 5510 bundle Includes 3 Fast Ethernet interfaces, stateful firewall, 250 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES license, and 1 expansion slot	300 Mbps/170 Mbps	ASA5510-BUN-K9
Cisco ASA 5510 Security Plus bundle Includes 5 Fast Ethernet interfaces, stateful firewall, 250 IPsec VPN peers, 2 SSL VPN peers, Active/Standby high availability, 3DES/AES license, and 1 expansion slot	300 Mbps/170 Mbps	ASA5510-SEC-BUN-K9
Additional Recommended Options
Cisco ASA 5505 Security Plus license (provides stateless Active/Standby high availability, dual ISP support, DMZ support, VLAN trunking support, and increased session and IPSec VPN peer capacities)		ASA5505-SEC-PL
Cisco ASA 5500 CSC10-Plus license (1-year subscription license, which adds anti-spam, anti-phishing, and URL blocking and filtering to the CSC-SSM content security solution in the Cisco ASA 5510)		ASA-CSC10-PLUS
Cisco ASA 5510 Security Plus license (provides Active/Active and Active/Standby high availability, increased session and VLAN capacities, and additional Ethernet interfaces)		ASA5510-SEC-PL
Cisco ASA 5500 Series 10-user SSL VPN license		ASA5500-SSL-10
Cisco ASA 5500 Series 25-user SSL VPN license		ASA5500-SSL-25
Cisco ASA 5500 Series 50-user SSL VPN license		ASA5500-SSL-50

Posted: April 13th, 2011
Categories: cisco
Tags: asa, cisco
Comments: No Comments.

Cisco ASA SSL Web VPN Configuration

Permanent Link

Share/Bookmark

ip local pool WebVPN_LocalPool SOME.IP.ADDR.SUBNET-SOME.IP.ADDR.SUBNET mask 255.255.255.0
access-list WebVPN_SplitTunnelList standard permit SOME.IP.ADDR.SUBNET 255.255.255.0
 
webvpn
 svc image disk0:/sslclient-win-1.1.4.179-anyconnect.pkg 1
 svc image disk0:/anyconnect-macosx-i386-2.3.2016-k9.pkg 2
 enable outside
 port-forward portforward 1022 SOME.IP.ADDR.STATIC ssh internal_ssh
 tunnel-group-list enable
 svc enable
 
sysopt connection permit-vpn
 
group-policy WebVPN_GroupPolicy internal
 
group-policy WebVPN_GroupPolicy attributes
 vpn-tunnel-protocol svc
 !Windows uses its own adapter
 !Mac will update resolv.conf
 !dns-server value DNS1 DNS2
 !default-domain value sub.domain.com
 address-pools value WebVPN_LocalPool
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value WebVPN_SplitTunnelList
 webvpn
  port-forward name portforward
  port-forward auto-start portforward
  svc keep-installer installed
  svc rekey time 30
  svc rekey method ssl
  svc ask none default svc
  !port-forward value portforward
  !port-forward-name value Secure Router Access
 
username webvpn attributes
 vpn-group-policy WebVPN_GroupPolicy
 
tunnel-group WebVPN_TunnelGroup type remote-access
tunnel-group WebVPN_TunnelGroup general-attributes
 default-group-policy WebVPN_GroupPolicy
 tunnel-group WebVPN_TunnelGroup webvpn-attributes
 group-alias WebVPN_TunnelGroup enable
 
username webvpn password xxx nt-encrypted privilege 1
username webvpn attributes
 vpn-group-policy WebVPN_GroupPolicy
 service-type remote-access

Posted: March 28th, 2011
Categories: asa, cisco, vpn
Tags: asa, cisco, ssl, ssl-vpn, vpn
Comments: No Comments.

Cisco ASA Security using Threat Detection

Permanent Link

Share/Bookmark

threat-detection basic-threat
threat-detection statistics
threat-detection statistics port
threat-detection scanning-threat shun except ip-address SOME.MGMT.IP.ADDR 255.255.255.0
threat-detection rate scanning-threat rate-interval 1200 average-rate 10 burst-rate 20

Posted: March 28th, 2011
Categories: cisco
Tags: asa, cisco
Comments: No Comments.

Cisco ASA/PIX Facility Number and Syslog Name

Permanent Link

Share/Bookmark

The default facility used by the Cisco ASA is 20 (LOCAL4).

16	LOCAL0
17	LOCAL1
18	LOCAL2
19	LOCAL3
20	LOCAL4
21	LOCAL5
22	LOCAL6
23	LOCAL7

Posted: March 28th, 2011
Categories: asa, cisco
Tags: asa, cisco, pix, syslog
Comments: No Comments.

Cisco ASA & IOS Site to Site IPsec/VPN Tunnel Configuration

Permanent Link

Share/Bookmark

 
!!!ASA DEVICE:
access-list VPN_SITE_TO_SITE_IPSEC_TRAFFIC extended permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list ASA_NONAT extended permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0
 
global (outside) 1 interface
nat (inside) 0 access-list ASA_NONAT
 
crypto ipsec transform-set VPN_SITE_TO_SITE_TRANS_SET esp-des esp-md5-hmac
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP 12 match address VPN_SITE_TO_SITE_IPSEC_TRAFFIC
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP 12 set peer PUB.IP.ADDR.HERE
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP 12 set transform-set VPN_SITE_TO_SITE_TRANS_SET
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP interface outside
crypto isakmp enable outside
 
crypto isakmp policy 12
 authentication pre-share
 encryption des
 hash md5
 group 1
 lifetime 86400
 
tunnel-group PUB.IP.ADDR.HERE type ipsec-l2l
tunnel-group PUB.IP.ADDR.HERE ipsec-attributes
 pre-shared-key VPN_PRE_SHARED_KEY
 
!!! IOS DEVICE:
crypto isakmp policy 12
 hash md5
 authentication pre-share
 
crypto isakmp key VPN_PRE_SHARED_KEY address PUB.IP.ADDR.HERE PUB.IP.SUBNET.HERE
crypto ipsec transform-set VPN_SITE_TO_SITE_TRANS_SET esp-des esp-md5-hmac
crypto dynamic-map VPN_SITE_TO_SITE_DYNAMIC_MAP 12
 set transform-set VPN_SITE_TO_SITE_TRANS_SET
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP 12 ipsec-isakmp dynamic VPN_SITE_TO_SITE_DYNAMIC_MAP
 
int FastEthernet0/1
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP
 
int FastEthernet0/0
ip nat inside
 
ip nat inside source list 190 interface FastEthernet0/1 overload
 
no access-list 190
access-list 190 deny ip 10.0.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 190 permit ip 10.0.0.0 0.0.0.255 any

Posted: March 25th, 2011
Categories: cisco, networking, vpn
Tags: asa, cisco, ios, ipsec, tunnel, vpn
Comments: No Comments.

Cisco Terminal Output

Permanent Link

Share/Bookmark

Setting the number of lines for either Cisco ASA/PIX or IOS devices can be done as follows.

ASA/PIX:
Set to 23 lines - pager 23 (default)
Disable/Do not stop - no pager
<p>
IOS:
Set to 23 lines - length 23
Disable/Do not stop - length 0

<br />Example for IOS:

ios(config)#line console 0
ios(config-line)#length 0
ios(config-line)#^Z
ios(config)#line vty 0 4
ios(config-line)#length 0
ios(config-line)#^Z

Posted: October 19th, 2009
Categories: asa, cisco, ios, networking, os
Tags: asa, cisco, ios
Comments: No Comments.

Baldwin Sung

Straight from Midtown Manhattan! IT infrastructure and programming.

Bio

SEARCH

Site search

CATEGORIES

RECENT COMMENTS

Tag Cloud

Change Your Color

Posts Tagged ‘asa’

Cisco ASA Description & Part Numbers

Cisco ASA SSL Web VPN Configuration

Cisco ASA Security using Threat Detection

Cisco ASA/PIX Facility Number and Syslog Name

Cisco ASA & IOS Site to Site IPsec/VPN Tunnel Configuration

Cisco Terminal Output