I’m currently working on a design and needed to verify some failover behavior of the Cisco ASA firewall. The ASA can run in active/active or active/standby mode where most deployments I see run in active/standby mode. When in a failover
Introduction This post will discuss different design options for deploying firewalls and Intrusion Prevention Systems (IPS) and how firewalls can be used in the data center. Firewall Designs Firewalls have traditionally been used to protect inside resources from being accessed
Version 9.0 of the Cisco ASA software has now been released. Here are some of the major features in the new release. Filter ICMP by ICMP code Clustering of multiple ASAs OSPFv3 and EIGRP support IPv6 support on outside interface
Continuing to check things off from the blueprint. Did some ZBFW labbing today. Here are some important stuff to be aware of. ZBFW is basically a wrapper for CBAC. We create policys between zones and assign interfaces to zones instead
To enable AAA we need the AAA new-model command but what does it really do? Many of us makes assumptions about this command. By default if we have an empty config then we will be able to use the console
I’m going through the blueprint and now I checked off IP accounting. The feature is very simple, it lets us see which source destination pairs that are sending traffic to each other. We can also configure to look what precedence
I’m doing the security section of Vol1 right now and this is something I think people might have confused. Look at the following configuration: ! Scenario 1 aaa authentication login default group tacacs+ none aaa authorization exec default none !
I found a very useful tool when practicing the INE labs. How to generate traffic with traceroute. I’ve used telnet lots of times to generate TCP traffic on different ports but what if we want to generate UDP traffic instead?
The lock and key ACL is one of those features you’re not sure how to use in production but it is viable for the CCIE lab. The lock and key ACL is a form of dynamic ACL which requires a
This post describes how to filter packets with a route-map. I have never used a route-map for the sole purpose of filtering packets before. I ran into this while doing a vol2 lab and the task was to filter ICMP