While doing a vol2 lab I got stumped by one of the tasks in the lab. The task was to filter ICMP packets coming from the backbone destined to a network on the internal routers. The topology looks like this.
Reflexive access-lists
Reflexive access-lists is a way of filtering traffic where only return traffic is allowed if it belongs to a session initiated on the “inside”. In a regular access-list we can use the keyword established for filtering but that only looks
Filtering packets by TTL in Cisco ACL
As I make progress through the INE workbooks I’m writing posts about features that I find interesting and that might not be that known to the general public. I wasn’t aware that you could filter packets based on TTL in
Cisco ASA – Efficient access-lists with object-groups
I am currently migrating some PIX firewalls to ASA and I have been rewriting the access-lists to be more efficient and easy to read. This is done by using objects and object-groups. Lets first talk about objects, the object can
Using Cisco ASA with dual ISPs
It’s getting more common to use dual ISPs since most companys now a days are dependant on a functioning network and Internet connection. In this scenario we will be using a leased line as a primary connection, this connection won’t
Transfering files with FTP (Cisco ASA)
Trivial File Transfer Protocol (TFTP) has been the natural choice for transfering files on a Cisco device for a long time but it has some weaknesses: It’s not reliable, since it doesn’t use TCP Since it’s not using TCP every
Caveats with new Java versions for Cisco ASA
I recently upgraded some ASA firewalls to version 8.3(2) and ASDM 6.3(2). ASDM relies on JAVA to work. I had JAVA 1.6.0(20) installed on my Windows 7 laptop but ASDM would not work with this version. What’s strange and very
Cisco ASA 5510 – Where did my gigabit ports go?!
I’m preparing some ASA 5510 firewalls at work which are going to replace two Cisco Pix firewalls. We ordered the ASA5510-SEC-BUN-K9 because we need failover and the gigabit ports. I unpacked the firewall and booted it up but when I
Authentication, authorization and accounting
Authentication, authorization and acounting is commonly called AAA. If you have more than a few network devices using local user accounts is not a scalable solution. The solution is to centralize the authentication either via a TACACS+ or a RADIUS