CCNA Security-Initial Configuration of Cisco ASA Firewall

seen from Germany
seen from Netherlands
seen from Germany

seen from Singapore
seen from China

seen from Peru
seen from United Kingdom
seen from Russia
seen from United States

seen from Syria
seen from China
seen from Italy
seen from Germany

seen from Singapore
seen from United States
seen from Germany
seen from United States
seen from United Kingdom

seen from Germany
seen from United States
CCNA Security-Initial Configuration of Cisco ASA Firewall
Networking Devices
Networking devices are used to connect multiple device or computers to share the information, also called communication devices.
Switch: Switch is a centralize networking device where all the hosts get connected in a network. Switches are work on Layer 2 (Data-Link Layer). Switches support broadcast domain. Each port creates a collision domain in a switch.
Switches work on mac address and…
View On WordPress
Backup ASA Firewall configurations using TFTP
Backup ASA Firewall configurations using TFTP
Backup is very important to prevent any disaster. Here is the way how to take a backup for ASA Firewall. Different devices have different commands to back up the configuration.
Download SolarWinds TFTP Server from the Website.
Install the TFTP server on your machine.
Create a backup Folder where you will save all the configurations.
Launch The tftp server. Click on ‘FILE’ and ‘Configure’. Go to…
View On WordPress
Cisco ASA Active FTP problem even with ftp inspect enabled
I recently needed to connect to a vendor's ACTIVE-only ftp site. Although my Cisco ASA 5500 series firewalls were handling PASSIVE ftp without any problems, for some reason it would not pass active ftp.
As usual with active ftp connection problems, the initial port 21 tcp connection would work properly and login successfully. However, the subsequent ftp-data (port 20) connection would fail.
Researching on the Internet turned up the usual recommendation for Active ftp problems: enable FTP Inspection. Unfortunately, this didn't solve the problem because the firewall was already inspecting ftp traffic. For example:
cisco-asa# show run | b policy-map
policy-map global_policy class inspection_default inspect ftp inspect icmp <snip>
I next pulled up the ASA logger and checked the traffic. I could see the initial TCP connection from my laptop (10.1.1.70) to the ftp server, but I also saw a connection attempt from 10.5.162.0. In this case, the dot-zero address was the network address, so it could not have been another computer making the same connection attempt. Instead, this is the ASA's ftp inspection trying to "fixup" the active ftp session.
It turns out that the 10.5.162.0 ip network was the first network in the group of our standard outgoing NAT rule:
nat (inside,outside) after-auto source static grp-AllData public-NAT
When checking out the NAT rule, I found the problem: the NAT rule was configured as a Static NAT instead of a Dynamic PAT (Hide). Since the ASA thought this was a static (one-to-one) translation, it was choosing the first IP address that it found in the group and using it in the Active FTP connection. My guess is this problem occurred months ago during the upgrade to 8.3 when all of the NAT rules were re-written. I'm honestly surprised that the ASA would accept a group as a static NAT, but everything else had been working fine.
After changing the NAT to Dynamic PAT (hide), the ASA began correctly identifying the IP address to use in the Active FTP's data connection.