Whilst there probably is many answers to the problem “allowing VPN through ASA”, the following will fix problems with regards clients on the inside trying to establish a VPN-connection (L2TP) to remote peer on the outside. The logs show the following error: “regular translation creation failed for protocol 47 src such and such” Due to […]
When you add a new NAT-rule via the CLI of a Cisco ASA, the newly added rule will be appended to the NAT rule list. Tradionally you will have a NAT-hide rule at the very end, in order to provide your clients with IP connectivity to the Internet. Fortunately there is a way to choose […]
Cisco ASA includes a very nice feature since the 7.2(1)-release; packet-tracer. In short, you can inject and trace a packet as it progresses through the security features of the Cisco ASA appliance and quickly determine wether or not the packet will pass. I often use it to verify traffic passing through firewall rules, NAT-rules and […]
Did you ever have a run-in with applications terribly sensitive in terms of losing their database-connection and you need to increase the time-out the TCP-connections to this server? This configuration basically matches all traffic to one specific IP-adress and uses a service-policy to give it a longer timeout value.
Found yourself deleting hugh access-lists by deleting every single Access Control Entry? There is a simpler method, which will delete the entire ACL: clear configure access-list <ACL-name> Not to be confusewd with the clear access-list<ACL-anme> counters-command. ^_^
Packet capturing can be summarized in the following steps: 1. First off you create an ACL for filtering out which traffic to capture. 2. Then you start the capture on selected interfaces. 3. Display and/or save the capture. 4. Stop the capture and clear the buffer.
This configuration will allow you users to connect to the appliance using SSH, and authenticate themselves into enable mode.