Cisco Firewall VPN “Hair Pinning” Note: Cisco refer to this as a “Spoke to Spoke VPN”
KB ID 0000040 Problem You have multiple sites protected by Cisco Firewalls, you establish a remote connection VPN to one of your sites, but cannot get to the others. Solution Normally your remote workers will establish a VPN, with a VPN client (though this principle will also work for remote users with a hardware firewall). In this example we will stick with a remote client using VPN Client software (either using an IPSEC version 3...
Block Access to Facebook on Cisco ASA with MPF
KB ID 0000054 Problem If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the best solution. NOTE: This can be used for any web site simply add each URL you want to block. Solution 1. Log into your firewal,l and enter enable mode, then enter...
Enabling NetFlow on Cisco ASA
KB ID 0000055 Problem Cisco NetFlow lets you export information about traffic flow, it was originally written for the router IOS, but is now available for Cisco ASA, which uses NSEL (Note ASA uses NetFlow version 9 {newest at time of writing}) Note: NetFlow can not give you “Live” data, but it can show you what has happened over a period of time, and remember like any other “Logging” this will have an adverse...
Cisco ASA – Only Allow Mail Servers SMTP Outbound
KB ID 0000172 Problem It’s not unusual for nasty Virus’s and Malware once they have infected a machine, to set up outbound communications on the mail protocol SMTP (TCP Port 25), which can lead to your public address being blacklisted. So it’s considered good practice to stop all your clients getting mail access outbound through your firewall, while still allowing your mail server. Note: On Cisco firewall’s,...
Cisco PIX/ASA 8.3 Command Changes {NAT / Global / Access-List}
KB ID 0000247 Problem I posted to a forum the other day, the poster had a problem with their VPN, basically my response was, “Your Nat statements look bizarre – what is this config from?”. At this point I realised 8.3 had brought in some syntax changes. There are quite a few changes with the OS, this will touch on the things that I see on my clients firewalls so all eventualities are NOT covered. the main areas of...