Cisco ASA ASDM – Packet Tracer Wont Work
KB ID 0001051 Problem I don’t usually use the graphical packet tracer tool, but I did this week, and this happened; Following error(s) occurred- packet-tracer input inside {protocol} inline-tag -l {source} {source port} {target} {target port} xml %Invalid input detected at ‘^’ marker Solution Well from CLI it worked fine, so I’m guessing it’s a fault in the ASDM. An Internet/forum search threw up a load...
Cisco ASA 5500 – Performing NAT for Two (or More) internal IP’s to a Spare Public IP
KB ID 0001057 Problem I was in the PIX/ASA area at EE last night, and a poster asked if they could perform NAT on a couple of internal IP addresses to a spare public IP that they had. I had done this for a client some time last year when I performed and upgrade from 8.2. Anyone who has ever done a large upgrade on an ASA to the ‘new’ NAT system, will appreciate this is usually the area where the upgrade has a problem. So...
Cisco ASA – Changing the Outside IP Address
KB ID 0001081 Problem I see this question get asked a lot on forums, most people never touch the firewall, ‘if it’s working leave it alone’. And that’s great until you move offices, or get a newer faster (or cheaper) Internet connection. What if you have lots of public IP addresses? What if you have VPN’s (or AnyConnect clients). What’s the best way to do this with a minimum of downtime? Note: If...
Cisco ASA 5500 – Sub Interfaces and VLANS
KB ID 0001085 Problem You can take the physical interface of a Cisco ASA firewall, (or an ether channel) and split it down into further sub-interfaces. This way you can set multiple VLANs to use this interface as a gateway at the same time whilst still separating the traffic. In this scenario I’m going to have two VLANs, one for my wired clients, and one for a ‘Guest WiFi’ that I’m setting up. I want the guest...
Cisco ASA – Port Forwarding To A Different Port
Port Translation KB ID 0001087 Problem Note: This is for Cisco ASA 5500, 5500-x, and Cisco Firepower devices running ASA Code. A very long time ago I wrote an article about how to port forward from a public IP address to multiple servers for RDP. Basically you would connect to the firewall using various different ports, and the firewall would change the port to the correct one for RDP (TCP port 3389, unless you changed it on the...