VPN Problem Cisco PIX v6 to Cisco ASA 5500
KB ID 0000761 Problem I found this out purely by accident today, while replacing an old PIX 506E that had died with an ASA 5505. The client’s other site still had a PIX 506E (Running 6.3(5)). I was setting up the VPN, and noticed something that WOULD have been a problem if I had not spotted it. Solution Essentially the older PIX firewalls are set for 3DES encryption, MD5 Hashing and Diffie Hellman 2. After version 8.4 the ASA...
Upgrading a PIX 506E to Version 7
KB ID 0000764 Problem As far as Cisco is concerned you can’t upgrade a PIX 506E past version 6.3(5) PIX 506E and 501 Firewall Image and PDM Upgrade However if you have a spare one lying around and you want to have a play, you CAN get it to version 7.1(2). Note: It is possible to run the 8.0(2) version of the PIX OS on a 506E, Howerver you need to decompress the image and make some changes to it before it will work (usung...
Build a PIX Firewall for your test network
Working with GNS3 and PEMU – (Part 1) KB ID 0000061 Problem Cisco Firewall’s are expensive, I know I own some, and my firm sells them, getting hardware to run on your test bench is difficult enough, but getting high end Cisco equipment is an expensive proposition for your average “Techy”. These days most people run their test networks in virtual environment. I run Hyper-V at at home for Testing and I have my...
Cisco PIX/ASA 8.3 Command Changes {NAT / Global / Access-List}
KB ID 0000247 Problem I posted to a forum the other day, the poster had a problem with their VPN, basically my response was, “Your Nat statements look bizarre – what is this config from?”. At this point I realised 8.3 had brought in some syntax changes. There are quite a few changes with the OS, this will touch on the things that I see on my clients firewalls so all eventualities are NOT covered. the main areas of...
Upgrade Cisco PIX 515E to Version 8.0(4)
and ASDM version 6.1(5) KB ID 0000424 Problem I had to update a Cisco PIX 515E last week, Cisco 500 firewalls are a bit thin on the ground these days, and most of my corporate clients have replaced then with Cisco ASA 5500 firewalls. So as these units are now getting retired, or moved to the test bench, or sold on ebay. I thought I’d document probably the last one I did for posterity, and to help anyone else out. Note: Cisco...
Cisco ASA 5500 – Remote Management via VPN
KB ID 0000984 Problem It’s been ages since I has to do this, I usually just manage firewalls via SSH from outside. But I was out on a client site last week and needed to connect to to my ASA, so I simply connected in via AnyConnect; Note: The same procedure is applicable if you are an IPSEC VPN client, L2TP VPN client, or simply coming in over a site to site VPN link. And attempted to SSH, no joy, I tried the ASDM, nothing. So...