Cisco ASA – Using ‘logging’ to see what ports are being blocked
KB ID 0000702 Problem If you look after a firewall, sooner or later something will fail, and the blame (rightly or wrongly), will be leveled at the firewall. I came back from holiday this week to find a client had got a problem with secure POP email. The problem had been fixed (temporarily) by dropping the affected users into a group, and opening all ports. As this had fixed the problem then it’s fair to say that the ASA was...
Cisco ASA to Juniper SRX Site to Site VPN
KB ID 0000710 Problem You want to establish a site to site VPN from a site with a Cisco ASA firewall, to another site running a Juniper SRX firewall. I had to do this this week, and struggled to find any good information to help. In the example below I’m configuring the whole thing from a laptop (172.16.254.206) that’s on the Juniper’s site. Use the diagram below, and substitute your own IP addresses and subnet...
Cisco ASA 5500 Allowing Tracert
KB ID 0000753 Problem I’d always assumed that as Tracert uses ICMP, and that simply adding ICMP inspection on the ASA would let Tracert commands work. A client of mine is having some comms problems and wanted to test comms from his remote DR site, he had enabled time-exceeded and unreachable on the ASA (for inbound traffic) and that had worked. I checked the default inspection map and found inspect ICMP was there? As it turns...
ASA TFTP Error – (Cannot allocate memory)
KB ID 0000787 Problem I updated my ASA to version 9.1(1) tonight, that went well, but when I tried to update the ASDM image to version 7.1(1)-52 this happened; Accessing tftp://10.254.254.109/asdm-711-52.bin…!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...
Cisco ASA 5500 – Configuring PPPoE
KB ID 0000831 Problem Until very recently I’d never had to configure PPPoE. Most of my clients in that sort of connection speed range have ADSL with a router provided by their ISP. A Router that connects via PPPoA usually. Here in the UK the main ISP’s (BT and Virgin) are busy rolling out FTTC connections that terminate with a ‘modem’ that presents an RJ45 socket. So without the need for a router, you can get...