Cisco ASA 5500 Active/Standby – Zero Downtime Upgrade
KB ID 0000733 Problem You have two ASA firewalls deployed in Active/Standby failover configuration, and need to upgrade either the operating system or the ASDM. As you already have a high availability solution you do not want any downtime. Before we start, we need to make sure we know the difference between primary, secondary, active and standby. From the rear (Active=Green, Standby=Amber) The Primary and Secondary firewalls are...
Cisco ASA 5500 – Deny a Single IP Address External Access
KB ID 0000743 Problem This got asked on Experts Exchange today, the poster specifically asked for an ASDM solution, so here goes. However I will also do the commands as well. Solution Block an IP via ASDM 1. Connect to the ASDM > Configuration > Firewall > Add ‘Network Object’. Note: You could create a Network Object Group, then add a Network Object to that group. This is handy if there are liable to be more IP...
Cisco ASA 5500 – Configuring PPPoE
KB ID 0000831 Problem Until very recently I’d never had to configure PPPoE. Most of my clients in that sort of connection speed range have ADSL with a router provided by their ISP. A Router that connects via PPPoA usually. Here in the UK the main ISP’s (BT and Virgin) are busy rolling out FTTC connections that terminate with a ‘modem’ that presents an RJ45 socket. So without the need for a router, you can get...
Cisco ASA – Find Out VPN Tunnel Uptime
KB ID 0000863 Problem I needed to get the Uptime/Duration of a particular VPN tunnel this week. It was for a client with multiple VPN tunnels that was having problems with just one. Solution Option 1 via Command Line 1. Connect to to the firewall > Go to enable mode and use the following command, replace 123.123.123.123 with the IP of your VPN endpoint. PetesASA> PetesASA> enable Password: ******** PetesASA# show...
ASA 5585-X Update the CX SSP Module
KB ID 0001005 Problem Every piece of documentation I found on upgrading CX SSP modules was for doing so on models other than the ASA5585-X. The (current) latest CLI guide says; “For the ASA 5585-X hardware module, you must install or upgrade your image from within the ASA CX module. See the ASA CX module documentation for more information.” Yeah good luck finding that! Solution Before I saw the information above I tried...