Block Access to Facebook on Cisco ASA with MPF
KB ID 0000054 Problem If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the best solution. NOTE: This can be used for any web site simply add each URL you want to block. Solution 1. Log into your firewal,l and enter enable mode, then enter...
Enabling NetFlow on Cisco ASA
KB ID 0000055 Problem Cisco NetFlow lets you export information about traffic flow, it was originally written for the router IOS, but is now available for Cisco ASA, which uses NSEL (Note ASA uses NetFlow version 9 {newest at time of writing}) Note: NetFlow can not give you “Live” data, but it can show you what has happened over a period of time, and remember like any other “Logging” this will have an adverse...
Cisco ASA 5500 Allowing Tracert
KB ID 0000753 Problem I’d always assumed that as Tracert uses ICMP, and that simply adding ICMP inspection on the ASA would let Tracert commands work. A client of mine is having some comms problems and wanted to test comms from his remote DR site, he had enabled time-exceeded and unreachable on the ASA (for inbound traffic) and that had worked. I checked the default inspection map and found inspect ICMP was there? As it turns...