Cisco IOS and ASA Showing the Config Without the ‘More’ Breaks/Pauses
Nov17

Cisco IOS and ASA Showing the Config Without the ‘More’ Breaks/Pauses

KB ID 0001017 Problem When looking at a router, switch or firewall running config, it will usually display a page at a time, you can page down with the space bar, or line down with the Enter/Return key. Normally that’s fine, but what if you want to capture (take a quick backup,) of the config? If you do that, and page down you get a copy of the config that looks like this; –More–   Yes, you can delete...

Read More
Enabling NetFlow on Cisco ASA
Nov17

Enabling NetFlow on Cisco ASA

KB ID 0000055 Problem Cisco NetFlow lets you export information about traffic flow, it was originally written for the router IOS, but is now available for Cisco ASA, which uses NSEL (Note ASA uses NetFlow version 9 {newest at time of writing}) Note: NetFlow can not give you “Live” data, but it can show you what has happened over a period of time, and remember like any other “Logging” this will have an adverse...

Read More
Cisco ASA – Using ‘logging’ to see what ports are being blocked
Nov17

Cisco ASA – Using ‘logging’ to see what ports are being blocked

KB ID 0000702  Problem If you look after a firewall, sooner or later something will fail, and the blame (rightly or wrongly), will be leveled at the firewall. I came back from holiday this week to find a client had got a problem with secure POP email. The problem had been fixed (temporarily) by dropping the affected users into a group, and opening all ports. As this had fixed the problem then it’s fair to say that the ASA was...

Read More
Cisco ASA – ‘Prove it’s Not The Firewall!’
Nov17

Cisco ASA – ‘Prove it’s Not The Firewall!’

KB ID 0001049  Problem Yeah, it’s funny because it’s true! The article title might not sound like the most professional approach, but when the ‘Well it’s not working now’ finger gets pointed at the ‘firewall guy/girl’, they need to ascertain two things; 1. Is the problem actually the firewall, if not then help the frustrated party track down the actual problem. 2. If your problem IS the...

Read More
Cisco ASA – Configuring for NTP
Nov17

Cisco ASA – Configuring for NTP

KB ID 0000608 Problem With NTP, there will be two things you want to do, 1) Allow a device behind the ASA to take its time from a public NTP server, and 2) Set the ASA to take its system time from a public NTP sever (for accurate date stanps on the logs, and for time critical things like Kerberos authentication.) Solution Allow internal host(s) to get system time though the firewall. 1. Connect to the ASA, go to “enable...

Read More