Browsing All Posts published on »November, 2010«

Analyse log messages of the firewall

November 24, 2010

0

For the following examples to use you will need unix (awk, grep, sort, uniq,…) commands. TASK1. Filter to the Dual ISP feature’s syslog messages from pix_log.txt file that is a log file for a day. Solution: Log file name: pix_log.txt 1. Collect Dual ISP feature’s syslog messages from Cisco UniverCD: 622001 327001 – 327003 422004 […]

Troubleshooting DOS attacks on PIX / ASA

November 23, 2010

0

1. Identify the attack. 1.1. How did Customer notice the attack? – Slow Internet access – High performance on the attacked device: – local server – the firewall – etc… 1.2. How can we confirm the attack? Depending on the time of the issue we can have an attack: A, happened in the past. We […]

Troubleshooting SLA monitoring on ASA

November 23, 2010

0

On the Cisco ASA Firewall can we configure a backup link, for example a backup Internet link. That means if our Internet access has some problem, we still have a backup link to access the Internet or whatever we want. The configuration is not part of this documentation, it is only useful if there is […]

Troubleshooting ASA high memory issues

November 23, 2010

0

Troubleshooting memory issues requires TAC support to get accurate result. 1. To identify a memory leak on pix, get the periodic (hourly) output of “show memory detail”. Send this to the TAC, they will see the memory utilisation divided per block size. Example: pixfirewall(config)# show memory detail Free memory:                     201811608 bytes (75%) Used memory: Allocated […]

Troubleshooting IOS Firewall Feature Set – CBAC

November 23, 2010

0

1, Get a config where CBAC is enabled and access-list are applied on the interfaces If the configuration of the CBAC and ACL is wrong then the following steps will show wrong results. Check the configuration of the router before you suggest the followings. 2, Check the “show commands” output 2.1 Check the inspection states […]

Certificate based RA VPN with openssl

November 22, 2010

1

The basic certificate based VPN is as easy as the VPN with pre-shared key. There is only some additional steps required from the ASA site. The problems arise if the clients starts to use certificates without knowing what and how they should do. As a Firewall administrator you can not have responsibility for all clients, […]

Create your own CA or root CA, subordinate CA

November 22, 2010

4

You can use openssl to create a self-signed Certificate or to create a Certificate Authority (CA) or to create Subordinate Certificate Authority as a full CA tree. All you need is the openssl package. The Document on openssl is not complete, but what we need is already documented. For all the commands I use I […]