Subscribe:
RSS feed
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
Follow the following order of the documents: 1. Enabling Multiple Context Mode 2. Adding and Managing Security Contexts 3. Configuring Failover 4. Configuring Active/Active Failover My Example contexts (Code 7.0.5) Topology Initial context configuration: 1, pixfirewall(config)# mode multiple 2, Create admin context (This is done while issuing “mode multiple” command by default): admin-context admin context […]
November 18, 2010
Cisco ASA wccp support for WAAS configuration guide. proxy server should accept requests on port 8080 and 80 Topology: IP addresses: ASA inside IP: 10.10.10.1/24 PC IP: 10.10.10.10 PROXY SRV IP: 10.10.10.251 Action Plan: WCCP Interaction with Other Features for PIX/ASA: http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/dhcp.html#wp1094445 Here I have read the following: “The standard service is web-cache, which intercepts […]
November 18, 2010
1. Assign interface to a sensor in AIP-SSM On the AIP-SSM you can configure interfaces for virtual sensors: SA1-AIP-SSM(config-ana-vir)# physical-interface ? GigabitEthernet0/0 GigabitEthernet0/0 physical interface. GigabitEthernet0/1 GigabitEthernet0/1 physical interface. This is only 2 no matter how many interface the ASA has. – GigabitEthernet0/0 can only be Command and Control Interface / Management /. – Alternate […]
November 18, 2010
Both the ASA and the AIP-SSM is able to failover or at a minimum to bypass the traffic. ASA fail-open and fail-close commands is for determening to allow or deny the traffic that has to be analysed with IPS. 1. with the following configuration ==ASA== policy-map outside-policy class outside-class ips inline fail-open ==IPS== ByPass mode […]
November 17, 2010
On the Cisco ASA Firewall you can redirect the traffic on the incoming interface back to the incoming interface if you want. This feature is from Version 7.2.2 reachable. To demonstrate this feature I made a small test topology with a Cisco ASA Firewall and an internal router. Topology: Requirements: On the Topology the Test […]
November 17, 2010
With this feature you can specify the resource usage between the contexts. This feat is available from OS version 7.2.1. Cisco ASA 5500 Series Release Notes, Version 7.2(1): http://www.cisco.com/en/US/docs/security/asa/asa72/release/notes/asarn72.html Configuration guide: http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mngcntxt.html The following table show the resource types and the limits for resource management: http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mngcntxt.html#wp1113989 You can reach this list from cli as well: […]
November 17, 2010
I made to example to demonstrate the configuration of blocking chat and peer-to-peer applications. I would not say this is the most secure way, but better as nothing. Task 1. From 10.0.0.x network to 192.168.0.x network we need to BLOCK MSN and YAHOO. (The configuration of blocking chat applications is only from code 7.2.2 possible.) […]
November 13, 2010
The first step of installing a firewall is to setup the management access of it. Weak protocols like telnet should not be used. if something need to communicate with the firewall, that should be secured. Just another example the logging methods. The syslog itself is again a clear text communication method and should be avoided. […]
November 12, 2010
Speed up your failover troubleshooting and activate the prompt command on your ASA. With the prompt command can you specify the followings: context Display the context in the session prompt (multimode only) domain Display the domain in the session prompt hostname Display the hostname in the session prompt priority Display the priority in the session […]
itsecworks 
November 19, 2010
0