Sunday, May 28, 2017
how to : Cisco ASA same security level + ACLs
By default, interfaces on the same security level can not communicate with each other. Allowing communication between same security interfaces let's traffic flow freely between all same security interface without access-lists.
To enable interfaces on the same-security level so that they can communicate with each other, enter the following command :
(config)#same-security-traffic permit inter-interface
But the question i have nerver asked myself is : what if we have 2 interfaces with the same security level and each having ACLs applied to each? Will the traffic still flow freely after typing the above command ? The answer is :
If you have "same-security-traffic permit inter-interface" configured and have 2 interfaces with same
"security-level" value and you have "access-list" configured on both interfaces then the ACLs will handle the decision of what traffic is allowed and what is not.
I found this answer right here, when i got this challenge of same-security level and ACLs.
Hope this will also help you.
Friday, May 26, 2017
How to identify what is blocking your traffic to pass through Cisco ASA
The packet-tracer comman can be used in privilege EXEC mode to generate packet against a firewall's current configurations.
It allows administrator to inject a virtual packet into the ASA and track the flow from ingress to egress, along the way, the packet is evaluated agains flow and route lookup, ACLs, protocol inspection, NAT, and IDS
If the traffic you are trying to get forwarded by an ASA from one of its interface to another of its interface is not working then "packet-tracer" tool can help you pinpoint exactly what in ASA is blocking your traffic to be forwarded. The power of this utility comes from the ability to simulate real-word traffic by specifying source and destination addresses with protocol and port information
The following link is an interesting YOUTUBE video that show how to use this tool using ASDM : Click Right Here To Access The Video
Thursday, May 18, 2017
What is the best tool to save and restore configurations of Cisco ASA
Wednesday, May 17, 2017
How to configure Cisco ASA interface Redundancy
By
default, each physical ASA interface operates independently of any
other interface. When an interface is down, the ASA can not send or
receive any data through it. To keep an ASA interface up and active all
the time, you can configure a logical interface having a pair of
physical interfaces set aside for the same function and connected to the
same network and only one is active at any given time, the other stays
in a standby state. The pair physical interfaces must be the same type
Subscribe to:
Posts (Atom)