Lessons Learned: Overriding routing in Cisco ASA

While at a client this week, I ran across a fundamental change in post 8.3 cisco ASA routing logic which blindsided me for a while. The scenario was that after changing some VPN tunnel endpoints and hence changing subnet locations, we started seeing errors in syslog along the lines of TCP session torn down, "no … Continue reading Lessons Learned: Overriding routing in Cisco ASA

Advertisements

Nugget Post: Troubleshooting CISCO Anyconnect “The VPN client agent SSL engine encountered an error. Please restart your computer or device, then try again.”

I encountered a very frustrating problem when using CISCO's Anyconnect VPN client on linux (ubuntu to be specific). Every now and then the client would throw an error right after a successful login: The VPN client agent SSL engine encountered an error.  Please restart your computer or device, then try again.  If the issue persists, … Continue reading Nugget Post: Troubleshooting CISCO Anyconnect “The VPN client agent SSL engine encountered an error. Please restart your computer or device, then try again.”

Nugget Post : CCNP Security 642-627

Finally finished the CCNP Security certification. You can find my mind-map for CCNP security 642-627 / (Deploying Cisco IPS Solutions) here (click here) You may download the image (File > Download, or simply press "ctrl + s"). In case the image refuses to open or is marked as corrupted, change the extension from .jpg to .png … Continue reading Nugget Post : CCNP Security 642-627

Nugget Post : CCNP Security 642-647

You can find my mind-map for CCNP security 642-647 / 642-648 (Deploying Cisco ASA VPN Solutions) here (click here) You may download the image. In case the image refuses to open or is marked as corrupted, change the extension from .jpg to .png Enjoy! 🙂

Note on AAA when using cisco ASA

It’s common practice to have multiple users on a firewall, and each user may have different levels of access, such as admin accounts, while others may have just read-only accounts. The cisco ASA is no different and it is quite easy to setup a local AAA (authentication / authorization / accounting) server so you can … Continue reading Note on AAA when using cisco ASA

Lessons learnt : ASA 8.4 and NAT rules

- DNS doctoring via NAT policies DNS doctoring is an ASA feature wherein a client sends a DNS request for a particular website, say http://www.example.com. This DNS request gets inspected by the ASA, and the ASA can then control which IP gets returned to the client (in essence the ASA acts as a DNS proxy). … Continue reading Lessons learnt : ASA 8.4 and NAT rules

Configuring per user access w/ cisco ASA

Please note the below requires ASA v 8. or above. Per user access involves forcing users to login to the firewall before being allowed access to any resources. This has several benefits, including: Better user accountability Being able to define access on a user basis, rather than an IP basis (with some caveats) Implementing a … Continue reading Configuring per user access w/ cisco ASA