Note on AAA when using cisco ASA

It’s common practice to have multiple users on a firewall, and each user may have different levels of access, such as admin accounts, while others may have just read-only accounts. The cisco ASA is no different and it is quite easy to setup a local AAA (authentication / authorization / accounting) server so you can … Continue reading Note on AAA when using cisco ASA

Advertisements

Nugget Post: CCNP Security 642-637 notes

Here are the notes I took during my studies to pass the CCNP Security 642-637 exam: https://docs.google.com/document/d/1lbXIcsokTgTVkKn278isVmGS0u9P19c7Iasx3TPDKmU/edit?hl=en_GB Enjoy!

Lessons learnt : ASA 8.4 and NAT rules

- DNS doctoring via NAT policies DNS doctoring is an ASA feature wherein a client sends a DNS request for a particular website, say http://www.example.com. This DNS request gets inspected by the ASA, and the ASA can then control which IP gets returned to the client (in essence the ASA acts as a DNS proxy). … Continue reading Lessons learnt : ASA 8.4 and NAT rules

Configuring per user access w/ cisco ASA

Please note the below requires ASA v 8. or above. Per user access involves forcing users to login to the firewall before being allowed access to any resources. This has several benefits, including: Better user accountability Being able to define access on a user basis, rather than an IP basis (with some caveats) Implementing a … Continue reading Configuring per user access w/ cisco ASA

Using cisco’s embedded event manager to aid in troubleshooting

In my previous post I explained a setup in which multiple cisco nodes send syslog messages to a centralised syslog server which network admins would check during troubleshooting. As an extension to that, we had another requirement proposed. To facilitate troubleshooting, we wanted to display the interface description when an error occurred on an interface. … Continue reading Using cisco’s embedded event manager to aid in troubleshooting

Easy cisco syslog monitoring using Webmin

At some point probably a network team would need something similar to this, so I thought it would be a good article to document what I’ve used to achieve this scenario: There is a need to monitor multiple CISCO boxes, and these logs should be easily accessible internally to a team of network admins, some … Continue reading Easy cisco syslog monitoring using Webmin

Configuring basic cisco network traffic monitoring with ntop and NetFlow

If you are the admin of a cisco (and sonicwall now in the newer firmware) network, NetFlow is a good and easy way of gathering insight into what exactly is passing through your cisco. Apart from seeing link usage, netflow also allows the admin to see which protocols, ports and hosts are being used. This … Continue reading Configuring basic cisco network traffic monitoring with ntop and NetFlow