ASA configuration guide
Please, could you guide me for ASA 5506-X document management?
Thank you
Hello team,
Here are a few reference link which may help you.
http://www.Cisco.com/c/en/us/TD/docs/security/ASA/Quick_Start/5506X/5506...
http://www.Cisco.com/c/en/us/TD/docs/security/firesight/541/firepower-mo...
http://www.Cisco.com/c/en/us/support/security/ASA-firepower-services/Pro...
Note If the post will help you
Concerning
Jetsy
Tags: Cisco Security
Similar Questions
-
Hello
I would like to set up and test AAA on a Cisco ASA (5505 or 5510).
1 are there any other tools or server required to use this feature? And you have good configuration guides?I already tested a CDA of Cisco. He was able to show users active directory and their IP equivalent.
2. do you have a brief explanation what kind of opportunities I have with this server/tool? It is perhaps usable for the AAA mentioned on the SAA?Thanks in advance
Best regards
1. Yes, you need a Radius like Windows Server NPS or RADIUS server such as Cisco ACS/ISE server.
2. He's just a man in the middle of the ADC, you will always need an AAA server: radius or Ganymede (see # 1).
-
Router IOS Cisco Anyconnect ASA configuration
Hello
Could someone give me some advice if I can use a Cisco 1812 to connect to a Cisco ASA5512X using Anyconnect. The question we have is that some remote offices may be given fixed IP addresses...
Thank you.
AnyConnect cannot be used because there is only one solution-client-software and non-integrated IOS as the EzVPN client.
You can use dynamic cryptographic cards already offered on the ASA with a card standard encryption on the router, or you configure remote EzVPN on the router and on the SAA EzVPN server:
http://www.Cisco.com/en/us/docs/security/ASA/asa84/configuration/guide/vpn_remote_access.html
--
Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
http://www.Kiva.org/invitedBy/karsteni -
Red Hat Enterprise Linux Configuration Guide for Dell storage bays Series PS
This configuration guide provides information on the integration of the RHEL 6 and 7 operating environments with the PS Series Dell storage arrays using iSCSI technology. The guide includes tips for working with volumes, using MPIO and some performance tips.
The PDF file is available here:
Kind regards
Don
Hello
With Linux, as any OS, iSCSI is not different from the SAS/SATA or Fibre Channel. No matter how you are connected to a "disk", it looks like a SCSI to the OS disk.
So yes, you use the mount points. That's how Linux as most UNIX operating systems do it. But use any method supported for other iSCSI disks. In Windows, you can use drive letters or mount points.
Kind regards
Don
-
EqualLogic Configuration Guide - delay of the ACK
I see no mention of disabling ACK delayed in VMware ESXi in the EqualLogic Configuration Guide 14.1.
It is more a best practice?
If it is always advisable, what official document of Dell says this?
Thanks in advance :)
Yes, it's always considered best practices. You can view information about this here:
In addition, the KB on the EqualLogic Support site has additional information. Just search for "delay acknowledgement '.
-joe
-
I do not have "Firepower of ASA Configuration" menu in ASDM
Hello
I do not have "Firepower of ASA Configuration" menu in ASDM.
I already configured IP to the management port 0/0 10.226.24.181 also to the 10.226.24.130 of the SFP Manager.
I can ping 10.226.24.130 ASA CLI and have tab in ASDM (with https://No DC configured the button).
You can see in attachment
Help, please
You have an ASA 5525 - X and the module of firepower is 5.3.1 - 152. To manage the power light module on that platform via ASDM requires the runtime current software 6.0 or later version (and your ASDM must be 7.5 (1.112) or later version).
Reference: http://www.cisco.com/c/en/us/td/docs/security/asdm/7_5/release/notes/rn7...
If you want to upgrade the module of 5.3 to 6.0 and you do not have fire power manager, then the way ahead is to reimage using the 6.0 system images and boot. This procedure is illustrated below:
http://www.Cisco.com/c/en/us/support/docs/security/ASA-firepower-service...
You need the images available here:
https://software.Cisco.com/download/release.html?mdfid=286271172&flowid=...
Expand the tree on the left and look under all versions 6.0 > 6.0.0. Use the files asasfr-5500 x-boot - 6.0.0 - 1005.img and asasfr-sys - 6.0.0 - 1005.pkg.
After getting it to work, you should also update further the the latest version (currently 6.0.1).)
-
AIR-WLC8-K9 configuration guide
I have tried to locate the guide configuration or examples for the NME-AIR-WLC on the OCC, but couldn't find one. Grateful if someone could share this info.
Hi Rohan,
Maybe this will help you get started;
Examples of Configuration of WLAN Controller Module (WLCM)
http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_tech_note09186a00807112e2.shtml
http://www.Cisco.com/en/us/products/ps6730/tsd_products_support_model_home.html
I hope this helps!
Rob
-
Uplink Ports Fibre Channel - UCS GUI Configuration Guide
Hi all
Could someone please explain which means that what follows in the Configuration of GUI of UCS guide @.
Uplink Ports Fibre Channel
Manage ports Uplink Fiber Channel FCoE traffic between the interconnection of fabric and the next layer of the
SAN storage network. All FCoE network-related traffic is pinned to one of these ports.
By default, the Fibre Channel ports are uplink. However, you can configure them to work as Fibre Channel
storage ports. This is useful in cases where a Cisco UCS requires a connection to a DAS storage
Device (DAS).
My question is, how the FC Port could handle FCoE traffic? My understanding was that FCoE will be lifted and Enthernet connection only.
Thanks for your help
Concerning
Vikas Srivastava
The CF module interconnection fabric is the place where the speration of CF vs. FCoE happen, so it's where the FC frame is extracted in the Ethernet frame.
-
Can the NAT of ASA configuration for vpn local pool
We have a group of tunnel remote ipsec, clients address pool use 172.18.33.0/24 which setup from command "ip local pool. The remote cliens must use full ipsec tunnel.
Because of IP overlap or route number, we would like to NAT this local basin of 172.18.33.0 to 192.168.3.0 subnet when vpn users access certain servers or subnet via external interface of the ASA. I have nat mapping address command from an interface to another interface of Armi. The pool local vpn is not behind any physical interface of the ASA. My question is can ASA policy NAT configuration for vpn local pool. If so, how to set up this NAT.
Thank you
Haiying
Elijah,
NAT_VPNClients ip 172.18.33.0 access list allow 255.255.255.0 10.1.1.0 255.255.255.0
public static 192.168.33.0 (external, outside) - NAT_VPNClients access list
The above configuration will be NAT 172.18.33.0/24 to 192.168.33.0/24 when you go to 10.1.1.0/24 (assuming that 10.1.1.0/24 is your subnet of servers).
To allow the ASA to redirect rewritten traffic the same interface in which he receive, you must also order:
permit same-security-traffic intra-interface
Federico.
-
Hello
I have 4 NIC in Server Blade 7 (ESXI 5), would like to dedecate 2 NIC for (Vmnetwork, management and vMotion) & NIC (iSCSI traffic) 2 with equallogic SAN.
I equallogic guide to configure ESXI with it, but how do I configure (Vmnetwork, management and vMotion) with NIC 2, my priority is excellent speed for my virtual machine, and then nothing else.
Then just go for classic switch.
The configuration is a lot depend on existing infra, the trunk, the physical switch for redundant network & balance, 100 or network 1GbE, no.. virtual machines and etc. If there is a new configuration, I suggest you trunk 2 x available vmnic (the vm network) to balance the load and better performance.
-
Basic Test Lab Configuration Guides: Windows Server
Dear all
I'm asking for help for the following
We have just a lab Cisco isolated from our network, we have 5 students and I want to help them with
establishment of a laboratory to test in a virtual environment, the goal is to teach them how to create a network, run the following
DC + 2 workstations
I'm looking for Guides to basic setup and Test laboratories in a virtual environment
Windows Server 2012r2 & Windows 7 Enterprise
Windows Server 2008r2 & Windows 7 Enterprise
Hello
Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.
http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer
See you soon.
-
routing in an ASA configuration
I have an ASA 5520, how do I set up a static route other traffic to a router, I have 10.9.1.0/16 on the ASA that are my users on the router, I have 192.168.0.0/16, how to set the ASA to route to the router for the 192.168.0.0 network?
Shane
Assuming 192.168.0.0/16 is it IE inside the ASA and the section following the ASA. the router is 192.168.0.1
Route inside 192.168.0.0 255.255.0.0 192.168.0.1
Jon
-
ASA Configuration of VPN Site to Site - NAT issues
Greetings,
I am responsible to configure a VPN connection from site to site to a business partner in which I want to firstly NAT to my internal IP to a public IP address and then send it through the tunnel, and vice versa when they try to access my servers I want to get to them through the external IP address. Here's what I think I do, but I was wondering what were the thoughts of the community.
All of the IP addresses represented below are fictitious.
Internal servers Public IP address
10.50.220.150 208.180.170.182
10.50.220.151 208.180.170.183
10.50.220.152 208.180.170.184
Local peer IP: 208.180.254.29
Distance from peer IP: 207.190.218.31
Local network: 208.180.170.0/24
Remote network: 207.190.239.0/24
From my understanding, NAT occur before being sent to a tunnel, or to the internet, etc, so the configuration that I think I need is the following:
NAT (inside) 0 access-list sheep
NAT (inside) 2 10.50.220.150
NAT (inside) 3 10.50.220.151
NAT (inside) 4 10.50.220.152
Global 2 208.180.170.182 (outside)
overall 3 208.180.170.183 (outside)
Global 4 208.180.170.184 (outside)
IP 208.180.170.0 allow Access-list extended sheep 255.255.255.0 207.190.239.0 255.255.255.0 (do I still need this since coordinated to a public IP address still?)
access-list s2s client scope ip 208.180.170.0 allow 255.255.255.0 207.190.239.0 255.255.255.0
Route outside 207.190.239.0 255.255.255.0 207.190.218.31
card crypto off peers set 1 207.190.218.31
Crypto card outside 1 correspondence address s2s-customer
[... rest of the configuration failed..]
That look / her right? If this isn't the case, please advise.
Thank you.
Yes.
PAT (nat/global) will take care of outgoing and static traffic will take care of incoming traffic.
You can create political NAT as well to handle this traffic.
Federico.
-
Need to know what is the specific command on natting a to another ip address via a port number. Here's an example of what I think it should be, but can not find the correct verbege.
What I listed which opens an investigation.
access-list 101 extended permit tcp any host 68.156.91.20 eq 23032
Here is what I see, but I know the verbage is wrong or I'm missing something more.
access-list 101 extended allow ip 74.165.236.76 255.255.255.248 68.156.91.20 255.255.255.224 eq 23032
Please help?
That's exactly right. Note that when you look at the config it will replace it with this line:
access-list 101 extended permit tcp host 74.165.236.76 host 68.156.91.20 eq 23032
When you write the ACL you can enter 255.255.255.255 or precede IP address with the host keyword.
-
Configure Cisco ASA VPN client
I did some research and the answers it was supposed to be possible, but no info on how to do it. I wonder if it is possible to configure a Cisco ASA 5505/10/20 to be a customer to an existing (in this case) cisco vpn client. The reasons why are complicated (and irrelevant IMO), but basically, I need to be able to make a small network that may be on this vpn rather than on individual computers.
The vpn client is a Basic IPSec over UDP Cisco VPN to an ASA5505.
So, how to set up an another ASA to connect to it as if it were a client?
Hello
Here is a document from Cisco on the configuration, the easy ASA of VPN server and Client
Although in this case, they use a PIX firewall as a client.
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00805c5ad9.shtml
Here's another site with instructions related to this installation program
http://www.petenetlive.com/kb/article/0000337.htm
I imagine that the site of Cisco ASA Configuration Guide documents will also give instructions how to configure it.
-Jouni
Maybe you are looking for
-
Surfing a site I know has a Rotator image running JavaScript that worked before auto upgraded to 13.0.1 FF and still works in IE 8 and Chrome. What is the mark or there at - it a patch?
-
HARD on my Tecra S2 drive is not accessible
I have a laptop Tecra S2.Yesterday, he crashed and turned off the coast, I tried holding the button function and F3 to start in safe mode but nothing. I inserted my Windows XP CD to try and gets repairs there, but in the end said no hard drive found
-
I still can't get a panoramic photo to work on iOS iPhone 5s 9.2.1
I still can't get a panoramic photo to work on iOS iPhone 5s 9.2.1. Any solution (s)?
-
15 - f039wm has no power after upgrade memory (or disk).
After swapping the existing A-DATA 4 GB SODIMM and its replacement by a (Samsung) InnoDisk 8 GB M3SW - 8GSSDC0C - D, the laptop won't turn on, turn on or show any sign of life. It gives me no opportunity to "quickly press ESC, then press F10." After
-
Impossible to update Vista - cannot install SP1 or other updates
After trying to download, I get this: Some updates were not installed: Code 64 c 4 results for "WindowsUpdate_0000064C" "WindowsUpdate_dt000" 1 problems with installing updates 2 Windows Update, error 8024402C 3 error code Windows Update 800704