Access To Hosts from Outside a Cisco ASA

Question: Hello, I want to enable access to server on ip address: 192.168.100.30 on port 22 located in inside interface from internet (outside) We have ASA 5520 Cisco Adaptive Security Appliance Software Version 8.0(2) My config (only relevant lines): interface GigabitEthernet0/0 nameif Outside security-level 0 ip address 172.146.147.13 255.255.255.248 standby 172.146.147.12 ! interface GigabitEthernet0/1 nameif […]

Permitting traffic to enter and exit the same interface

With the older Cisco PIX firewall appliances, there was no way for traffic to enter a specific interface and then exit back from the same interface again. With the new Cisco ASA models, this is also not supported by default, but you can enable this functionality with the same-security-traffic permit intra-interface command. The schematic above […]

ASA 5505,5510 Base Vs Security Plus License

CISCO ASA 5505 CISCO ASA 5510 The two smallest ASA Firewall models, the 5505 and the 5510, are the only ones that have two types of licenses. They can be ordered either with a Base License or a Security Plus License. Many customers of mine are always asking me what the difference is between the […]

Which Cisco ASA Models support IPS Module

As we mentioned in previous posts, the Cisco ASA 5500 appliance supports an Intrusion Detection/Intrusion Prevention plug-in module (AIP-SSM). However not all models support this. Specifically only the middle-range models support it. The lowest-end model (5505) and the highest-end models (5550, 5580) does not support the AIP-SSM IPS module. ASA Models that support IPS Module: […]

Antivirus and Antispam protection with CSC SSM

The CSC-SSM module of the Cisco ASA 5500 Firewall offers content security inspection for FTP, HTTP, POP3, and SMTP traffic, thus protecting the network from viruses, spyware, worms, spam and phishing, and controls unwanted mail and Web content. In more detail, the capabilities of the CSC-SSM module include the following: Antivirus and Antispyware protection using the Trend […]

IP Phones behind a Cisco ASA 5505 Firewall

The Cisco ASA 5505 firewall is an excellent device for small branch office locations since it can offer several network services in one box. It can provide firewall security, IPSEC VPN lan-to-lan connectivity with a central office, and even power-over-ethernet connectivity for local IP phones (two of its network interfaces are power-over-ethernet ports). A common […]

Cisco IDS/IPS module for Cisco ASA Firewalls (AIP-SSM)

The Cisco ASA 5500 security appliance is not just a plain firewall. With an add-on security module (AIP-SSM), you can transform the ASA 5500 into an IDS/IPS sensor as well. The AIP-SSM (Advanced Inspection and Prevention – Security Services Module) is a full-blown IDS/IPS sensor with the same software and functionality like the external standalone […]