Password Recovery for the Cisco ASA 5500 Firewall

“Sponsored Links” If you have lost the administrator password to access the security appliance you can recover the password with the following steps: Step1: Connect to the firewall using a console cable Step2: Power cycle the appliance (power off and then on) Step3: Press the Escape key to enter ROMMON mode Step4: Use confreg command […]

Access To Hosts from Outside a Cisco ASA

Question: Hello, I want to enable access to server on ip address: 192.168.100.30 on port 22 located in inside interface from internet (outside) We have ASA 5520 Cisco Adaptive Security Appliance Software Version 8.0(2) My config (only relevant lines): interface GigabitEthernet0/0 nameif Outside security-level 0 ip address 172.146.147.13 255.255.255.248 standby 172.146.147.12 ! interface GigabitEthernet0/1 nameif […]

Permitting traffic to enter and exit the same interface

With the older Cisco PIX firewall appliances, there was no way for traffic to enter a specific interface and then exit back from the same interface again. With the new Cisco ASA models, this is also not supported by default, but you can enable this functionality with the same-security-traffic permit intra-interface command. The schematic above […]

NAT Question for Cisco ASA 5505

QUESTION: I am configuring a Cisco ASA5505 with DMZ. I have local lan 192.168.103/24 and DMZ 10.103.1.0/24. I am able to connect from LAN to DMZ using 10.103.1.0/24 address but not the other way around. I can add either a static or dymanic NAT for this. I’m not sure how to configure the NAT to […]

Which Cisco ASA Models support IPS Module

As we mentioned in previous posts, the Cisco ASA 5500 appliance supports an Intrusion Detection/Intrusion Prevention plug-in module (AIP-SSM). However not all models support this. Specifically only the middle-range models support it. The lowest-end model (5505) and the highest-end models (5550, 5580) does not support the AIP-SSM IPS module. ASA Models that support IPS Module: […]

Antivirus and Antispam protection with CSC SSM

The CSC-SSM module of the Cisco ASA 5500 Firewall offers content security inspection for FTP, HTTP, POP3, and SMTP traffic, thus protecting the network from viruses, spyware, worms, spam and phishing, and controls unwanted mail and Web content. In more detail, the capabilities of the CSC-SSM module include the following: Antivirus and Antispyware protection using the Trend […]

IP Phones behind a Cisco ASA 5505 Firewall

The Cisco ASA 5505 firewall is an excellent device for small branch office locations since it can offer several network services in one box. It can provide firewall security, IPSEC VPN lan-to-lan connectivity with a central office, and even power-over-ethernet connectivity for local IP phones (two of its network interfaces are power-over-ethernet ports). A common […]

Cisco IDS/IPS module for Cisco ASA Firewalls (AIP-SSM)

The Cisco ASA 5500 security appliance is not just a plain firewall. With an add-on security module (AIP-SSM), you can transform the ASA 5500 into an IDS/IPS sensor as well. The AIP-SSM (Advanced Inspection and Prevention – Security Services Module) is a full-blown IDS/IPS sensor with the same software and functionality like the external standalone […]