Cisco CCNA Security Certification

As information security threats are exploding, the network security certifications are getting more and more attention and demand. The Cisco CCNA Security Certification is an excellent choice for a starting network professional since enterprises started to seek professionals with security skills. The Cisco CCNA security leads also to two other popular and hot certifications, the […]

Password Recovery for the Cisco ASA 5500 Firewall

If you have lost the administrator password to access the security appliance you can recover the password with the following steps: Step1: Connect to the firewall using a console cable Step2: Power cycle the appliance (power off and then on) Step3: Press the Escape key to enter ROMMON mode Step4: Use confreg command to change […]

Access To Hosts from Outside a Cisco ASA

Question: Hello, I want to enable access to server on ip address: 192.168.100.30 on port 22 located in inside interface from internet (outside) We have ASA 5520 Cisco Adaptive Security Appliance Software Version 8.0(2) My config (only relevant lines): interface GigabitEthernet0/0 nameif Outside security-level 0 ip address 172.146.147.13 255.255.255.248 standby 172.146.147.12 ! interface GigabitEthernet0/1 nameif […]

Permitting traffic to enter and exit the same interface

With the older Cisco PIX firewall appliances, there was no way for traffic to enter a specific interface and then exit back from the same interface again. With the new Cisco ASA models, this is also not supported by default, but you can enable this functionality with the same-security-traffic permit intra-interface command. The schematic above […]

ASA 5505,5510 Base Vs Security Plus License

CISCO ASA 5505 CISCO ASA 5510 The two smallest ASA Firewall models, the 5505 and the 5510, are the only ones that have two types of licenses. They can be ordered either with a Base License or a Security Plus License. Many customers of mine are always asking me what the difference is between the […]

Which Cisco ASA Models support IPS Module

As we mentioned in previous posts, the Cisco ASA 5500 appliance supports an Intrusion Detection/Intrusion Prevention plug-in module (AIP-SSM). However not all models support this. Specifically only the middle-range models support it. The lowest-end model (5505) and the highest-end models (5550, 5580) does not support the AIP-SSM IPS module. ASA Models that support IPS Module: […]