After returning from vacation, Bob (the optimistic firewall technician) decided that he wanted to take some time and get a little bit more familiar with firewall configuration. He was able to get permission to use some spare equipment for practice.... [Read the rest of this entry -->]
...
Read Full Post »
It was a dark, cold night in late December, and Bob, (the optimistic firewall technician), had a single ASA to deploy before going home for the holidays. The requirements for the firewall were simple. Bob read them slowly as follows:... [Read the rest of this entry -->]
...
Read Full Post »
Posted in CCIE Security, PIX/ASA Firewall on Sep 11th, 2009
Join Keith Barker for “Module 1 ASA, Lesson A – ASA Initialization” in the upcoming CCIE Security Audio Bootcamp. This sample can be accessed in one of three ways:... [Read the rest of this entry -->]
...
Read Full Post »
Posted in CCIE Security, PIX/ASA Firewall on Apr 19th, 2009
Modular Policy Framework (MPF) configuration defines set of rules for applying firewall features, such as traffic inspection, QoS etc. to the traffic transiting the firewall. MPF has many similarities to MQC (Modular QoS CLI) syntax found in Cisco IOS, but there are some major differences in the flow of operations, even though many commands look the same. The following post assumes basic understanding of ASA firewall and its configuration. It covers the basic logic of the MPF, but does go over all firewall features in depth. ... [Read the rest of this entry -->]
...
Read Full Post »
What in the world is a bogon? It is a source address that should not appear in an IP packet on an interface that faces the public Internet. A very famous example of a bogon address would be the Private IP address space, as defined in RFC 1918. This address space is as follows:... [Read the rest of this entry -->]
...
Read Full Post »
Posted in CCIE Security, PIX/ASA Firewall on Sep 29th, 2008
As I am sure you have already seen from the blog on setting up the security device as a Layer 2 device, there are many interesting changes that occur on a PIX or ASA when configured for transparent operations. This blog highlights the major changes and guidelines that you should keep in mind when you opt for this special mode of operation.... [Read the rest of this entry -->]
...
Read Full Post »
Posted in CCIE Security, PIX/ASA Firewall on Sep 28th, 2008
This blog will examine the basic setup of the transparent firewall feature available with the PIX and the ASA. This blog was based on the PIX-525 running 7.2(4) code with a Restricted license in GNS3. Here is the topology that was used:... [Read the rest of this entry -->]
...
Read Full Post »
Posted in CCIE Security, PIX/ASA Firewall on Sep 27th, 2008
Thanks to Anisha with Cisco Systems for this idea. We were in Brian McGahan’s CCIE Security 5 Day Bootcamp, and she realized it would be nice to have a Quick Ref of his troubleshooting/verification commands. There is a bazillion shows and debugs it seems, but you only need a subset to be successful in the lab. Here is the first part of the “cheat sheet”. The rest will follow in the respective categories in the blog. Please let me know via comment if you see errors or have additions. I added to Brian’s classroom commands with some of my own. I also took a few from the Cisco Press ASA All-In-One Guide. It is an excellent text for your Kindle!... [Read the rest of this entry -->]
...
Read Full Post »
Posted in CCIE Security, PIX/ASA Firewall on Sep 12th, 2008
This blog is focusing on QoS on the PIX/ASA and is based on 7.2 code to be consistent with the CCIE Security Lab Exam as of the date of this post. I will create a later blog regarding new features to 8.X code for all of you non-exam biased readers
... [Read the rest of this entry -->]
...
Read Full Post »
Posted in CCIE Security, PIX/ASA Firewall on Sep 9th, 2008
This post was created using GNS3 and follows what I thought was some of the most lab and real-world relevant content from the Cisco ASA documentation in the area of IP Routing:... [Read the rest of this entry -->]
...
Read Full Post »