Blog Archives

SSH to Cisco ASA fails, unable to negotiate, no matching key exchange method found.

Short story: With SSH-clients based on OpenSSH 7.0 (like my OSX Mac) I cannot connect with SSH to a Cisco Firewall. To connect anyway I must add the parameter -oKexAlgorithms=+diffie-hellman-group1-sha1 to ssh. sha1 is deprecated as hash algoritm and should

Tagged with: , , , , , , , , , ,
Posted in Cisco Networking, Cisco Security

Cisco ASA CLI backup command

There is a new command in Cisco ASA firewall that makes a full backup of the firewall, from CLI! Until recently we have been forced to use ASDM to download a full zip backup file from the device or CLI

Tagged with: , , , , , ,
Posted in Cisco Security

Cisco ASA firewall and ICMP traffic

In this video I explain how ICMP Traffick (like pings, echo, echo-reply) is handled in the firewall. The ICMP packets are being handled in 3 different ways depending if the traffic is to the box, from the box or thru

Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Cisco Security, Security

Cisco ASA builtin scp server

The Cisco ASA contains a builtin scp server. By enabling that you can use the scp protocol to transfer files to and from the server using an scp client. scp is a secure file transfer protocol. It is almost like

Tagged with: , , , , , , , , , , , , ,
Posted in Cisco Networking, Cisco Security

Cisco ASA 5506-x Firepower reimage process

Installing a new Firepower image on Cisco ASA 5506 seems to take forever. Sometimes we get output to see that the process is still running, and sometimes not. I have actually recorded the entire process and shrinked down the progress

Posted in Cisco Security, Security

Signuppp

[mc4wp_form id="2457"]
Website Security Test