Blog Archives

Cisco ASA Anyconnect licensing for dummies, updated!

The picture below should be self-explaining. Click it for a larger version. Edit 2014: There was some errors in the logics around AEA-licenses. The picture below is now corrected. Please do not use the old version (v1.1).   Let me

Tagged with: , ,
Posted in Cisco Security

DNS Doctoring in Cisco ASA

Issue: Your internal clients tries to reach an internal server but since they resolves the address of the server from an external DNS-server they will get a public IP.   Solution: DNS Doctoring.   In the example below your client

Tagged with: , , , ,
Posted in Cisco Security

Make drawings to understand the topology of firewall implementations

Every time I see a new implementation of a Cisco ASA firewall I need to know how it is connected. Before doing any changes in the configuration and before answering any answers regarding the functionality of the FW i first

Tagged with: , ,
Posted in Cisco Security

ASA Nat behavior with multiple public ip ranges changed after upgrade

I recently upgraded a customer ASA from v8.2 to 9.0 and while doing that I found out that some (yeah!) of the static NAT translations didn´t work after the upgrade. Skilled ASA-upgraders knows that this happens a lot. That´s why

Tagged with: ,
Posted in Cisco Security

Cisco CLI access using Radius and ISE

When releasing Cisco ISE as a “new ACS” questions quickly raised regarding the fact that there is no Tacacs+ support in ISE. With v1.0 of ISE Cisco said “Tacacs+ will come in a future version” but we haven´t seen it

Tagged with: , , ,
Posted in Cisco Security


[mc4wp_form id="2457"]
Website Security Test