So you have a small remote office and want to permit SSH to the outside interface of the 871s. SDM does not seem to permit this. What you must is within the Zone Based Policy Firewall (at the CLI) to permit SSH is allow SSH from the outside zone to the self zone. … [Read more...]
I LIKE NETWORKING
Pretty creative title, yes? Big secret here so get close, there's some networking stuff in here...
How do I reset a site-to-site VPN on ASA5520
To show active VPN then use Phase1: sh crypto isakmp sa Phase2: sh crypto ipsec sa To reset a VPN then use clear crypto isakmp sa or clear crypto isakmp sa 1.1.1.1 where 1.1.1.1 is the remote peer … [Read more...]
802.1x Authetication machine & user on log in
I've recently used CTA 2.1 with the 802.1x supplement, first the machine would authenticate upon boot up and then when the user logged in they would be re-authenticated and any particular user settings would be applied. This was all evident in the ACS logs. However it seems when using native 802.1x on an XP machine with no CTA, first the machine authenticates but when the … [Read more...]
How to synchronize the configuration data between two IPS systems
Unlike the ASA there is not an automatic feature to keep the configuration in sync across the 2 IPS SSMs. Some options: You can use the copy command to copy the configuration from one sensor to an ftp/scp server. Then use the copy command on the second sensor to copy the configuration onto the second sensor. During the copy it will ask whether or not to change the sensor's … [Read more...]
How to tell if Cisco ASA ACL is blocking or permiting traffic, test your ACL
Test you Cisco ASA or PIX ACL (access control list) to see if the ACL is permit traffic or blocking it. … [Read more...]