ASA reconnaissance
ASA: show interface ip brief
To do a line break or exit:
IOS: CTRL-C
ASA: q, to exit from a mode type q press enter
IOS: show vlan {brief}
ASA: show switch vlan
ASA:
vlan1 inside interface e0/1 – 7
vlan2 outside interface e0/0
IOS: show command can only be executed in privilege exec mode, has to use keyword “do” if wants to execute show command from other modes.
ASA: show command can be use in any mode once privilege exec mode is accessed.
IOS: int <type of interface> <interface id>
ip address dhcp client-id <interface>
no shut
ASA: int vlan2
ip address dhcp (this command can only be used by vlan interface)
no shut
IOS: ping can be executed only on privilege exec mode, has to use keyword “do” if wants to execute ping command from other modes.
ASA: ping can be used in any mode, once privilege exec mode is accessed.
IOS: ip domain-lookup
ASA: dns domain-lookup
IOS: int con0
exec-timeout 0 0
ASA: console timeout 0
ciscoasa(config)# console timeout ?
configure mode commands/options:
<0-60> Idle time in minutes after which a console session will be closed, 0
means timeout is disabled
Access-list:
IOS: uses wildcard mask
Supports both numbered and named acl
ASA: uses subnet mask
Supports only named acl
but if you put number as your acl name example 10, ASA will take it as standard acl.
IOS: ip nat inside source list <acl> <interface | pool> overload
ASA: nat (inside) <nat_id> <ip address> <subnet mask> outside | nat (inside) <nat_id> <ACL> outside
cyruslab 