[cisco]Public key authentication on Cisco ASA

I am using Cisco ASAv asa992-smp-k8.bin Generate RSA from Centos ssh-keygen -t rsa -b 2048 I rename this asymmetric keys as cisco_id_rsa. Then I get the contents of cisco_id_rsa.pub. Exclude the ssh-rsa and the username@hostname, only get the key and copy and paste to the cisco asa. See the screenshot on the highlighted portion. On … Continue reading [cisco]Public key authentication on Cisco ASA

[cisco]Cisco Firepower lab setup

For this lab I am using Firepower Threat Defence version 6.3 (FTD) and Firepower Management Center 6.3 (FMC). The FTD is a next generation firewall that does IPS/IDS, URL filtering and traditional firewall, the FTD itself can be managed individually with its own FTD manager, however it can also be managed with FMC. The IPS/IDS … Continue reading [cisco]Cisco Firepower lab setup

[Tufin]Error:Unable to get configuration

Tufin securetrack is monitoring the device groups from Panorama, in the dashboard you saw the status is device connected, however when you go to Settings > administration > status, the device group is amber and the status is Error:Unable to get configuration. Usually is because the Palo Alto Firewall is disconnected from Panorama. Login to … Continue reading [Tufin]Error:Unable to get configuration

Config example for ipsec vpn with iPad native vpn client

The iPad native vpn client supports ikev2. I have searched many documents in the internet and most of them are example for site-to-site, very few useful documentation about remote access vpn with ipsec using ikev2 perhaps for remote access ssl vpn is more convenient and popular. So here's the sample config. The config use certificate … Continue reading Config example for ipsec vpn with iPad native vpn client

Transparent firewalling with Cisco ASAv

Topology Lab Objective Linux 7 and Linux 8 are within the same subnet, however all initiated traffic towards Linux 8 must be blocked. Linux 8 is allowed to access to all destination. ASAv Setup Change ASAv1 and ASAv2 into transparent firewall firewall transparent 2.¬†Configure failover on ASAv1 as primary !one of the interface will be … Continue reading Transparent firewalling with Cisco ASAv