[cisco]Public key authentication on Cisco ASA

I am using Cisco ASAv asa992-smp-k8.bin Generate RSA from Centos ssh-keygen -t rsa -b 2048 I rename this asymmetric keys as cisco_id_rsa. Then I get the contents of cisco_id_rsa.pub. Exclude the ssh-rsa and the username@hostname, only get the key and copy and paste to the cisco asa. See the screenshot on the highlighted portion. On … Continue reading [cisco]Public key authentication on Cisco ASA

Update Cisco ASA object group with netmiko

This is a demo of configuring ASA with netmiko, there is a use case when a server is provisioned, the server's hostname and ip addresses are assigned automatically by Vrealize, and run a python script to update the object-group of the server. Here's the code:

Cisco ASA: Setting up anyconnect vpn with SSL and IPsec

Introduction This post demonstrates how to set up anyconnect vpn for your mobile devices. In this post I am using an android mobile phone and downloaded anyconnect ICS+. Cisco ASA software version 9.1(4), ASDM version 7.1, with anyconnect essential license and anyconnect for mobile license. This demonstration will configure IPsec and SSL remote access VPN, … Continue reading Cisco ASA: Setting up anyconnect vpn with SSL and IPsec

Security: Site-to-site vpn with ASA5505 and 2651XM

Verify connectivity before setting up vpn 2651-3#ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms ciscoasa(config)# ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: … Continue reading Security: Site-to-site vpn with ASA5505 and 2651XM

Security: Physical interface redundancy

Suppose there's a physical cable from your pix/asa to a switchport at a vlan fails, you cannot afford down time due to link failure. You can consider using interface redundancy. Firewall interface redundancy can include up to 8 physical interfaces. Physical interfaces that are member of redundant link will have all its security parameters wiped … Continue reading Security: Physical interface redundancy