Cisco ASA – SourceFire 5506-X | direct upgrade to latest build

In my previous post in april I figured out how to upgrade the software step by step. In the mean time I found out it's possible to do this in once. You need to setup first some tools before you can start. Have a TFTP and a FTP Server TFTP server needs to contain the … Continue reading Cisco ASA – SourceFire 5506-X | direct upgrade to latest build

Advertisements

Cisco | ASA 5508 with Firewpower

Yesterday I started to configure and try a Cisco ASA 5508-X with firepower. With the Cisco ASA 5506-X with firepower i knew already that it would take some time to update the firepower software. Now with this new device I had some time to see and test. I started yesterday early afternoon the general configuration … Continue reading Cisco | ASA 5508 with Firewpower

Cisco | Cisco IOS router to Meraki Appliance | site-to-site VPN with Zone based Firewalling

Lately I'm busy to configure Cisco IOS routers in combination with Remote offices where we place Meraki Appliances (like the MX64, MX65 or the Z1) When we do this we create also a VPN connection (site to site). In this setup the Main office has a Cisco IOS router. Configuration of the Main Office. (Cisco … Continue reading Cisco | Cisco IOS router to Meraki Appliance | site-to-site VPN with Zone based Firewalling

Cisco ASA | Juniper site-to-dynamic VPN

Cisco ASA Configuration part When you want to connect to a Juniper Netscreen SG5 device which has a Dynamic IP address. It can be difficult to find what the correct specs are for this type of setup. First you need to go: Configuration > site-to-site VPN > advanced > Tunnel-Groups You have to edit the … Continue reading Cisco ASA | Juniper site-to-dynamic VPN

Cisco | ASA disable SSL 3.0 settings and change it to TLS V1.2

To see if you SSL version for AnyConnect is on a safe level. You want to check this first via the following website https://www.ssllabs.com/ssltest/analyze.html You need to enter your domain name which you use to connect with the clients to logon to. For this you need to use at lease ASA software version 9.3(2) or … Continue reading Cisco | ASA disable SSL 3.0 settings and change it to TLS V1.2

Cisco | SourceFire expert mode Cisco ASA 5506-X

Recently I was updating a Cisco ASA 5506-X SourceFire. It was not the update for the ASA or ASDM, but an update for the SourceFire it self. Via the ASDM you can start an update for a local downloaded file or file downloaded from the internet. In my case i downloaded the file to my … Continue reading Cisco | SourceFire expert mode Cisco ASA 5506-X

Cisco | IOS version difference in case of use NO_NAT

Since a couple of years actually I noticed that when I use recent IOS versions on a Cisco ISR device. That there are some struggles with NAT rules in combination with a VPN client. In somecases you have to put the access-list for the NAT rule with a Permit like below. ip access-list extended ACL_OUTSIDE_NO_NAT … Continue reading Cisco | IOS version difference in case of use NO_NAT