Monthly Archives: January 2012

Migrating ASA NAT Exemption Configuration

NAT exemptions are often required when a single ASA appliance is performing NAT and terminating VPN connections.  In ASA configurations prior to 8.3 and 8.4, NAT exemptions were configured with “nat 0 access-list <acl name>” and a related access-list.

Posted in How-To | Tagged | 7 Comments

ASA L2L VPN Spoke to Spoke Communication

It seems like some of the more challenging things to do on an ASA involve some sort of traffic being redirected out the same interface it was received on. This article addresses the requirement for spoke to hub to spoke … Continue reading

Posted in How-To | Tagged | 34 Comments

No SSH After Upgrading to 8.4

There are several changes when an ASA is upgraded from 8.2 to 8.4(2). The most notable of these are the ones dealing with the syntax of the NAT configuration. However, there is another gotcha that you might not be expecting. SSH will … Continue reading

Posted in Other | Tagged | 3 Comments

Typical NAT/PAT Configuration Comparison for ASA 8.4

A little while back, I posted an article that took a very simple ASA configuration and migrated it to 8.4. This article takes it a step further and focuses on NAT and PAT, as well as the related access control … Continue reading

Posted in Design | Tagged | 9 Comments

ASA VPN with Address Overlap

More and more, the Internet is being used as a connection to business partners. Typically this requires building an IPSec Tunnel between two VPN capable endpoints. For me the device of choice is the Cisco ASA. Since we are connecting to a business … Continue reading

Posted in How-To | Tagged | 42 Comments

How Many Different Passwords Will Your Bank Accept?

Do you use upper and lower case letters in your Internet Banking passwords in an attempt to achieve additional security?  What if I told you that in many cases it did not even matter? The FFIEC (Federal Financial Institutions Examination … Continue reading

Posted in Other | 4 Comments