Tag Archives: asa

Hairpinning traffic through ASA with State Bypass

Several years ago I wrote an article about the Woes of Using an ASA as a Default Gateway. I have received a lot of feedback about this post and recently had a request for an update around ASA > 8.3. … Continue reading

Posted in How-To | Tagged | 3 Comments

Be Careful with TCP Syslog and the ASA

I wanted to take just a moment to share a little gotcha that could take you by surprise. To demonstrate, I have a simple topology with an ASA in the middle. I am inspecting ICMP so ping traffic is stateful … Continue reading

Posted in Design | Tagged | 2 Comments

Simple ASA to IOS VPN

Occasionally you just need a cheat sheet to configure something up. This is meant to be exactly that, a quick configuration of lan to lan IPSec between an ASA¬†and IOS based router. Host (for testing) ! /// Host is simply … Continue reading

Posted in How-To | Tagged | 1 Comment

Internet Redundancy with ASA SLA and IPSec

I’ve seen a lot of examples of redundant Internet connections that use SLA to track a primary connection. The logic is that the primary Internet connection is constantly being validated by pinging something on that ISP’s network and routing floats … Continue reading

Posted in How-To | Tagged | 6 Comments

Don’t Forget about the ASA’s “show conn” Command

I often find myself troubleshooting connections through an ASA. As a firewall, the ASA is often blamed for network connectivity issues. Therefore, we often just want to determine if the issue is upstream or downstream from the firewall. One of … Continue reading

Posted in Career | Tagged | 5 Comments

ASA HTTP Filtering by Domain with Host Headers

One of the questions that regularly comes up with firewalls is how to filter based on domain name. Access Control Lists, or ACLs, are designed to filter based on IP addresses and networks. One of the things that many would … Continue reading

Posted in How-To | Tagged | 4 Comments