ASA

Cisco adopting strategies to compete in the small business line

Cisco is almost synonymous with big business in the network infrastructure market but recently they have really been working to make themselves more friendly to the SMB market.

Here is a good article about that:

 http://www.channelregister.co.uk/2009/09…

Working at a consulting company that is a Cisco partner and has a large focus on small business I find that there are a lot of great Cisco products in the price range my client’s look for.

The ASA 5505 for example is a great little firewall with a lot of good features and price was is right on the mark and  often cheaper then equivalent Watchguard and Sonicwall products. As well  the UC500 Integrated services voip router is a great solution for a small business who wants a voice solution with a reasonable cost, particularly if they need a primary router/firewall and/or small wireless solution in any case.

Cisco ASA - Remote access VPN user’s can’t connect to internal resources on the same network

So I was working with a Cisco ASA 5510. The inside network was 10.0.0.0/24. I had created a  remote access vpn policy for users and set them up to receive address’s on their inside network (10.0.0.0/24).

While the users we able to connect fine to the vpn they were not able to ping or access any resources on the internal network. The reason I found for this is that even though they are receiving address’s on the same network as the internal LAN, the ASA still considers them part of a separate network and will try to NAT the traffic using your dynamic NAT rule.

The way to resolve this is to create a NAT exemption rule from your inside network to your inside network. Sounds funny, but it works.

Hope this helps

ASA 5520 not Nat’ing traffic

A colleague of mine and I were setting up and configuring an ASA 5520. We ran through the basic setup wizard and set up the preliminary NAT and access rules and found we could get out to the Internet. The ASA itself could access Internet resources but we on the inside connection could not. So of course we double checked out NAT rules and ACL and everything looked fine. So we figured it was a bug and did a factory default reset and still had the same issue. After the second factory-default reset we were ready to chalk it up to hardware issues when we decided to do one more factory-default reset and that fixed the problem. I am unsure what change on the third reset that didn’t on the first two but since then the device has been working fine.

Cisco ASA - Remote Access VPN not getting reserved address from DHCP

I have configured a Cisco ASA 5520 in an environment where the remote users need to get statically assigned IP addresses. In the past this was done by using MAC address reservations on the DHCP server. In replacing their old firewall and putting in the ASA what I have found is that even though Remote Access VPN is configured to assign IP address’s via the DHCP server and even though that works (You can see the lease on the DHCP server), it does not give them the address that has been reserved by their MAC address. Does anyone know a solution to this? I would love to hear it.