Network technologies and trends:

ASA


April 6, 2017  11:08 AM

Cisco have issues with certain software versions of ASA and Firepower appliances as it drops traffic after 213 days

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
ASA, Blog, bug, Cisco, console, Firewalls, HTTPS, Reboot, Security, SSH, vulnerabilities

Cisco released a field notice and also published a  blog about the latest

March 30, 2017  5:19 AM

Cisco ASA VPN troubleshooting  – Decaps but No encaps

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
ASA, bug, Cisco ASA, Cisco VPN, firewall, NAT, Palo Alto Networks, Policies, Proxy, Troubleshooting, tunnel, VPN

Recently we observed a strange issue while building a site to site VPN tunnel between a Cisco ASA [9.1( 5) ] and Palo Alto Next Generation firewall.(PAN-OS 7.0.9) It was observed always phase 1 part of tunnel established successfully with peer however phase 2 failed to come up. Always we were...


March 3, 2017  9:30 PM

What is an error “Subtype:Encrypt Result:Drop” in Cisco ASA Firewalls?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
ACL, ASA, Cisco, Cisco ASA, DROP, firewall, Packet Tracer, Routers, Security, VPN, VPN Tunnel

After building a site to site VPN tunnel between Cisco ASA and any other firewall or router, often the tunnel is tested using the packet-tracer command in Cisco ASA firewall. While running a packet tracer when one sees an error "Subtype:Encrypt Result:Drop" as shown below

Phase:...


January 31, 2017  5:23 AM

Time to welcome CCIE Security Version 5 Written and Lab exam

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
ASA, CCIE, Cisco, cloud, CUCM, Email, Firewalls, Private Cloud, Python, Routing, Switching, UCS, virtual, VPN, Windows 2008, Windows 7, Wireless

Starting today i.e. 31st Jan 2017 , CCCIE Security Version 5 exams both lab and written are available for all CCIE aspirers all over the globe in authorised centres. The written exam known as CCIE Security Written Exam (400-251) version 5.0 is a two-hour test with 90-110 questions. However  the...


January 16, 2017  12:27 PM

What is the error “rpf-check Result: DROP” in Cisco ASA Packet-tracer?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Access List, ASA, Cisco, firewall, NAT

When it comes to troubleshooting with Cisco ASA Firewalls one usually rely on packet-tracer options. However NAT configuration and the way how ACL configured changes from version 8.4. Rather than configuring the ACL for a public IP, a private IP address is used as shown below


September 13, 2016  1:55 PM

What is Cisco FMW portal?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
ASA, Checkpoint, Cisco, Cisco ASA, firewall, Juniper, Migration, Software

Migrating a Cisco ASA Firewall from older Cisco ASA platform to another Cisco ASA 5500 or 5500-X series platform or even from older ASA Version 7.2 (x), 8.0(x),8.1(x) or 8.2(x) to 9.1 (x) or 9.2(x) version, then one can rely on Cisco FWM portal. This web...


September 9, 2016  10:44 AM

What is Cisco Firepower Threat Defense (FTD)?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
application, ASA, BGP, Cisco, Decryption, EIGRP, filtering, firewall, Integration, ISE, malware, Multicast, OSPF, RIP, Routing, Software, SSL, Static Routing, URL, VPN

Cisco Firepower Threat Defense (FTD) is a unified software image, which includes the Cisco ASA features and FirePOWER Services. This unified software is capable of offering the function of ASA and FirePOWER in one platform, both in terms of hardware and software features. This seems to be a good...


August 29, 2016  3:53 PM

Cisco ASA FirePOWER Services Licensing

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
ASA, Cisco, detection, firewall, License, malware, URL

In order to have the full Next Generation Features enabled on the Cisco ASA FirePOWER Module one should ensure that they have appropriate licenses. Currently Cisco is offering follow licenses for Cisco ASA FirePOWER Services License Types


August 26, 2016  6:17 AM

Shadow Brokers group and Cisco exploit

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
ASA, Cisco, NSA, Security, SNMP, Software, vulnerability

The recent claims by Shadow Brokers group to have stolen hacking tools which might belong to the National Security Agency (NSA) has drawn interest of major Security vendors.  Cisco did acknowledge that there is a vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive...


August 20, 2016  11:40 AM

Cisco ASA FirePOWER deployment options – Series 2

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
ASA, Cisco, Decryption, Encryption, IPsec, Security, Security policies, Ssl vpn, traffic

Cisco ASA FirePOWER module can be configured in promiscuous monitor-only mode also known as passive mode. As the name suggests, in passive mode the Cisco ASA FirePOWER module does nothing to the traffic passes through it. Rather the ASA just forwards a copy of the packet to Cisco ASA FirePOWER...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: