Network technologies and trends:

firewall


November 9, 2017  3:23 AM

What is “TCP Spurious Retransmission” ? And why does this occur for the FTP traffic passing through a Cisco ASA Firewall?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
ASA, Cisco, Cisco ASA, Filezilla, firewall, FTP, Network security, TCP

Recently we come across an issue where FTP  connection was not established between the client and the FTP server. The connection was passing through the Cisco ASA Firewall. Upon troubleshooting, we discovered 3-way TCP handshake was happening, however, once the login name and password entered to...

March 30, 2017  5:19 AM

Cisco ASA VPN troubleshooting  – Decaps but No encaps

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
ASA, bug, Cisco ASA, Cisco VPN, firewall, NAT, Palo Alto Networks, Policies, Proxy, Troubleshooting, tunnel, VPN

Recently we observed a strange issue while building a site to site VPN tunnel between a Cisco ASA [9.1( 5) ] and Palo Alto Next Generation firewall.(PAN-OS 7.0.9) It was observed always phase 1 part of tunnel established successfully with peer however phase 2 failed to come up. Always we were...


March 3, 2017  9:30 PM

What is an error “Subtype:Encrypt Result:Drop” in Cisco ASA Firewalls?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
ACL, ASA, Cisco, Cisco ASA, DROP, firewall, Packet Tracer, Routers, Security, VPN, VPN Tunnel

After building a site to site VPN tunnel between Cisco ASA and any other firewall or router, often the tunnel is tested using the packet-tracer command in Cisco ASA firewall. While running a packet tracer when one sees an error "Subtype:Encrypt Result:Drop" as shown below

Phase:...


January 16, 2017  12:27 PM

What is the error “rpf-check Result: DROP” in Cisco ASA Packet-tracer?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Access List, ASA, Cisco, firewall, NAT

When it comes to troubleshooting with Cisco ASA Firewalls one usually rely on packet-tracer options. However NAT configuration and the way how ACL configured changes from version 8.4. Rather than configuring the ACL for a public IP, a private IP address is used as shown below


October 24, 2016  6:10 PM

Blue Coat Proxy SG Deployment methods – Virtually Inline Mode

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
firewall, GRE, Hardware, Network, Protocols, Proxy, router, Routing, Scalability, Switch, virtual, WCCP

In Virtually Inline deployment mode, the Proxy SG can be deployed in any network location, it relies on traffic redirection mechanisms like Web Cache Communication Protocol (WCCP) or Policy Based Routing (PBR) to redirect the interesting traffic, such as HTTP /HTTPS to the Proxy SG. WCCP is a Cisco...


September 30, 2016  11:23 AM

Cisco ASA FirePOWER Services and  High Availability – Series 3

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Arp, CCIE, Cisco Firewall, Cluster, context, Dynamic Routing, Failover, firewall, HA, LAN, NAT, NetFlow, Routing, Subnets, Syslog, TCP, UDP

The Cisco ASA Firewall with FirePOWER services can be deployed in Active/ Active failover, in this mode the ASAs must operate in multiple context mode.  Cisco is relying on failover groups for active Active/Active failover mode. A failover group comprises of logical groups, of one or more security...


September 26, 2016  4:43 AM

Cisco ASA FirePOWER Services and High Availability – Series 2

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Arp, Cisco Firewall, Dynamic Routing, Failover, firewall, NAT, NetFlow, Routing, Syslog, TCP, UDP

The Cisco ASA Appliances offers failover in following states

  • Stateless failover
  • Stateful failover.
By default Cisco ASA Appliance performs stateless failover and in this mode of operation, the Active Unit  does the following


September 24, 2016  6:31 PM

Cisco ASA FirePOWER Services and  High Availability – Series 1

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Arp, Cisco Firewall, Dynamic Routing, Failover, firewall, NAT, Routing, Syslog, TCP, UDP

The Cisco ASA Appliance  with FirePOWER Services is capable of offering high availability using failover and clustering. When it comes to failover , the Cisco ASA supports following types

  • Active/Standby
  • Active/ Active
The Cisco ASA Appliance  with FirePOWER...


September 13, 2016  1:55 PM

What is Cisco FMW portal?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
ASA, Checkpoint, Cisco, Cisco ASA, firewall, Juniper, Migration, Software

Migrating a Cisco ASA Firewall from older Cisco ASA platform to another Cisco ASA 5500 or 5500-X series platform or even from older ASA Version 7.2 (x), 8.0(x),8.1(x) or 8.2(x) to 9.1 (x) or 9.2(x) version, then one can rely on Cisco FWM portal. This web...


September 9, 2016  10:44 AM

What is Cisco Firepower Threat Defense (FTD)?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
application, ASA, BGP, Cisco, Decryption, EIGRP, filtering, firewall, Integration, ISE, malware, Multicast, OSPF, RIP, Routing, Software, SSL, Static Routing, URL, VPN

Cisco Firepower Threat Defense (FTD) is a unified software image, which includes the Cisco ASA features and FirePOWER Services. This unified software is capable of offering the function of ASA and FirePOWER in one platform, both in terms of hardware and software features. This seems to be a good...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: