Network technologies and trends:

NAT

1

March 30, 2017  5:19 AM

Cisco ASA VPN troubleshooting  – Decaps but No encaps

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
ASA, bug, Cisco ASA, Cisco VPN, firewall, NAT, Palo Alto Networks, Policies, Proxy, Troubleshooting, tunnel, VPN

Recently we observed a strange issue while building a site to site VPN tunnel between a Cisco ASA [9.1( 5) ] and Palo Alto Next Generation firewall.(PAN-OS 7.0.9) It was observed always phase 1 part of tunnel established successfully with peer however phase 2 failed to come up. Always we were...

January 16, 2017  12:27 PM

What is the error “rpf-check Result: DROP” in Cisco ASA Packet-tracer?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Access List, ASA, Cisco, firewall, NAT

When it comes to troubleshooting with Cisco ASA Firewalls one usually rely on packet-tracer options. However NAT configuration and the way how ACL configured changes from version 8.4. Rather than configuring the ACL for a public IP, a private IP address is used as shown below


September 30, 2016  11:23 AM

Cisco ASA FirePOWER Services and  High Availability – Series 3

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Arp, CCIE, Cisco Firewall, Cluster, context, Dynamic Routing, Failover, firewall, HA, LAN, NAT, NetFlow, Routing, Subnets, Syslog, TCP, UDP

The Cisco ASA Firewall with FirePOWER services can be deployed in Active/ Active failover, in this mode the ASAs must operate in multiple context mode.  Cisco is relying on failover groups for active Active/Active failover mode. A failover group comprises of logical groups, of one or more security...


September 26, 2016  4:43 AM

Cisco ASA FirePOWER Services and High Availability – Series 2

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Arp, Cisco Firewall, Dynamic Routing, Failover, firewall, NAT, NetFlow, Routing, Syslog, TCP, UDP

The Cisco ASA Appliances offers failover in following states

  • Stateless failover
  • Stateful failover.
By default Cisco ASA Appliance performs stateless failover and in this mode of operation, the Active Unit  does the following


September 24, 2016  6:31 PM

Cisco ASA FirePOWER Services and  High Availability – Series 1

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Arp, Cisco Firewall, Dynamic Routing, Failover, firewall, NAT, Routing, Syslog, TCP, UDP

The Cisco ASA Appliance  with FirePOWER Services is capable of offering high availability using failover and clustering. When it comes to failover , the Cisco ASA supports following types

  • Active/Standby
  • Active/ Active
The Cisco ASA Appliance  with FirePOWER...


November 26, 2015  4:41 AM

Palo Alto Networks Firewall Interface Types –  Virtual Wire

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Administrator, Decryption, Ethernet, Firewalls, HA, Interface, LAYER3, Loopback, NAT, Palo Alto Networks, Security policy, tunnel, VLAN

We all know Palo Alto Network Firewalls offers quite flexibility deployment options, one can also deploy Palo Alto Networks in Virtual Wire or V-Wire mode. This is the beauty of Palo Alto Networks Firewalls , the flexibility it offers cannot be matched by some of the leading firewall vendors....


September 3, 2015  5:43 AM

Palo Alto Network Firewall Architecture – Know how

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
firewall, IPsec, NAT, Palo Alto Networks, SSL

Palo Alto takes a good approach in designing the architecture for their next generation firewalls. Palo Alto offers processors dedicated to security function that work in parallel. Palo Alto firewall contains separate Control Plane and Data Plane. By separating them Palo Alto is ensuring that...


July 7, 2015  9:24 PM

What is VCP-NV – Series 2?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Auditing, Automation, DHCP, DNS, Firewalls, Load balancers, logging, Monitoring, NAT, Routers, Troubleshooting, VMware, VMware certifications, VPNs

When it comes for the VCP-NV certification preparations, one can certainly rely on VMware, as they have plenty of great resources. In may case I extensively used the following


July 6, 2015  11:42 PM

What is VCP-NV – Series 1?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan
Auditing, Automation, DHCP, DNS, Firewalls, Load balancers, logging, Monitoring, NAT, Routers, Troubleshooting, VMware, VMware certifications, VPNs

Recently I tested my skills and knowledge on VMware Certifications, VMware Certified Professional – Network Virtualization also known as VCP-NV, which focuses on NSX products. The VCP-NV certification validates ability to install, configure, and administer NSX virtual networking...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: