Category: Firewalling

Configuration Example, Firewalling, Routing

NBAR and smart filtering

René Jorissen on February 15, 2011 2 Comments • Tags: #application #based #http #match #mime #nbar #network #protocol #recognition

NBAR (Network Based Application Recognition) is a cool Cisco tool to identify and classify content flowing through a router. You can identify applications as mission critical, business-related, non-critical or unwanted. Once these mission critical applications are classified they can be guaranteed a minimum amount of bandwidth, policy routed, and marked for preferential treatment. Non-critical applications … Read More

Firewalling

Cisco ASA remote management via VPN

René Jorissen on February 14, 2011 4 Comments • Tags: #access #asa #cisco #interface #management #managementaccess #remote

By default, remote access VPN users aren’t able to manage a Cisco ASA firewall on the inside interface using any kind of management protocol (SSH, telnet, HTTPS). You can enable remote management by specifying the management-access interface. You can specify the interface via the CLI or via the Cisco Adaptive Security Device Manager (ASDM). Both … Read More

Firewalling

Cisco ASA NPE image

René Jorissen on January 4, 2011 1 Comment • Tags: #asa #cisco #encryption #no #npe #payload

I got complains from a customer who wasn’t able to configure 3DES or AES encryption for a VPN tunnel. Sounds familiar with a problem I had a couple of weeks ago. So I gave the customer the advice to upgrade and activate the VPN-3DES-AES feature. He tried but that didn’t solve this problem. I remotely … Read More

Firewalling, Security

Cisco ASA: DNS reply filtering

René Jorissen on August 28, 2009 7 Comments • Tags: #asa #cache #class #dns #drop #expression #filtering #inspect #inspection #map #policymap #regex #regular #request #url

Today I was asked to block access to multiple websites and the only device capable of doing this was the firewall. This customer is using a Cisco ASA firewall, which supports basic URL filtering. This customers wanted to block HTTP and HTTPS websites. HTTPS websites use a SSL tunnel from the end device to the … Read More

Firewalling

VPN Filtering through Group Policy

René Jorissen on January 9, 2009 0 Comments • Tags: #access #connection #filtering #group #lists #permitipsec #permitvpn #policy #sysopt #tunnel #vpn #vpnfiltering

When configuring a Remote Access VPN or a Site to Site VPN connection you have the ability to filter traffic entering and leaving the VPN connection. You have the ability to enable inbound IPsec sessions to bypass interface access lists. Group policy and per-user authorization access lists still apply to the traffic. The sysopt connection … Read More

Firewalling, Management

ASDM Error: Unconnected socket not implemented

René Jorissen on December 23, 2008 0 Comments • Tags: #10 #11 #61551 #implemented #java #not #socket #unconnected #update

When you receive the following error, while starting ASDM: ASDM Error: Unconnected socket not implemented You should look at your Java versions. When you are using Java 6 Update 10 or higher and ASDM 6.1.5 or lower, you will receive this error. There are two workarounds for this problem: Downgrade Java to Java 6 Update … Read More