Version Selection: Why Bug Scrubs Matter
One of networking’s great joys is that of version selection. What version of software do you run on the devices you are responsible for? The choice is generally a trade-off between two things: features...
View ArticleClik here to view.
Cisco ASA 8.3+8.4 Hairpinning NAT Configuration
I ran into an issue over the weekend where a VPN client was unable to access a remote office connected via an L2L tunnel terminated on the same firewall. The symptoms were straightforward enough. The...
View ArticleClik here to view.
Cisco ASDM Pro Tip – How To Preview Commands Before They Are Sent To The ASA
The Cisco ASA Device Manager (ASDM) is the wonderful Java GUI that everyone loves to hate…a lot, and with good reason. It’s not the most useful tool to work with, it’s written in Java and crashes (a...
View ArticleCisco ASA Licensing Explained
Cisco ASA firewall licensing used to be pretty simple, but as features were rolled out as licenses, the scheme became quite complex. The matters are further complicated since different appliances and...
View ArticleUnderstanding When A Cisco ASA NAT Rule Can Override The ASA Routing Table
Thanks to @bobmccouch who responded multiple times to my frustrated tweeting about Cisco ASA packet forwarding weirdness today. He pointed out some crucial forwarding behavior related to 8.3.1 and...
View ArticleClik here to view.
How To Build An IPSec VPN with Cisco ASAs & Overlapping Address Space
There are times your company will partner with another to provide a resource to them. Often, this interaction is secured with a LAN-to-LAN (L2L) VPN tunnel. Most Cisco documentation about L2L VPNs are...
View ArticleClik here to view.
Cisco ASA: High CPU in Dispatch Unit
I ran into an issue of unexpectedly high CPU utilization on a Cisco ASA firewall running 8.4.x family code; the CPU was running greater than 90%, when less than 25% was normal. The culprit was the...
View Article
