In Cisco ASA how to send the firewall traffic to AIP SSM module for inspection?

The traffic we want to be inspected is defined with the use of an access-list. In this example output, the access-list permits all IP traffic from any source to any destination. Therefore, to-be-inspected traffic can be anything that passes through the ASA. ciscoasa(config)#access-list traffic_for_ips permit ip any any ciscoasa(config)#class-map ips_class_map ciscoasa(config-cmap)#match access-list traffic_for_ips ciscoasa(config)#policy-map global_policy [...]

What is Anti-replay in IPSEC

IPSec provides anti-replay protection against an attacker who duplicates encrypted packets with the assignment of a monotonically increasing sequence number to each encrypted packet. The receiving IPSec endpoint keeps track of which packets it has already processed on the basis of these numbers with the use of a sliding window of all acceptable sequence numbers. [...]

Can you give an overview of various components in IPSec?

The IPsec suite is an open standard. IPsec uses the following protocols Authentication Headers (AH)– provide connectionless integrity and data origin authentication for IP datagrams and provides protection against replay attacks. Encapsulating Security Payloads (ESP)– provide confidentiality, data-origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic-flow confidentiality. Security [...]

What is Symmetric & Asymmetric encryption?

Symmetric encryption-In symmetric encryption, a single key is used both to encrypt and decrypt traffic.Common symmetric encryption algorithms include DES, 3DES, AES, and RC4. 3DES and AES are commonly used in IPsec and other types of VPNs. Symmetric encryption algorithms are extremely fast & their relatively low complexity allows for easy implementation in hardware. However, [...]

What is FWSM?

Firewall Services Module (FWSM) is a integrated firewall module for Cisco Catalyst 6500 switches and Cisco 7600 Series routers.Up to four FWSMs can be installed in a single chassis, providing scalability to 20 Gbps per chassis. Based on Cisco PIX Firewall technology. Right now FWSM is end of sale & end of life.

In logging if Cisco ASA is showing “MSS Exceeded” error message what you will do?

We know that the Cisco ASA drops the packets that exceed the MSS value advertised by the client. We can bypass this behaviors by MPF (Modular Policy Framework) ================================================= Cisco-ASA(config)#access-list select_traffic permit tcp any host 192.168.9.2 Cisco-ASA#configure terminal Cisco-ASA(config)#class-map cm_allow_mss Cisco-ASA(config-cmap)#match access-list select_traffic Cisco-ASA(config-cmap)#exit Cisco-ASA(config)#tcp-map mss-map Cisco-ASA(config-tcp-map)#exceed-mss allow Cisco-ASA(config-tcp-map)#exit Cisco-ASA(config)#policy-map pm_allow_mss Cisco-ASA(config-pmap)#class cm_allow_mss Cisco-ASA(config-pmap-c)#set connection [...]

What is MPF in Cisco ASA?

Modular Policy Framework (MPF) configuration defines set of rules for applying firewall features, such as you can use Modular Policy Framework to create a timeout configuration that is specific to a particular TCP application, as opposed to one that applies to all TCP applications Modular Policy Framework features: *QoS input policing *TCP normalization, TCP and [...]

What is Stateful failover?

Every time a session is created for a flow of traffic on the primary node, it is synced to the secondary node. When the primary node fails, sessions continue to send the traffic through the secondary node without having to re-establish. I found really cool book to learn  Cisco ASA firewalls check out the Cisco [...]

What is Vulnerability

In computer security, a vulnerability is a weakness which allows an attacker to reduce a system’s information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.

In Cisco ASA firewall how to check if it’s under the TCP Syn Flood attack? If it’s under attack what are the counter measures?

In Cisco ASA by running ‘sh connection count’ we can check the number of open connections. By default value for half open connection is 100000 . ciscoasa# show conn count 1931 in use, 3139 most used We can configure the ASA to lower that value by creating class map to select the traffic class-map SYN_Flood_Attack [...]