Category Archives: Firewall

Cisco ASA VPN Tunnels – ISAKMP Messages

This was taken from from a very good web-site called where you can find a lot of information with regard to VPN troubleshooting on Cisco devices. Original ISAKMP RFC is also very good for understanding ASA ISAKMP STATES MM_WAIT_MSG2: Initial DH public key sent to responder. Awaiting initial contact reply from other side.… Read More »

Cisco ASA – ASP Captures

What is the Accelerated Security Path? The Accelerated Security Path (ASP) on the ASA appliance comprises of 2 components; The Fast Path and The Session Management Path. In addition to the Accelerated Security Paths there is also the Control Plane Path which is also covered below. The Session Management Path When a new connection reaches… Read More »

VPN Tunnel Configuration Guide on Cisco ASA

Configuring a VPN Tunnel via Command Line. Taken from Amazon using lower encryption Algorithms.  Anything beginning with ! is informational. ! You may need to populate these values throughout the config based on your setup: ! <outside_interface> – External interface of the ASA ! <outside_access_in> – Inbound ACL on the external interface ! <amzn_vpn_map> –… Read More »

The 3 styles of NAT

Dynamic NAT Dynamic NAT is a one to one NAT, however you setup an IP pool of NAT’d IPs so when devices cross networks it will NAT them to the pool created.  It can also work in conjunction with DNS to assist with overlapping address ranges.  This is the least common form of NAT. NAT… Read More »

Cisco Access Lists Explained

Access-Lists: Access lists can be used for more than just permitting and denying ports and IPs.  The access lists should actually be named as identifier lists which identify types of traffic and if it is allowed or not. They can be used for: Access Control NAT Quality of Service Demand Dial Routing Policy Routing Route… Read More »