CISCO ASA Knowledge Base |
|
|
The Cisco ASA configuration notes and configuration templates found on this page are a work in progress. They have been used to configure several firewalls, and may need tweaking for specific applications. They are here to serve as a guide, and they are not a substitute for an understanding of how to program a Cisco Pix Firewall. Default Cisco ASA Configuration:Base Cisco ASA Configuration:This is a base configuration for a Cisco ASA. It includes local authentication. This configuration receives a DHCP address for its external ip address. Local Authentiction:These are the commands needed to add to a configuration to enable local Authentication. Enable Banners:Steps needed to enable banners VPN with Local Authentiction:These are the commands needed to enable Remote VPN Access using local Authentication. VPN with RADIUS Authentiction:These are the commands needed to enable Remote VPN Access using RADIUS Authentication. You can further restrict traffic passing through the vpn tunnel by assigning filter id's to users as they connect to the vpn server. Filter id's can be assigned to users with IAS, and using windows domain groups. While the user is connecting to the vpn, an access-list with the same name as the filter id will be applied to the vpn user. Clientless SSL VPN:These are the commands needed to enable Remote Clientless VPN Access. Nat TraversalNat traversal extends support for site-to-site and remote access IPSec-based VPNs to network environments that implement Network Address Translation (NAT) or Port Address Translation (PAT). ESMTP INSPECTIf you use TLS with Sendmail or Postfix, an PIX/ASA will drop the packets. Disable esmtp inspection to allow TLS functionality. PPPoEConfiguration example for setting up PPPoE. |
|
|
|
|