Currently, my company uses all static IP addresses. There is an ASA5505 firewall in the company, in this firewall, some users must be restricted from using certain applications, such as QQ farms. To implement these functions, we need to bind ARP to the ASA 5505 firewall, and then use the access control lists to restrict these IP addresses and MAC addresses. The specific configuration is very simple. Let's take a look at how to configure ARP binding on
Step 1 of Cisco ASA firewall VPN configuration: Create an address pool. To remotely access the client, you need to assign an IP address during logon. Therefore, we also need to create a DHCP address pool for these clients. However, if you have a DHCP server, you can also use a DHCP server. QUANMA-T (config) # ip local pool vpnpool 192.168.10.100-192.168.10.199 mask 255.255.255.0 Step 2: Create IKE Phase 1. Www.2cto.com QUANMA-T (config) # isakmp polic
ASA Port mapping: Map the host 192.168.169.2 in the DMZ to the interface address of the firewall outside interface:Set up hosts that need to be mappedObject Network Server1Host 192.168.169.2Set the ports that need to be mappedCiscoasa (config) # object service 3389Ciscoasa (config-service-object) # service TCP source EQ 3389Ciscoasa (config) # Object Service 5000Ciscoasa (config-service-object) # Service TCP Source EQ 5000Port conversion (convert extr
Overview:
System time:local NTP
Managing Event and Session Logging
Configuring Event and Session Logging
Verifying Event and Session Logging
Troubleshooting Event and Session Logging
Effective troubleshooting of network or device activity, from the perspective of the security appliance, requires accurate Information. Many times, the best source of accurate and complete information'll be various logs, if logging is properly configured T o Capture the necessary infor
ASA 551X Network speed limitThe speed limit for the entire segment can also be limited to 4M for a single IP instance in the network segmentAsa846-k8.bin Test OKObject-group Network Rate_limitNetwork-object 192.168.0.0 255.255.255.0Access-list rate_limit Extended Permit IP object-group rate_limit anyAccess-list rate_limit Extended Permit ip any object-group rate_limitClass-map map_rateMatch Access-list Rate_limitPolicy-map Map_rate_useClass Map_ratePo
I. Overview:
The acs4.x initial HTTP access Port is 2002, and subsequent ports are randomly changed by default from 1024~65535, It is not a problem to access the outside area from the inside area of ASA, but if you access inside from the outside area of the ASA, there is a problem and it is not possible to release all the acs4.x ports.
Two. Basic ideas:
A. Defining the range of changes in acs4.x dynamic
At present, the network used by my company is all static IP address, inside the company has a ASA5505 firewall, should lead the requirements, in the firewall to limit a part of users can not use certain applications (such as QQ farm, etc.), and the leader of the computer does not make any restrictions. To implement these features, we need to do an ARP binding above the ASA 5505 Firewall and then use the Access control list to restrict these IP address
Basic information:
WAN: 221.221.147.195 Gateway: 221.221.147.200 LAN: 192.168.0.1
There is a server in the Intranet, and the address is 192.168.0.10 port: 8089
Fault description: The Intranet can be normally connected to the server, and the Internet cannot be connected. Port ing has a problem.
Solution: a command line error has been fixed.
Key Issue: Use "static (inside, outside) 221.221.147.195 192.168.0.10 tcp 8089" ing.
The current configuration is as follows:
Change the default message level-record user logon
Step 1: Find the user logon event ID:
Hostname (config) # show log | include admin
Dec 03 2009 17: 32: 35: % ASA-6-605005: Login permitted from 192.168.202.51/3507 to inside: 192.168.2.20/ssh for user "admin"
Step 2: locate the log level of the current Message ID 605005
Hostname (config) # show logging message 605005
Syslogs 605005: default-level informational (enabled)
Step 3: change the m
Cisco ASA L2TP over IPSEC configuration details
1. Create a VPN address pool
Ciscoasa (config) # ip local pool vpnpool 192.168.151.11-192.168.151.15 mask 255.255.255.0
2. Configure the Ipsec encryption algorithms 3DES and SHA.
Ciscoasa (config) # crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des (esp-sha-hmac)
3. Set the IPSec transmission mode to transport. The default mode is tunnel (L2TP only supports transport)
Ciscoasaconfig) # crypto ipsec
Recently began to learn Cisco's ASA to see the use of ASDM when there are some problems, the first is to report unable to launch device manage xxxx.xxx.xxx.xxx this error 650) this.width=650; "Src= "Http://s1.51cto.com/wyfs02/M01/7E/D3/wKioL1cKAhjDdBUdAAA2FMxQhuA576.png" title= "qq picture 20160410153106.png" alt= " Wkiol1ckahjddbudaaa2fmxqhua576.png "/>.Then Baidu a bit, without this error in the Chinese document is hereby written.1, first of all, in
Cisco's QoS speed limit and h3c a little difference, but overall, h3c of the comparison slag, the unit is not the same, the H3C car unit is KPBS, and the Cisco Police speed limit unit is bits per SECONDS,H3C this skipped. The theory of the token barrel is not verbose.Configure the QoS speed-limiting process on the ASA as follows:Steps:Step 1: Create ACLs to match streamsAccess-list rate_limit_lan-2 Extended Permit ip any object LAN-2Access-list rate_l
;width:847px;height:275.518px; "Alt=" dfha.0zbbqaaek=1kp=1 Pt=0bo=igmnaqaaa "/>Found SRC is 202.100.1.1Immediately understand:outside.r1#ping 2.2.2.2 Source Loopback 0Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:Packet sent with a source address of 1.1.1.1!!!!!Success rate is percent (5/5), round-trip Min/avg/max = 16/25/40 msInside.r2#ping 1.1.1.1 Source Loopback 0Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is
Can I count online users without using Global. asa?
SessionID = session. SessionIDTimeout = 5'Set the session persistence time.
Conn_String = "DRIVER = {Microsoft Access Driver (*. mdb)}; DBQ =" Server. MapPath ("count. mdb ")'Conn _ String = "activeUser"'It is best to set DSN = "activeuser" because we need to include this file in all ASP scripts.
Set ConnCount = Server. CreateObject ("ADODB. Connection ")ConnCount. Open Conn_String
Aaa = dateadd ("n
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.