dokucama

User Tools

Site Tools

Trace: asa qfx
network_stuff:cisco:asa

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:cisco:asa [2020/08/23 11:31] jotasandokunetwork_stuff:cisco:asa [2023/11/02 14:38] (current) – external edit 127.0.0.1
Line 86: Line 86:
   show conn all   show conn all
   show access-list    <-- for the hit count    show access-list    <-- for the hit count 
 +
 +
 +----
 +
 \\ \\
-\\ +__**NAT**__\\ 
-__**NAT**__ + 
-Essential resource: NAT cheat sheet: See: [[http://packetpushers.net/cisco-nat-cheat-sheet]]/+[[http://blog.packetsar.com/wp-content/uploads/Cisco_NAT_Cheat_Sheet.pdf]] 
 + 
 +{{ :network_stuff:cisco:nat1.png?400 |}}
 \\ \\
 {{ :network_stuff:cisco:asa_order_operations1.jpg?600 |}} {{ :network_stuff:cisco:asa_order_operations1.jpg?600 |}}
Line 168: Line 174:
 **Unified NAT** is used instead of NAT order meaning to down and more specific first order.  **Unified NAT** is used instead of NAT order meaning to down and more specific first order. 
 \\ \\
 +
  
 ---- ----
 +
 +__INSERT ACCESS LIST IN POSITIONS__:\\
 +
 +  access-list outside-in line 1 extended permit tcp object-group mycompany1-networks object tanium-internal eq 17472 # Ao line x is what you’re looking for on where to put the new rule
 +  show access list # blah it’ll show you the rule number order
 +  
 +
 +----
 +
 +
  
 **Troubleshooting**  **Troubleshooting** 
Line 181: Line 198:
   show conn count   show conn count
   show processes cpu-usage sorted non-zero   show processes cpu-usage sorted non-zero
-  fw01/dc.grapeshot.co.uk/pri/act# show perfmon +  fw01/dc.mycompany1.co.uk/pri/act# show perfmon 
      
   PERFMON STATS:                     Current      Average   PERFMON STATS:                     Current      Average
Line 826: Line 843:
 Network Operations profile: Network Operations profile:
  
-ukvpn.marketaxess.com/NETOPSSLVPN+ukvpn.mycompany4.com/NETOPSSLVPN
    
  
Line 951: Line 968:
  
  
-vpn.marketaxess.com +vpn.mycompany4.com 
-usvpn.marketaxess.com (legacy?) +usvpn.mycompany4.com (legacy?) 
-ukvpn.marketaxess.com+ukvpn.mycompany4.com
  
 Anyconnect. To check who is currently connected: Anyconnect. To check who is currently connected:
Line 978: Line 995:
  
  
-Essential resource: NAT cheat sheet: See: http:packetpushers.net/cisco-nat-cheat-sheet+Essential resource: NAT cheat sheet: See: [[http://blog.packetsar.com/wp-content/uploads/Cisco_NAT_Cheat_Sheet.pdf]] 
 +\\ 
 +{{:network_stuff:cisco:nat1.png?700|}}
  
- +{{:network_stuff:cisco:nat2.png?700|}} 
  
 Packet flow: Packet flow:
Line 1116: Line 1135:
  
 Unified NAT is used instead of NAT order meaning to down and more specific first order.  Unified NAT is used instead of NAT order meaning to down and more specific first order. 
 +
    
 Review "Sample Error Messages" from http:www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html Review "Sample Error Messages" from http:www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html
Line 1300: Line 1320:
  
  
 +----
 +
 +  conf t
 +  pager 0 # to stop scroll pauses
 +  
  
 ---- ----
 +
  
 **FIREPOWER** ( new evolved asa ) \\ **FIREPOWER** ( new evolved asa ) \\
network_stuff/cisco/asa.1598182312.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki