• Block / Deny ICMP Echo (Ping) on Cisco ASA Outside Interface

    Most networks that you protect with a Cisco ASA device, will probably want to deny ICMP (maybe not all ICMP types, but a lot of network admins will want to block ICMP Echo, etc.) on the outside interface. This will make the network harder to find through external enumeration, but not impossible. ASA5505(config)#icmp deny any […]

    Mar 15th, 2012 • Filed under 5505, ASA, Best Practices, SecurityPrint View
  • How to Remove an Access-List on a Cisco ASA

    If this is driving you crazy, like it did me. Here is how to remove an access-list from a Cisco ASA. Note you will have to execute these commands from Global Configuration mode. Nothing fancy, but you would logically think no access-list id would work, it doesn’t, you have to use the clear configure access-list command […]

    Sep 6th, 2011 • Filed under ASA, Data Plane Protection, SecurityPrint View
  • Controlling Outbound Telnet Connections from the IOS CLI

    Just about everyone that has ever touched a Cisco IOS router, knows that you can secure VTY access to the router, by creating an access-list and applying it to all VTY lines with the command access-class in command. This would leave one to think that the command access-class out would prevent a user from connecting […]

    Aug 22nd, 2011 • Filed under IOS, Management Plane ProtectionPrint View
  • Test Regular Experssion from ASA CLI

    If you happen to be creating regular expressions for use with inspections, they can get a bit confusing, and you should test regular expressions that are to be placed in to a production environment. The ASA provides a convenient command to test regular expressions, below is a test of a regular expression used to match .mp3 (and […]

    Aug 11th, 2011 • Filed under ASAPrint View
Archive for the ‘Cisco’ Category