Cisco




Cisco Netflow performance data

Not much of a post but link to the Cisco site stating how much Netflow loads the Cisco routers: Netflow data sheet I, personally, do a lot of Netflow monitoring and can say that on unloaded routers , passing 2-5 mbits/sec of traffic, the additional load will be some 1-2 …



My Amazon book list for CCIE Security Lab exam

Not limited to CCIE Security Lab only, of course, here is the list of books I find really useful in preparing for the Lab . Amazon Listmania list



Cisco ASA 5500 Series Content Security and Control Security Services Module or just CSC-SSM and how it looks

While the reason for me getting involved with this ASA 5510 module is of less interest (client was getting notification message " LogServer has recently stopped on InterScan for CSC SSM" , more about that at the end of the post) , the module itself looks cute , so I bring here some output …



The easiest way to disclose Cisco routers on the network and how to fix it

Cisco gear has a well-known behaviour pattern that when you telnet to some weird and closed port on Cisco you get the uniform response of “Connection refused” . To add more precision it happens when a terminal line management access is enabled on the Cisco but your IP is not in …



How come assigning VPN user to specific group takes just one command but no one does it ?

Group locking, as Cisco call it, has been available since ancient IOS 12.2(13)T (circa 2003) and still – most of the set ups I see of clients’ VPN servers at most use different VPN groups for different privilege access requirements and blissfully ignore the fact that all it …



snmp-map in ASA is for passing through traffic only

I don’t know who to blame – me for not being attentive or Cisco documentation for being vague, but when I read about snmp-map inspection that allows you to block selectively by SNMP version I decided it was the way to protect ASA itself from such queries. And only with …



ASA 8.2 now speaks SNMP v3 decently

This article is all about SNMP in ASA. ASA has much less configuration options than IOS does, and this is good. Starting version 8.2 ASA supports version 3 of the SNMP protocol which adds new security model to the whole SNMP stack. But first we will start with old …



sla monitor in Cisco ASA land

SLA monitoring is finally here. What is it useful for ? To add/remove dynamically routes in ASA depending on results of the SLA status. Below is configuration steps but while there are many words in the command itself there are not much options there , so the command is long but …



Teach Cisco ASA to speak NTP

Time is precious, even more when you need accurate logging . Let's configure NTP time synchronization on our ASA 5510. Configs are pretty simple, but worth remembering a thing or two. ASA can not be NTP server as opposed to IOS. You can use prefer optional keyword with ntp server command …



Redundant interfaces in Cisco ASA

In Cisco ASA they called it interface redundancy. The idea is to provide for the physical link failure. That is – you combine two physical interfaces on the ASA into a virtual one, then you configure all the Layer 3 parameters on this virtual interface. At the same time only ONE …