20 Most Recent
Cisco ASA 5505 Firewall Questions & Answers
How to counfugre asa 5505 cisco Router
Use the Cisco ASDM or SDM software, that will give you an easy graphical interface to configure the ASA. One of them would have been shipped with the device.
Don't forget the ASA has to pre-configured, just a simple config. Have HTTPS enabled and telnet/SSH helps as well if you dont have a serial port or the console cable.
Cisco's website will give you quite a lot of info for free...
1. I have a ASA
HI,
You shall do the same with MPF. Create a regex filter to identify the types of files you would like to block,
e.g.
1
2
3
4
5
regex archive-type1 ".*\.([Zz][Ii][Pp]'[Tt][Aa][Rr]'[Tt][Gg][Zz]) HTTP/1.[01]"
regex archive-type2 ".*\.([Tt][Aa][Rr].([Gg][Zz]'[Bb][Zz]2)'7[Zz]) HTTP/1.[01]"
regex doc-type1 ".*\.([Dd][Oo][Cc]'[Xx][Ll][Ss]'([Pp]){2}[Tt]) HTTP/1.[01]"
regex doc-type2 ".*\.([Pp][Dd][Ff]'[Oo][Dd][Tt]) HTTP/1.[01]"
regex exe-type1 ".*\.([Ee][Xx][Ee]'[Vv][Bb][Ss]'[Vv][Bb][Aa]) HTTP/1.[01]"
Create regex for Content-Type Application/*
1
2
regex application-header "application/*"
regex content-type "Content-Type"
Classify regex that matches the extension types
class-map type regex match-any ext-types
match regex doc-type1
match regex doc-type2
match regex archive-type2
match regex archive-type1
match regex exe-type1
Capture the http response that contains content-type and application/* header
2
class-map type inspect http match-all http-header-response
match response header regex content-type regex application-header
Capture http request packet that matches the class ext-types
1
2
class-map type inspect http match-all http-request
match request uri regex class ext-types
HTTP is the interesting traffic
1
2
3
4
access-list http-traffic extended permit tcp any any eq www
access-list http-traffic extended permit tcp any any eq 8080
class-map http-traffic-class
match access-list http-traffi
Create policy to prevent download attempt via http request
1
2
3
4
5
6
7
policy-map type inspect http block-http-download
parameters
protocol-violation action drop-connection log
class http-header-response
drop-connection log
class http-request
reset log
Apply policy on the interesting traffic
1
2
3
policy-map inside-http
class http-traffic-class
inspect http block-http-download
Apply the policy onto interface to take effect
1
service-policy inside-http interface inside
Hope this would help.
I have configured Cisco ASA Firewall and I have
HI,
·
Please check
the whether the security level for DMZ and outside interface, If DMZ is high
security level. Please do the NAT configuration
· If it's having the same security level. Please issue the command "same-security-traffic permit inter-interface "in the global config mode.
I want to block URL
Hi!
Unfortunately, it's not possible with your firewall model...
You will need at least an ASA 5510 with an CSC-SSM module to filter URLs.
You can use an external URL filtering device with that ASA like WebSense/SmartFilter... For more info look
here.
In case of a problem or clarification, don't hesitate to post me a reply before rejecting my answer.
If you are satisfied, rate my solution with the "thumbs" or (even better) add a testimonial.
Best regards,
Pelu.
Checksum verification on compression loader failed
Checksum verification has something to do with the communication of this device.
Since you already perform the factory reset, the only thing that I could think of is that the BIOS (internal component) of this device went bad. That BIOS should be reprogram or replace.
Unfortunately, you need to contact the manufacturer and have them repair it for you. Only the manufacturer can repair this.
Thank you!
How to block some website on asa 5505?
do the name resolution for the website and write a policy to block the traffic from your trusted network to that website ip address. If required i shall write the policy and give it to you, for this i need the following details.
1. Name of the websites
2. Local network range (LAN ip address with SNM)
But this is very hard for you if there is more number of websites, For this you shall integrate a URL filtering software like WebSense, N2H2 etc with your firewall.
Not finding what you are looking for?