Showing posts from August, 2017

ASA Firewall Site 2 Site VPN Configuration

ASA 1:

object network net-local
object network net-remote
access-list outside_1_cryptomap permit ip
tunnel-group type ipsec-l2l
tunnel-group ipsec-attributes
pre-shared-key pass1234
isakmp keepalive threshold 10 retry 2
crypto isakmp enable outside
crypto isakmp policy 10 authentication pre-share
crypto isakmp policy 10 encrypt 3des
crypto isakmp policy 10 hash sha
crypto isakmp policy 10 group 2
crypto isakmp policy 10 lifetime 86400
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
nat (inside,outside) 1 source static net-local net-local destination static net-remote net-remote

When no Output Comes in Cisco ASA Firewall or Want to password recover.

The following steps were designed using a Cisco ASA 5505 Security Appliance. They are not appropriate for a Cisco PIX Firewall appliance. 1. Power-cycle your security appliance by removing and re-inserting the power plug at the power strip. 2. When prompted, press Esc to interrupt the boot process and enter ROM Monitor mode. You should immediately see a rommon prompt (rommon #0>). 3. At the rommon prompt, enter the confreg command to view the current configuration register setting: rommon #0>confreg 4. The current configuration register should be the default of 0x01 (it will actually display as 0x00000001). The security appliance will ask if you want to make changes to the configuration register. Answer no when prompted. 5. You must change the configuration register to 0x41, which tells the appliance to ignore its saved (startup) configuration upon boot: rommon #1>confreg 0x41 6. Reset the appliance with the boot command: rommon #2>boot 7. Notice that the security applian…