11-24-2010 10:02 PM - edited 03-11-2019 12:14 PM
Hi all, pls kindly take a look at my ASA 5505 config and see if there are any holes which could allow a hacker through and/or cause the internet speed to be slow. The reason I'm asking is because my user reported that they were hacked and that their internet speed is only 3Mbps. When they were using their old PIX 506, they were able to get speeds of up to 6Mbps both upstream and downstream.
The config is attached. All public IPs of the first 2 octets are replaced with xxx for security reasons.
11-28-2010 03:21 PM
Hilmy,
1) I suggest you enable unicast RPF and if you have money for it, consider enabling botnet filtering.
2) Your have enabled a lot of inspection engines, I would keep the enabled to minimum.
3) You have both intra-interface and inter-interface same-security I don't see a reason to do so based on your config (I didn't go too much into detail)
4) Consider enabling shunning in your threat detection if your customer thinks he's under attack.
Keep in mind that by itself ASA is just a smart policy enforcer, endpoint security is a complete different matter. If your users go on fishy sites and download and run application from unknown users there's very little ASA can do against it :-)
Marcin
11-28-2010 06:19 PM
Marcin, thanks for the reply. Juz wanna clear up a few things. Firstly, what is unicast RPF and how do I enable it? Secondly, could the inspection engines be the cause of the slow internet speed, upstream and downstream? Thirdly, I configured the ASA based on another ASA which somebody else configured. As such, I have no idea what intra-interface and inter-interface commands do.
I don't understand what you mean in your fourth point. Thanks for the help.
11-29-2010 06:27 AM
Hilmy,
Please have look at the configuration guide and command reference for my suggestions:
Re unicast RPF
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/i3.html#wp1878364
Regarding inspections - they will cause higher CPU if much traffic is passed.
re same-security:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s1.html#wp1421315
Re threat detection:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/t.html#wp1526710
I invite you to read configuration guide and if you have further questions let me know.
Marcin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide