Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
437
Views
0
Helpful
3
Replies

Pls take a look at my ASA 5505 Config

Sil3ncer1986
Level 1
Level 1

‎11-24-2010 10:02 PM - edited ‎03-11-2019 12:14 PM

Hi all, pls kindly take a look at my ASA 5505 config and see if there are any holes which could allow a hacker through and/or cause the internet speed to be slow. The reason I'm asking is because my user reported that they were hacked and that their internet speed is only 3Mbps. When they were using their old PIX 506, they were able to get speeds of up to 6Mbps both upstream and downstream.

The config is attached. All public IPs of the first 2 octets are replaced with xxx for security reasons.

Labels:
75915-ASA_5505.txt.zip
0 Helpful
3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎11-28-2010 03:21 PM

Hilmy,

1) I suggest you enable unicast RPF and if you have money for it, consider enabling botnet filtering.

2) Your have enabled a lot of inspection engines, I would keep the enabled to minimum.

3) You have both intra-interface and inter-interface same-security I don't see a reason to do so based on your config (I didn't go too much into detail)

4) Consider enabling shunning in your threat detection if your customer thinks he's under attack.

Keep in mind that by itself ASA is just a smart policy enforcer, endpoint security is a complete different matter. If your users go on fishy sites and download and run application from unknown users there's very little ASA can do against it :-)

Marcin

0 Helpful

Sil3ncer1986
Level 1
Level 1
In response to Marcin Latosiewicz

‎11-28-2010 06:19 PM

Marcin, thanks for the reply. Juz wanna clear up a few things. Firstly, what is unicast RPF and how do I enable it? Secondly, could the inspection engines be the cause of the slow internet speed, upstream and downstream? Thirdly, I configured the ASA based on another ASA which somebody else configured. As such, I have no idea what intra-interface and inter-interface commands do.

I don't understand what you mean in your fourth point. Thanks for the help.

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Sil3ncer1986

‎11-29-2010 06:27 AM

Hilmy,

Please have look at the configuration guide and command reference for my suggestions:

Re unicast RPF

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/i3.html#wp1878364

Regarding inspections - they will cause higher CPU if much traffic is passed.

re same-security:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s1.html#wp1421315

Re threat detection:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/t.html#wp1526710

I invite you to read configuration guide and if you have further questions let me know.

Marcin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card