04-23-2016 04:44 AM - edited 03-12-2019 12:39 AM
Dear All,
Can anyone of you please let me know the most common real time issues of ASA firewall in production network.
I'm applying for the network security job and I want to know how the issues are resolved in a time constraints
Any help would be really appreciable. Please do help me out with this.
Thanks
Mohammed
Solved! Go to Solution.
04-23-2016 04:58 AM
Hi,
Pretty interesting query !!!!
Real time issues would be access-rule/NAT issues, high
You can check this third party doc for reference:
http://www.security-solutions.co.za/cisco-asa-security-and-network-troubleshooting-best-practices.html
Regards,
Aditya
Please rate helpful posts and mark correct answers.
04-23-2016 11:09 PM
Hi Mohammed,
You can use the following documents for your references:-
Monitor and Troubleshoot Performance Issues
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113185-asaperformance.html
Most Common L2L and Remote Access IPsec VPN Troubleshooting Solutions
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/81824-common-ipsec-trouble.html
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
04-23-2016 04:58 AM
Hi,
Pretty interesting query !!!!
Real time issues would be access-rule/NAT issues, high
You can check this third party doc for reference:
http://www.security-solutions.co.za/cisco-asa-security-and-network-troubleshooting-best-practices.html
Regards,
Aditya
Please rate helpful posts and mark correct answers.
04-23-2016 05:15 AM
Dear Aditya,
Thank you very much...really appreciate your help
Can you also please help me out with any other links or resources or documents to go through so that I can have a better understanding or I would say a clear idea about things that I need to know which can make things easier for me in getting the right opportunity.
Thanks
Mohammed
04-23-2016 10:58 PM
Experts please help me
04-23-2016 11:09 PM
Hi Mohammed,
You can use the following documents for your references:-
Monitor and Troubleshoot Performance Issues
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113185-asaperformance.html
Most Common L2L and Remote Access IPsec VPN Troubleshooting Solutions
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/81824-common-ipsec-trouble.html
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
04-24-2016 01:26 AM
Hi Dinesh,
The links you sent to me seems interesting... really appreciate that
can you also suggests some links on ACLs and NAT as well...please
Thanks
Mohammed
04-24-2016 01:31 AM
Mohammed,
ASA NAT 8.3+ - NAT Operation and Configuration Format (CLI)
https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli
ASA Pre-8.3 to 8.3 NAT configuration examples
https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples
Fundamentals of Cisco ASA Security Appliance Access Control Lists
http://www.soundtraining.net/i-t-tutorials/cisco-tutorials/46-cisco-asa-access-control-lists
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
04-24-2016 11:30 AM
Dinesh,
Thank you mate... honestly I really appreciate that
Thanks
04-25-2016 05:07 AM
Glad to help you Mohammed :)
Regards,
Dinesh
04-25-2016 12:04 PM
Dear Dinesh,
Can you also please let me know how exactly the IP addresses are assigned in the network ( I mean inside network ).
Do people use the concept of dhcp or is that they use some thing called IP address scheme or IP network address assignment...I'm not sure what exactly it is...
I'm bit confused with this..can you please suggest some links or documents on this or any ideas would be really appreciable.
04-25-2016 01:10 PM
IP addresses are assigned either using DHCP or static IPs. Client PCs will normally have DHCP assigned addresses while servers and network devices will normally have statically assigned addresses.
The terms IP address scheme and IP network address assignment basically refer to the same thing. It is the IP addressing plan for a network indicating which network segments are assigned which IP subnets. This is a must in any network to have visibility into your network.
I would recommend you read "Routing TCP/IP volume 1 and 2". These will give you a good understanding of how networks work. You MUST have an understanding of how a network works even in a security job. I would also suggest getting a subscription to either INE or CBT Nuggets and go through their videos on both networking and network security.
--
Please remember to select a correct answer and rate helpful posts
04-25-2016 02:06 PM
Dear Marius,
Thank you for your valuable information... I would certainly subscribe to INE or CBT very soon, but trust me I'm very much interested in learning things from this support forums.
You people are experts in those technologies and your ideas can help me understand much better than those subscriptions, because not everything is covered in those videos. I believe all the questions being posted here are issues that are encountered in the production network.
Can you please suggest me some links which can help me understand the IP address scheme apart from TCP/IP volumes.
And Thanks Once again.
Regards
Mohammed
04-25-2016 02:24 PM
Yes, you will get possible solutions to problems here on the support forum, but that is it. Just Ideas as to solutions. without reading the books and putting in the legwork you will not understand the technology good enough to come up with your own solutions. You will not be able to think outside the box so to say.
A different approach I would like to suggest if you do not want to put in the reading is to go to a section of the support forum that interests you and then start reading the questions and researching how to solve the problem. By doing that research you will acquire the knowledge you are looking for. You will also retain the information much better since you most likely have to read through several documents before you can form a correct solution to the problem.
That being said...here are some links to IP addressing.
http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13788-3.html
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_ipv4/configuration/xe-3s/ipv4-xe-3s-book.pdf
--
Please remember to select a correct answer and rate helpful posts
04-25-2016 02:37 PM
Dear Marius,
Thank you for your kind advice...will for sure go through the reading.
And yes thanks once again for sending those links to me...really appreciate that.
Honestly you people are champs here..can't thank you people enough for all your help and support.
May god bless you all
Thanks
Mohammed
04-26-2016 11:38 PM
Dear Sanjay/Marius,
Can anyone of you please let me know the best monitoring tools available.
I was going through the ICND1 and ICND2 videos and some where between they mentioned about monitoring the network( e.g monitoring bandwidth, monitoring users).
Any help would be really appreciable.
Thanks
Mohammed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide