Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
0
Helpful
4
Replies

General ASA setup question: is there something like a config checker?

Go to solution
RvdKraats
Level 1
Level 1

‎12-13-2016 02:51 AM

Hello All,

I was just wondering: is there something like an ASA config checker tool?

I've managed, as an ASA noob, to configure a working setup on my ASA via the CLI, but I'd like to know if I can streamline the config.

For instance, I've checked the NAT rules to see if all were used and I didn't create NAT rules that were unneccessary, but I'd like to know if I didn't create any performance-sapping 'loops' in the NAT rules or access lists. Same for other settings that I created.

Does a tool like that exist?

Regards,

Rene.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Oliver Kaiser
Level 7
Level 7

‎12-13-2016 04:29 AM

You could use Cisco CLI Analyzer to check your asa configuration. It will highlight well known issues and tac best pracices. You may download the tool here.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Oliver Kaiser
Level 7
Level 7

‎12-13-2016 04:29 AM

You could use Cisco CLI Analyzer to check your asa configuration. It will highlight well known issues and tac best pracices. You may download the tool here.

0 Helpful

Go to solution
RvdKraats
Level 1
Level 1
In response to Oliver Kaiser

‎12-13-2016 04:50 AM

Kaisero,

thanks for that info!

Unfortunately my account doesn't provide enough access to actually use the tool, but it is pretty much what I was looking for :)

Rene.

0 Helpful

Go to solution
Oliver Kaiser
Level 7
Level 7
In response to RvdKraats

‎12-13-2016 05:33 AM

Do you have a service contract associated with your account? - If that´s the case, you should be able to download it.

0 Helpful

Go to solution
RvdKraats
Level 1
Level 1
In response to Oliver Kaiser

‎12-19-2016 04:51 AM

Kaisero,

I have the tool downloaded and tried to use it, but when I feed it the ASA's config it says that I'm not eligible for that service. Apparently it contacts Cisco for analysis, and sees that I don't have a service contract. Oh well, can't help that, I'm not going to arrange for a contract just for this ;)

*fixed a typo

0 Helpful
Customers Also Viewed These Support Documents