The following command can be used to start Cisco ASDM from command-line on Windows (without ASDM installation) or UNIX. Java must be locally installed:
javaws https://CISCO_ASA_IP/admin/public/asdm.jnlp
Tag: ASA
One-liner: how to generate group-url for all remote-access tunnel-groups (Cisco ASA)
This one-liner takes Cisco ASA config, checks for “tunnel-group … remote-access” and generates the following two lines:
tunnel-group GROUPNAME webvpn-attributes group-url https://CISCO_ASA_FW_FQDN/GROUPNAME enable
for i in `fgrep tunnel-group CISCO_ASA.conf | fgrep remote-access | awk '{print $2}'`
do
echo "tunnel-group $i webvpn-attributes"
echo " group-url https://CISCO_ASA_FW_FQDN/$i enable"
done
One-liners: simple ASA log parsers
Sometimes you do not need a detailed log-analysis but several simple one-liners that you can adjust without too much thinking how it works, what you did last time, etc. The examples below are absolutely NOT optimal, but rather modular for easy line-editing.
ASA and traceroute
By default ASA does not decrease the TTL field, hence is not visible in traceroute output. This is how to change this behaviour :
asa# conf t
asa(config)# icmp unreachable rate-limit 10 burst-size 5
asa(config)# policy-map global_policy
asa(config-pmap)#
asa(config-pmap)# class class-default
asa(config-pmap-c)# set connection decrement-ttl
asa(config)# icmp unreachable rate-limit 10 burst-size 5
asa(config)# policy-map global_policy
asa(config-pmap)#
asa(config-pmap)# class class-default
asa(config-pmap-c)# set connection decrement-ttl
The result:
Continue reading “ASA and traceroute”