ASA – AlekZ' Scratchpad

How to start Cisco ASDM from command-line (Windows, UNIX)

The following command can be used to start Cisco ASDM from command-line on Windows (without ASDM installation) or UNIX. Java must be locally installed:

javaws https://CISCO_ASA_IP/admin/public/asdm.jnlp

One-liner: generate group-urls for all remote-access tunnel-groups (Cisco ASA)

This one-liner takes Cisco ASA config, checks for “tunnel-group … remote-access” and generates the following two lines:

tunnel-group GROUPNAME webvpn-attributes
 group-url https://CISCO_ASA_FW_FQDN/GROUPNAME enable

for i in `fgrep tunnel-group CISCO_ASA.conf | fgrep remote-access | awk '{print $2}'`
do
echo "tunnel-group $i webvpn-attributes"
echo " group-url https://CISCO_ASA_FW_FQDN/$i enable"
done

One-liners: simple ASA log parsers

Sometimes you do not need a detailed log-analysis but several simple one-liners that you can adjust without too much thinking how it works, what you did last time, etc. The examples below are absolutely NOT optimal, but rather modular for easy line-editing.

Continue reading “One-liners: simple ASA log parsers”

ASA and traceroute

By default ASA does not decrease the TTL field, hence is not visible in traceroute output. This is how to change this behaviour :

asa# conf t
asa(config)# icmp unreachable rate-limit 10 burst-size 5
asa(config)# policy-map global_policy
asa(config-pmap)#
asa(config-pmap)# class class-default
asa(config-pmap-c)# set connection decrement-ttl

The result:
Continue reading “ASA and traceroute”

Recent comments

AlekZ on Shotokan kata and bunkai by Luca ValdesiThis is easy. You can find him in Milan: http://en.wikipedia.org/wiki/Hiroshi_Shirai http://www.fikt
STEPHEN CLAPPER on Shotokan kata and bunkai by Luca ValdesiI WAS A STUDENT OF HIROSHI SHIRAI IN JAPAN FROM 1961 THROUGH 1965. HE LEFT JAPAN THE SAME YEAR I
anik chanda on Unlocking pkgaddThank you for your suggestion. It is working but it is not needed to remove the .pkg.lock file. With
Nedim on Encryption failure: Received a cleartext packet within an encrypted connectionFor the community star VPN in Excluded services inserted the service IKE and it will work.
Abi on How to reset hung ports on a Cyclades terminal serverconfig clear line worked for me. Please in which document is this cli command and other such related
sonny on QNAP NAS, Solaris and NFSHi, thanks for this information. I am running 3.6.1 I am getting permission denied if mount with -o
AlekZ on How to reset hung ports on a Cyclades terminal serverFrom what I remember a couple of times nothing worked except killing the actual processes.
PK on How to reset hung ports on a Cyclades terminal serverYou can use the config utility to clear any line on the Cyclades. # config clear line 08
Biscuit on David “Fingers” Haynes and a drummachine soloI am completely blown away! What an incredible gift!
Gezinus Alders on Vermiste Maine Coon-achtige kater in Transwijk Zuid-
Park Transwijk (Utrecht)Dag heer...uw kat is niet die ik thuis als loge had, hoor! Zojuist heb ik u al een mailtje toe
AlekZ on Victor Wooten, Steve Bailey and David “Fingers” Haynes[quote="Tucson Bass Player "]And I an't talking about slapping. [/quote] Yeah, Steve
Tucson Bass Player on Victor Wooten, Steve Bailey and David “Fingers” HaynesNobody uses their thumbs on a bass like Steve Bailey. And I an't talking about slapping. I have been