Posts

Nat rules change after 8.3 upgrade breaks VPN

Normal Nat statment
access-list nonat extended permit ip
nat (inside) 0 access-list nonat-inside
New nat statment
object network vpnpool
subnet
exit
nat (inside,outside) source static any any destination static vpnpool vpnpool
This NAT rule says to keep the source address for anything coming from the internal interface going to the range designated by the vpnpool object while also keeping the destination address the same.
Seems like a strange way of going about this but this is all i have come across so far. Anyone else has a better way please leave a comment.

Changing the enable or telnet password on cisco pix or asa

To change the enable password:
enable password N3wP@ssw0rd
To change the telnet password:
password N3wP@ssw0rd

Backup and restore the config on an ASA/Pix using a TFTP server

First thing you need to do is find a free TFTP server there are piles of them out there as a simple google search for TFTP server will show.
First console, telnet, or ssh into your ASA device then issue the following commands
en
<enter your enable password>
conf t
<enter your configure terminal password>
copy startup-config tftp
A prompt will come up “Address or name of remote host []? 
Type in the ip address of the TFTP server you initially setup. 
Next prompt is “Destination filename [startup-config]?
Leave this field just hit <enter>
Congrats you’ve just backed up your config.
 
Now for the restore process:
en
<enter your enable password>
conf t
<enter your configure terminal password>
copy tftp startup-config
Address or name of remote host []?
Type in your IP here of your local computer where you installed the TFTP server
Source filename []?
In the first process we left the filename at default so it should be startup-config
You should see something like this
Accessing tftp://172.16.11.50/startup-config…!!
Writing system file…
!!
5277 bytes copied in 0.470 secs
That’s all there is to it now just issue the command reload and your ASA will reboot to the startup config which we just copied.  It should be noted you have not restored until you issue the reload command because you’re still running the running image not the startup one that we’ve copied over.