Posts

Changing the enable or telnet password on cisco pix or asa

To change the enable password:
enable password N3wP@ssw0rd
To change the telnet password:
password N3wP@ssw0rd

VPN client cannot connect through PIX or ASA

Make sure to run this command to enable the pptp fixup protocol.
fixup protocol pptp 1723

External interface on Pix or ASA just stops working

Issues where the external interface on an ASA or Pix where it will suddenly stop receing traffic or dropping traffic is related to your duplex settings.  Although most firewall devices you can leave on auto negotiate it is not a good idea on these devices.  You should set it to match the routers inside interface which most commonly is set at 100/Full duplex.

Remotely change critical settings on a Pix or ASA device

If you are remotely configuring a Cisco ASA or Pix there is always the concern that you’ll change a setting that will take down the network and you will have to head onsite to gain access back in to the device.  One way to circumvent this problem is by doing the following.
First get to the CLI and type the following command
reload in 10
What this command does is it tells the device to reboot in 10 minutes.  Now you have 10 minutes to change the settings you want.  If the settings do not knock out your connectivity and everything is working as expect then you can simply issue the command.
reload cancel
Now your device will not reload and you have safely made the changes you needed to make.
However, had you made a change that knocked out entire network connectivity or hindered your ability to manage the device whether it was through telnet, ssh, adsm, or whatever the device will reload in 10 minutes and you’ll be back to your flash config and not your running.

Inside clients can't list or browse FTP sites behind Cisco ASA Pix

The fix to this issue is to get into config mode and issue the following command..
fixup protocol ftp 21

Port address translation and PPTP pass through

If you are configure a Cisco Pix or ASA device and you have a server on the inside interface and clients on the outside who are using PPTP to VPN into the network you must make sure you do the following things.
Allow GRE traffic in the security policy
Allow PPTP traffic in the security policy
static entry for pptp on 1723 to your server
run this command in configure mode “fixup protocol pptp 1723”

Backup and restore the config on an ASA/Pix using a TFTP server

First thing you need to do is find a free TFTP server there are piles of them out there as a simple google search for TFTP server will show.
First console, telnet, or ssh into your ASA device then issue the following commands
en
<enter your enable password>
conf t
<enter your configure terminal password>
copy startup-config tftp
A prompt will come up “Address or name of remote host []? 
Type in the ip address of the TFTP server you initially setup. 
Next prompt is “Destination filename [startup-config]?
Leave this field just hit <enter>
Congrats you’ve just backed up your config.
 
Now for the restore process:
en
<enter your enable password>
conf t
<enter your configure terminal password>
copy tftp startup-config
Address or name of remote host []?
Type in your IP here of your local computer where you installed the TFTP server
Source filename []?
In the first process we left the filename at default so it should be startup-config
You should see something like this
Accessing tftp://172.16.11.50/startup-config…!!
Writing system file…
!!
5277 bytes copied in 0.470 secs
That’s all there is to it now just issue the command reload and your ASA will reboot to the startup config which we just copied.  It should be noted you have not restored until you issue the reload command because you’re still running the running image not the startup one that we’ve copied over.

Site to site VPN not coming up?

Make sure you are running a continuous ping on both sides of both firewalls. On a lot of the older firewalls there is a problem where the connection has to be initiated from the other side. If you run continuous pings from both sides you ensure this will not be a problem.