Really interesting summary Keith...I have worked with ASAs a little bit and I can tell they are awesome..but most likely at the CLI. I just realized later how impressive was the graphical user interface with the monitoring side and the easy feel to configure them... I hope I will be able to purchase one soon and to learn it from the bottom to the top.
This is quite informative and interesting learning this stuff. I have a question about this device features as I work in OT in industry and not IT and not necessarily as familiar with Cisco’s normal products except Cisco/Rockwell stuff. Anyway is Cisco the only company that uses this Type of Firewall with similar Stateful Inspection and Packet Filtering as the ASA?
Hey Keith, Just having a bit of an issue. I am trying to connect a Cisco Wireless Router RV130 (converted to AP mode - suggested by cisco ) to the DMZ zone and I want it to connect to the internet. For now it has a DNS issue. Is there away for it to use the Wireless mode so that it can do the auto DHCP and DNS ?
Having trouble from the ASA Lab you did via CBT Nuggets.... Theres no defaults for the ASA Class Maps as show in the image i created my own one i got part 1 to work. But I cant get the last part to work some reason google and nslookup doesnt work. Pls msg me for the images... Cant seem to paste the images here
other than it being highly unlikely for a user to go on purpose into bad web sites , i think there is a black list and mechanisms to reduce the likeliness of getting a virus into the system ... cisco has NBAR network based application recognition for deep packet inspection made for QOS so i wouldnt be surprised if they used similar mechanisms to recognize harmful returned traffic !
Hi Keith, I hope you get this.. I need your help as I have not been able to figured this out on my 5510.. I CANNOT ping my host laptop from the asa however i can ping the asa from the asa interface from the host laptop. Kinda strange as i have even allowed icmp and created access-list and did same-security-traffic permit intra-interface.. PLEASE HELP ME, here is my packet trace below asa5510# packet-tracer input inside icmp 10.10.10.1 8 0 10.10.10.254 Phase: 1 Type: ROUTE-LOOKUP Subtype: input Result: ALLOW Config: Additional Information: in 10.10.10.0 255.255.255.0 inside Phase: 2 Type: ACCESS-LIST Subtype: Result: DROP Config: Implicit Rule Additional Information: Result: input-interface: inside input-status: up input-line-status: up output-interface: inside output-status: up output-line-status: up Action: drop Drop-reason: (acl-drop) Flow is denied by configured rule
The GNS3 image omits them from the default. Send me an email at keith6783ATcoxDOTnet, and I can send you the short script that you can copy and paste into the ASA that will put them into a new ASA for you.
The above course is 5 years old. Now Cisco strongly suggests to follow the certification road map or guide in diff areas of study/field. You can search it on their site with brief description about certifications.
the way that you elaborate things are appreciatable
Thanks for the comments!
Keith
Gotta say, definitely love your energy in these vids! Keep it up!
Just got two of these 5505's to play with. Thanks Keith for your explanation!
Hello Keith
The tutorial was awesome. Thanks a lot for it.
Really interesting summary Keith...I have worked with ASAs a little bit and I can tell they are awesome..but most likely at the CLI.
I just realized later how impressive was the graphical user interface with the monitoring side and the easy feel to configure them...
I hope I will be able to purchase one soon and to learn it from the bottom to the top.
Great explanation and illustrations..Thumbs up!!
So far I'm loving this tutorial. Subscribed!
thank you for these awesome videos!
Great videos... do you have any videos on enabling FQDN lookup on ASA policies? Im trying to understand can it be managed via GUI or CLI only?
great explanation!
1:12 They are expecting jeremy , keith and much more
This is quite informative and interesting learning this stuff. I have a question about this device features as I work in OT in industry and not IT and not necessarily as familiar with Cisco’s normal products except Cisco/Rockwell stuff. Anyway is Cisco the only company that uses this Type of Firewall with similar Stateful Inspection and Packet Filtering as the ASA?
good tutorial
ooops sorry i didnt see your message till now....Anyways thanks for your videos I passed my exam suprised there were no sims on ASA tho :O...
Hey Keith,
Just having a bit of an issue. I am trying to connect a Cisco Wireless Router RV130 (converted to AP mode - suggested by cisco ) to the DMZ zone and I want it to connect to the internet. For now it has a DNS issue. Is there away for it to use the Wireless mode so that it can do the auto DHCP and DNS ?
Having trouble from the ASA Lab you did via CBT Nuggets.... Theres no defaults for the ASA Class Maps as show in the image i created my own one i got part 1 to work. But I cant get the last part to work some reason google and nslookup doesnt work.
Pls msg me for the images... Cant seem to paste the images here
Incredible
hail from iran & thx
What if the return traffic contains malicious content?
other than it being highly unlikely for a user to go on purpose into bad web sites , i think there is a black list and mechanisms to reduce the likeliness of getting a virus into the system ... cisco has NBAR network based application recognition for deep packet inspection made for QOS so i wouldnt be surprised if they used similar mechanisms to recognize harmful returned traffic !
I am new to asa.pls share the link of ASA image to run in GNS3 for learning purpose...
So this can replace a WAN router right?
YA KNOW THIS IS REALLY FUNNY FOR ME
Hi Keith, I hope you get this.. I need your help as I have not been able to figured this out on my 5510.. I CANNOT ping my host laptop from the asa however i can ping the asa from the asa interface from the host laptop. Kinda strange as i have even allowed icmp and created access-list and did same-security-traffic permit intra-interface.. PLEASE HELP ME, here is my packet trace below
asa5510# packet-tracer input inside icmp 10.10.10.1 8 0 10.10.10.254
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 10.10.10.0 255.255.255.0 inside
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Yup, he got it alright... :) and will respond you RIGHT NOW RIGHT NOW
@@logicfirst7959 🤣
The GNS3 image omits them from the default. Send me an email at keith6783ATcoxDOTnet, and I can send you the short script that you can copy and paste into the ASA that will put them into a new ASA for you.
Hi sir, I want to ask you a question please
Does this course qualify me for Cisco International certification?
please reply
The above course is 5 years old. Now Cisco strongly suggests to follow the certification road map or guide in diff areas of study/field. You can search it on their site with brief description about certifications.