ASA Notes

on

 1. Capture URL

 https://x.x.x.x/admin/capture/capture_name[/pcap]


2. Copy capture out

copy /pcap capture:CAP1 ftp://user:pass@192.168.1.1/CAP1.pcap


3. Run command via https

https://x.x.x.x:port/exec/show run

https://packetpushers.net/blog/interacting-with-the-cisco-asa-cli-using-the-https-interface/


4. Find loop connections:

show conn | include Inside.*Inside


5. import "show conn" output to Excel

5.1 copy all output to Excel, all content will be in one column

5.2 delete the few leading rows 

5.3 select the first column, Data > Text to Columns

5.4 Select "Delimited", then Next

    


5.5 Check both "Comma" and "Space", then Next, then Finish



5.6 Select all columns, double-click the column edge to Auto adjust the width 

5.7 Sort column by clicking Data >


5.8 filter specific value in column by clicking  Data >


  then in the first row, each column has dropdown 


Or right click a cell > Filter > Filter by Selected Cell's Value




Factory default with specifying MGMT IP

ciscoasa(config)# configure factory-default 10.1.1.10 255.255.255.0
Based on the management IP address and mask, the DHCP address
pool size is reduced to 244 from the platform limit 256
WARNING: The boot system configuration will be cleared.
The first image found in disk0:/ will be used to boot the
system on the next reload.
Verify there is a valid image on disk0:/ or the system will
not boot.
Begin to apply factory-default configuration:
Clear all configuration
WARNING: Disabling auto import may affect Smart Licensing
Creating trustpoint "_SmartCallHome_ServerCA" and installing certificate...
Trustpoint CA certificate accepted.
Creating trustpoint "_SmartCallHome_ServerCA2" and installing certificate...
Trustpoint CA certificate accepted.
Executing command: interface management0/0
Executing command: nameif management
INFO: Security level for "management" set to 0 by default.
Executing command: ip address 10.1.1.10 255.255.255.0
Executing command: security-level 100
Executing command: no shutdown
Executing command: exit
Executing command: http server enable
Executing command: http 10.1.1.0 255.255.255.0 management
Executing command: dhcpd address 10.1.1.11-10.1.1.254 management
Executing command: dhcpd enable management
Executing command: logging asdm informational
Factory-default configuration is completed
ciscoasa(config)#



The ASA includes 3DES capability by default for management access only, so you can connect to the Smart Software Manager and also use ASDM immediately. You can also use SSH and SCP if you later configure SSH access on the ASA. Other features that require strong encryption (such as VPN) must have Strong Encryption enabled, which requires you to first register to the Smart Software Manager.






Comments

Post a Comment