<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Networking Reviews</title>
	<atom:link href="https://www.networkingreviews.com/tag/cisco-firewall/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.networkingreviews.com</link>
	<description></description>
	<lastBuildDate>Sat, 19 Jul 2008 09:15:27 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.9.1</generator>
	<item>
		<title>Cisco ASA Firewall &#8211; Web Administration and Web VPN</title>
		<link>https://www.networkingreviews.com/cisco-asa-firewall-web-administration-and-web-vpn/</link>
					<comments>https://www.networkingreviews.com/cisco-asa-firewall-web-administration-and-web-vpn/#respond</comments>
		
		<dc:creator><![CDATA[Admin]]></dc:creator>
		<pubDate>Sat, 19 Jul 2008 09:15:27 +0000</pubDate>
				<category><![CDATA[Cisco Firewall]]></category>
		<category><![CDATA[asa 5500 firewall]]></category>
		<category><![CDATA[asdm]]></category>
		<category><![CDATA[cisco]]></category>
		<category><![CDATA[cisco asa]]></category>
		<category><![CDATA[ssl vpn]]></category>
		<category><![CDATA[web vpn]]></category>
		<guid isPermaLink="false">https://www.networkingreviews.com/?p=89</guid>

					<description><![CDATA[Cisco ASA Firewalls (ASA 5500 series) offer several ways for remote administration and management of the devices such as SSH access, Telnet access, and Web HTTP access. The last one (HTTP access) makes use of the ASDM (Adaptive Security Device Manager) which is a powerful graphical application for administration and management of the firewall device. [&#8230;]]]></description>
										<content:encoded><![CDATA[<p>Cisco ASA Firewalls (ASA 5500 series) offer several ways for remote administration and management of the devices such as SSH access, Telnet access, and Web HTTP access. The last one (HTTP access) makes use of the ASDM (Adaptive Security Device Manager) which is a powerful graphical application for administration and management of the firewall device. The ASDM application file is stored on the firewall&#8217;s flash and is accessed by a browser using HTTPs.</p>
<p>To gain access to the graphical ASDM Web management tool you need to enable the HTTPs server on the firewall, and allow HTTPs connections.</p>
<p><span style="text-decoration: underline;"><strong>Enabling HTTPs Access</strong></span></p>
<ol>
<li>Generate cryptographic keys for HTTPs</li>
<li>Enable the web server on the firewall</li>
<li>Specify which management PCs are allowed to access the device</li>
</ol>
<p><span style="text-decoration: underline;">Example:</span><br />
<strong>ASA(config)# crypto key generate rsa modulus 1024<br />
ASA(config)# write mem<br />
ASA(config)# http server enable<br />
ASA(config)# http 192.168.1.2 255.255.255.255 inside<br />
ASA(config)# http 192.168.1.5 255.255.255.255 inside</strong></p>
<p>The example above enables HTTPs access and allows access only from two IP addresses (192.168.1.2 and 192.168.1.5) from the inside interface of the firewall.</p>
<p>Now, in order to access the Graphical ASDM web interface from a PC (e.g from PC with address 192.168.1.2), just open a web browser and enter the URL <strong>https://&lt;inside firewall IP address&gt; </strong></p>
<p><span style="text-decoration: underline;"><strong>Web VPN</strong></span></p>
<p>Web VPN (or SSL VPN, or clientless VPN) is a new type of remote VPN access using a browser with HTTPs protocol. A remote teleworker for example can access internal corporate services and resources by using  his/her secure browser. The teleworker just points the browser to the external public IP address of the corporate ASA firewall which authenticates the user and gives him secure access to the internal network.</p>
<p>However, if you use both ASDM and Web VPN on the same firewall interface, there is going to be a conflict since both of these services use the default HTTPs port (443). To avoid this conflict we can change the default listening port of the Web VPN service to something different than 443. Lets see an example:</p>
<p><span style="text-decoration: underline;">Example:</span></p>
<p><strong>ASA(config)# http server enable<br />
ASA(config)# http 100.100.1.1 255.255.255.255 outside<br />
ASA(config)# webvpn<br />
ASA(config-webvpn)# port 444<br />
ASA(config-webvpn)# enable outside</strong></p>
<p>On the example above, we enabled HTTP access for management (ASDM) on the outside interface, and also we have enabled webvpn access again on the outside using a different port (444). This way we avoid conflict of the two services (ASDM access listens on the default port 443 and webvpn listens on port 444).</p>
<p>In this case, in order for a remote teleworker to access the firewall on the outside he needs to point his browser to <strong>https://&lt;external IP of Firewall&gt;:444</strong></p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.networkingreviews.com/cisco-asa-firewall-web-administration-and-web-vpn/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Multimedia Traffic Issues Through a Firewall</title>
		<link>https://www.networkingreviews.com/multimedia-problems-through-a-firewall/</link>
					<comments>https://www.networkingreviews.com/multimedia-problems-through-a-firewall/#respond</comments>
		
		<dc:creator><![CDATA[Admin]]></dc:creator>
		<pubDate>Fri, 18 Apr 2008 14:00:15 +0000</pubDate>
				<category><![CDATA[Usefull Network Info]]></category>
		<category><![CDATA[Cisco Firewall]]></category>
		<category><![CDATA[multimedia through firewall]]></category>
		<category><![CDATA[quicktime]]></category>
		<category><![CDATA[realaudio]]></category>
		<guid isPermaLink="false">https://www.networkingreviews.com/?p=68</guid>

					<description><![CDATA[Multimedia applications (such as RealAudio, VoIP Telephony, Video Streaming etc) were always an issue when passing through a network firewall. These kind of applications behave in unique ways: They use dynamic ports. They transmit request using TCP and get responses in UDP or TCP. They use the same port for source and destination. For each [&#8230;]]]></description>
										<content:encoded><![CDATA[<p>Multimedia applications (such as RealAudio, VoIP Telephony, Video Streaming etc) were always an issue when passing through a network firewall. These kind of applications behave in unique ways:</p>
<ul>
<li>They use dynamic ports.</li>
<li>They transmit request using TCP and get responses in UDP or TCP.</li>
<li>They use the same port for source and destination.</li>
<li>For each multimedia request, the multimedia server might send numerous streams of data in reply.</li>
</ul>
<p>All the above impose an &#8220;unacceptable&#8221; traffic behavior for a network firewall, thus multimedia traffic needs some special treatment in order to be permitted through the firewall.<span id="more-68"></span></p>
<p style="text-align: center;"><img fetchpriority="high" decoding="async" style="vertical-align: middle;" src="https://www.networkingreviews.com/images/Multimedia-through-firewall.jpg" alt="Passing Multimedia traffic through a firewall" width="500" height="500" /></p>
<p>The diagram above shows the behavior of multimedia traffic through a network firewall. The multimedia client sends a TCP or UDP request to the multimedia server, which replies back using a range of ports in the reply packets. In order for the reply packets to pass through the firewall, a range of ports needs to be opened, which creates a security risk.</p>
<p>For example, RealAudio protocol sends the originating request to TCP port 7070, and the RealAudio Server replies with multiple UDP streams anywhere from UDP port 6970 up to 7170 on the client.</p>
<p>Another example is the Cisco IP Phone. It sends the SCCP message to the call manager on TCP port 2000. SCCP uses Real-Time Transport Protocol (RTP) and RTP Control Protocol (RTCP) for media transmissions. The UDP media ports are randomly selected by the IP Phone.</p>
<p>To accommodate multimedia traffic without permanently opening several ports on the firewall, the big firewall vendors (Cisco, Checkpoint, Netscreen etc) have implemented dynamic inspection of known multimedia traffic, so that the security appliance can  dynamically open and closes UDP ports for secure multimedia communication. For example, the firewall is able to sense that the traffic passing through is multimedia traffic, thus it dynamically opens the required inbound ports (from the Server to the Client) for the communication to pass. After the multimedia communication is finished, the firewall again dynamically closes all ports that were opened at the beginning.</p>
<p>For example, the Cisco Firewall can inspect and work dynamically on several multimedia applications such as Cisco IP/TV, Cisco IP Phones, Apple QuickTime 4, RealNetworks (RealAudio, RealPlayer, RealServer), SIP, H323 etc.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.networkingreviews.com/multimedia-problems-through-a-firewall/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
