<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Networking Reviews</title>
	<atom:link href="https://www.networkingreviews.com/tag/cisco/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.networkingreviews.com</link>
	<description></description>
	<lastBuildDate>Wed, 24 Sep 2008 06:01:43 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.9.1</generator>
	<item>
		<title>Using Cisco Access Control List to block a subnet</title>
		<link>https://www.networkingreviews.com/using-cisco-access-control-list-to-block-a-subnet/</link>
					<comments>https://www.networkingreviews.com/using-cisco-access-control-list-to-block-a-subnet/#respond</comments>
		
		<dc:creator><![CDATA[Admin]]></dc:creator>
		<pubDate>Wed, 24 Sep 2008 06:01:43 +0000</pubDate>
				<category><![CDATA[Troubleshooting]]></category>
		<category><![CDATA[access control list]]></category>
		<category><![CDATA[acl]]></category>
		<category><![CDATA[cisco]]></category>
		<category><![CDATA[subnet]]></category>
		<guid isPermaLink="false">https://www.networkingreviews.com/?p=251</guid>

					<description><![CDATA[Question: I have the following ClassB network 172.31.0.0/16 that I&#8217;m trying to create an access list for. I&#8217;d like to allow 172.31.240.0/24 but deny all else, so I&#8217;m looking the best way to accomplish this with 2 acl lines. Answer: The best way to accomplish the above is to explicitly allow the subnet you want and then [&#8230;]]]></description>
										<content:encoded><![CDATA[<p><strong><span style="text-decoration: underline;">Question:</span></strong></p>
<p>I have the following ClassB network 172.31.0.0/16 that I&#8217;m trying to create an access list for. I&#8217;d like to allow 172.31.240.0/24 but deny all else, so I&#8217;m looking the best way to accomplish this with 2 acl lines.</p>
<p><strong><span style="text-decoration: underline;">Answer:</span></strong></p>
<p>The best way to accomplish the above is to explicitly allow the subnet you want and then deny the whole Class B network as following:</p>
<p>access-list 110 permit ip 172.31.240.0 0.0.0.255<br />
access-list 110 deny ip 172.31.0.0 0.0.255.255</p>
<p>Another option with just one ACL entry would be to permit only the subnet 172.31.240.0/24 and thats it. No other ACL entries are needed since there is an implicit deny at the end of the access list statement.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.networkingreviews.com/using-cisco-access-control-list-to-block-a-subnet/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Cisco ASA Firewall &#8211; Web Administration and Web VPN</title>
		<link>https://www.networkingreviews.com/cisco-asa-firewall-web-administration-and-web-vpn/</link>
					<comments>https://www.networkingreviews.com/cisco-asa-firewall-web-administration-and-web-vpn/#respond</comments>
		
		<dc:creator><![CDATA[Admin]]></dc:creator>
		<pubDate>Sat, 19 Jul 2008 09:15:27 +0000</pubDate>
				<category><![CDATA[Cisco Firewall]]></category>
		<category><![CDATA[asa 5500 firewall]]></category>
		<category><![CDATA[asdm]]></category>
		<category><![CDATA[cisco]]></category>
		<category><![CDATA[cisco asa]]></category>
		<category><![CDATA[ssl vpn]]></category>
		<category><![CDATA[web vpn]]></category>
		<guid isPermaLink="false">https://www.networkingreviews.com/?p=89</guid>

					<description><![CDATA[Cisco ASA Firewalls (ASA 5500 series) offer several ways for remote administration and management of the devices such as SSH access, Telnet access, and Web HTTP access. The last one (HTTP access) makes use of the ASDM (Adaptive Security Device Manager) which is a powerful graphical application for administration and management of the firewall device. [&#8230;]]]></description>
										<content:encoded><![CDATA[<p>Cisco ASA Firewalls (ASA 5500 series) offer several ways for remote administration and management of the devices such as SSH access, Telnet access, and Web HTTP access. The last one (HTTP access) makes use of the ASDM (Adaptive Security Device Manager) which is a powerful graphical application for administration and management of the firewall device. The ASDM application file is stored on the firewall&#8217;s flash and is accessed by a browser using HTTPs.</p>
<p>To gain access to the graphical ASDM Web management tool you need to enable the HTTPs server on the firewall, and allow HTTPs connections.</p>
<p><span style="text-decoration: underline;"><strong>Enabling HTTPs Access</strong></span></p>
<ol>
<li>Generate cryptographic keys for HTTPs</li>
<li>Enable the web server on the firewall</li>
<li>Specify which management PCs are allowed to access the device</li>
</ol>
<p><span style="text-decoration: underline;">Example:</span><br />
<strong>ASA(config)# crypto key generate rsa modulus 1024<br />
ASA(config)# write mem<br />
ASA(config)# http server enable<br />
ASA(config)# http 192.168.1.2 255.255.255.255 inside<br />
ASA(config)# http 192.168.1.5 255.255.255.255 inside</strong></p>
<p>The example above enables HTTPs access and allows access only from two IP addresses (192.168.1.2 and 192.168.1.5) from the inside interface of the firewall.</p>
<p>Now, in order to access the Graphical ASDM web interface from a PC (e.g from PC with address 192.168.1.2), just open a web browser and enter the URL <strong>https://&lt;inside firewall IP address&gt; </strong></p>
<p><span style="text-decoration: underline;"><strong>Web VPN</strong></span></p>
<p>Web VPN (or SSL VPN, or clientless VPN) is a new type of remote VPN access using a browser with HTTPs protocol. A remote teleworker for example can access internal corporate services and resources by using  his/her secure browser. The teleworker just points the browser to the external public IP address of the corporate ASA firewall which authenticates the user and gives him secure access to the internal network.</p>
<p>However, if you use both ASDM and Web VPN on the same firewall interface, there is going to be a conflict since both of these services use the default HTTPs port (443). To avoid this conflict we can change the default listening port of the Web VPN service to something different than 443. Lets see an example:</p>
<p><span style="text-decoration: underline;">Example:</span></p>
<p><strong>ASA(config)# http server enable<br />
ASA(config)# http 100.100.1.1 255.255.255.255 outside<br />
ASA(config)# webvpn<br />
ASA(config-webvpn)# port 444<br />
ASA(config-webvpn)# enable outside</strong></p>
<p>On the example above, we enabled HTTP access for management (ASDM) on the outside interface, and also we have enabled webvpn access again on the outside using a different port (444). This way we avoid conflict of the two services (ASDM access listens on the default port 443 and webvpn listens on port 444).</p>
<p>In this case, in order for a remote teleworker to access the firewall on the outside he needs to point his browser to <strong>https://&lt;external IP of Firewall&gt;:444</strong></p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.networkingreviews.com/cisco-asa-firewall-web-administration-and-web-vpn/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
