Links
Reset configuration
enable
configure terminal
configure factory-default X.X.X.X M.M.M.M
boot system flash:/asa902-k8.bin
reload save-config
where X.X.X.X is an IP and M.M.M.M is a mask for management interface
NAT
object network INSIDE-NETWORK
subnet 172.16.30.0 255.255.255.0
Concepts
- object = single item in your network environment
- network object = one IP, subnet or IP range
- service object = one set of protocol, source port (optional) and destination port (optional)
username admin password admin
username admin attributes
service-type remote-access
enable password enable
passwd cisco
aaa authentication ssh console LOCAL
interface Ethernet0/0
nameif IF-WAN
security-level 0
ip address dhcp setroute
interface Etherner0/3
nameif IF-LAN
security-level 0
ip address 192.168.77.1 255.255.255.0
dhcpd address 192.168.77.10-192.168.77.99 IF-LAN
dhcpd enable IF-LAN
object network INSIDE-NET-77
subnet 192.168.77.0 255.255.255.0
nat (IF-LAN,IF-WAN) dynamic interface
dhcpd dns 192.168.80.82
http server enable
http 192.168.77.0 255.255.255.0 IF-LAN
http 192.168.80.0 255.255.255.0 IF-WAN
ssh 192.168.77.0 255.255.255.0 IF-LAN
ssh 192.168.80.0 255.255.255.0 IF-WAN
Firmware
REF: cisco Downloads Home /Security / Security Management / Adaptive Security Device Manager /Adaptive Security Appliance (ASA) /Software - 9.1.7 Interim
Downloads Home/ Security / Firewalls / Adaptive Security Appliances (ASA) / Adaptive Security Virtual Appliance (ASAv)
-
asa917-32-k8.bin
- MD5: 6a179b18475c91bef114f36a93b50357
- SHA512: b0864b3a77cddb17dff2822c6ab2048616014e15f82341f395fe7114d82dadecae22b96f94b3d2aeb5fbcaa4de655bd23b600e1390f934685253da0dac24af70
-
asa904-42-k8.bin (24-OUT-2016)
- MD5: 7253cda75264abda06bcfd9cdab76c3f
- SHA512: 948636133d02cd96de3023ff79013b63c2cf8b0126e8995796e61fe7c058455456311d0fcb0af1856220ba45a4fe2ec92e37be27fbe511f9a50939ad558cdaec
https://wiki.polaire.nl/doku.php?id=cisco_asa_5505_upgrade_firmware]
asdm-781-150.bin
- e58a555d6ac31c2f9400c58f35da4b4b
- 5f0910bcc1dc4b8ad421cd53eca9388dcd3e65cc1aaec5a4a3fc844e33b911e426bb821f9018f168f0974aa9813ded67bb2fe054783fad634ac38b08c25e1316
asdm-791.bin af7fe78af954facc93f5e1357224483e 653a2bc6468437cf3a5ae96a2a6096f1de78b508717546052b081bea5cd9d185caff36dace821297d459ce93122071ad88c303eb091037fc5045db8d8e38229f
running OpenWebStart
\Users$USER.cache\icedtea-web\jvm-cache\adoptium_11.0.13_x64\conf\security\java.security change this:
#jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
# DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
# include jdk.disabled.namedCurves
to this
# JJN 20200508
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
remove MD5
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024, \
DSA keySize < 1024, include jdk.disabled.namedCurves