Monthly Archives: November 2011

Cut-Through Proxy (aka CTP) – Part Three

Finally, this is the last article on CTP. This one will deal with the Downloadable Access Control Lists or DACLs. We continue to use CTP topology and have these requirements: – users from inside network of 1.1.1.0/24 should be denied … Continue reading

Posted in AAA, ACS/RADIUS/TACACS, ASA, Cisco | Tagged , , , , , | Leave a comment

Cut-Through Proxy (aka CTP) – Part Two

In the previous article, I talked about authorizing user who moves around from one IP to another by means of CTP. We saw that user’s traffic can be directly intercepted by ASA as long as user’s protocol is Telnet, FTP, … Continue reading

Posted in AAA, ACS/RADIUS/TACACS, ASA, Cisco | Tagged , , , , , , , , | Leave a comment

Cut-Through Proxy (aka CTP) – Part One

What is this thing CTP? If you ever needed to allow somebody through ASA to some resources based on their username/password combination – CTP is the right tool to use. Since the version of 8.3 or perhaps 8.4 there is … Continue reading

Posted in AAA, ACS/RADIUS/TACACS, ASA, Cisco | Tagged , , , , , , | 1 Comment

Cisco ASA Overlapping Networks – VPN

Previously we talked about Cisco ASA Overlapping Networks and demonstrated telnet from one company to another when both share the same subnet. It could be anything, but we show telnet and came to conclusion that it should be protected with … Continue reading

Posted in ASA, Cisco, NAT, VPN | Tagged , , , , , | Leave a comment

Cisco ASA Overlapping Networks

Let’s imagine this scenario: we are in charge of company “Popravak Inc” and need to establish some kind of connection to company “Vidovic Ltd”. Both sides are using Cisco ASA for Internet connectivity. But there is a catch: both company’s … Continue reading

Posted in ASA, Cisco, NAT | Tagged , , , | 1 Comment

Cisco IOS vpn-filter

In the previous article I talked about Cisco ASA vpn-filter functionality. I said that ASAs implementation of vpn-filter is weird and I tried to explain why and how to cope with it. Then I came up with the new way … Continue reading

Posted in Cisco, IOS, VPN | Tagged , , , , , | 8 Comments

Cisco ASA vpn-filter as I see it

I must admit, it took me some time to become familiar with ASAs “vpn-filter” functionality. Sometimes I have a feeling that guys from Cisco make thing weird on purpose. This feature could be implemented in less weird way, if you … Continue reading

Posted in ASA, Cisco, VPN | Tagged , , , , | 14 Comments