Author Archives: Paul Stewart, CCIE 26009 (Security)

For the last few years, Cisco has been attempting to do away with what they call the Cisco EZVPN client. This has been the solution used by many corporate users in the mobile workforce for secure access to enterprise data. … Continue reading →

NAT exemptions are often required when a single ASA appliance is performing NAT and terminating VPN connections.  In ASA configurations prior to 8.3 and 8.4, NAT exemptions were configured with “nat 0 access-list <acl name>” and a related access-list.

It seems like some of the more challenging things to do on an ASA involve some sort of traffic being redirected out the same interface it was received on. This article addresses the requirement for spoke to hub to spoke … Continue reading →

There are several changes when an ASA is upgraded from 8.2 to 8.4(2). The most notable of these are the ones dealing with the syntax of the NAT configuration. However, there is another gotcha that you might not be expecting. SSH will … Continue reading →

A little while back, I posted an article that took a very simple ASA configuration and migrated it to 8.4. This article takes it a step further and focuses on NAT and PAT, as well as the related access control … Continue reading →

More and more, the Internet is being used as a connection to business partners. Typically this requires building an IPSec Tunnel between two VPN capable endpoints. For me the device of choice is the Cisco ASA. Since we are connecting to a business … Continue reading →