Category Archives: Cisco

DNS Doctoring on FortiGate

Sometimes, you have a scenario where your internal servers or devices are using external DNS servers (e.g. 8.8.8.8 or 4.2.2.2…

By Manny Fernandez

August 2, 2021
banner

Cisco ASA Internet Failover

It has been a while that I work on ASAs in a meaningful way.  Today I was helping out a…

By Manny Fernandez

May 22, 2020

SPAN and RSPAN On Cisco Switches

Today I am going to cover a topic that I used to use regularly when I did primarily Cisco implementations.…

By Manny Fernandez

February 9, 2020

Route-Based VPN between Cisco Router and Fortigate Firewall using OSPF

Earlier, I wrote an article showing how to do a VTI (Virtual Tunnel Interface) from a Cisco ASA to a…

By Manny Fernandez

November 10, 2019

ASA Route-Based VPN (VTI) with Fortigate Firewall

  Customer had a question about creating a route-based VPN between a Cisco ASA and a Fortigate.  Traditionally, the ASA…

By Manny Fernandez

November 7, 2019

Duo Security 2FA with Fortigate Firewalls

Although Fortinet has a great 2FA solution (FortiToken) which is simple to use and does not require anything extra, there…

By Manny Fernandez

February 19, 2019

IKEv2 Dynamic Remote Fortigate to Head-In ASA

Customer had a Cisco ASA 5516-X that we used to replace aging 5510’s. I told the customer that we would…

By Manny Fernandez

September 1, 2018

Remote Access VPN with ASA as a client

Today I had a customer that was buying two Fortigate 500Es for their datacenter but had some remote offices outside…

By Manny Fernandez

May 22, 2018

ASA ‘HA’ configuration explained

When configuring the Cisco ASA for High Availability, the failover command is used to configure the devices. A few terms…

By Manny Fernandez

February 27, 2018

SIP Application Layer Gateway – Cisco and Fortinet

SIP ALG is a feature where the firewall will inspect the SIP packets as they egresses the firewall Purpose of…

By Manny Fernandez

January 23, 2018

IKEv1 & IKEv2

I have been dealing with VPNs for the past 20 Years. Primarily I have used IKEv1 as it was the…

By Manny Fernandez

December 1, 2017

HSRP Using SLA with Boolean Tracks

Recently, I was at a cutomer’s location that wanted to track an ISP based on multiple locations (e.g. 4.2.2.2 and…

By Manny Fernandez

May 24, 2017

Persistent VPN Profiles in AnyConnect

If you are like me that connects to a multitude of customer's networks using AnyConnect, you know the headache of…

By Manny Fernandez

January 24, 2017

Uninstalling Web Security from AnyConnect for Mac

You ever had that annoying Web Security pop up using AnyConnect? I did and I kept saying to myself “…

By Manny Fernandez

January 22, 2017

Creating a Certificate Signing Request on the ASA

First things first; check the time on your ASA.  You can do this with the following command: show clock If…

By Manny Fernandez

November 1, 2016

Cisco ACS 5.8 Automated Backups

  Today I attempted to configure our ACS server to backup to our new SFTP server. I deployed the SFTP…

By Manny Fernandez

October 25, 2016

IPSec VPN on Cisco ASA using CLI

Cisco is, in my opinion, the most flexible and scalable VPN solution on the market today.  I have used Cisco…

By Manny Fernandez

October 9, 2016

Packet Capture on Cisco ASA Firewall

This post is a four part post geared at engineers looking to do packet captures on Cisco ASA, PaloAlto and…

By Manny Fernandez

September 29, 2016

Context-Based Access Control (CBAC)

CBAC is barely used today. It has long been substituted with Zone-Based Firewall (Discussed later on a different post) and…

By Manny Fernandez

June 29, 2016

Categories

Recent posts

  • Had a customer with over 200 static routes on... Full Story

  • This is a work in progress, I will be... Full Story

  • I have been playing with the free version of... Full Story