designetwork(EN)

IT technical memo of networking

Network Design-FW

Cisco ASA Series does not support CDP/LLDP

Since the Cisco ASA is a security device, It does not support CDP/LLDP which collects information on neighboring NW devices. Information on the Cisco Support Community Several questions on ASA's CDP/LLDP compliance status are being made. T…

Security level setting when building DMZ with ASA

I am building a DMZ in my home lab with the Cisco ASA 5505. In the case of a simple inside-outside setting, set the security level to inside: 100, outside: 0 and allow traffic from outside by FW and NAT. However, inclusion of the DMZ makes…

Can not communicate from DMZ to inside at home lab ASA

I had trouble communicating from the DMZ to the inside when I built a DMZ with ASA 5505 in my home laboratory. Components Cisco ASA 5505 (BASE License, Ver.9.2 (3)) Cisco Catalyst 2960 VMware ESXi Because ASA 5505 can not use VLAN trunk wi…

Resolve VLAN nameif setting error with ASA 5505 of basic license

With the basic license, the Cisco ASA 5505 can set up to three VLANs. However, if you try to set it normally, you will get an error when setting nameif in the third VLAN. Describe how to resolve the error and set nameif in the third VLAN. …

Insert the X-Forwarded-For header with Cisco ASA in NAPT environment

X-Forwarded-For (XFF) header to be important in the HTTP communication of NAPT environment of Proxy environment. In many cases Cisco ASA, which is used as a NAPT router, describes the grant of XFF header. Check result In July 2016 it is no…

Cisco ASA traceroute settings via NAPT

Some of the settings to ensure proper operation of the traceroute in an environment that uses a Cisco ASA as a NAT router is required. NAPT in the Internet connection part, inspect, ACL, note for reviewing the various settings, such as pol…

Allow the Cisco and Linux traceroute in Firewall

In order to allow the traceroute to be used in the communication confirmation of the network in the FW is passed, it is necessary one time. Traceroute : command to check the network path by utilizing a TTL expired Specification of tracerou…


This Blog is English Version of my JP's.

Sorry if my English sentences are incorrect.

designetwork