Cisco ASA Tips & Hacks
Display Pre-Shared Keys in ASA Running Configuration
Simple tip to see pre-shared VPN keys:
CiscoASA# more system:running-configuration
ASA Site-to-site VPN
It doesn't matter how many times I've done this, I always forget one piece. Here's a template for the future:
Assume local subnet 192.168.15.0/24, remote subnet 192.168.16.0/24. Remote public IP 11.11.11.11.
crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption aes hash sha group 1 lifetime 28800 access-list REMOTE_SITE ex permit ip 192.168.15.0 255.255.255.0 192.168.16.0 255.255.255.0 crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto map OUTSIDE_MAP 20 match address REMOTE_SITE crypto map OUTSIDE_MAP 20 set pfs group1 crypto map OUTSIDE_MAP 20 set peer 11.11.11.11 crypto map OUTSIDE_MAP 20 set transform-set ESP-AES-128-SHA crypto map OUTSIDE_MAP 20 set security-association lifetime seconds 28800 crypto map OUTSIDE_MAP interface outside nat (inside) 0 access-list REMOTE_SITE tunnel-group 11.11.11.11 type ipsec-l2l tunnel-group 11.11.11.11 ipsec-attributes pre-shared-key ***
Masking the Server in an HTTP header using Cisco ASA.
ref: http://www.globalconfig.net/2009/07/09/masking-the-server-in-an-http-header-using-cisco-asa
It’s actually acomplished by a very simple MPF configuration as seen below:
access-list HTTP permit tcp any any eq www class-map HTTP match access-l HTTP policy-map type inspect HTTP_SPOOF parameters spoof-server "Apache/2/2/0 (Unix) policy-map HTTP class HTTP inspect http HTTP_SPOOF service-policy HTTP interface outside