Cisco ASA Tips & Hacks

Display Pre-Shared Keys in ASA Running Configuration

Simple tip to see pre-shared VPN keys:

 CiscoASA# more system:running-configuration

ASA Site-to-site VPN

It doesn't matter how many times I've done this, I always forget one piece. Here's a template for the future:

Assume local subnet, remote subnet Remote public IP

crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption aes
 hash sha
 group 1
 lifetime 28800

access-list REMOTE_SITE ex permit ip

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto map OUTSIDE_MAP 20 match address REMOTE_SITE
crypto map OUTSIDE_MAP 20 set pfs group1
crypto map OUTSIDE_MAP 20 set peer
crypto map OUTSIDE_MAP 20 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 20 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP interface outside

nat (inside) 0 access-list REMOTE_SITE

tunnel-group type ipsec-l2l
tunnel-group ipsec-attributes
 pre-shared-key ***

Masking the Server in an HTTP header using Cisco ASA.


It’s actually acomplished by a very simple MPF configuration as seen below:

access-list HTTP permit tcp any any eq www

class-map HTTP
match access-l HTTP

policy-map type inspect HTTP_SPOOF
spoof-server "Apache/2/2/0 (Unix)
policy-map HTTP
class HTTP
inspect http HTTP_SPOOF

service-policy HTTP interface outside
cisco/asa.txt · Last modified: 2010/08/10 18:57 by greebo
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready