Collecting Cisco ASA VPN Tunnels on HP IMC

Just got asked the question on how I collected and graphed the number of active IPSec VPN Tunnels on my Cisco ASA with the HP IMC (Intelligent Management Center).  The OID I am collecting on is the number of active Phase1 IKE Tunnels:  .1.3.6.1.4.1.9.9.171.1.2.1.1.0 Here is a screenshot of my Performance Index that I'm collecting:   After that, click the TEST button at the bottom of the screen.  Type the IP Address of the ASA that you want to collect from and choose "Resolve". Once it resolves, you should see the instance populate from the data you input from...
More

The ASA version of PIX ‘alias’ command

I finally figured out, albeit late, on how to do the old "PIX" 'alias' command on a Cisco ASA. For those that remembered, the 'ALIAS' command would basically do a DNS rewrite.  If you have a webserver on your DMZ with a static ip on an outside address, your internal users wouldn't be able to access it.  DNS would return your outside IP, but because the address is on the outside interface, your users are coming in on an inside interface, and it wouldn't access it. So, you would use the 'alias' command to basically tell the PIX to "rewrite" the DNS response address to the DMZ add...
More

Accessing Cisco ASA using SSH

So, I purchased a Cisco ASA 5505 to build a VPN Tunnel from a remote office to my main office. Really simple to do, when you are using Easy VPN . Anyway, I wanted to turn on SSH. So, I enabled SSH on the ASA, and tried to access it: [apaxson@netutil ~]$ ssh -l username 1.2.3.4 ssh_exchange_identification: Connection closed by remote host   Hmmmm..... let's do a debug, and see what happens: asa# debug ssh Device ssh opened successfully. SSH0: SSH client: IP = '1.2.3.10' interface # = 1 SSH: unable to retrieve default host public key. Please create a defauth RSA key pair ...
More