Network Wizkid's Technical Knowledge Base

This article accompanies the demonstration video I have created below. What is TCP interception? TCP interception is a method used to protect against TCP SYN-flooding attacks. This is achieved by intercepting TCP connection requests (SYN packets) and verifying the connection before passing the original TCP SYN packet onto the destination. How does it work? The device configured for TCP interception establishes a connection with the client on behalf of the server and if the connection is successful i.e the TCP 3-way handshake is successful, the software will establish a connection with the server by forming two transparent connections. The original SYN packet is passed onto the server and the 3-way handshake takes place and once this has completed the session is established and the two half-connections are joined. (See video for demonstration)   TCP interception can operate in two modes, Intercept and Watch mode. Intercept mode is on by default! In Intercept mode the device configured w

In this article, I would like to demonstrate how to configure Cisco Smart Licensing on the virtual Cisco Adaptive Security Appliance (ASAv). This post assumes that readers already have access to there own Smart Account and would like to know the process of applying licenses. Step 1: Generate ID Token Sign into your Cisco Software Portal: software.cisco.com and navigate to “Smart Software Licensing” You will now need to create an ID token for your device, this is required for communication between the device and the licensing authority. Follow the steps below to create a new token. Click Inventory >>> General >>> New Token and select your preferred options and enter a description for your token. Once you are happy with your token settings click Create Token . You should now have a token created which can be copied over to the device you wish to license. All commands and output from this point will be related to the ASA so please seek out further advice if you wish

In this article, I will share my notes on the ASA packet process for version 8.3+. Domain 1.0 off the CCIE Security version blueprint focuses on perimeter security and intrusion prevention, both of which include the ASA. In order to understand the ASA and how it works, it is important to understand how packets are processed as they enter the ASA. The packet comes into the ingress interface and the ASA checks to see if there are any existing connections. If a connection already exists, ACL’s are bypassed and the packet is sent straight to the packet inspection, this is also known as the fast path. If a connection doesn’t currently exist then the packet needs to be checked against ACL’s for any matches, we can also see by looking at the diagram above, that the packet will be untranslated before it is matched against the ACL rules. If an ACL match is found and it is permitted, the packet will be inspected, likewise, if the packet is not permitted it is dropped. When a connection doesn’t