Cisco ASA

Info on the ancient, but ubiquitous, Cisco ASA.

• How to Show and Clear User Sessions on a Cisco ASA

show resource usage resource ssh

show ssh sessions
ssh disconnect 3

• Cisco ASA Order of Operation - Tunnels UP
• Order of operation ASA - Cisco forum

• ASDM - Once upon a time on a new Windows machine, ASDM wouldn't connect to anything, I'd get connection errors for everything. I finally got it working by disabling “Automatically detect settings” in Settings > Network & Internet > Proxy.

sh vpn-sessiondb anyconnect filter name USERNAME vpn-sessiondb logoff name USERNAME

• 2021-07-21: Quick Add - Fix this…
• https://community.cisco.com/t5/network-security/asdm-quot-this-app-can-t-run-on-your-pc-quot-windows-10/td-p/3782580
• In Start > Cisco ASDM-IDM Launcher > right click the launcher and go to More > Open file location
• Then you'll be looking at the shortcut to the ASDM launcher, right click it and go to Properties and look at the Target. You'll see a long path to wscript.exe - change this to C:\Windows\System32\wscript.exe (leave the invisible.vbs run.bat on the end as these scripts are used to open up ASDM). After changing this I was able to launch ASDM fine.

To block inbound traffic that would flow through the firewall…

access-list OUTSIDE_INBOUND extended deny ip host 192.0.2.99 any log
access-list OUTSIDE_INBOUND extended permit ip any any
access-group OUTSIDE_INBOUND in interface outside

To block inbound traffic that the firewall would respond to…

access-list CP_OUTSIDE_INBOUND extended deny ip host 192.0.2.99 any log
access-list CP_OUTSIDE_INBOUND extended permit ip any any
no access-group CP_OUTSIDE_INBOUND in interface outside control-plane

The upper one will not block someone trying to login to AnyConnect while the lower one will.