Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Pls take a look at my ASA 5505 Config

Hi all, pls kindly take a look at my ASA 5505 config and see if there are any holes which could allow a hacker through and/or cause the internet speed to be slow. The reason I'm asking is because my user reported that they were hacked and that their internet speed is only 3Mbps. When they were using their old PIX 506, they were able to get speeds of up to 6Mbps both upstream and downstream.

The config is attached. All public IPs of the first 2 octets are replaced with xxx for security reasons.

Cisco Employee

Re: Pls take a look at my ASA 5505 Config


1) I suggest you enable unicast RPF and if you have money for it, consider enabling botnet filtering.

2) Your have enabled a lot of inspection engines, I would keep the enabled to minimum.

3) You have both intra-interface and inter-interface same-security I don't see a reason to do so based on your config (I didn't go too much into detail)

4) Consider enabling shunning in your threat detection if your customer thinks he's under attack.

Keep in mind that by itself ASA is just a smart policy enforcer, endpoint security is a complete different matter. If your users go on fishy sites and download and run application from unknown users there's very little ASA can do against it :-)


Community Member

Re: Pls take a look at my ASA 5505 Config

Marcin, thanks for the reply. Juz wanna clear up a few things. Firstly, what is unicast RPF and how do I enable it? Secondly, could the inspection engines be the cause of the slow internet speed, upstream and downstream? Thirdly, I configured the ASA based on another ASA which somebody else configured. As such, I have no idea what intra-interface and inter-interface commands do.

I don't understand what you mean in your fourth point. Thanks for the help.

Cisco Employee

Re: Pls take a look at my ASA 5505 Config


Please have look at the configuration guide and command reference for my suggestions:

Re unicast RPF

Regarding inspections - they will cause higher CPU if much traffic is passed.

re same-security:

Re threat detection:

I invite you to read configuration guide and if you have further questions let me know.


CreatePlease to create content