Category Archives: Security

Tweak multicast on Cisco ASA without RP

This came as a customer request, where they required to send multicast for testing purposes to their own customers but without using a RP. A Cisco ASA is segregating the environment acting as Layer 3 between the multicast sender and receivers. The first step was disabling the snooping on the switching to let the traffic going through, and last but not least setup a static group on the ASA to flood the interface outwards to the receivers. The challenge was the PIM, which has to be enabled but can’t have a neighbourship otherwise the interface is not going to flood the multicast out, so how do we make this work?

I’m running code Cisco ASA 9.1(7) with multicast-routing enabled

Because i have the firewall connect to a DMZ switch i have to disable the IGMP snooping on the switch

no ip igmp snooping vlan 2201

Setup a Filter to not allow the neighbourship but having the PIM enabled, and the static group to force the ASA to join particular multicast address (
You have to Deny the host adjacent in this case was

access-list CSC_FILTER_PIM standard deny host

interface Ethernet0/0
description CSC
nameif CSC-LON9
security-level 55
ip address standby
pim neighbor-filter CSC_FILTER_PIM
igmp static-group

If a PIM neighbourship was established, that needs to expire before the interface starts flooding the traffic, if you see Nbr Count=0 you are almost there

fw01/sec/act# show pim interface

Address Interface PIM Nbr Hello DR DR
Count Intvl Prior CSC-LON9 on 0 30 1 this system

fw01/sec/act# sh igmp interface CSC-LON9
CSC-LON9 is up, line protocol is up
Internet address is
IGMP is enabled on interface
Current IGMP version is 2
IGMP query interval is 125 seconds
IGMP querier timeout is 255 seconds
IGMP max query response time is 10 seconds
Last member query response interval is 1 seconds
Inbound IGMP access group is:
IGMP limit is 500, currently active joins: 0
Cumulative IGMP activity: 1 joins, 0 leaves
IGMP querying router is (this system)

Now the interface is forwarding the multicast, if you see Null you missed something

fw01/sec/act# sh mroute

Multicast Routing Table
Flags: D – Dense, S – Sparse, B – Bidir Group, s – SSM Group,
C – Connected, L – Local, I – Received Source Specific Host Report,
P – Pruned, R – RP-bit set, F – Register flag, T – SPT-bit set,
J – Join SPT
Timers: Uptime/Expires
Interface state: Interface, State

(,, 3w3d/00:03:29, flags: SFJT
Incoming interface: INSIDE
RPF nbr:
Inherited Outgoing interface list:
CSC-LON9, Forward, 3w3d/never

Cisco CCNA Cyber Ops completed!

2 months in a rush was what i needed to finish my CCNA Cyber Ops, it’s composed by 2 exams:

  •  210-250 SECFND
  • 210-255 SECOPS

The e-learning was part of the Cisco scholarship, so i had all materials required to learn what was required for each exam. The SECOPS exam it was a bit more difficult due his nature of different language.


210-250 SECFND

This exam understand common security concepts, and start to learn the basic security techniques used in a Security Operations Center (SOC) to find threats on a network using a variety of popular security tools within a “real-life” network infrastructure.

Course Objectives

Upon completing this course, students will be able to:

  • Describe, compare and identify various network concepts
  • Fundamentals of TCP/IP
  • Describe and compare fundamental security concepts
  • Describe network applications and the security challenges
  • Understand basic cryptography principles
  • Understand endpoint attacks, including interpreting log data to identify events in Windows and Linux
  • Develop knowledge in security monitoring, including identifying sources and types of data and events
  • 210-250 SECFND


 210-255 SECOPS

This exam focuses on the introductory-level skills needed for a SOC Analyst at the associate level. Specifically, understanding basic threat analysis, event correlation, identifying malicious activity, and how to use a playbook for incident response.

Course Objectives

Upon completion of this course, you will have the skills and knowledge to:

  • Define a SOC and the various job roles in a SOC
  • Understand SOC infrastructure tools and systems
  • Learn basic incident analysis for a threat-centric SOC
  • Explore resources available to assist with an investigation
  • Explain basic event correlation and normalization
  • Describe common attack vectors
  • Learn how to identify malicious activity
  • Understand the concept of a playbook
  • Describe and explain an incident respond handbook
  • Define types of SOC metrics
  • Understand SOC workflow Management system and automation

Cisco Live Barcelona 2018 here i GO!

This is going to be my 2nd Cisco Live, and i’m very excited because i’ve learned a lot over the past 8 years and i’m in a different professional stage at the moment that 8 years ago it was just a dream. I’m a strong believer that these events are important to grow your “networking” and keep you updated on new trends/technology.

So how my calendar looks like so far?

  • CCDE Techtorial and Exam
  • Firepower
  • ISE
  • Multi-Cloud
  • SD-X
  • DevOps

If you are are around, lets grab a beer and crack some of the topics above

Black Hat Europe London 2017

Black Hat Europe in London this year is not a mirage, it’s real! Wake Up, time for action! Briefings, Training, Arsenal and beer you choose! Register here

And if you are a student on the cyber security arena, you can get a free scholarship which allows full access to all Briefings on Wednesday, December 6 and Thursday, December 7 at the ExCeL London, United Kingdom. You can apply here.

If you go contact me, i will be around!