Cisco ASA – DNS Doctoring
Jul03

Cisco ASA – DNS Doctoring

KB ID 0001113 Dtd 03/07/17 Problem Cisco DNS doctoring is a process that intercepts a DNS response packet as it comes back into the network, and changes the IP address in the response. Why Would you want to do this? Well lets say you have a web server on you network, and its public IP is 111.111.111.111, and on your LAN its internal IP address is 192.168.1.100, its public DNS name, (or URL) is www.yoursite.com. When a user types...

Read More
FirePOWER Agent – Real-Time Status ‘Unavailable’
Jul02

FirePOWER Agent – Real-Time Status ‘Unavailable’

KB ID 0001323 Dtd 01/07/17 Problem I was deploying a Cisco FirePOWER user agent last week, but once setup, the agent reported that the Real-Time status for SOME of the domain controllers was permanently¬†‘Unavailable’. Now I know you have to be patient with these things so I went and had a coffee. Still it refused to ‘go green’. Solution I addition to all the other rights and firewall rules that you normally...

Read More
Cisco FirePOWER Management Center Appliance – Allowing Domain Authentication
Jun28

Cisco FirePOWER Management Center Appliance – Allowing Domain Authentication

KB ID 0001117 Dtd¬†28/06/17 Problem Once deployed, authentication is handled by the appliances own internal user database, in larger organisations this is a little impractical. So the ability to create an Active Directory Group, and delegate access to Firesight to members of that group is a little more versatile. Solution I’m making the assumption that the appliance does not already have external authentication setup at all, so...

Read More
Cisco ASA – Gernerate RSA Keypair From ASDM
Jun27

Cisco ASA – Gernerate RSA Keypair From ASDM

KB ID 0001322 Dtd 27/06/17 Problem I’ve lost count of the number of times this has happened to me! Most of my colleagues prefer to use the ASDM for remote management, but if (like me) you work at command line, then sometimes people <ahem> forget to generate the RSA keypair when deploying a firewall. Then even if SSH access and AAA is setup correctly, you still can’t get in via SSH. Instead you see the following;...

Read More
Updating the AnyConnect client for Deployment from the Cisco ASA 5500
Jun15

Updating the AnyConnect client for Deployment from the Cisco ASA 5500

KB ID 0000704 Dtd 15/06/17 Problem Your ASA will (by default) update your AnyConnect clients to the latest client software when they connect. However you need to supply the ASA with the updated packages first. Solution 1. Download the latest AnyConnect client package, from Cisco. The one you want will have a file extension of .pkg AnyConnect 4 AnyConnect 3 2. Connect to the ASDM > Configuration > Remote Access VPN > Network...

Read More
Cisco ASA: ‘ERROR: Multiple Peers can be specified only with originate-only connections’
Jun02

Cisco ASA: ‘ERROR: Multiple Peers can be specified only with originate-only connections’

KB ID 0001316 Dtd¬†02/06/17 Problem This week I had a client who had a head office and three satellite sites. They had old firewalls (a 5510 and 5505’s), and my firm had installed FTTC circuits, into the sites for them. My job was to reconfigure the firewalls and the site to site VPN tunnels (each site had a tunnel to the other sites), then disconnect their old ADSL connections, change the firewalls public IP, then connect to the...

Read More