Updating the AnyConnect client for Deployment from the Cisco ASA 5500
Jun15

Updating the AnyConnect client for Deployment from the Cisco ASA 5500

KB ID 0000704 Dtd 15/06/17 Problem Your ASA will (by default) update your AnyConnect clients to the latest client software when they connect. However you need to supply the ASA with the updated packages first. Solution 1. Download the latest AnyConnect client package, from Cisco. The one you want will have a file extension of .pkg AnyConnect 4 AnyConnect 3 2. Connect to the ASDM > Configuration > Remote Access VPN > Network...

Read More
Cisco ASA: ‘ERROR: Multiple Peers can be specified only with originate-only connections’
Jun02

Cisco ASA: ‘ERROR: Multiple Peers can be specified only with originate-only connections’

KB ID 0001316 Dtd 02/06/17 Problem This week I had a client who had a head office and three satellite sites. They had old firewalls (a 5510 and 5505's), and my firm had installed FTTC circuits, into the sites for them. My job was to reconfigure the firewalls and the site to site VPN tunnels (each site had a tunnel to the other sites), then disconnect their old ADSL connections, change the firewalls public IP, then connect to the shiny...

Read More
Testing AnyConnect With Packet Tracer
Apr05

Testing AnyConnect With Packet Tracer

KB ID 0001298 Dtd 05/04/17 Problem Packet tracer is a great tool, I wrote about it in the 'Prove It's Not the Firewall' article a while ago. A couple of months ago I was having a discussion with a colleague about packet tracing a remote VPN client to check connectivity, he said at the time, "It will behave differently if the IP you use is already connected". I never really thought about it until today, when I was troubleshooting a...

Read More
AnyConnect – “Connection attempt has failed due to server communication errors’
Jan31

AnyConnect – “Connection attempt has failed due to server communication errors’

KB ID 0001279 Dtd 31/01/17 Problem We had a firewall fail at work this week, as part of the rebuild the latest OS was put on it, version 9.7(1). I thought no more about it until I tried to VPN in and got this; I used my Windows 10 VM and that connected fine, only my MacBook could not connect, this VPN tunnel is a big deal I need it to get onto client's networks. I tried my other VPN connections and every one was fine, only the...

Read More
Cisco AnyConnect – Allow Domain Password Change via LDAP
Jan14

Cisco AnyConnect – Allow Domain Password Change via LDAP

KB ID 0001273 Dtd 14/01/17 Problem   If you have remote users who connect via VPN, and a policy that forces them to change their password periodically, this can result in them getting locked out without the ability to change their password (externally). If your Cisco ASA is using LDAP to authenticate your users, then you can use your remote AnyConnect VPN solution to let them reset their passwords remotely. Solution Standard LDAP runs...

Read More
Cisco – LDAP AAA Error ‘AAA Server has been removed”
Jan11

Cisco – LDAP AAA Error ‘AAA Server has been removed”

KB ID 0001271 Dtd 11/01/17 Problem Seen while attempting to test AAA authentication via LDAP to a Windows domain Controller. Authentication test to host {IP-Address} failed. Following error occurred -  ERROR: Authentication Server not responding: AAA Server has been removed Solution This is a terribly ambiguous error! What it means is that the ASA cannot bind to active directory, either because; The ASA bind account password is wrong....

Read More