Cisco AnyConnect – Allow Domain Password Change via LDAP
Jan14

Cisco AnyConnect – Allow Domain Password Change via LDAP

KB ID 0001273 Dtd 14/01/17 Problem   If you have remote users who connect via VPN, and a policy that forces them to change their password periodically, this can result in them getting locked out without the ability to change their password (externally). If your Cisco ASA is using LDAP to authenticate your users, then you can use your remote AnyConnect VPN solution to let them reset their passwords remotely. Solution Standard LDAP runs...

Read More
Cisco – LDAP AAA Error ‘AAA Server has been removed”
Jan11

Cisco – LDAP AAA Error ‘AAA Server has been removed”

KB ID 0001271 Dtd 11/01/17 Problem Seen while attempting to test AAA authentication via LDAP to a Windows domain Controller. Authentication test to host {IP-Address} failed. Following error occurred -  ERROR: Authentication Server not responding: AAA Server has been removed Solution This is a terribly ambiguous error! What it means is that the ASA cannot bind to active directory, either because; The ASA bind account password is wrong....

Read More
Deploy Cisco FirePOWER Management Center (Appliance)
Nov30

Deploy Cisco FirePOWER Management Center (Appliance)

KB ID 0001263 Dtd 30/11/16 Problem You have been able to manage your firewalls Internal SFR module for ¬†while using the ASDM Setup FirePOWER Services (for ASDM) For most people that’s fine, but if you have a lot of FirePOWER devices to manage that does not scale well. In those cases you should use theFMC ¬†(FirePOWER Management Center). Here ‘Im going to use the Vmware virtual appliance, (at time of writing there is no...

Read More
Cisco ASA EZVPN (Revisited)
Nov23

Cisco ASA EZVPN (Revisited)

KB ID 0001261 Dtd 24/11/16 Problem EZVPN is a technology that lets you form an ISAKMP/IPSEC VPN tunnel from a site with a dynamically assigned IP (EZVPN Client,) back to a device with a static IP (EZVPN Server). I've called this EZVPN revisited, because this is a technology I've talked about before. So why am I here again? Well back then I used the ASDM. If you do that now, you need to go in and mess about with things to get it to...

Read More
Cisco ASA – Remote IPSEC VPN With the NCP Entry Client
Nov23

Cisco ASA – Remote IPSEC VPN With the NCP Entry Client

KB ID 0001260 Dtd 23/11/16 Problem I've covered Cisco IPSEC Remote VPNs a long time ago, and I've also blogged about the Cisco IPSEC VPN Client Software. Yes you can get the Cisco VPN Client Working on Windows 10, but can you imagine rolling that out to a few hundred users? The bottom line is Remote Cisco IPSEC VPN is a dead technology, Cisco, (and Me!) want you to use AnyConnect. For a couple of users you can use the work arounds...

Read More
Cisco SFR Session – Cannot Exit To Command Line
Nov22

Cisco SFR Session – Cannot Exit To Command Line

KB ID 0001259 Dtd 22/11/16 Problem This tripped me up once before, and I didn't document it! Normally if you have a console session open with your FirePOWER Module, (that you opened with a 'session sfr' command), then you can just quit, and exit back to the firewall by typing 'exit', like so; ciscoasa# session sfr Opening command session with module sfr. Connected to module sfr. Escape character sequence is 'CTRL-^X'. Cisco ASA5512...

Read More