Cisco ASA – Packet Tracer Fails VPN:Encrypt:Drop
May31

Cisco ASA – Packet Tracer Fails VPN:Encrypt:Drop

KB ID 0001198 Problem Sometimes when troubleshooting VPN traffic, you may choose to use the ‘packet-tracer’ command to simulate interesting traffic. I did this today and got; Phase: {number} Type: VPN Subtype: encrypt Result: DROP Config: Additional Information: Result: Drop-reason: (acl-drop) Flow is denied by configured rule I replicated the error on the test bench. Solution Below is the full packet trace;...

Read More
MAC OSX – Connecting to Cisco IPSEC VPN
May31

MAC OSX – Connecting to Cisco IPSEC VPN

KB ID 0001197  Problem Here we are dealing with the older IPSEC VPN method of remote VPNs, NOT AnyConnect. There is/was a VPN client for Mac OSX which you can still download. But modern versions of OSX have the Cisco IPSec VPN client built into them.  I’m assuming you have already configured the firewall, if not see the article below; Cisco ASA5500 Client IPSEC VPN Access Solution Open your network preferences and add in a new...

Read More
Cisco ASA – Converting IKEv1 VPN Tunnels to IKEv2
May29

Cisco ASA – Converting IKEv1 VPN Tunnels to IKEv2

KB ID 0001196  Problem We’ve had IKEv2 support on Cisco ASA for a while, (since  version 8.4). I tend to setup site to site VPN tunnels at command line, and on the rare occasions I’m using the ASDM I normally just ignore the IKEv2 settings. Like all techies I know a way that works, so I will keep doing it that way. What’s the difference between IKEv1 and IKEv2? IKE version 2 is a lot more efficient and has a smaller...

Read More
VMware Upgrading the vSphere Virtual Center Appliance
May25

VMware Upgrading the vSphere Virtual Center Appliance

KB ID 0001193  Problem I had a vCenter 6.0.0.1 appliance on my test network and wanted to update it to version 6.0.0.2. But I didn’t want to reinstall the whole thing from scratch. Solution Let’s assume it’s going to go wrong! Take a snapshot off the appliance first. Go to the patch update site and get the latest patch for your version of vCenter. Upload the ISO file into your vSphere storage, and present it to your...

Read More
Citrix NetScaler – SSL Offloading
May22

Citrix NetScaler – SSL Offloading

KB ID 0001192  Problem What is SSL Offloading? If you run https services (Note: I say services, this does not have to be a website), the actual security is handled by SSL/TLS, one of the things this does is encrypt the traffic between the client and server. (This is why your online banking and shopping is done over https and not http.) Thats great, but encrypting and decrypting all that traffic takes a lot of processing cycles, if you...

Read More