Microsoft Azure To Cisco ISR Router Site to Site VPN
KB ID 0001220 Problem Last week I was having problems getting a VPN up from a client’s Cisco ASA into Azure. This was because the Azure estate was using ‘route-based’ or a ‘dynamic routing VPN’. See the following article; Azure to Cisco VPN – ‘Failed to allocate PSH from platform’ So the firewall was a non-starter, but Cisco ISR routers are supported, and they can handle virtual tunnel interfaces...
Azure to Cisco VPN – ‘Failed to allocate PSH from platform’
KB ID 0001219 Problem It’s been a week for strange VPN shenanigans with Cisco and Azure. I was liaising with an Azure service provider for a customer this week, and trying to get a VPN up from a Cisco ASA in one of our data centres in the UK. This is what we were seeing; And I could see the same error in the debugs; Decrypted packet:Data: 616 bytes IKEv2-PROTO-1: Failed to allocate PSH from platform IKEv2-PROTO-1: IKEv2-PROTO-5:...
Cisco ASA IKEv2 – ‘Failed To Allocate Memory’
KB ID 0001218 Problem This week I was trying to get a VPN tunnel up for a client. They wanted a tunnel from their Cisco ASA into Microsoft Azure. Normally I’d use IKEv1 (because I know how to troubleshoot it!) But the guys running the site in Azure were using policy routing, which needs IKEv2. So I converted from IKEv2 to IKEv2. As I said I’m used to debugging IKEv1, but not IKEv2, so I was struggling to make sense of...
Group Policy To Throttle Network Speed via QoS
KB ID 0001217 Problem Why would you want to do this? Well what if you want to test slow link group policy processing, or you are testing BranchCache? Using Group policy you can ‘throttle’ traffic to and from a particular IP address. Below I will pick a domain client on 192.168.110.120, and throttle all traffic between that client, and the domain controller to be 100kbps. Solution As I sad above I’m throttling...
PowerShell – Updating Users Email Addresses In Active Directory
KB ID 0001216 Problem Note: I’m referring to the Email address value that is listed on the user object in Active Directory, this will not effect any Exchange Settings! A colleague asked me today if I had any PowerShell to update ALL the users in a clients AD, to match their UPN to their Email addresses. A quick internet search turned up loads of handy scripts to update the UPN to mach the email address, but not the way round he...