Cisco ASA – Configuring for NTP
KB ID 0000608 Problem With NTP, there will be two things you want to do, 1) Allow a device behind the ASA to take its time from a public NTP server, and 2) Set the ASA to take its system time from a public NTP sever (for accurate date stanps on the logs, and for time critical things like Kerberos authentication.) Solution Allow internal host(s) to get system time though the firewall. 1. Connect to the ASA, go to “enable...
Cisco AnyConnect – Untrusted VPN Server Blocked!
KB ID 0000651 Problem The newest versions of the AnyConnect client now show you the following; If you are seeing this you’re using the (default) self signed certificate, or you connected to an IP address rather than the FQDN. But unlike before, you can now ‘lower’ the security so it does not warn you every time. Solution 1. From the warning screen (shown above) select ‘Change Settings…’. 2. Untick...
Redirect AnyConnect Browser Connections From HTTP to HTTPS
KB ID 0000707 Problem AnyConnect, is great for users, but most of them are not used to typing full URL’s into their browsers. Modern browsers will prefix your URL with ‘http://’ for you. That’s brilliant most of the time, but AnyConnect and SSL VPN need to go to ‘https://’. Wouldn’t it be good if your users typed vpn.petenetlive.com into their browsers, and instead of the browser...
AnyConnect Error ‘The secure gateway has rejected the connection attempt, No assigned address’
KB ID 0000876 Problem I upgraded a clients ASA5510 firewall(s) yesterday. Post upgrade he got this error; The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication. The following message was received from the secure gateway: No assigned address. Solution Thankfully the error is pretty descriptive, the remote client can not get an...
Cannot Manage ASA via AnyConnect VPN
KB ID 0000925 Problem I haven’t needed to use my AnyConnect for a long time. But this week I needed to spin up some test servers. I connected fine, but I could not access the ASA via telnet, SSH or ASDM. Solution 1. Traditionally all you needed to do to manage an ASA from a remote VPN session, was to set the management-access to inside. User Access Verification Password: Type help or ‘?’ for a list of available...