AnyConnect Group Authentication With Cisco ISE and Downloadable ACLs (Part 1)
KB ID 0001155 Problem To be honest it’s probably a LOT easier to do this with Dynamic Access Policies, but hey, if you have ISE then why not use it for RADIUS, and let it deploy downloadable ACL’s to your remote clients and give them different levels of access, based on their group membership. I’m going to keep things simple, I will have a group for admins that can access anything, and a group for users that can only...
NTP Stratum 1 and Stratum 2 UK Time Servers
KB ID 0001154 Problem There are a LOT of NTP servers lists published. I’ve sat and checked all the servers below, and their DNS resolution, and they are correct as at the date above. Solution Stratum 1 Hostname IP Address Resolvable By Location chronos.csr.net 194.35.252.7 DNS Cambridge Stratum 2 Hostname IP Address Resolvable By Location 0.uk.pool.ntp.org 109.74.206.120 176.58.109.199 94.125.129.7 5.77.45.219 DNS Various...
Applying and Assigning vSphere / ESXi6 Licences
KB ID 0001153 Problem I’ve used the old VI client since version 3, so getting to grips with the vShpere web client has been fun. (I know it’s been out for ages, but I don’t like it sorry!) After rebuilding my test server to ESX 6 and deploying a new vCenter appliance, I was getting the usual nag messages about licensing etc. So I went to install the licences, that’s pretty easy, you can do that from the home...
Cisco ASA – AnyConnect Authentication via LDAP and Domain User Groups
KB ID 0001152 Problem When I first started doing Cisco remote VPNs, we had Server 2000/2003 and I used to use RADIUS with IAS. Then Microsoft brought out 2008/2012 and RADIUS via NAP. Because I fear and loath change I swapped to using Kerberos VPN Authentication for a while. I had to put in an ASA5512-X this weekend and the client wanted to allow AnyConnect to a particular Domain Security Group “VPN-Users”, so I thought I...
Using OSPF over DMVPN
KB ID 0001151 Dtd 03/02/16 Problem This article is a supplement to the earlier one on Setting Up DMVPN. It covers how to use OSPF over the top of DMVPN. This is the topology I’m going to use; As I’ve said (above) this is not a run though on setting up DMVPN, but if you want to spin it up in GNS3, or on the test bench, here’s the DMVPN config; Hub Site configure terminal interface Tunnel10 ip address 192.168.254.1...