Adding New Networks to Cisco AnyConnect VPNs
Sep17

Adding New Networks to Cisco AnyConnect VPNs

KB ID 0001593 Problem Note: To add new subnets to a traditional Site to Site VPN, see the following article instead; Cisco ASA – Adding New Networks to Existing VPNs I see this get asked in online forums A LOT. If you have an existing AnyConnect VPN setup, and then need to add another network how do you do it? Well that depends on where the new network is, and how it’s entering the firewall, these diagrams can be either way...

Read More
AnyConnect: Stop Prompting for Certificates
Jan18

AnyConnect: Stop Prompting for Certificates

KB ID 0001505 Problem If you secure your AnyConnect with certificates, you may see something like this; When you simply want it to connect without prompting. Solution This tripped me up last week, luckily I’d seen it before, and knew how to fix it. You need to edit the profile for your AnyConnect so that, you ‘UNTICK’ Disable Automatic Certificate Selection. I know that sounds like the opposite of what you want to...

Read More
AnyConnect ‘Management VPN Tunnel’ Configuration
Jan13

AnyConnect ‘Management VPN Tunnel’ Configuration

KB ID 0001503 Problem With the newest version of AnyConnect (4.7) there’s an added feature called ‘Management VPN’. It’s there, so that if you have remote users who don’t VPN in very often, then you may struggle to mange them, e.g. put software updates, AV updates, SCCM packages etc. down to them.  Before version 4.7  you could configure ‘Automatically Connect’, or ‘Start before...

Read More
Cisco ASA 5500 AnyConnect Setup From Command Line
Nov17

Cisco ASA 5500 AnyConnect Setup From Command Line

KB ID 0000943 Problem Also See Cisco ASA5500 AnyConnect SSL VPN This procedure was done on Cisco ASA version 8.4, so it uses all the newer NAT commands. I’m also going to use self signed certificates so you will see this error when you attempt to connect. Solution 1. The first job is to go get the AnyConnect client package, (download it from Cisco with a current support agreement). Then copy it into the firewall via TFTP. If you...

Read More
Cisco AnyConnect With Server 2016 NPAS (RADIUS) Different Groups
Oct11

Cisco AnyConnect With Server 2016 NPAS (RADIUS) Different Groups

KB ID 0001474 Problem A few years ago I replaced a firewall that was setup like this, and while it took me a while to work out what was going on, I remember thinking it was an elegant solution. Fast forward to today, and I’m now working with the guy who set it up! (Kudos to Paul White). So when I had a client with a similar requirement, I sat down fired up the lab, and documented it. What was used; Windows 10 Remote Client...

Read More
Cisco ASA: Updating and Copying files from USB
Dec05

Cisco ASA: Updating and Copying files from USB

KB ID 0001377 Problem Cisco ASA firewalls have had USB sockets on them for a while, but a dig into the documentation only yielded, ‘for use in future releases’. Well they are working now! Note: Firewall shown is a 5516-X (running version 9.8(1)) Solution Your drive needs to be formatted as FAT (not NTFS), I’m going to update/install some AnyConnect client software, but there’s nothing to stop you uploading a...

Read More