Get Free Cisco AnyConnect Licences For COVID-19 Homeworkers
Mar17

Get Free Cisco AnyConnect Licences For COVID-19 Homeworkers

KB ID 0001661 Problem Cisco released information on their blog a few days ago to say that they would be offering free Umbrella, Duo and AnyConnect Licences to customers in the wake of the the COVID-19 outbreak. Thats great news, but there’s no information on how to get the AnyConnect licences. It just says speak to your Cisco partner. As I am a Cisco partner I was confused, and it seems my colleagues were also. So I contacted...

Read More
AnyConnect: Enable Duo 2Factor Authentication
Feb04

AnyConnect: Enable Duo 2Factor Authentication

KB ID 0001650 Problem I was asked if I’d ever set this up the other week. Surprisingly I had not, I’d deployed Duo for other things, but not for Cisco AnyConnect. As I had some other ‘Duo’ related tasks coming up, I was deploying it on the test bench, then adding in my Cisco ASA and AnyConnect wasn’t much more work! Here’s my topology; My ASA is running version 9.1 My Duo Authentication Proxy is...

Read More
AnyConnect Error: Unable To Verify IP Forwarding Table Modifications
Jan30

AnyConnect Error: Unable To Verify IP Forwarding Table Modifications

KB ID 0001646 Problem While attempting to connect to a clients AnyConnect, this happened; The VPN client was unable to successfully verify the IP forwarding table modifications. A VPN connection will not be established. Or on older clients, you may see; The VPN client was unable to modify the IP forwarding table. A VPN connection will not be established. Please restart your computer or device, then try again. Solution I was trying to...

Read More
Get Ready for LDAPS Channel Binding
Jan28

Get Ready for LDAPS Channel Binding

KB ID 0001645 Problem I have written about Enabling LDAPS a long time ago, but it’s a subject that’s about to become important again, so I’ll revisit the subject. Microsoft are about to ‘enforce’ LDAPS authentication against their domain controllers, in the March 2020 round of updates. Now delayed until second half of 2020. What does that mean? Well lookups against LDAP will now need to be secure, (i.e....

Read More
Adding New Networks to Cisco AnyConnect VPNs
Sep17

Adding New Networks to Cisco AnyConnect VPNs

KB ID 0001593 Problem Note: To add new subnets to a traditional Site to Site VPN, see the following article instead; Cisco ASA – Adding New Networks to Existing VPNs I see this get asked in online forums A LOT. If you have an existing AnyConnect VPN setup, and then need to add another network how do you do it? Well that depends on where the new network is, and how it’s entering the firewall, these diagrams can be either way...

Read More
AnyConnect: Stop Prompting for Certificates
Jan18

AnyConnect: Stop Prompting for Certificates

KB ID 0001505 Problem If you secure your AnyConnect with certificates, you may see something like this; When you simply want it to connect without prompting. Solution This tripped me up last week, luckily I’d seen it before, and knew how to fix it. You need to edit the profile for your AnyConnect so that, you ‘UNTICK’ Disable Automatic Certificate Selection. I know that sounds like the opposite of what you want to...

Read More