AnyConnect 4 – Plus and Apex Licensing Explained
May11

AnyConnect 4 – Plus and Apex Licensing Explained

KB ID 0001013  Problem (Updated 11/05/21) Before version 4 we simply had AnyConnect Essentials and Premium licensing, now we have Plus and Apex licensing. AnyConnect Plus and Apex There are in fact three licensing options; Cisco AnyConnect Plus Subscription Licenses Cisco AnyConnect Plus Perpetual Licenses Cisco AnyConnect Apex Subscription Licenses NEW VPN Only perpetual Licences Plus and Apex Contain; AnyConnect PLUS (Cisco pitch...

Read More
AnyConnect Error: Unable To Verify IP Forwarding Table Modifications
Dec08

AnyConnect Error: Unable To Verify IP Forwarding Table Modifications

KB ID 0001646 Problem While attempting to connect to a clients AnyConnect, this happened; The VPN client was unable to successfully verify the IP forwarding table modifications. A VPN connection will not be established. Or on older clients, you may see; The VPN client was unable to modify the IP forwarding table. A VPN connection will not be established. Please restart your computer or device, then try again. Solution I was trying to...

Read More
AnyConnect: ‘Quick and Dirty’ Duo 2FA
Sep01

AnyConnect: ‘Quick and Dirty’ Duo 2FA

KB ID 0001701 Problem Normally if I were deploying Duo 2FA with AnyConnect I’d deploy a Cisco RADIUS VPN on my LAN, (usually on my Duo Authentication Proxy). See the following article; AnyConnect: Enable Duo 2Factor Authentication However, last time I set this up, a colleague said ‘Oh by the way, you don’t need to do that, you can just point the firewall directly at Duo’. I was initially skeptical but I tried...

Read More
AnyConnect: Unauthorized Connection Mechanism
Aug27

AnyConnect: Unauthorized Connection Mechanism

KB ID 0001699 Problem I was assisting a colleague to setup some AnyConnect for a client this afternoon, when all of a sudden I was met with this; VPN Logon denied, unauthorised connection mechanism, contact your administrator Solution This was a confusing one, I replicated the problem on my own test firewall. All I had done was change the AAA method from LOCAL to LDAP? It took me a while to figure out what was going on? The reason why...

Read More
AnyConnect: Allow ‘Local’ LAN Access
Jul22

AnyConnect: Allow ‘Local’ LAN Access

KB ID 0001689 Problem Note: This WONT WORK if you ‘force-tunnel’ or ‘tunnel-all’ remote VPN traffic, (if you are unsure Google ‘what’s my ip’ > Take note of it > Connect to AnyConnect and repeat the procedure, if your public IP address has changed to the IP address of the ASA then you force-tunnel/tunnel-all traffic). With more people remote working now, I’m getting a lot more...

Read More
Cisco FTD (and ASA) Creating AnyConnect Profiles
Jul07

Cisco FTD (and ASA) Creating AnyConnect Profiles

KB ID 0001685 Problem A few days ago I did an article on Deploying Cisco AnyConnect with the Cisco FTD, there I glossed over the AnyConnect profile section. For a long time now, we have been able to edit the AnyConnect profile from within the firewall (if we are running ASA code!) But for the FTD we need to take a step backwards and go back to using the ‘offline’ AnyConnect profile editor. Solution Firstly you need to...

Read More