Cisco Firepower 1010 Configuration
KB ID 0001673 Background This page will be used as a central repository and ‘index’ for configuration on the Cisco Firepower 1010 series firewall. I intend to add to it as I test the capabilities and work out any problems whilst trialing/deploying and operating this platform. Config Documents VPN Firepower 1000 series running ASA Code. General Cisco Firepower 1010 Licensing Reimage Cisco 1010 ASA to FTD VPN EZVPN Is not...
Cisco ASA – Update Activation Key (From ASDM)
KB ID 0001662 Problem I recently did a post on adding extra licences to AnyConnect, (with the current surge of people working from home). I exclusively work at command line, so when I was asked how to do the same in the ASDM I had to go and check 🙂 Solution Connect to your firewalls ASDM console, then navigate to > Configuration > Device Management > Licensing > Activation Key > Enter you new Activation Key > Update...
Get Free Cisco AnyConnect Licences For COVID-19 Homeworkers
KB ID 0001661 Problem Cisco released information on their blog a few days ago to say that they would be offering free Umbrella, Duo and AnyConnect Licences to customers in the wake of the the COVID-19 outbreak. Thats great news, but there’s no information on how to get the AnyConnect licences. It just says speak to your Cisco partner. As I am a Cisco partner I was confused, and it seems my colleagues were also. So I contacted...
AnyConnect: Enable Duo 2Factor Authentication
KB ID 0001650 Problem I was asked if I’d ever set this up the other week. Surprisingly I had not, I’d deployed Duo for other things, but not for Cisco AnyConnect. As I had some other ‘Duo’ related tasks coming up, I was deploying it on the test bench, then adding in my Cisco ASA and AnyConnect wasn’t much more work! Here’s my topology; My ASA is running version 9.1 My Duo Authentication Proxy is...
Get Ready for LDAPS Channel Binding
KB ID 0001645 Problem I have written about Enabling LDAPS a long time ago, but it’s a subject that’s about to become important again, so I’ll revisit the subject. Microsoft are about to ‘enforce’ LDAPS authentication against their domain controllers, in the March 2020 round of updates. Now delayed until second half of 2020. What does that mean? Well lookups against LDAP will now need to be secure, (i.e....
Cisco ASA AnyConnect VPN ‘Using ASDM’
KB ID 0000069 Problem Note: This is for Cisco ASA 5500, 5500-x, and Cisco Firepower devices running ASA Code. Below is a walk through for setting up a client to gateway VPN Tunnel using a Cisco Firepower ASA appliance. This was done via the ASDM console. The video was shot with ASA version 9.13(1) and ASDM 7.13(1). Suggestion: If you are setting this up for the first time, I would suggest setting it up to use the ASA’s LOCAL...
Cisco ASA AnyConnect VPN ‘Using CLI’
KB ID 0000943 Problem Note: This is for Cisco ASA 5500, 5500-x, and Cisco FTD running ASA Code. Also See Cisco ASA AnyConnect VPN ‘Using ASDM’ This procedure was done on Cisco ASA (post) version 8.4, so it uses all the newer NAT commands. I’m also going to use self signed certificates so you will see this error when you attempt to connect. Solution 1. The first job is to go get the AnyConnect client package(s),...
Adding New Networks to Cisco AnyConnect VPNs
KB ID 0001593 Problem Note: To add new subnets to a traditional Site to Site VPN, see the following article instead; Cisco ASA – Adding New Networks to Existing VPNs I see this get asked in online forums A LOT. If you have an existing AnyConnect VPN setup, and then need to add another network how do you do it? Well that depends on where the new network is, and how it’s entering the firewall, these diagrams can be either way...
AnyConnect: Stop Prompting for Certificates
KB ID 0001505 Problem If you secure your AnyConnect with certificates, you may see something like this; When you simply want it to connect without prompting. Solution This tripped me up last week, luckily I’d seen it before, and knew how to fix it. You need to edit the profile for your AnyConnect so that, you ‘UNTICK’ Disable Automatic Certificate Selection. I know that sounds like the opposite of what you want to...
AnyConnect ‘Management VPN Tunnel’ Configuration
KB ID 0001503 Problem With the newest version of AnyConnect (4.7) there’s an added feature called ‘Management VPN’. It’s there, so that if you have remote users who don’t VPN in very often, then you may struggle to mange them, e.g. put software updates, AV updates, SCCM packages etc. down to them. Before version 4.7 you could configure ‘Automatically Connect’, or ‘Start before...