AnyConnect ‘Management VPN Tunnel’ Configuration
Jan13

AnyConnect ‘Management VPN Tunnel’ Configuration

KB ID 0001503 Problem With the newest version of AnyConnect (4.7) there’s an added feature called ‘Management VPN’. It’s there, so that if you have remote users who don’t VPN in very often, then you may struggle to mange them, e.g. put software updates, AV updates, SCCM packages etc. down to them.  Before version 4.7  you could configure ‘Automatically Connect’, or ‘Start before...

Read More
Cisco ASA: DHCP Relay Over VPN
Jan09

Cisco ASA: DHCP Relay Over VPN

KB ID 0001501 Problem A few weeks ago this was asked on one of the forums I post in. For a long time the ASA didn’t support DHCP relay then finally in version 9 it was added. The question was, can I provide DHCP relay but have the DHCP server on another site (connected via VPN).  Well I wasn’t sure, so I put it on the mental back burner, until I got my EVE-NG server rebuilt. Below I knocked up a simple two site setup, then...

Read More
Cisco ASA: Remove FTD and Return to ASA and ASDM
Dec18

Cisco ASA: Remove FTD and Return to ASA and ASDM

KB ID 0001496 Problem A few weeks ago I posted an article about re-image your Cisco ASA to FTD (FirePOWER Threat Defence). Now you may find the the FTD is not as ‘Feature rich’ as your old firewall, or that there’s a ‘Lack of feature parity’, which are two polite ways of saying that it’s crap, (sorry it’s just awful, as usual Cisco should’ve spent a LOT longer developing this product,...

Read More
Factory Reset a Cisco Firewall
Nov23

Factory Reset a Cisco Firewall

KB ID 0000007  Problem You want to wipe the firewall’s config and revert to the factory settings (passwords blank – management or inside set to 192.168.1.1 and DHCP enabled, with all other settings wiped). Solution 1. Connect to the ASA via the console Cable. CLICK HERE 2. log in and go to configure terminal mode. 3. Execute the following command “config factory-default” 4. Press the space bar a few times to execute the...

Read More
Deploy Cisco ASA 55xx in Active / Standby Failover
Nov17

Deploy Cisco ASA 55xx in Active / Standby Failover

KB ID 0000048  Problem You want to deploy 2 Cisco ASA 55xx Series firewalls in an Active/Standby failover configuration. Solution Assumptions. Hardware on both ASA firewalls is identical. The correct license’s for failover are installed on both firewalls. The same software versions are installed on both firewalls. You have your PRIMARY firewall set up and running correctly (Everything works!). In this example the firewalls were...

Read More
Convert ASA 5500-X To FirePOWER Threat Defence
Nov08

Convert ASA 5500-X To FirePOWER Threat Defence

KB ID 0001490 Problem I’m seeing more and more people asking questions in forums about FTD, so I thought it was about time I looked at it. Cisco ASA 5500-X firewalls can now be re-imaged to run the FTD software. The thinking is that the FTD will merge the Cisco ASA product and the FirePOWER product into one unified operating system. Then that is managed by FDM (FirePOWER Device Manager), basically a web management GUI. Solution...

Read More