Enabling Cisco DNS Lookup (ASA and IOS)
Cisco DNS Lookup KB ID 0000969 Problem For the most part, devices are more concerned with IP and MAC addresses, but the devices do have the ability to translate those IP addresses using DNS. Solution : Cisco DNS Lookup How to Enable Cisco DNS Lookup on ASA As ASA is ‘My Thing’ I will start with that. 1. Connect to the ASA, log in and go to enable mode, and then global configuration mode. Type help or ‘?’ for...
Cisco ASA Domain Authentication and Trust (Allowing)
ASA Domain Authentication KB ID 0000973 Problem I cringed this morning when I was asked about this, last time I had to get a client to authenticate to a domain through a firewall, it was ‘entertaining’. The problem is Windows loves to use RPC, which likes to use random ports, so to make it work you either had to open TCP ports 49152 and 65535 (Yes I’m Serious). Or you had to registry hack all your domain controllers...
Cisco ASA – Remote VPN Client Internet Access
VPN Client Internet Access KB ID 0000977 Problem I have answered a lot of questions in forums, that are worded something like, “When I have a remote client connected to my firewall VPN they lose Internet access!” Traditionally that’s exactly what the ‘default’ remote VPN Internet access (IPSEC or AnyConnect) gave you. To ensure your remote VPN clients can access the Internet you have two options. The...
Cisco ASA – VPN Reverse Route Injection With OSPF
Reverse Route Injection KB ID 0000982 Problem Reverse Route injection is the process that can be used on a Cisco ASA to take a route for an established VPN, and populate/inject that route into the routing table of other devices in it’s routing group. In the example below, on the main site, we have a Layer 3 switch that’s routing all the 192.168.x.x networks, and we have an established site to site VPN to a remote site. To...
Cisco ASA Remote Management via VPN
ASA Remote Management KB ID 0000984 Problem It’s been ages since I has to do this, I usually just manage firewalls via SSH from outside. But I was out on a client site last week and needed to connect to to my ASA, so I simply connected in via AnyConnect; Note: The same procedure is applicable if you are an IPSEC VPN client, L2TP VPN client, or simply coming in over a site to site VPN link. And attempted to SSH, no joy, I tried...
Error 1722 There is a problem with this Windows Installer package.
Error 1722 KB ID 0000985 Problem Error 1722 is a pretty ‘generic’ windows installer package error. When attempting to install the AnyConnect client software this happened; Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action VACon_Install, location: C:Program FilesCiscoCisco AnyConnect...
Cisco ASA: Keep VPN Always Up
VPN Always UP KB ID 0001839 Problem This was information that was passed to me by a colleague (Thanks Ajay) this week. If you have a site to site VPN tunnel after a period of inactivity the tunnel will be torn down. In most cases when required it will simply be re-established, but what if you wanted it to be permanently up? I have had situations where only the ASA side of a tunnel can bring it up (usually because of misconfiguration...
macOS – SSH Error ‘No Matching Exchange Method Found’
Mac SSH Error KB ID 0001245 Problem Certified working all the way up to macOS Ventura version 13.6 Certified working all the way up to macOS Sonoma version 14.1 Certified working all the way up to macOS Sequoia version 15.1 I thought my RoyalTSX had broken today, I upgraded it a couple of weeks ago, and I upgraded to macOS Catalina 10.15 the other day. After this, all my SSH sessions refused to connect with this error; Unable to...
ASDM on Windows 11?
ASDM on Windows 11 KB ID 0001806 Problem Can you install ASDM on Windows 11? yes, but as usual there’s some pre requisites. Someone asked this question on EE today, so I thought I’d check. ASDM on Windows 11 Solution ASDM requires Java, theres an open Java version, but to be honest, most people (and certainly most older firewalls) are using the Oracle JRE so make sure you have that installed before you do anything. Note:...
Windows: Cisco ASDM ‘This app can’t run on your PC’
‘This app can’t run on your PC’ KB ID 0001574 Problem Whys isn’t Java dead yet? 🙁 Anyway, I tried to connect to a clients ASDM today, and from my Windows 10 machine, I got the following error; Windows 11 Windows 10 This app can’t run on your PC To find a version for your PC, check with the software publisher. ‘This app can’t run on your PC’ Solution Make sure you have installed Java...