Cisco ASA VPN Static to Dynamic IP (DHCP)
Jul01

Cisco ASA VPN Static to Dynamic IP (DHCP)

KB ID 0001683 Problem I had a call with a client last week, they are in one of my employer’s DCs, and their servers are behind a vASA. They had purchased some Meraki MX devices for their IT team who were working remotely (during the Covid-19 lockdown), and were struggling. Normally we would just suggest AnyConnect, but these guys were building new machines for  their clients, and needed access directly to the domain from their...

Read More
Cisco Firepower 1010 (FTD) Initial Setup
Jun16

Cisco Firepower 1010 (FTD) Initial Setup

KB ID 0001678   If you’re here you’ve either purchased a new Cisco Firepower device running FTD (FirePower Threat Defence) or have re-imaged your Firepower device from ASA to FTD code. On its factory defaults, the unit will have the following settings. Inside IP address (VLAN 1) 192.168.1.1 (on all interfaces from 2 to 8). Outside IP Address set to DHCP in interface 1. Management IP address 192.168.45.1 on the Management...

Read More
AnyConnect – ‘VPN establishment capability for a remote user..
Apr24

AnyConnect – ‘VPN establishment capability for a remote user..

KB ID 0000546  Problem If you connect to to a client via RDP then try and run the AnyConnect client, you will see one of these errors; VPN establishment capability for a remote user is disabled. A VPN connection will not be established   VPN establishment capability from a Remote Desktop is disabled. A VPN connection will not be established This, behaviour is default, and despite me trawling the internet to find a solution (most...

Read More
Cisco Firepower 1010 Configuration
Apr23

Cisco Firepower 1010 Configuration

KB ID 0001673 Background This page will be used as a central repository and ‘index’ for configuration on the Cisco Firepower 1010 series firewall. I intend to add to it as I test the capabilities and work out any problems whilst trialing/deploying and operating this platform. Config Documents VPN Firepower 1000 series running ASA Code. General Cisco Firepower 1010 Licensing Reimage Cisco 1010 ASA to FTD VPN EZVPN Is not...

Read More
Cisco Firepower 1010 Licensing
Apr22

Cisco Firepower 1010 Licensing

KB ID 0001672 Problem So we have unboxed and setup our Firepower 1010 device, simply logging into the ASDM fires off warnings that it’s only running DES and I need to register the unit go get any decent level of encryption, (seriously why is 3DES still an ‘add on’ licence, who is still doing 56bit encryption!)  So let’s get is registered and licenced. Solution The ‘Licence Envelope’ in the box is...

Read More
Cisco ASA: Mixing TCP and UDP in Object-Groups
Apr15

Cisco ASA: Mixing TCP and UDP in Object-Groups

KB ID 0001668 Problem I like object-groups, they can make your firewall configs a lot smaller/neater and if you need to add a host, network, range, or port, then you can simply add the new requirement to an existing group. But what if you want to allow both UDP and TCP ports, you can create a service group for TCP and add the ports and a service group for UDP and add the ports, and add them into your ACL where you would expect ports...

Read More