AnyConnect: Stop Prompting for Certificates
Jan18

AnyConnect: Stop Prompting for Certificates

KB ID 0001505 Problem If you secure your AnyConnect with certificates, you may see something like this; When you simply want it to connect without prompting. Solution This tripped me up last week, luckily I’d seen it before, and knew how to fix it. You need to edit the profile for your AnyConnect so that, you ‘UNTICK’ Disable Automatic Certificate Selection. I know that sounds like the opposite of what you want to...

Read More
AnyConnect ‘Management VPN Tunnel’ Configuration
Jan13

AnyConnect ‘Management VPN Tunnel’ Configuration

KB ID 0001503 Problem With the newest version of AnyConnect (4.7) there’s an added feature called ‘Management VPN’. It’s there, so that if you have remote users who don’t VPN in very often, then you may struggle to mange them, e.g. put software updates, AV updates, SCCM packages etc. down to them.  Before version 4.7  you could configure ‘Automatically Connect’, or ‘Start before...

Read More
Cisco ASA: DHCP Relay Over VPN
Jan09

Cisco ASA: DHCP Relay Over VPN

KB ID 0001501 Problem A few weeks ago this was asked on one of the forums I post in. For a long time the ASA didn’t support DHCP relay then finally in version 9 it was added. The question was, can I provide DHCP relay but have the DHCP server on another site (connected via VPN).  Well I wasn’t sure, so I put it on the mental back burner, until I got my EVE-NG server rebuilt. Below I knocked up a simple two site setup, then...

Read More
Microsoft Azure To Cisco ASA Site to Site VPN
Jan01

Microsoft Azure To Cisco ASA Site to Site VPN

KB ID 000116 Problem The one reason I prefer Cisco over Microsoft is they rarely change things, you learn how to do something and it’s learned. This is the second time have had to write this article purely because the Azure UI has changed!   Virtual Network Gateway Options With VPN’s into Azure you connect to a Virtual Network Gateway, of which there are TWO types Policy Based, and Route Based. This article will deal with...

Read More
Cisco ASA – DNS Doctoring
Jan01

Cisco ASA – DNS Doctoring

KB ID 0001113 Problem Cisco DNS doctoring is a process that intercepts a DNS response packet as it comes back into the network, and changes the IP address in the response. Why Would you want to do this? Well lets say you have a web server on your network, and its public IP is 111.111.111.111, and on your LAN its internal IP address is 192.168.1.100, its public DNS name, (or URL) is www.yoursite.com. When a user types www.yoursite.com...

Read More
Cisco ASA: Remove FTD and Return to ASA and ASDM
Dec18

Cisco ASA: Remove FTD and Return to ASA and ASDM

KB ID 0001496 Problem A few weeks ago I posted an article about re-image your Cisco ASA to FTD (FirePOWER Threat Defence). Now you may find the the FTD is not as ‘Feature rich’ as your old firewall, or that there’s a ‘Lack of feature parity’, which are two polite ways of saying that it’s crap, (sorry it’s just awful, as usual Cisco should’ve spent a LOT longer developing this product,...

Read More