Cisco Firepower 1010 Licensing
KB ID 0001672 Problem So we have unboxed and setup our Firepower 1010 device, simply logging into the ASDM fires off warnings that it’s only running DES and I need to register the unit go get any decent level of encryption, (seriously why is 3DES still an ‘add on’ licence, who is still doing 56bit encryption!) So let’s get is registered and licenced. Solution The ‘Licence Envelope’ in the box is...
Cisco ASA: Mixing TCP and UDP in Object-Groups
KB ID 0001668 Problem I like object-groups, they can make your firewall configs a lot smaller/neater and if you need to add a host, network, range, or port, then you can simply add the new requirement to an existing group. But what if you want to allow both UDP and TCP ports, you can create a service group for TCP and add the ports and a service group for UDP and add the ports, and add them into your ACL where you would expect ports...
macOS: ASDM Developer Cannot Be Verified
KB ID 0001667 Problem When trying to connect to a Firepower 1010 ASDM I was met with this; “Cisco ASDM-IDM.app” cannot be opened because the developer cannot be verified. macOS cannot verify that this ap is free from malware Solution If you’ve spent much time using macOS then this is quite common, Open System Preferences > Security and Privacy > General tab > You will see a warning about the Cisco ASDM-IDM...
Firepower 1010 Review
KB ID 0001666 What Is It? I’ve been trying to get my hands on one of these for a while. So thanks to my employer for sending me one to take a look at. The Firepower 1010 appliance is aimed at Small Office / Home Office, and possibly Small Remote Branch offices. But like its predecessors it will probably get put in EVERYWHERE because it’s ‘cheap’, (Note: for cheap, read possibly under-specced* and the wrong...
Cisco ASA – Update Activation Key (From ASDM)
KB ID 0001662 Problem I recently did a post on adding extra licences to AnyConnect, (with the current surge of people working from home). I exclusively work at command line, so when I was asked how to do the same in the ASDM I had to go and check 🙂 Solution Connect to your firewalls ASDM console, then navigate to > Configuration > Device Management > Licensing > Activation Key > Enter you new Activation Key > Update...
Get Free Cisco AnyConnect Licences For COVID-19 Homeworkers
KB ID 0001661 Problem Cisco released information on their blog a few days ago to say that they would be offering free Umbrella, Duo and AnyConnect Licences to customers in the wake of the the COVID-19 outbreak. Thats great news, but there’s no information on how to get the AnyConnect licences. It just says speak to your Cisco partner. As I am a Cisco partner I was confused, and it seems my colleagues were also. So I contacted...
VMware Edge Gateway VPN to Cisco ASA
KB ID 0001658 Problem I was asked to setup a VPN to help out a colleague this week. When I had a look, one end turned out to be an Edge Gateway, I wasn’t that concerned, I’d done similar things in my prior role, I just didn’t have access to the vCloud or VMware at this datacenter. Depite my best efforts on the ASA, the tunnel refused to come up, it took a little looking ‘under the covers’ to accurately...
Get Ready for LDAPS Channel Binding
KB ID 0001645 Problem I have written about Enabling LDAPS a long time ago, but it’s a subject that’s about to become important again, so I’ll revisit the subject. Microsoft are about to ‘enforce’ LDAPS authentication against their domain controllers, in the March 2020 round of updates. Now delayed until second half of 2020. What does that mean? Well lookups against LDAP will now need to be secure, (i.e....
Cisco Firewall Port Forwarding
KB ID 0000077 Problem Note: This is for Cisco ASA 5500, 5500-x, and Cisco Firepower devices running ASA Code. Note2: If your firewall is running a version older than 8.3 you will need to scroll down the page. Port forwarding on Cisco firewalls can be a little difficult to get your head around, to better understand what is going on remember in the “World of Cisco” you need to remember two things….. 1. NAT Means...
Cisco ASA Site To Site VPN IKEv1 “Using CLI”
Do the same from ASDM KB ID 0000050 Problem Note: This is for Cisco ASA 5500, 5500-x, and Cisco Firepower devices running ASA Code. Note: This is quite an OLD POST, only use these instructions if you need to create a VPN tunnel that uses IKEv1, (i.e. The other end is not a Cisco ASA, or it’s a Cisco ASA running code older than 8.4). You can still use an IKEv1 tunnel of course, so this article is still valid, it’s just...