Cisco WLC: EAP-TLS Secured Wireless with Certificate Services
KB ID 0001420 Problem Ah certificates! If I had a pound for every time I’ve heard “I don’t like certificates”, I could retire! The following run through is broken down into the following parts; Setup the Cisco WLC (WLAN) Setup NAP (RADIUS). Setup Certificate Auto Enrolment. Setup Group Policy to Deliver the Wireless Settings. Note: If you are scared of certificates, sometimes it’s easier to setup password...
Cisco ASA: Updating and Copying files from USB
KB ID 0001377 Problem Cisco ASA firewalls have had USB sockets on them for a while, but a dig into the documentation only yielded, ‘for use in future releases’. Well they are working now! Note: Firewall shown is a 5516-X (running version 9.8(1)) Solution Your drive needs to be formatted as FAT (not NTFS), I’m going to update/install some AnyConnect client software, but there’s nothing to stop you uploading a...
Cisco ASA EZVPN (Revisited)
KB ID 0001261 Problem EZVPN is a technology that lets you form an ISAKMP/IPSEC VPN tunnel from a site with a dynamically assigned IP (EZVPN Client,) back to a device with a static IP (EZVPN Server). I’ve called this EZVPN revisited, because this is a technology I’ve talked about before. So why am I here again? Well back then I used the ASDM. If you do that now, you need to go in and mess about with things to get it to work...
ASA5505 – ‘This Licence Does Not Allow Configuring Of More Than 2 Interfaces’
KB ID 0001367 Problem When attempting to bring up a ‘3rd VLAN’ on an ASA 5505 firewall you see an error like this; Petes-ASA# configure terminal Petes-ASA(config)# int vlan 3 Petes-ASA(config-if)# nameif DMZ ERROR: This license does not allow configuring more than 2 interfaces with nameif and without a “no forward” command on this interface or on 1 interface(s) with nameif already configured....
Cisco ASA 8.2 Upgrade to 8.3
KB ID 0001366 Problem I can’t believe I’m writing this, it’s been so long since 8.3 was released (7 Years!) And still there’s firewalls out there running old code? Why is the 8.3 upgrade important? This update made some very major changes to the way we did NAT, and also the way we wrote ACL’s. It was a big change. I remember keeping my client firewalls on 8.2 for a while until I fully understood the...
Meraki Block Page http://wired.meraki.com:8090 ‘Not Found’
KB ID 0001365 Problem If you have a Meraki Security device and have enabled ‘Content Filtering’, instead of a nice ‘block-page’ informing you why you are being blocked you may see this; http://wired.meraki.com:8090 This is happening because your Corporate DNS is resolving ‘wired.meraki.com’ to 54.241.7.184, which you can also see if you look at the URL you are trying to connect to it on port 8090. A...
Cisco FirePOWER (On-Box / ASDM) Change the Time Zone
KB ID 0001363 Problem At first this was just a bug, now it’s annoying, I don’t know why Cisco have not got round to fixing this, it’s still a problem in the latest (6.2.2 at time of writing,) version. Solution Configuration > ASA FirePOWER Configuration > Local > System Policy > Time > Synchronisation > Manually > Save Policy and Exit. Deploy > Deploy FirePOWER Changes > Deploy. To View...
Cisco ASA: Prioritise RDP Traffic
KB ID 0001359 Problem I have a client who had two sites, one didn’t have a particularly good internet connection, (which is the actual problem that needed to be solved). But in the interim, he wanted me to prioritise RDP traffic, as his staff were constantly complaining about the speed of their connections. Note: They may be a myriad of reasons why user experience is bad for an RDP session, this was quite simply a bandwidth...
AnyConnect Error – ‘Failed To Get Configuration From Secure Gateway’
KB ID 0001354 Problem Saw this while attempting to connect to my ASA this week. AnyConnect Secure Mobility Downloader Failed to get configuration from secure gateway. Contact your system administrator Solution Well luckily I’d just made a change so I could focus on the right area straight away. I’d been messing around with the profile xml file associated with my AnyConnect GroupPolicy. If you take a look at my profile...
Cisco AnyConnect – Running ‘Logon Scripts / OnConnection Scripts’
KB ID 0001353 Problem I’ve seen this asked a lot in forums, and it came up on EE again today. I’ve never had to set this up in the past, but I’ve posted the links to the correct Cisco articles when people have asked. After the question was asked again today, I thought I’d take the time to write a decent article on how to do it. Why would you want to do this? You might want to map/reconnect a mapped drive, or...