Cisco ASA ‘Ping Source?’
Jun13

Cisco ASA ‘Ping Source?’

KB ID 0001445 Problem To be honest, the title is a little misleading, on an ASA you can specify which interface to launch a ‘ping’ from, but that’s it. I found myself in a situation today where I was working on a client firewall and I was trying to bring up a VPN tunnel, and I did not have access to any of their machines, and nor did they, (hence the reason for the VPN tunnel!) Well we can’t use good old...

Read More
Cisco Stacking 2960-X Catalyst Switches
Jun05

Cisco Stacking 2960-X Catalyst Switches

KB ID 0001444 Problem You can stack up to 8 2960-X Switches*, you will require the stack modules and cables, (shown below).  *Note: If you are studying for an exam, and the question is StackWize the answer is 9. Solution Stack Modules: Power down the switch, remove the blanking plate and fit the module, then when powered on you can use a show inventory command to make sure the module has been detected correctly. Switch#show inventory...

Read More
Cisco ASA Site To Site VPN IKEv2 “Using CLI”
May06

Cisco ASA Site To Site VPN IKEv2 “Using CLI”

KB ID 0001429 Problem You want a secure IPSEC VPN between two sites using IKEv2. Note: If the device you are connecting to does not support IKEv2 (i.e. its not a Cisco ASA, or it’s running code older than 8.4) then you need to go to the older version of this article; Cisco ASA 5500 Site to Site VPN IKEv1 (From CLI) Solution Before you start – you need to ask yourself “Do I already have any IPSEC VPN’s...

Read More
Cisco ASA: Allow VPN Traffic “Through” A Cisco Firewall
May06

Cisco ASA: Allow VPN Traffic “Through” A Cisco Firewall

KB ID 0001428 Problem I got asked to put in a VPN for a client, this week, it went from a simple site to site, to a site to site with a Fortigate firewall at one end, to a VPN from and ASA to a Fortigate ‘through’ another ASA.  It’s been a few years since I had to tunnel  ‘through’ a firewall, and experience tells me, if you don’t have control of BOTH ends of a new VPN tunnel, anything that stops...

Read More
Cisco ASA: Group-Lock WARNING
Apr12

Cisco ASA: Group-Lock WARNING

KB ID 0001423 Problem You will see this error if you are pasting configuration into a Cisco firewall. This week I was manually converting an old 8.2 version firewalls configuration, to run on a modern (version 9) firewall, when I saw this; Petes-ASA(config)# username fred.bloggs attributes Petes-ASA(config-username)# group-lock value SOME-VALUE WARNING: tunnel-group SOME-VALUE does not exist Solution The reason you are seeing this...

Read More
Cisco ASA 5506-X: Bridged BVI Interface
Apr09

Cisco ASA 5506-X: Bridged BVI Interface

KB ID 0001422 Problem When the ASA 5506-X appeared there was much grumbling, “This is not a replacement for the ASA 5505, I need to buy a switch as well!”  and “I have six ports on the firewall I cant use” etc. While I understand that, and if truth be told the ASA 5505, was SUPPOSED to be used in SOHO environments where an all in one device, (with PoE) was a great fit. The problem was, people started throwing...

Read More