Windows Server 2008 R2 – Configure RADIUS for Cisco ASA 5500 Authentication
KB ID 0000688 Problem Last week I was configuring some 2008 R2 RADIUS authentication, for authenticating remote VPN clients to a Cisco ASA Firewall. I will say that Kerberos Authentication is a LOT easier to configure, so you might want to check that first. Solution Step 1 Configure the ASA for AAA RADIUS Authentication 1. Connect to your ASDM, > Configuration > Remote Access VPN. > AAA Local Users > AAA Server Groups. 2....
Cisco ASA Disable ESMTP Inspection
Telnet to Exchange on Port 25 shows a row of Asterisks? KB ID 0000536 Problem Yesterday my colleague Ben called me over to the help-desk and asked “Have you ever seen this before?” This was what was on his screen. 220 *************************************************** Solution Usually when you Telnet to an Exchange server it gives you a 220 message followed by the “Banner” of the Exchange server, a little...
JunOS – Using TACACS+ With Cisco ACS
KB ID 0001040 Problem I’ve been configuring a client’s Juniper SRX chassis cluster, for a while now. Their ACS was deployed last week so my task was to configure it to use the TACACS+ from the Cisco ACS server. The client’s setup required them to use their fxp0 management interfaces to perform the authentication. After it was configured and working, (due in no small part, to the ACS skills of Mr SteveH). I decided...
HP and Cisco – VLANs and Trunks Confusion!
KB ID 0000741 Problem When I first started in IT, I went and did my Cisco CCNA. So I learned that to connect Cisco switches and pass VLAN traffic between them, I needed to create a ‘Trunk’ to pass the VLAN traffic. Fast forward a few years, and I now work for an HP reseller. Very early on I came to realise that what HP called a ‘trunk’ was very different from what I had been taught. Below is an article I did a...
GNS3 ASA Error – ‘ASDM did not recognize device model ASA5520’
KB ID 0001028 Problem Apart from the fact that’s an appalling spelling of recognise, I got bitten by this last weekend. I don’t use the ADSM as a rule so it would not normally be a problem, the only thing I do use the ASDM for is certificates, (it’s just easier). Solution Last time I saw an error like this I had to use a fiddler script to embed the firewall model in the https traffic, however now there’s a...
Install and use ASDM in a Virtual Cisco ASA
KB ID 0000052 Problem You have already created a Virtual ASA, now you want to web manage it. Solution Notes: Software Download Links Fiddler Fiddler Script Related Articles, References, Credits, or External Links NA
Deploy Dual Virtual ASA Firewalls In Active/Standby Failover
KB ID 0000053 Problem Now you have created your Virtual ASA platform you want to deploy 2 of them in failover configuration. Solution Notes: Software To Download Qemu with ASA Dynamips WinPcap Sample Batch File @echo off ECHO Telnet to 127.0.0.1 on port 1234 to access ASA Console ECHO ——————————————————- ECHO * * * * * * *DO NOT...
Building a Virtual Cisco ASA
KB ID 0000051 Problem You would like to create a virtual Cisco ASA platform in a virtualized environment for training and or testing. Solution Notes: Software To Download Qemu with ASA Dynamips WinPcap Sample Batch File @echo off ECHO Telnet to 127.0.0.1 on port 1234 to access ASA Console ECHO ——————————————————- ECHO * * * * *...
Cisco Catalyst Password Recovery / Reset
KB ID 0000496 Problem The title is a bit of a misnomer, we are not going to recover the password, we are simply going to change the password to one we know. Solution Note: This procedure works on models, 2900, 2940, 2950, 2955, 3500XL, and 3550. Before you start connect the the device with a console cable and terminal emulation software, the procedure is the same as the one I’ve outlined here. 1. Power the switch off >press...
Cisco Catalyst Switches – Set a Management IP and Allow Telnet and Web Management
KB ID 0000614 Problem If you want to manage your Cisco Catalyst switch it’s not always practical to plug a console cable in to change its settings or monitor what it is doing. Putting an IP address on it and enabling remote management via Telnet or from your web browser is a better alternative, particularly if you have a lot of switches. Solution Enable Telnet Management on Cisco Catalyst Switch 1. Connect to the Switch using a...