Setup RANCID and ViewVC (Part One)
KB ID 0001331 Problem There are couple of good posts out there on setting up Rancid (Really Awesome New Cisco Config Differ). Some even show you how to set it up with ViewVC (Formally ViewVCS, basically a nice web based GUI front end, that does version control and highlights differences). It does this using a system called CVS (Concurrent Version System, hence the original name.) Then I had to do some more searching to get it to back...
FirePOWER Agent – Real-Time Status ‘Unavailable’
KB ID 0001323 D Problem I was deploying a Cisco FirePOWER user agent last week, but once setup, the agent reported that the Real-Time status for SOME of the domain controllers was permanently ‘Unavailable’. Now I know you have to be patient with these things so I went and had a coffee. Still it refused to ‘go green’. Solution I addition to all the other rights and firewall rules that you normally have to check....
Cisco FirePOWER Management Center Appliance – Allowing Domain Authentication
KB ID 0001117 Problem Once deployed, authentication is handled by the appliances own internal user database, in larger organisations this is a little impractical. So the ability to create an Active Directory Group, and delegate access to Firesight to members of that group is a little more versatile. Solution I’m making the assumption that the appliance does not already have external authentication setup at all, so I’ll...
Cisco ASA – Gernerate RSA Keypair From ASDM
KB ID 0001322 Problem I’ve lost count of the number of times this has happened to me! Most of my colleagues prefer to use the ASDM for remote management, but if (like me) you work at command line, then sometimes people <ahem> forget to generate the RSA keypair when deploying a firewall. Then even if SSH access and AAA is setup correctly, you still can’t get in via SSH. Instead you see the following; RoyalTS and...
Updating the AnyConnect client for Deployment from the Cisco ASA 5500
KB ID 0000704 Problem Your ASA will (by default) update your AnyConnect clients to the latest client software when they connect. However you need to supply the ASA with the updated packages first. Solution 1. Download the latest AnyConnect client package, from Cisco. The one you want will have a file extension of .pkg AnyConnect 4 AnyConnect 3 2. Connect to the ASDM > Configuration > Remote Access VPN > Network (Client)...
Cisco ASA: ‘ERROR: Multiple Peers can be specified only with originate-only connections’
KB ID 0001316 Problem This week I had a client who had a head office and three satellite sites. They had old firewalls (a 5510 and 5505’s), and my firm had installed FTTC circuits, into the sites for them. My job was to reconfigure the firewalls and the site to site VPN tunnels (each site had a tunnel to the other sites), then disconnect their old ADSL connections, change the firewalls public IP, then connect to the shiny new...