VPN Problem Cisco PIX v6 to Cisco ASA 5500
KB ID 0000761 Problem I found this out purely by accident today, while replacing an old PIX 506E that had died with an ASA 5505. The client’s other site still had a PIX 506E (Running 6.3(5)). I was setting up the VPN, and noticed something that WOULD have been a problem if I had not spotted it. Solution Essentially the older PIX firewalls are set for 3DES encryption, MD5 Hashing and Diffie Hellman 2. After version 8.4 the ASA...
Upgrading a PIX 506E to Version 7
KB ID 0000764 Problem As far as Cisco is concerned you can’t upgrade a PIX 506E past version 6.3(5) PIX 506E and 501 Firewall Image and PDM Upgrade However if you have a spare one lying around and you want to have a play, you CAN get it to version 7.1(2). Note: It is possible to run the 8.0(2) version of the PIX OS on a 506E, Howerver you need to decompress the image and make some changes to it before it will work (usung...
Using the Microsoft VPN client through Cisco ASA/PIX
KB ID 0000009 Problem You cannot open a Microsoft client VPN tunnel with a cisco PIX or ASA in front of you on the network. Solution You need the following open (outbound) TCP port 1723 (thats pptp) Protocol 47 (GRE) – note thats a PROTOCOL and NOT a PORT Allow PPTP Client through the ASA via Command Line 1. Connect to the ASA then add PPTP inspection to the default inspection map. PetesASA> PetesASA> en Password: ********...
Cisco ASA 5500 – Error ‘DHCP: Interface ‘inside’ is currently configured as SERVER and cannot be changed to a CLIENT by a CLIENT feature’
KB ID 0000836 Problem I put in an ASA 5505 this week, and while I was setting it up I was getting plagued with these popping up in the command window all the time; DHCP: Interface ‘inside’ is currently configured as SERVER and cannot be changed to a CLIENT by a CLIENT feature DHCP Client: can’t enable DHCP Client when DHCP Server/Relay is running on the interface. Seen here on ASA Version 9.1(1) Solution There not a...
Build a PIX Firewall for your test network
Working with GNS3 and PEMU – (Part 1) KB ID 0000061 Problem Cisco Firewall’s are expensive, I know I own some, and my firm sells them, getting hardware to run on your test bench is difficult enough, but getting high end Cisco equipment is an expensive proposition for your average “Techy”. These days most people run their test networks in virtual environment. I run Hyper-V at at home for Testing and I have my...
Enable DNS Lookup on the Cisco PIXASA
KB ID 0000029 Problem You need the ASA to be able to resolve external hostname’s. Note: You need at least version 8.2(2) before you can use a DNS name in an access-list. Solution Note: In this example I’m using 122.122.122.199 and 122.122.122.198 (yes, they cannot exist!) as the external DNS addresses, substitute your own.</p? 1. Whilst in enable mode > enter configure terminal mode, then enable DNS Lookups....
Backup and Restore a Cisco Firewall.
KB ID 0000076 Problem There are many different versions of PIX and ASA Firewalls. So, if you want to get a backup of the configuration and save it elsewhere, (so in the event of a failure, (or more likely someone tinkering and breaking the firewall)). you will be able to recall and restore that configuration. By far the easiest method is to use a TFTP server – and it works on ALL versions, so learn it once and use it many...
Manage your Cisco Firewall from your Windows Mobile Device
KB ID 0000158 Problem You have a new windows mobile device and your bored! – well not really, I hope I never have to do this in anger but, It was an exercise in proving it can be done 🙂 Solution Before you start you need to ensure the following has been done, 1. The firewall in question needs an RSA Key generating on it, (on the firewall issue the following command “crypto key generate rsa” {without the quotes}. 2....
Cisco – Windows x64 Bit VPN Client (IPSEC)
Note: This page was originally written before the release of the Cisco x64 bit Windows 7 Client KB ID 0000163 Problem I was widely accepted for some time that Cisco’s support for the IPSEC VPN client will not be extended to x64 bit Windows platforms, That’s simply because they are gearing up towards their own AnyConnect VPN client. Update 18/02/10 – Cisco have released an x64 Bit VPN Client for Windows 7...
RDP to Multiple Servers with a Cisco PIX/ASA Firewall
KB ID 0000167 Problem WARNING: Allowing RDP traffic from ‘any’ IP this is a monumentally bad idea, ONLY allow RDP traffic from trusted hosts/networks, or better still, limit RDP to clients/locations the have their traffic protected by VPN. You want to connect via “Remote Desktop” to multiple servers behind your firewall. To do this you have three options. Note: This is an old article that refers to ‘pre...