MAC OSX – Connecting to Cisco IPSEC VPN
KB ID 0001197 Problem Here we are dealing with the older IPSEC VPN method of remote VPNs, NOT AnyConnect. There is/was a VPN client for Mac OSX which you can still download. But modern versions of OSX have the Cisco IPSec VPN client built into them. I’m assuming you have already configured the firewall, if not see the article below; Cisco ASA5500 Client IPSEC VPN Access Solution Open your network preferences and add in a new...
Cisco ASA – Converting IKEv1 VPN Tunnels to IKEv2
KB ID 0001196 Problem We’ve had IKEv2 support on Cisco ASA for a while, (since version 8.4). I tend to setup site to site VPN tunnels at command line, and on the rare occasions I’m using the ASDM I normally just ignore the IKEv2 settings. Like all techies I know a way that works, so I will keep doing it that way. What’s the difference between IKEv1 and IKEv2? IKE version 2 is a lot more efficient and has a smaller...
Cisco – Cannot Connect to the ASA FirePOWER Module
KB ID 0001182 Problem There’s an alarming amount of people who have contacted me about this error; Cannot connect the the ASA FirePOWER module. Cannot connect the the ASA FirePOWER module.. Check that it is correctly configured and on the network. It’s also possible that the management address is being translated by NAT. Please verify the IP address/Hostname and port. Note: If you have just updated or re-imaged the SFR...
Microsoft – NDES Site Shows ‘HTTP Error 500.0 – Internal Server Error’
KB ID 0001181 Problem I was doing some testing for a client this week, a while ago I had deployed a three tier PKI solution for them, and as part of the rollout we deployed NDES for their network devices, (they were going to use certificates to secure site to site VPNs). The client was concerned, and wanted the auto renewal process testing. This could not be done on the live system. So myself and a colleague went to the test bench, I...
Cisco Add FirePOWER Module to FirePOWER Management Center
KB ID 0001178 Problem If you only have one FirePOWER service module you can now manage it from the ASDM; ASA 5505-X / 5508-X Setup FirePOWER Services (for ASDM) But if you have got more than one, and you can manage them centrally with the FirePOWER Management Center, (formally SourceFIRE Defence Center). WARNING: If you are going to use FMC DON’T register your licences in the ASDM, they all need to be registered in the FMC. ...
Cisco – Testing AAA Authentication (Cisco ASA and IOS)
KB ID 0001175 Problem I always forget the syntax for this, and I’ve been meaning to publish this for a while so here you go. If you have AAA setup and people can’t log in, then the ability to test authentication against a user’s username and password is a good troubleshooting step! Usually I’m on a Cisco ASA but I’ll tag on the syntax for IOS as well. Solution Cisco ASA Test AAA Authentication From...