Cisco ASA – AnyConnect Authentication via LDAP and Domain User Groups
KB ID 0001152 Problem When I first started doing Cisco remote VPNs, we had Server 2000/2003 and I used to use RADIUS with IAS. Then Microsoft brought out 2008/2012 and RADIUS via NAP. Because I fear and loath change I swapped to using Kerberos VPN Authentication for a while. I had to put in an ASA5512-X this weekend and the client wanted to allow AnyConnect to a particular Domain Security Group “VPN-Users”, so I thought I...
Using OSPF over DMVPN
KB ID 0001151 Dtd 03/02/16 Problem This article is a supplement to the earlier one on Setting Up DMVPN. It covers how to use OSPF over the top of DMVPN. This is the topology I’m going to use; As I’ve said (above) this is not a run though on setting up DMVPN, but if you want to spin it up in GNS3, or on the test bench, here’s the DMVPN config; Hub Site configure terminal interface Tunnel10 ip address 192.168.254.1...
Cisco ASDM and Windows 10
KB ID 0001150 Problem Most of the time I’m on my mac for work, but sometimes when the ADSM fails, I switch to a windows VM (in VMware Fusion). I recently upgraded to Windows 10, and for the most part that’s been a painless process. I did notice though, that when I try to run the ADSM, it will let me install the software, then sit there doing nothing? Note: Also see, ASDM on Windows 10: ‘Cannot find Javaw.exe?’...
Route Summarisation with EIGRP
KB ID 0001149 Problem I’ve already written a post that lets you calculate a route summarisation. So now you have a method of advertising your routes more efficiently, what do you do with it? Well I’m at the EIGRP point in my studies so here’s how to implement it with EIGRP. To demonstrate I’ve built the above network on GNS3, there is a loopback interface on the routers for each of those networks. Solution...
Network Summarisation – Exam Technique and Examples
KB ID 0001138 Problem Note: Yes I’m spelling Summarisation with an ’S’ I’m English. Most examples I’ve seen on this give you a bunch of subnets then ask you to come up with a summary route for all of them, (that’s kind of the point of route summarisation, I’ll grant you). However in an exam with a laminated board and the dodgy permanent pen they give you to make notes with, are you seriously expected to...
Cisco ASA – Reverse Route Injection with EIGRP
KB ID 0001137 Problem I’ve followed your Reverse Route Injection article and its not working? This email dropped in my mailbox a while back As it turns out the article I had written was for OSPF, and this chap was using EIGRP. So I ran it up with EIGRP as well to test. Heres my topology, I want to inject the route for the remote site, into my internal EIGRP routing table. Solution Assuming EIGRP is already setup between the ASA...