Cisco Remote (IPSEC) VPN Clients Timeout / Disconnect
KB ID 0000309 Problem By default, your remote VPN clients will timeout their connections after 300 seconds of inactivity, should you wish to increase that you can, on a user by user basis, however sometimes that does not work. To fix the problem you need to disable ISAKMP monitoring at the “Head End”. Solution Enable via Command Line (see below for ASDM instructions) 1. Connect to the the firewall (see here for...
ASA 5500 Adding a DMZ Step By Step
KB ID 0000316 Problem Assuming you have a working ASA 5500 and you want to add a DMZ to it, this is the process. Assumptions 1. Networks, a. Inside network is 10.1.0.0 255.255.0.0 b. Outside network is 123.123.123.120 255.255.255.248 c. DMZ network is 172.16.1.0 255.255.0.0 2. Interfaces, a. Inside Interface is 10.1.0.254 b. Outside Interface is 172.16.1.254 c. DMZ Interface is 172.16.1.254 3. The Web server in the DMZ will have the...
Blocking Google Talk (Cisco ASA)
KB ID 0000323 Problem You want to block access to Google Talk, but not disrupt other services like Google Search and Gmail. Solution Yes, you could write a REGEX and block it with an MPF, like I did here, to block Facebook. But Google Talk only runs on 4 servers and uses 4 ports. 1. Connect to the Cisco ASA, and go to configure terminal mode. PetesASA> PetesASA> en Password: ******** PetesASA# configure terminal...
Securing Cisco SSL VPN’s with Certificates
KB ID 0000335 Problem It’s been a while since I wrote a walk though on the Cisco AnyConnect/SSL VPN solution, and usually I secure these with Active Directory or simply using the local user database on the firewall. But what if you wanted to use certificates instead? Perhaps your users are too “technically challenged” to remember their passwords. Or you want to enable two factor authentication with...
Configure Cisco EasyVPN With Cisco ASA 5500
KB ID 0000337 Problem Site to site VPN’s are great for main office to branch office connections, but for remote workers in a SOHO environment obtaining a static IP address can be expensive and time consuming. Traditionally remote workers will use either AnyConnect or IPSEC Remote VPN’s. However Cisco have a system which lets you have a main site (or sites), with a static IP, that acts as the EasyVPN server, then remote...
Site to Site IPSEC VPN from SonicWALL to Cisco ASA
KB ID 0000357 Problem You want to put in a secure IPSEC VPN tunnel from a Cisco ASA Device to a Sonicwall Firewall. Note in this example we will use 3DES for encryption, SHA1 for Hashing, Diffie Hellman Group 2, PFS enabled, and we will use a shared secret (Pre Shared Key). SonicWALL used in this example is a PRO 3060. Solution The main two gotcha’s Update 12/03/11 Feedback from Wajma Omari: I would like to add that this...
Cisco ASA – Changing VPN IP Addresses
KB ID 0000391 Problem I had a client the other week with about 25 sites, his core site was changing ISP and therefore changing its IP address. On the main site this is pretty straightforward, just change the outside interfaces IP address, sub net mask and the default route (That’s the default gateway for non cisco-ites). All well and good, but what about his other 24 sites? They all had VPN’s back to the main site, and all...
Cisco ASDM – Accessing with Ubuntu
KB ID 0000396 Dtd 11/02/11 Problem Even though I prefer to use command line, there are times I need to manage Cisco firewalls from the ASDM. To do this from my Netbook running Ubuntu 10.10 it was not as straight forward as I was used to. Solution In my scenario I’m using Ubuntu 10.10 Desktop Edition, Chrome as my browser, and the ASDM is running version 6.3(1). 1. Before we start I’m assuming you know what the ASDM is and...
Upgrade Cisco PIX 515E to Version 8.0(4)
and ASDM version 6.1(5) KB ID 0000424 Problem I had to update a Cisco PIX 515E last week, Cisco 500 firewalls are a bit thin on the ground these days, and most of my corporate clients have replaced then with Cisco ASA 5500 firewalls. So as these units are now getting retired, or moved to the test bench, or sold on ebay. I thought I’d document probably the last one I did for posterity, and to help anyone else out. Note: Cisco...
SmoothWall site to site (IPSEC) VPN to Cisco ASA
KB ID 0000436 Problem You would like to put in a site to site VPN from a site that has a SmoothWall firewall to another site that has a Cisco ASA. Note: This procedure was carried out on a SmoothWall UTM 1000 Series appliance, and uses a pre-shared key to authenticate the VPN. Solution 1. For The Cisco end of the configuration, you can configure it from command line see here, or from the ASDM see here.. 2. Connect to the...