Blocking Google Talk (Cisco ASA)
KB ID 0000323 Problem You want to block access to Google Talk, but not disrupt other services like Google Search and Gmail. Solution Yes, you could write a REGEX and block it with an MPF, like I did here, to block Facebook. But Google Talk only runs on 4 servers and uses 4 ports. 1. Connect to the Cisco ASA, and go to configure terminal mode. PetesASA> PetesASA> en Password: ******** PetesASA# configure terminal...
Securing Cisco SSL VPN’s with Certificates
KB ID 0000335 Problem It’s been a while since I wrote a walk though on the Cisco AnyConnect/SSL VPN solution, and usually I secure these with Active Directory or simply using the local user database on the firewall. But what if you wanted to use certificates instead? Perhaps your users are too “technically challenged” to remember their passwords. Or you want to enable two factor authentication with...
Configure Cisco EasyVPN With Cisco ASA 5500
KB ID 0000337 Problem Site to site VPN’s are great for main office to branch office connections, but for remote workers in a SOHO environment obtaining a static IP address can be expensive and time consuming. Traditionally remote workers will use either AnyConnect or IPSEC Remote VPN’s. However Cisco have a system which lets you have a main site (or sites), with a static IP, that acts as the EasyVPN server, then remote...
Site to Site IPSEC VPN from SonicWALL to Cisco ASA
KB ID 0000357 Problem You want to put in a secure IPSEC VPN tunnel from a Cisco ASA Device to a Sonicwall Firewall. Note in this example we will use 3DES for encryption, SHA1 for Hashing, Diffie Hellman Group 2, PFS enabled, and we will use a shared secret (Pre Shared Key). SonicWALL used in this example is a PRO 3060. Solution The main two gotcha’s Update 12/03/11 Feedback from Wajma Omari: I would like to add that this...
Cisco ASA – Changing VPN IP Addresses
KB ID 0000391 Problem I had a client the other week with about 25 sites, his core site was changing ISP and therefore changing its IP address. On the main site this is pretty straightforward, just change the outside interfaces IP address, sub net mask and the default route (That’s the default gateway for non cisco-ites). All well and good, but what about his other 24 sites? They all had VPN’s back to the main site, and all...
Cisco ASDM – Accessing with Ubuntu
KB ID 0000396 Dtd 11/02/11 Problem Even though I prefer to use command line, there are times I need to manage Cisco firewalls from the ASDM. To do this from my Netbook running Ubuntu 10.10 it was not as straight forward as I was used to. Solution In my scenario I’m using Ubuntu 10.10 Desktop Edition, Chrome as my browser, and the ASDM is running version 6.3(1). 1. Before we start I’m assuming you know what the ASDM is and...
Upgrade Cisco PIX 515E to Version 8.0(4)
and ASDM version 6.1(5) KB ID 0000424 Problem I had to update a Cisco PIX 515E last week, Cisco 500 firewalls are a bit thin on the ground these days, and most of my corporate clients have replaced then with Cisco ASA 5500 firewalls. So as these units are now getting retired, or moved to the test bench, or sold on ebay. I thought I’d document probably the last one I did for posterity, and to help anyone else out. Note: Cisco...
SmoothWall site to site (IPSEC) VPN to Cisco ASA
KB ID 0000436 Problem You would like to put in a site to site VPN from a site that has a SmoothWall firewall to another site that has a Cisco ASA. Note: This procedure was carried out on a SmoothWall UTM 1000 Series appliance, and uses a pre-shared key to authenticate the VPN. Solution 1. For The Cisco end of the configuration, you can configure it from command line see here, or from the ASDM see here.. 2. Connect to the...
Cisco ASA – Java RDP Error – Connection Exception Wrong modulus size! Expected64 +8got:264
KB ID 0000452 Problem Seen while attempting to connect to to a Windows machine via the RDP plug in on a Cisco ASA firewall. Error: properJavaRDP error Connection Exception Wrong modulus size! Expected64 +8got:264 Solution 1. I’ve seen some posts indicating that this can be caused by the version of Java that’s installed, however in my case that was NOT the problem. 2. Connect to the ASDM of the ASA firewall >...
Cisco ASA 5500 – Adding Licenses
KB ID 0000531 Problem Each model in the Cisco ASA 5500 range comes with a range of licences and features, to add these features you can purchase them from a Cisco reseller. You will then need to apply the licence to the device. Solution 1. Your first step is to purchase the Licence you require from an authorised cisco reseller. 2. When your licence arrives you need to locate the PAK that is on the certificate. 3. You need the Serial...