Cannot Connect to TCP Port 2000 (Even over VPN)
KB ID 0000027 Problem Note: When going through a Cisco Firewall. Even with all ports open you cannot connect to an application or website that uses TCP Port 2000, TCP Port 2000 allthough above the “well Known” range (i.e. above 1024) is used for SCCP (skinny client control protocol) which is a Cisco voice / phone protocol. If you push web traffic through this port – the firewall gets upset. Solution Option 1 (Via Command...
BT Business Hub 3 – And Cisco ASA 5500
KB ID 0000762 Problem Warning: If your ASA is running version 8.3(4) or above you are going to have problems assigning public IP addresses from your allocated BT Range (jump to the bottom of the article for a resolution). You have a pool of public IP addresses and you wish to allocate one of these IP addresses to your Cisco ASA Firewall. Note: This is for customers using BOTH ADSL and BT Infinity Solution For this procedure I was...
AnyConnect Error: ‘The AnyConnect package on the secure gateway could not be located’
KB ID 0000406 Problem While attempting to connect to a Cisco firewall with a Linux client (In my case Ubuntu 10.10,) using AnyConnect you see the following error. Or on MAC OSX Error: Cisco AnyConnect VPN Client The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again. Note: You may also see this error on a Mac OSX, or a Windows CE machine....
Why Securing Your VPN Solution With Computer Certificates ‘Only’ Is A BAD Idea
KB ID 0001055 Problem After a large AnyConnect 4 roll-out, I had the following conversation with a client; Client: Can we change the way the clients authenticate? Me: Yes, no problem what do you need? Client: Well instead of user based certificate authentication, we want to use computer certificates only. Me: Really why? Client: So when we roll out a lot of imaged new machines we don’t need to get the users to log onto them and...
Cisco – Automatic Re-enrollment Fails to MSCEP/NDES
KB ID 0000970 Problem I’ve covered setting up NDES at length in the past, but what happens when your issued certificates expire? If you are using them for all your VPNs what then? Well thankfully you can get your devices to automatically re-enroll and before they expire, for example to renew the cert at 80% of its lifetime you would use the following; crypto pki trustpoint PNL-TRUSTPOINT enrollment url...
Windows Server 2008 R2 – Configure RADIUS for Cisco ASA 5500 Authentication
KB ID 0000688 Problem Last week I was configuring some 2008 R2 RADIUS authentication, for authenticating remote VPN clients to a Cisco ASA Firewall. I will say that Kerberos Authentication is a LOT easier to configure, so you might want to check that first. Solution Step 1 Configure the ASA for AAA RADIUS Authentication 1. Connect to your ASDM, > Configuration > Remote Access VPN. > AAA Local Users > AAA Server Groups. 2....