AnyConnect – ‘Service Provider is Restricting Access’
KB ID 0000950 Problem I only tend to use AnyConnect for VPN. So while I was at a clients site the other week, I wanted to jump onto my test servers at home and was greeted by this; “The service provider in your current location is restricting access to the Internet. You need to log on with the service provider before you can establish a VPN session. You can try this by visiting any website with your browser.” Solution I...
Cisco AnyConnect – Securing with Microsoft Certificate Services
Part 2 (How to Configure AnyConnect) KB ID 0001031 Problem Back in Part 1 We configured the Microsoft Certificate Services to meet our certificate needs. Now we configure the firewall for AnyConnect. Solution 1. Log onto the ASA > Go to global configuration Mode. login as: petelong petelong@192.168.100.1’s password:********** Type help or ‘?’ for a list of available commands. Petes-ASA> enable Password: *******...
Cisco AnyConnect – Securing with Microsoft Certificate Services
Part 1 (How to Configure Microsoft Certificate Services for AnyConnect) KB ID 0001030 Problem I’ve done a lot of AnyConnect deployments, and I’ve even done them with certificates in the past. I’ve seen plenty of articles and blogs that say ‘It would be better to use a PKI deployment like Microsoft Certificate Services’, but there’s very little info out there on how to set it up. I have a client...
AnyConnect – Using a Windows DHCP Server to Lease IP Addresses to the Remote Clients
KB ID 0001050 Problem I did an AnyConnect design for a client recently, and they asked ‘Instead of using the firewall to lease the DHCP addresses to our remote clients, can we use our Windows DHCP Server?” In the past I’ve used Windows DHCP servers for IPSEC VPN clients, but more recently I’ve tended to just use the firewall. The client had some valid reasons for wanting to do so, and given the complexity of...
AnyConnect Client Fails To Get IP From Windows DHCP Server
KB ID 0001053 Problem A few days ago I did an article on AnyConnect and Windows DHCP. I ran it up on the test bench for a client, and everything worked fine. Doing the install my test ‘remote’ client failed to get an IP address. As you can see the DHCP Server (Windows Server 2012 R2) is on a different network segment to the inside of the ASA. Solution 1. First this to do was debug the connection, ‘debug webvpn...
ASA 5500 AnyConnect – Change Preferred Encryption Cipher Order
KB ID 0001058 Problem A few days ago I wrote about disabling SSL v3.0 to force your clients to connect with the more secure TLS v1.0. But what if your AnyConnect clients chose to connect with a weaker encryption cipher? The ciphers your firewall offer (by default) will vary depending on what OS your ASA is running. Solution 1. To see what your cipher you are connected with look on the statistics tab, below we are connecting with the...
iPhone – Taking Screenshots / Screendumps
KB ID 0000361 Problem All iPhones (above version 2 on 3G, 3GS and iPhone4) have the ability to take screenshots without having to download an app! Solution 1. Assuming you have the screen open you would like to capture, press the “Home” button, and while still having it pressed briefly press the “Sleep/Lock” button 2. The screen should “flash white” briefly and providing you are not on silent, you...
iPhone and iPad – Configure the Cisco VPN Client
KB ID 0000360 Problem You have already configured a Cisco ASA / PIX device to provide Client VPN connectivity, and you now wish to configure the iPhone/iPad Device. Solution Note: The screen shots are taken from an iPhone running (4.2.1) the process for iPad is the same. 1. Select Settings. 2. Select General. 3. Select Network. 4. Scroll to the bottom of the page and select VPN. 5. Add VPN Configuration. 6. Select IPSec. 7....
Cisco AnyConnect Error (iPhone)
KB ID 0000362 Problem While using the Apple/Cisco Anyconnect App/Client you receive the following error. Error: The secure gateway has rejected the agent’s VPN request. A New connection requires re-authentication and must be started manually. Please contact your network administrator if this problem persists. The following message was received from the security gateway: No License. Solution The most pertinent information...
iPhone / iPad – Using the Cisco AnyConnect Client
KB ID 0000474 Problem You have an Apple device and you would like to create a remote VPN connection to a Cisco device running AnyConnect. Note: This is not a walkthrough on how to configure AnyConnect, for that go here. Be aware that in addition to your SSL VPN licences your Cisco ASA device also needs a “AnyConnect Mobile – ASA 5510” license. If not you will receive this error. Solution 1. Firstly you need to...