AnyConnect Error ‘The secure gateway has rejected the connection attempt, No assigned address’
KB ID 0000876 Problem I upgraded a clients ASA5510 firewall(s) yesterday. Post upgrade he got this error; The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication. The following message was received from the secure gateway: No assigned address. Solution Thankfully the error is pretty descriptive, the remote client can not get an...
Cannot Manage ASA via AnyConnect VPN
KB ID 0000925 Problem I haven’t needed to use my AnyConnect for a long time. But this week I needed to spin up some test servers. I connected fine, but I could not access the ASA via telnet, SSH or ASDM. Solution 1. Traditionally all you needed to do to manage an ASA from a remote VPN session, was to set the management-access to inside. User Access Verification Password: Type help or ‘?’ for a list of available...
AnyConnect – ‘Service Provider is Restricting Access’
KB ID 0000950 Problem I only tend to use AnyConnect for VPN. So while I was at a clients site the other week, I wanted to jump onto my test servers at home and was greeted by this; “The service provider in your current location is restricting access to the Internet. You need to log on with the service provider before you can establish a VPN session. You can try this by visiting any website with your browser.” Solution I...
Cisco AnyConnect – Securing with Microsoft Certificate Services
Part 2 (How to Configure AnyConnect) KB ID 0001031 Problem Back in Part 1 We configured the Microsoft Certificate Services to meet our certificate needs. Now we configure the firewall for AnyConnect. Solution 1. Log onto the ASA > Go to global configuration Mode. login as: petelong petelong@192.168.100.1’s password:********** Type help or ‘?’ for a list of available commands. Petes-ASA> enable Password: *******...
Cisco AnyConnect – Securing with Microsoft Certificate Services
Part 1 (How to Configure Microsoft Certificate Services for AnyConnect) KB ID 0001030 Problem I’ve done a lot of AnyConnect deployments, and I’ve even done them with certificates in the past. I’ve seen plenty of articles and blogs that say ‘It would be better to use a PKI deployment like Microsoft Certificate Services’, but there’s very little info out there on how to set it up. I have a client...
AnyConnect – Using a Windows DHCP Server to Lease IP Addresses to the Remote Clients
KB ID 0001050 Problem I did an AnyConnect design for a client recently, and they asked ‘Instead of using the firewall to lease the DHCP addresses to our remote clients, can we use our Windows DHCP Server?” In the past I’ve used Windows DHCP servers for IPSEC VPN clients, but more recently I’ve tended to just use the firewall. The client had some valid reasons for wanting to do so, and given the complexity of...
AnyConnect Client Fails To Get IP From Windows DHCP Server
KB ID 0001053 Problem A few days ago I did an article on AnyConnect and Windows DHCP. I ran it up on the test bench for a client, and everything worked fine. Doing the install my test ‘remote’ client failed to get an IP address. As you can see the DHCP Server (Windows Server 2012 R2) is on a different network segment to the inside of the ASA. Solution 1. First this to do was debug the connection, ‘debug webvpn...
ASA 5500 AnyConnect – Change Preferred Encryption Cipher Order
KB ID 0001058 Problem A few days ago I wrote about disabling SSL v3.0 to force your clients to connect with the more secure TLS v1.0. But what if your AnyConnect clients chose to connect with a weaker encryption cipher? The ciphers your firewall offer (by default) will vary depending on what OS your ASA is running. Solution 1. To see what your cipher you are connected with look on the statistics tab, below we are connecting with the...
iPhone – Taking Screenshots / Screendumps
KB ID 0000361 Problem All iPhones (above version 2 on 3G, 3GS and iPhone4) have the ability to take screenshots without having to download an app! Solution 1. Assuming you have the screen open you would like to capture, press the “Home” button, and while still having it pressed briefly press the “Sleep/Lock” button 2. The screen should “flash white” briefly and providing you are not on silent, you...
iPhone and iPad – Configure the Cisco VPN Client
KB ID 0000360 Problem You have already configured a Cisco ASA / PIX device to provide Client VPN connectivity, and you now wish to configure the iPhone/iPad Device. Solution Note: The screen shots are taken from an iPhone running (4.2.1) the process for iPad is the same. 1. Select Settings. 2. Select General. 3. Select Network. 4. Scroll to the bottom of the page and select VPN. 5. Add VPN Configuration. 6. Select IPSec. 7....