AnyConnect – ‘VPN establishment capability for a remote user..
KB ID 0000546 Problem If you connect to to a client via RDP then try and run the AnyConnect client, you will see one of these errors; VPN establishment capability for a remote user is disabled. A VPN connection will not be established VPN establishment capability from a Remote Desktop is disabled. A VPN connection will not be established This, behaviour is default, and despite me trawling the internet to find a solution (most...
Cisco Firepower 1010 Configuration
KB ID 0001673 Background This page will be used as a central repository and ‘index’ for configuration on the Cisco Firepower 1010 series firewall. I intend to add to it as I test the capabilities and work out any problems whilst trialing/deploying and operating this platform. Config Documents VPN Firepower 1000 series running ASA Code. General Cisco Firepower 1010 Licensing Reimage Cisco 1010 ASA to FTD VPN EZVPN Is not...
Cisco Firepower 1010 Licensing
KB ID 0001672 Problem So we have unboxed and setup our Firepower 1010 device, simply logging into the ASDM fires off warnings that it’s only running DES and I need to register the unit go get any decent level of encryption, (seriously why is 3DES still an ‘add on’ licence, who is still doing 56bit encryption!) So let’s get is registered and licenced. Solution The ‘Licence Envelope’ in the box is...
Cisco ASA: Mixing TCP and UDP in Object-Groups
KB ID 0001668 Problem I like object-groups, they can make your firewall configs a lot smaller/neater and if you need to add a host, network, range, or port, then you can simply add the new requirement to an existing group. But what if you want to allow both UDP and TCP ports, you can create a service group for TCP and add the ports and a service group for UDP and add the ports, and add them into your ACL where you would expect ports...
macOS: ASDM Developer Cannot Be Verified
KB ID 0001667 Problem When trying to connect to a Firepower 1010 ASDM I was met with this; “Cisco ASDM-IDM.app” cannot be opened because the developer cannot be verified. macOS cannot verify that this ap is free from malware Solution If you’ve spent much time using macOS then this is quite common, Open System Preferences > Security and Privacy > General tab > You will see a warning about the Cisco ASDM-IDM...
Firepower 1010 Review
KB ID 0001666 What Is It? I’ve been trying to get my hands on one of these for a while. So thanks to my employer for sending me one to take a look at. The Firepower 1010 appliance is aimed at Small Office / Home Office, and possibly Small Remote Branch offices. But like its predecessors it will probably get put in EVERYWHERE because it’s ‘cheap’, (Note: for cheap, read possibly under-specced* and the wrong...
Cisco ASA – Update Activation Key (From ASDM)
KB ID 0001662 Problem I recently did a post on adding extra licences to AnyConnect, (with the current surge of people working from home). I exclusively work at command line, so when I was asked how to do the same in the ASDM I had to go and check 🙂 Solution Connect to your firewalls ASDM console, then navigate to > Configuration > Device Management > Licensing > Activation Key > Enter you new Activation Key > Update...
Get Free Cisco AnyConnect Licences For COVID-19 Homeworkers
KB ID 0001661 Problem Cisco released information on their blog a few days ago to say that they would be offering free Umbrella, Duo and AnyConnect Licences to customers in the wake of the the COVID-19 outbreak. Thats great news, but there’s no information on how to get the AnyConnect licences. It just says speak to your Cisco partner. As I am a Cisco partner I was confused, and it seems my colleagues were also. So I contacted...
VMware Edge Gateway VPN to Cisco ASA
KB ID 0001658 Problem I was asked to setup a VPN to help out a colleague this week. When I had a look, one end turned out to be an Edge Gateway, I wasn’t that concerned, I’d done similar things in my prior role, I just didn’t have access to the vCloud or VMware at this datacenter. Depite my best efforts on the ASA, the tunnel refused to come up, it took a little looking ‘under the covers’ to accurately...
Configuring Cisco HSRP
KB ID 0000946 Problem Cisco HSRP: Normally your client machines have one route off the network, (their default gateway). But what if that goes down? HSRP aims to solve this problem by assigning a ‘Virtual IP address’ to your default gateway (or default route). So that IP can be shared amongst two or more possible devices (routers, or layer 3 switches). Above, we have a client 192.168.1.10 that has two possible routes off...