Cisco ASA: Prioritise RDP Traffic
KB ID 0001359 Problem I have a client who had two sites, one didn’t have a particularly good internet connection, (which is the actual problem that needed to be solved). But in the interim, he wanted me to prioritise RDP traffic, as his staff were constantly complaining about the speed of their connections. Note: They may be a myriad of reasons why user experience is bad for an RDP session, this was quite simply a bandwidth...
MAC OSX – SSH Error ‘No Matching Exchange Method Found’
KB ID 0001245 Problem I thought my RoyalTSX had broken today, I upgraded it a couple of weeks ago, and I upgraded to macOS Sierra version 10.12 the other day. After this, all my SSH sessions refused to connect with this error; Unable to negotiate with x.x.x.x port 22: no matching key exchange found. Their offer diffie-hellman-group1-sha1 Note: You may also see the following error; Unable to negotiate with x.x.x.x port 22: no...
MAC OSX – Connecting to Cisco IPSEC VPN
KB ID 0001197 Dtd31/05/16 Problem Here we are dealing with the older IPSEC VPN method of remote VPNs, NOT AnyConnect. There is/was a VPN client for Mac OSX which you can still download. But modern versions of OSX have the Cisco IPSec VPN client built into them. I’m assuming you have already configured the firewall, if not see the article below; Cisco ASA5500 Client IPSEC VPN Access Solution Open your network preferences and...
Cisco – Testing AAA Authentication (Cisco ASA and IOS)
KB ID 0001175 Dtd 14/04/16 Problem I always forget the syntax for this, and I’ve been meaning to publish this for a while so here you go. If you have AAA setup and people can’t log in, then the ability to test authentication against a user’s username and password is a good troubleshooting step! Usually I’m on a Cisco ASA but I’ll tag on the syntax for IOS as well. Solution Cisco ASA Test AAA...
Microsoft Azure To Cisco ASA Site to Site VPN
KB ID 0001166 Dtd 12/03/16 Problem Given the amount of Cisco work, and the amount of Microsoft work I do I’m surprised I’ve never had to do this before. The call came in this week for a client who had a Cisco 5512-X firewall and wanted to get a site to site VPN into Microsoft Azure. Some efforts had been made, but the tunnel had refused to come up. Well I’ve never even logged into Azure, (why would I ?) I work for a...
Build a PIX Firewall for your test network
Working with GNS3 and PEMU – (Part 2) KB ID 0000662 Dtd 09/11/09 Problem In Part 1 we installed and Licensed our Virtual PIX, now we will give it an IP address and get the firewalls web management console running. To complete this procedure you will need to, 1. Have a TFTP server up and running (CLICK HERE). 2. Know how to connect to a Cisco Firewall (CLICK HERE). Solution Step 1 (Add an interface to your host machine) 1. On...