Cisco ASA Remote Management via VPN
ASA Remote Management KB ID 0000984 Problem It’s been ages since I has to do this, I usually just manage firewalls via SSH from outside. But I was out on a client site last week and needed to connect to to my ASA, so I simply connected in via AnyConnect; Note: The same procedure is applicable if you are an IPSEC VPN client, L2TP VPN client, or simply coming in over a site to site VPN link. And attempted to SSH, no joy, I tried...
macOS – SSH Error ‘No Matching Exchange Method Found’
Mac SSH Error KB ID 0001245 Problem Certified working all the way up to macOS Ventura version 13.6 Certified working all the way up to macOS Sonoma version 14.1 Certified working all the way up to macOS Sequoia version 15.1 I thought my RoyalTSX had broken today, I upgraded it a couple of weeks ago, and I upgraded to macOS Catalina 10.15 the other day. After this, all my SSH sessions refused to connect with this error; Unable to...
Microsoft Azure To Cisco ASA Site to Site VPN
KB ID 000116 Problem The one reason I prefer Cisco over Microsoft is they rarely change things, you learn how to do something and it’s learned. This is the second time have had to write this article purely because the Azure UI has changed! Virtual Network Gateway Options With VPN’s into Azure you connect to a Virtual Network Gateway, of which there are TWO types Policy Based, and Route Based. This article will deal with...
Factory Reset a Cisco Firewall
KB ID 0000007 Problem You want to wipe the firewall’s config and revert to the factory settings (passwords blank – management or inside set to 192.168.1.1 and DHCP enabled, with all other settings wiped). Solution 1. Connect to the ASA via the console Cable. CLICK HERE 2. log in and go to configure terminal mode. 3. Execute the following command “config factory-default” 4. Press the space bar a few times to execute the...
Cisco ASA: Prioritise RDP Traffic
KB ID 0001359 Problem I have a client who had two sites, one didn’t have a particularly good internet connection, (which is the actual problem that needed to be solved). But in the interim, he wanted me to prioritise RDP traffic, as his staff were constantly complaining about the speed of their connections. Note: They may be a myriad of reasons why user experience is bad for an RDP session, this was quite simply a bandwidth...
MAC OSX – Connecting to Cisco IPSEC VPN
KB ID 0001197 Problem Here we are dealing with the older IPSEC VPN method of remote VPNs, NOT AnyConnect. There is/was a VPN client for Mac OSX which you can still download. But modern versions of OSX have the Cisco IPSec VPN client built into them. I’m assuming you have already configured the firewall, if not see the article below; Cisco ASA5500 Client IPSEC VPN Access Solution Open your network preferences and add in a new...
Cisco – Testing AAA Authentication (Cisco ASA and IOS)
KB ID 0001175 Problem I always forget the syntax for this, and I’ve been meaning to publish this for a while so here you go. If you have AAA setup and people can’t log in, then the ability to test authentication against a user’s username and password is a good troubleshooting step! Usually I’m on a Cisco ASA but I’ll tag on the syntax for IOS as well. Solution Cisco ASA Test AAA Authentication From...
Build a PIX Firewall for your test network
Working with GNS3 and PEMU – (Part 2) KB ID 0000662 Problem In Part 1 we installed and Licensed our Virtual PIX, now we will give it an IP address and get the firewalls web management console running. To complete this procedure you will need to, 1. Have a TFTP server up and running (CLICK HERE). 2. Know how to connect to a Cisco Firewall (CLICK HERE). Solution Step 1 (Add an interface to your host machine) 1. On your host PC/VM...
PIX 506E and 501 Firewall Image and PDM Upgrade
KB ID 0000065 Problem Note: PIX 515E and above, can still be upgraded to version 8.0(4) click here for details Some people will wonder why I’m bothering to write this up, but the truth is, there are LOADS of older PIX firewalls out there in the wild, and all the PIX 501’s and 506E’s that are being retired from corporate use are being bought on ebay, or being put on IT departments test benches. This page deals with...
Cisco PIX (500 Series) Password Recovery / Reset
KB ID 0000064 Problem If you are locked out of your PIX firewall then you will need to do some password recovery, this procedure will reset the enable password and remove any AAA username and password settings on the PIX. Note: If you have a PIX 520 (This has a floppy drive, and the process is different) CLICK HERE Solution Before You Start ! 1. You need to know the software version that is running on the PIX e.g 6.3(5) or 7.0(1) 2....