Cisco ASA 5500 – Error ‘DHCP: Interface ‘inside’ is currently configured as SERVER and cannot be changed to a CLIENT by a CLIENT feature’
KB ID 0000836 Problem I put in an ASA 5505 this week, and while I was setting it up I was getting plagued with these popping up in the command window all the time; DHCP: Interface ‘inside’ is currently configured as SERVER and cannot be changed to a CLIENT by a CLIENT feature DHCP Client: can’t enable DHCP Client when DHCP Server/Relay is running on the interface. Seen here on ASA Version 9.1(1) Solution There not a...
Build a PIX Firewall for your test network
Working with GNS3 and PEMU – (Part 1) KB ID 0000061 Problem Cisco Firewall’s are expensive, I know I own some, and my firm sells them, getting hardware to run on your test bench is difficult enough, but getting high end Cisco equipment is an expensive proposition for your average “Techy”. These days most people run their test networks in virtual environment. I run Hyper-V at at home for Testing and I have my...
Enable DNS Lookup on the Cisco PIXASA
KB ID 0000029 Problem You need the ASA to be able to resolve external hostname’s. Note: You need at least version 8.2(2) before you can use a DNS name in an access-list. Solution Note: In this example I’m using 122.122.122.199 and 122.122.122.198 (yes, they cannot exist!) as the external DNS addresses, substitute your own.</p? 1. Whilst in enable mode > enter configure terminal mode, then enable DNS Lookups....
Backup and Restore a Cisco Firewall.
KB ID 0000076 Problem There are many different versions of PIX and ASA Firewalls. So, if you want to get a backup of the configuration and save it elsewhere, (so in the event of a failure, (or more likely someone tinkering and breaking the firewall)). you will be able to recall and restore that configuration. By far the easiest method is to use a TFTP server – and it works on ALL versions, so learn it once and use it many...
Manage your Cisco Firewall from your Windows Mobile Device
KB ID 0000158 Problem You have a new windows mobile device and your bored! – well not really, I hope I never have to do this in anger but, It was an exercise in proving it can be done 🙂 Solution Before you start you need to ensure the following has been done, 1. The firewall in question needs an RSA Key generating on it, (on the firewall issue the following command “crypto key generate rsa” {without the quotes}. 2....
Cisco – Windows x64 Bit VPN Client (IPSEC)
Note: This page was originally written before the release of the Cisco x64 bit Windows 7 Client KB ID 0000163 Problem I was widely accepted for some time that Cisco’s support for the IPSEC VPN client will not be extended to x64 bit Windows platforms, That’s simply because they are gearing up towards their own AnyConnect VPN client. Update 18/02/10 – Cisco have released an x64 Bit VPN Client for Windows 7...
RDP to Multiple Servers with a Cisco PIX/ASA Firewall
KB ID 0000167 Problem WARNING: Allowing RDP traffic from ‘any’ IP this is a monumentally bad idea, ONLY allow RDP traffic from trusted hosts/networks, or better still, limit RDP to clients/locations the have their traffic protected by VPN. You want to connect via “Remote Desktop” to multiple servers behind your firewall. To do this you have three options. Note: This is an old article that refers to ‘pre...
Working with the Cisco VPN Client. (IPSEC)
KB ID 0000171 Problem Both at work, and while posting in forums, I have to explain how to configure the Cisco Client VPN software, so to save me writing lots of documentation, it’s about time I posted some information to cover every eventuality. Here we are dealing with the IPSEC VPN client, not the newer Cisco AnyConnect SSL client. Using this software you can connect from a remote location to your office network (or any other...
Cisco VPN Client Error “Failed to Enable Virtual Adapter”
Secure VPN Connection terminated locally by the Client Reason 442: Failed to enable Virtual Adapter KB ID 0000179 Problem Note: If you see this on Windows 8 go here. Note: If you see this on Windows 10 go here. Solution Update 10/03/10 – This problem re-occured on one of my clients today – cured the problem by removing the VPN client, and upgrading to version 5.0.07.0240-k9-BETA. 1. Click Start > Computer. 2....
Cisco ASA Site to Site VPN’sSite to Site ISAKMP VPN (Main Mode)
KB ID 0000213 Problem As with most things, before you have a hope of fixing something, you will stand a better chance if you know how it works in the first place. Below is a quick run though of what’s happening with your site to site VPN’s and how they work. For the entire process we will have two Cisco ASA 5500 firewalls and a site to site VPN. Solution What’s an Initiator and a Responder? 1. Our Laptop 192.168.1.50...