Cisco ASA – Changing VPN IP Addresses
KB ID 0000391 Problem I had a client the other week with about 25 sites, his core site was changing ISP and therefore changing its IP address. On the main site this is pretty straightforward, just change the outside interfaces IP address, sub net mask and the default route (That’s the default gateway for non cisco-ites). All well and good, but what about his other 24 sites? They all had VPN’s back to the main site, and all...
Cisco ASDM – Accessing with Ubuntu
KB ID 0000396 Dtd 11/02/11 Problem Even though I prefer to use command line, there are times I need to manage Cisco firewalls from the ASDM. To do this from my Netbook running Ubuntu 10.10 it was not as straight forward as I was used to. Solution In my scenario I’m using Ubuntu 10.10 Desktop Edition, Chrome as my browser, and the ASDM is running version 6.3(1). 1. Before we start I’m assuming you know what the ASDM is and...
Upgrade Cisco PIX 515E to Version 8.0(4)
and ASDM version 6.1(5) KB ID 0000424 Problem I had to update a Cisco PIX 515E last week, Cisco 500 firewalls are a bit thin on the ground these days, and most of my corporate clients have replaced then with Cisco ASA 5500 firewalls. So as these units are now getting retired, or moved to the test bench, or sold on ebay. I thought I’d document probably the last one I did for posterity, and to help anyone else out. Note: Cisco...
SmoothWall site to site (IPSEC) VPN to Cisco ASA
KB ID 0000436 Problem You would like to put in a site to site VPN from a site that has a SmoothWall firewall to another site that has a Cisco ASA. Note: This procedure was carried out on a SmoothWall UTM 1000 Series appliance, and uses a pre-shared key to authenticate the VPN. Solution 1. For The Cisco end of the configuration, you can configure it from command line see here, or from the ASDM see here.. 2. Connect to the...
Cisco ASA 5500 – Adding Licenses
KB ID 0000531 Problem Each model in the Cisco ASA 5500 range comes with a range of licences and features, to add these features you can purchase them from a Cisco reseller. You will then need to apply the licence to the device. Solution 1. Your first step is to purchase the Licence you require from an authorised cisco reseller. 2. When your licence arrives you need to locate the PAK that is on the certificate. 3. You need the Serial...
Allow access to VMware View through Cisco ASA 5500
KB ID 0000545 Problem To access VMware View though a firewall you need the following ports to be open; TCP Port 80 (http/www) TCP Port 443 (https/ssl) TCP Port 4172 (PCoIP) UDP Port 4172 (PCoIP) In the following example I’m using 192.168.1.100 as the internal IP address of the View Server and the public IP address of the firewall is 123.123.123.123. Which solution you use, depends on weather you are allowing access via a...
ASA – Memory Error (Post upgrade to version 8.3)
KB ID 0000553 Problem I’ve split this article away from this one, as it tripped me up this week again, so I think it deserves an article of its own. Some ASA firewalls that shipped prior to February 2010 may need a hardware memory upgrade, before you can update them to version 8.3 and beyond. If not you will see the following; Memory Error as seen on an ASA5510 ************************************************************* ** **...
Cisco ASA 5500 – Reset / Recycle VPN Tunnels
KB ID 0000586 Problem I’ve been asked this before and it came up on EE today, basically you have a site to site VPN tunnel and you either want to restart it or reset it. Solution Cisco ASA Reset ALL VPN Tunnels 1. Connect to your ASA, then to reset ALL your ISAKMP VPN tunnels use the following command; clear crypto isakmp sa In the example below I’ve reset ALL my tunnels. I had a constant ping running across the VPN, and...
IP Address Conflicts with VMware ESX and Cisco ASA
KB ID 0000635 Problem My colleague was setting up a DMZ server for one of our clients, it was a virtual server that was presented to the DMZ of a Cisco ASA 5510. Every time he gave it a static IP address it popped up an IP address conflict (no matter what the IP address was). Windows has detected an IP address conflict Another computer on this network has the same IP address as this computer. Contact your network administrator for...
Update Cisco ASA – Directly from Cisco (via ASDM)
KB ID 0000636 Problem Warning: Before upgrading/updating the ASA to version 8.3 (or Higher) Check to see if you have the correct amount of RAM in the firewall (“show version” command will tell you). This is VERYIMPORTANT if your ASA was shipped before February 2010. See the link below for more information. ASA – Memory Error (Post upgrade to version 8.3) Warning 2: Be aware, if you are upgrading to an OS of...