AnyConnect Group Authentication With Cisco ISE and Downloadable ACLs (Part 2)
KB ID 0001156 Problem Carrying on from PART 1 Solution Add > Create Before. Edit the Policy Giv the policy set a name and description > Create a new condition. Set Description to Device Type. Equals > All Device Types (The Device Group You Created Above). Add attribute value. Set Description to RADIUS. NAS-Port-Type-[61]. Equals > Virtual. Edit the Authentication Policy. Change the identity source to the the identity...
AnyConnect Group Authentication With Cisco ISE and Downloadable ACLs (Part 1)
KB ID 0001155 Problem To be honest it’s probably a LOT easier to do this with Dynamic Access Policies, but hey, if you have ISE then why not use it for RADIUS, and let it deploy downloadable ACL’s to your remote clients and give them different levels of access, based on their group membership. I’m going to keep things simple, I will have a group for admins that can access anything, and a group for users that can only...
NTP Stratum 1 and Stratum 2 UK Time Servers
KB ID 0001154 Problem There are a LOT of NTP servers lists published. I’ve sat and checked all the servers below, and their DNS resolution, and they are correct as at the date above. Solution Stratum 1 Hostname IP Address Resolvable By Location chronos.csr.net 194.35.252.7 DNS Cambridge Stratum 2 Hostname IP Address Resolvable By Location 0.uk.pool.ntp.org 109.74.206.120 176.58.109.199 94.125.129.7 5.77.45.219 DNS Various...
Applying and Assigning vSphere / ESXi6 Licences
KB ID 0001153 Problem I’ve used the old VI client since version 3, so getting to grips with the vShpere web client has been fun. (I know it’s been out for ages, but I don’t like it sorry!) After rebuilding my test server to ESX 6 and deploying a new vCenter appliance, I was getting the usual nag messages about licensing etc. So I went to install the licences, that’s pretty easy, you can do that from the home...
Cisco ASA – AnyConnect Authentication via LDAP and Domain User Groups
KB ID 0001152 Problem When I first started doing Cisco remote VPNs, we had Server 2000/2003 and I used to use RADIUS with IAS. Then Microsoft brought out 2008/2012 and RADIUS via NAP. Because I fear and loath change I swapped to using Kerberos VPN Authentication for a while. I had to put in an ASA5512-X this weekend and the client wanted to allow AnyConnect to a particular Domain Security Group “VPN-Users”, so I thought I...
Using OSPF over DMVPN
KB ID 0001151 Dtd 03/02/16 Problem This article is a supplement to the earlier one on Setting Up DMVPN. It covers how to use OSPF over the top of DMVPN. This is the topology I’m going to use; As I’ve said (above) this is not a run though on setting up DMVPN, but if you want to spin it up in GNS3, or on the test bench, here’s the DMVPN config; Hub Site configure terminal interface Tunnel10 ip address 192.168.254.1...
Cisco ASDM and Windows 10
KB ID 0001150 Problem Most of the time I’m on my mac for work, but sometimes when the ADSM fails, I switch to a windows VM (in VMware Fusion). I recently upgraded to Windows 10, and for the most part that’s been a painless process. I did notice though, that when I try to run the ADSM, it will let me install the software, then sit there doing nothing? Note: Also see, ASDM on Windows 10: ‘Cannot find Javaw.exe?’...
Route Summarisation with EIGRP
KB ID 0001149 Problem I’ve already written a post that lets you calculate a route summarisation. So now you have a method of advertising your routes more efficiently, what do you do with it? Well I’m at the EIGRP point in my studies so here’s how to implement it with EIGRP. To demonstrate I’ve built the above network on GNS3, there is a loopback interface on the routers for each of those networks. Solution...
Safari – Open jnlp Files Not Download Them
KB ID 0001148 Problem Next to the rise of Nazism, war, hunger, and pestilence Java is the worst hing to happen to humankind! But because people keep using it for management consoles and things we are stuck with it. I’m particularly a big fan of the way they (Oracle) upgrade it because it’s got some huge security flaw in it, then all my remote iLO, DRAC and Cisco ASDM sessions don’t work anymore. It’s even...
VMware Fusion – Change IP Addresses
KB ID 0001147 Problem I use Fusion a lot, and it does what I want and never gives me any problems. I was working for a client this week and had to VPN onto their network (172.16.0.0/16 but all the servers were on 172.16.48.x). When connected I could not RDP to any of their servers? I asked a colleague to try on his laptop and it worked fine? I asked another colleague who also uses a mac, his worked as well. Solution I wondered if I...