Using the Microsoft VPN client through Cisco ASA/PIX
KB ID 0000009 Problem You cannot open a Microsoft client VPN tunnel with a cisco PIX or ASA in front of you on the network. Solution You need the following open (outbound) TCP port 1723 (thats pptp) Protocol 47 (GRE) – note thats a PROTOCOL and NOT a PORT Allow PPTP Client through the ASA via Command Line 1. Connect to the ASA then add PPTP inspection to the default inspection map. PetesASA> PetesASA> en Password: ********...
Manage your Cisco Firewall from your Windows Mobile Device
KB ID 0000158 Problem You have a new windows mobile device and your bored! – well not really, I hope I never have to do this in anger but, It was an exercise in proving it can be done 🙂 Solution Before you start you need to ensure the following has been done, 1. The firewall in question needs an RSA Key generating on it, (on the firewall issue the following command “crypto key generate rsa” {without the quotes}. 2....
Cisco – Windows x64 Bit VPN Client (IPSEC)
Note: This page was originally written before the release of the Cisco x64 bit Windows 7 Client KB ID 0000163 Problem I was widely accepted for some time that Cisco’s support for the IPSEC VPN client will not be extended to x64 bit Windows platforms, That’s simply because they are gearing up towards their own AnyConnect VPN client. Update 18/02/10 – Cisco have released an x64 Bit VPN Client for Windows 7...
Sync Microsoft Domain Time To A Cisco NTP Device
KB ID 0001038 Problem I’ve been posting domain time articles for a long time, and on more than one occasion I’ve really needed to take my Windows time from a Cisco Device and failed miserably. I’ve even used third party NTP software to solve this problem on my own test network. On a client network, my colleague deployed ACS5 this week, I secured the ASA5585-X for AAA and it failed authentication. Logging revealed a...
Cisco ISE – Basic 802.1x With WindowsPart Four – Configuring The Windows Clients (Supplicants)
KB ID 0001083 Problem Back in Part Three we setup the switches ready to plug in our clients. I’m going to configure the Windows clients by Group Policy. But I suggest you carry out tests using single Windows clients and LOCAL policy until you know you have everything setup correctly. WARNING: Rolling this out without adequate testing, can resolve in all your Windows clients falling off the network Solution 1. On a DC or a...
Outlook Error 0x800CCC0F – Using POP3 To Exchange – Behind a Cisco CSC (Trend InterScan) Module
KB ID 0000642 Problem I upgraded a clients firewall and CSC software a couple of weeks ago, and ever since “some” users saw the following errors, Error 0x800CCC0F Task ‘{email address} – Sending’ reports error (0x800CCC0F): #The connection to the server was interrupted. If the problem continues, contact your server administrator or Internet service provider (ISP).’ Eventually it would time out...
Set Cisco ASA for Kerberos Authentication
KB ID 0000039 Problem You want to set up a Cisco ASA to authenticate users (VPN access for example). Solution Kerberos can only be used as an authentication protocol on the ASA, so its fine for allowing VPN connections but not for assigning policies etc. To work both the ASA and the domain need to be showing accurate time. Step 1: Set the ASA to get time from an External NTP Server 1. Log onto the ASA > Go to “Enable...
Cisco ASA – Only Allow Mail Servers SMTP Outbound
KB ID 0000172 Problem It’s not unusual for nasty Virus’s and Malware once they have infected a machine, to set up outbound communications on the mail protocol SMTP (TCP Port 25), which can lead to your public address being blacklisted. So it’s considered good practice to stop all your clients getting mail access outbound through your firewall, while still allowing your mail server. Note: On Cisco firewall’s,...
DNS resolves intermittently – EDNS Problems
KB ID 0000312 Problem DNS resolves intermittently, and your Exchange outbound mail may fail and give the following error: The following recipient(s) could not be reached: user@domain.com on (Date Time). There was a SMTP communication problem with the recipient’s email server. Please contact your system administrator. <(Domain.com) #5.5.0 smtp;550-Domain does not recognize your computer (xx.xx.xxx.xxx) as connecting from an...
Windows Server Setup RADIUS for Cisco ASA 5500 Authentication
KB ID 0000685 Problem Note: The procedure is the same for Server 2016 and 2019 This week I was configuring some 2008 R2 RADIUS authentication, so I thought I’d take a look at how Microsoft have changed the process for 2012. The whole thing was surprisingly painless. I will say that Kerberos Authentication is a LOT easier to configure, but I’ve yet to test that with 2012, (watch this space). Solution Step 1 Configure the...