Cisco AnyConnect – Securing with Microsoft Certificate Services
Part 2 (How to Configure AnyConnect) KB ID 0001031 Problem Back in Part 1 We configured the Microsoft Certificate Services to meet our certificate needs. Now we configure the firewall for AnyConnect. Solution 1. Log onto the ASA > Go to global configuration Mode. login as: petelong petelong@192.168.100.1’s password:********** Type help or ‘?’ for a list of available commands. Petes-ASA> enable Password: *******...
ASA 5500 AnyConnect – Change Preferred Encryption Cipher Order
KB ID 0001058 Problem A few days ago I wrote about disabling SSL v3.0 to force your clients to connect with the more secure TLS v1.0. But what if your AnyConnect clients chose to connect with a weaker encryption cipher? The ciphers your firewall offer (by default) will vary depending on what OS your ASA is running. Solution 1. To see what your cipher you are connected with look on the statistics tab, below we are connecting with the...
Cisco AnyConnect – PAT External VPN Pool To An Inside Address
KB ID 0001104 Problem I got sent to Holland this week to look at a firewall deployment, and while I was sat in the Airport, I was going over the job I had to do, when I realised the solution I had suggested had a problem see below; My brief was to provide remote AnyConnect VPN into the network so the client could get their network setup, and manage things remotely. However as I drew the network out in my head I realised that the...
Cisco ASA – Cannot Get To Enable Mode?
KB ID 0001105 Problem After setting up some firewalls last week I quickly jumped on them whilst VPN’d into the my work network to make sure I’d be able to log into and administer them remotely via SSH, and ASDM (in case anyone else wanted to use it). SSH gave me the new certificate prompt and logged me in, ADSM logged in. I left site a happy chap. I went to login today via SSH and I could logon fine but I could not get to...
Cisco ASA – Cannot Enable Third Party Certificate (9.4 and later)
KB ID 0001106 Problem I installed a third party certificate for a client on their ASA (from Digicert). And followed my usual procedure. I enabled it on the outside interface and tested AnyConnect, it wasn’t working. The ASA refused to present anything other than its self signed certificate. Solution This is because after 9.4 the ASA will automatically present a certificate that has an elliptical curve cipher. Even if the ASA has...