Configure Wireless Network Stings via Group Policy
KB ID 0000923 Problem If you have a corporate wireless network, you can send the settings out to your clients, rather than have them all ask you what the wireless settings are, and how do they connect. Here I’m going to use Domain group policies, but the procedure is the same for local policies (just run gpedit.msc instead). And the dialog boxes are exactly the same as if you were configuring them on the client machine. (You...
HP MSM Controller – Using RADIUS With Windows Server
KB ID 0000922 Problem I’m very disappointed with HP, theres next to no information on how to do this. My plan was to secure wireless access with certificates, so only clients with a valid digital certificate could authenticate and connect to the wireless. After spending nearly a whole day on the phone to various technical support departments at HP, this remained an impossible requirement! In the end, as the client only had a...
Cisco Router – Configure Site to Site IPSEC VPN
KB ID 0000933 Problem I’ve done thousands of firewall VPN’s but not many that terminate on Cisco Routers. It’s been a few years since I did one, and then I think I was a wuss and used the SDM. So when I was asked to do one last week thankfully I had the configs ready to go. I’m going to use the IP addresses above, and my tunnel will use the following settings; Encryption: AES. Hashing: SHA. Diffie Hellman:...
Cisco ASA Site to Site VPN’sSite to Site ISAKMP VPN (Main Mode)
KB ID 0000213 Problem As with most things, before you have a hope of fixing something, you will stand a better chance if you know how it works in the first place. Below is a quick run though of what’s happening with your site to site VPN’s and how they work. For the entire process we will have two Cisco ASA 5500 firewalls and a site to site VPN. Solution What’s an Initiator and a Responder? 1. Our Laptop 192.168.1.50...
ASA 5500 AnyConnect – Change Preferred Encryption Cipher Order
KB ID 0001058 Problem A few days ago I wrote about disabling SSL v3.0 to force your clients to connect with the more secure TLS v1.0. But what if your AnyConnect clients chose to connect with a weaker encryption cipher? The ciphers your firewall offer (by default) will vary depending on what OS your ASA is running. Solution 1. To see what your cipher you are connected with look on the statistics tab, below we are connecting with the...