Cisco ASA: Received a DELETE PFKey message from IKE
KB ID 0001720 Problem I was debugging a VPN tunnel today. (From a Fortigate to a Cisco ASAv). I was messing around with the encryption and hashing, when the tunnel fell over. Phase 1 was establishing fine but not Phase 2 (IPSEC). I’ve got better skills on the ASA, so that’s where I was debugging; IPSEC: Received a PFKey message from IKE IPSEC: Parsing PFKey GETSPI message IPSEC: Creating IPsec SA IPSEC: Getting the...
Secure and Encrypt USB Drives
KB ID 0000060 Problem We would be lost without the good old USB Key/Thumb drive in this day and age, now the floppy drive is officially dead its our primary method of moving files and software about. I have the habit of leaving both CD/DVD’s in clients servers and my thumb drive onsite because I have a head like a sieve =[ I did this the other week, and thankfully I was going to be away on course for the following week, so I...
Configure Wireless Network Stings via Group Policy
KB ID 0000923 Problem If you have a corporate wireless network, you can send the settings out to your clients, rather than have them all ask you what the wireless settings are, and how do they connect. Here I’m going to use Domain group policies, but the procedure is the same for local policies (just run gpedit.msc instead). And the dialog boxes are exactly the same as if you were configuring them on the client machine. (You...
HP MSM Controller – Using RADIUS With Windows Server
KB ID 0000922 Problem I’m very disappointed with HP, theres next to no information on how to do this. My plan was to secure wireless access with certificates, so only clients with a valid digital certificate could authenticate and connect to the wireless. After spending nearly a whole day on the phone to various technical support departments at HP, this remained an impossible requirement! In the end, as the client only had a...
Cisco Router – Configure Site to Site IPSEC VPN
KB ID 0000933 Problem I’ve done thousands of firewall VPN’s but not many that terminate on Cisco Routers. It’s been a few years since I did one, and then I think I was a wuss and used the SDM. So when I was asked to do one last week thankfully I had the configs ready to go. I’m going to use the IP addresses above, and my tunnel will use the following settings; Encryption: AES. Hashing: SHA. Diffie Hellman:...