Windows Server Setup RADIUS for Cisco ASA 5500 Authentication
KB ID 0000685 Problem Note: The procedure is the same for Server 2016 and 2019 This week I was configuring some 2008 R2 RADIUS authentication, so I thought I’d take a look at how Microsoft have changed the process for 2012. The whole thing was surprisingly painless. I will say that Kerberos Authentication is a LOT easier to configure, but I’ve yet to test that with 2012, (watch this space). Solution Step 1 Configure the...
Cisco ASA – Using ‘logging’ to see what ports are being blocked
KB ID 0000702 Problem If you look after a firewall, sooner or later something will fail, and the blame (rightly or wrongly), will be leveled at the firewall. I came back from holiday this week to find a client had got a problem with secure POP email. The problem had been fixed (temporarily) by dropping the affected users into a group, and opening all ports. As this had fixed the problem then it’s fair to say that the ASA was...
Cisco ASA to Juniper SRX Site to Site VPN
KB ID 0000710 Problem You want to establish a site to site VPN from a site with a Cisco ASA firewall, to another site running a Juniper SRX firewall. I had to do this this week, and struggled to find any good information to help. In the example below I’m configuring the whole thing from a laptop (172.16.254.206) that’s on the Juniper’s site. Use the diagram below, and substitute your own IP addresses and subnet...
Cisco ASA 5500 Active/Standby – Zero Downtime Upgrade
KB ID 0000733 Problem You have two ASA firewalls deployed in Active/Standby failover configuration, and need to upgrade either the operating system or the ASDM. As you already have a high availability solution you do not want any downtime. Before we start, we need to make sure we know the difference between primary, secondary, active and standby. From the rear (Active=Green, Standby=Amber) The Primary and Secondary firewalls are...
Cisco ASA 5500 – Deny a Single IP Address External Access
KB ID 0000743 Problem This got asked on Experts Exchange today, the poster specifically asked for an ASDM solution, so here goes. However I will also do the commands as well. Solution Block an IP via ASDM 1. Connect to the ASDM > Configuration > Firewall > Add ‘Network Object’. Note: You could create a Network Object Group, then add a Network Object to that group. This is handy if there are liable to be more IP...