Cisco FireSIGHT – Enable Active Directory (LDAP) Authentication
KB ID 0001102 WARNING this is for older versions of the FirePOWER Management Platform, go to the following link for newer versions Cisco FirePOWER Management Appliance – Allowing Domain Authentication Problem To save you creating multiple users on your FireSIGHT appliance, and assigning roles to them you can utilise your existing Active Directory. In fact FireSIGHT does a good job of enabling granular administration based on AD...
Cisco ASA 5500-X Restart the FirePOWER Service Module
KB ID 0001101 Problem I’ve only just recently started to work with these, the advantage of them is they are great for SOHO and SMB, and they don’t need additional SSD drives installing. Note: This also procedure works on the larger ASA5500-X firewalls that have Firepower installed on an internal SSD drive, (i.e. 5512,5515,5525, and 5545 etc.) While getting them to work with a Sourcefire appliance, I had to...
Cisco AnyConnect – PAT External VPN Pool To An Inside Address
KB ID 0001104 Problem I got sent to Holland this week to look at a firewall deployment, and while I was sat in the Airport, I was going over the job I had to do, when I realised the solution I had suggested had a problem see below; My brief was to provide remote AnyConnect VPN into the network so the client could get their network setup, and manage things remotely. However as I drew the network out in my head I realised that the...
Cisco ASA – Cannot Get To Enable Mode?
KB ID 0001105 Problem After setting up some firewalls last week I quickly jumped on them whilst VPN’d into the my work network to make sure I’d be able to log into and administer them remotely via SSH, and ASDM (in case anyone else wanted to use it). SSH gave me the new certificate prompt and logged me in, ADSM logged in. I left site a happy chap. I went to login today via SSH and I could logon fine but I could not get to...
Cisco ASA – Cannot Enable Third Party Certificate (9.4 and later)
KB ID 0001106 Problem I installed a third party certificate for a client on their ASA (from Digicert). And followed my usual procedure. I enabled it on the outside interface and tested AnyConnect, it wasn’t working. The ASA refused to present anything other than its self signed certificate. Solution This is because after 9.4 the ASA will automatically present a certificate that has an elliptical curve cipher. Even if the ASA has...