Cisco ASA5505 Setup (Via ASDM)
KB ID 0000067 Problem Regular visitors to PNL will know I much prefer to do things at command line, but I appreciate most people trying to set up a new firewall will want to use the GUI. Before you start you will need to know what IP addresses you want to use, what password you want to use etc. Solution 1. You get two network cables in the box, connect your PC/Laptop to Ethernet port 1 (See the photo, that’s the second one in...
Set Cisco ASA for Kerberos Authentication
KB ID 0000039 Problem You want to set up a Cisco ASA to authenticate users (VPN access for example). Solution Kerberos can only be used as an authentication protocol on the ASA, so its fine for allowing VPN connections but not for assigning policies etc. To work both the ASA and the domain need to be showing accurate time. Step 1: Set the ASA to get time from an External NTP Server 1. Log onto the ASA > Go to “Enable...
Cisco ASA – Only Allow Mail Servers SMTP Outbound
KB ID 0000172 Problem It’s not unusual for nasty Virus’s and Malware once they have infected a machine, to set up outbound communications on the mail protocol SMTP (TCP Port 25), which can lead to your public address being blacklisted. So it’s considered good practice to stop all your clients getting mail access outbound through your firewall, while still allowing your mail server. Note: On Cisco firewall’s,...
Cisco Remote (IPSEC) VPN Clients Timeout / Disconnect
KB ID 0000309 Problem By default, your remote VPN clients will timeout their connections after 300 seconds of inactivity, should you wish to increase that you can, on a user by user basis, however sometimes that does not work. To fix the problem you need to disable ISAKMP monitoring at the “Head End”. Solution Enable via Command Line (see below for ASDM instructions) 1. Connect to the the firewall (see here for...
DNS resolves intermittently – EDNS Problems
KB ID 0000312 Problem DNS resolves intermittently, and your Exchange outbound mail may fail and give the following error: The following recipient(s) could not be reached: user@domain.com on (Date Time). There was a SMTP communication problem with the recipient’s email server. Please contact your system administrator. <(Domain.com) #5.5.0 smtp;550-Domain does not recognize your computer (xx.xx.xxx.xxx) as connecting from an...