AnyConnect: ‘Quick and Dirty’ Duo 2FA
Sep01

AnyConnect: ‘Quick and Dirty’ Duo 2FA

Posted By on Sep 1, 2020

KB ID 0001701 Problem Normally if I were deploying Duo 2FA with AnyConnect I’d deploy a Cisco RADIUS VPN on my LAN, (usually on my Duo Authentication Proxy). See the following article; AnyConnect: Enable Duo 2Factor Authentication However, last time I set this up, a colleague said ‘Oh by the way, you don’t need to do that, you can just point the firewall directly at Duo’. I was initially skeptical but I tried...

Read More
Cisco ASA VPN Static to Dynamic IP (DHCP)
Jul01

Cisco ASA VPN Static to Dynamic IP (DHCP)

Posted By on Jul 1, 2020

KB ID 0001683 Problem I had a call with a client last week, they are in one of my employer’s DCs, and their servers are behind a vASA. They had purchased some Meraki MX devices for their IT team who were working remotely (during the Covid-19 lockdown), and were struggling. Normally we would just suggest AnyConnect, but these guys were building new machines for  their clients, and needed access directly to the domain from their...

Read More
Cisco ASA: Mixing TCP and UDP in Object-Groups
Apr15

Cisco ASA: Mixing TCP and UDP in Object-Groups

Posted By on Apr 15, 2020

KB ID 0001668 Problem I like object-groups, they can make your firewall configs a lot smaller/neater and if you need to add a host, network, range, or port, then you can simply add the new requirement to an existing group. But what if you want to allow both UDP and TCP ports, you can create a service group for TCP and add the ports and a service group for UDP and add the ports, and add them into your ACL where you would expect ports...

Read More
Cisco ASA – Update Activation Key (From ASDM)
Apr01

Cisco ASA – Update Activation Key (From ASDM)

Posted By on Apr 1, 2020

KB ID 0001662 Problem I recently did a post on adding extra licences to AnyConnect, (with the current surge of people working from home). I exclusively work at command line, so when I was asked how to do the same in the ASDM I had to go and check 🙂 Solution Connect to your firewalls ASDM console, then navigate to > Configuration > Device Management > Licensing > Activation Key > Enter you new Activation Key > Update...

Read More
VMware Edge Gateway VPN to Cisco ASA
Feb18

VMware Edge Gateway VPN to Cisco ASA

Posted By on Feb 18, 2020

KB ID 0001658 Problem I was asked to setup a VPN to help out a colleague this week. When I had a look, one end turned out to be an Edge Gateway, I wasn’t that concerned, I’d done similar things in my prior role, I just didn’t have access to the vCloud or VMware at this datacenter. Depite my best efforts on the ASA, the tunnel refused to come up, it took a little looking ‘under the covers’ to accurately...

Read More