Cisco Firewalls and PING
KB ID 0000351 Problem With regards to Ping, out of the box a Cisco firewall will allow you to ping the interface you are connected to, so in a normal setup inside clients can ping the inside interface, and the firewalls outside interface can be pinged from outside. OK – to understand pinging through a Cisco Firewall you need to understand that Ping is part of the ICMP protocol suite, and unlike other protocols is not “connection...
Ubuntu – Managing Cisco Devices via Serial / Rollover Cable
KB ID 0000400 Problem A while back I ran though “Managing Cisco ASA devices via the ASDM with Ubuntu”, I prefer to work at command line, with a new firewall my only choice is via the console port, In a windows environment I can fire up Hyperterminal and I’m away. With Linux there a couple of things to do first. Solution Step 1 (Get the Serial / RS232 / COM Port working) As pictured above, this is being done on my...
Cisco Remote (IPSEC) VPN Clients Timeout / Disconnect
KB ID 0000309 Problem By default, your remote VPN clients will timeout their connections after 300 seconds of inactivity, should you wish to increase that you can, on a user by user basis, however sometimes that does not work. To fix the problem you need to disable ISAKMP monitoring at the “Head End”. Solution Enable via Command Line (see below for ASDM instructions) 1. Connect to the the firewall (see here for...
Securing Cisco SSL VPN’s with Certificates
KB ID 0000335 Problem It’s been a while since I wrote a walk though on the Cisco AnyConnect/SSL VPN solution, and usually I secure these with Active Directory or simply using the local user database on the firewall. But what if you wanted to use certificates instead? Perhaps your users are too “technically challenged” to remember their passwords. Or you want to enable two factor authentication with...
Site to Site IPSEC VPN from SonicWALL to Cisco ASA
KB ID 0000357 Problem You want to put in a secure IPSEC VPN tunnel from a Cisco ASA Device to a Sonicwall Firewall. Note in this example we will use 3DES for encryption, SHA1 for Hashing, Diffie Hellman Group 2, PFS enabled, and we will use a shared secret (Pre Shared Key). SonicWALL used in this example is a PRO 3060. Solution The main two gotcha’s Update 12/03/11 Feedback from Wajma Omari: I would like to add that this...