Cisco Firewall Port Forwarding
KB ID 0000077 Problem Note: This is for Cisco ASA 5500, 5500-x, and Cisco Firepower devices running ASA Code. Note2: If your firewall is running a version older than 8.3 you will need to scroll down the page. Port forwarding on Cisco firewalls can be a little difficult to get your head around, to better understand what is going on remember in the “World of Cisco” you need to remember two things….. 1. NAT Means...
Cisco Firewalls Changing the Web Management Port
Cisco 5500 Changing the ASDM Port Unable to Port Forward HTTPS KB ID 0000268 Problem You want to change the port that the Cisco ASDM runs over, or you are attempting to port forward https/ssl and see the following error Error: ERROR: unable to reserve port 443 for static PAT ERROR: unable to download policy You are trying to port forward (Create a static PAT entry) on a Cisco ASA for port 443 / https. This port is in use by the ASDM....
Cisco Remote (IPSEC) VPN Clients Timeout / Disconnect
KB ID 0000309 Problem By default, your remote VPN clients will timeout their connections after 300 seconds of inactivity, should you wish to increase that you can, on a user by user basis, however sometimes that does not work. To fix the problem you need to disable ISAKMP monitoring at the “Head End”. Solution Enable via Command Line (see below for ASDM instructions) 1. Connect to the the firewall (see here for...
Cisco ASDM – Accessing with Ubuntu
KB ID 0000396 Dtd 11/02/11 Problem Even though I prefer to use command line, there are times I need to manage Cisco firewalls from the ASDM. To do this from my Netbook running Ubuntu 10.10 it was not as straight forward as I was used to. Solution In my scenario I’m using Ubuntu 10.10 Desktop Edition, Chrome as my browser, and the ASDM is running version 6.3(1). 1. Before we start I’m assuming you know what the ASDM is and...
Cisco ASA5500 Change the AnyConnect Port
KB ID 0000422 Problem AnyConnect runs over TCP port 443 (That’s HTTPS/SSL), but if you only have one public IP and need to forward that port to a web server or internal host then you are a bit snookered. You can of course change the port that AnyConnect runs over, so that it’s no longer on TCP port 443. Why you would NOT want to do this. Bear in mind that https is a well known port, and its open in most places for secure...