Cisco ASA5500 Change the AnyConnect Port
KB ID 0000422 Problem AnyConnect runs over TCP port 443 (That’s HTTPS/SSL), but if you only have one public IP and need to forward that port to a web server or internal host then you are a bit snookered. You can of course change the port that AnyConnect runs over, so that it’s no longer on TCP port 443. Why you would NOT want to do this. Bear in mind that https is a well known port, and its open in most places for secure...
AnyConnect – “Error Contacting Host”
KB ID 0000555 Problem I was creating some “Bookmarks” on a client’s AnyConnect web portal last week. They were simply CIFS links to shared folders on his servers so he could access them remotely from his Android tablet PC’s. However every time I clicked a link I got this error; Solution A bit of searching later and I found that in the release notes for version 8.0(4) this was a known problem that had been...
Cisco AnyConnect Error – ‘The client could not connect because of a secure gateway address failure. Please verify Internet connectivity and server address’
KB ID 0000558 Problem Seen when trying to use the AnyConnect client to connect to your Cisco Device. Error: Cisco AnyConnect The client could not connect because of a secure gateway address failure. Please verify Internet connectivity and server address. Solution Note: Common sense dictates, make sure you actually have internet connectivity first! Essentially this is caused because the AnyConnect client wants to connect to the...
Cisco AnyConnect – Essentials / Premium Licenses. Explained
KB ID 0000628 Problem Note: With Anyconnect 4 Cisco now use Plus and Apex AnyConnect licensing. When Cisco released the 8.2 version of the ASA code, they changed their licensing model for AnyConnect Licenses. There are two licensing models, Premium and Essentials. Solution Cisco ASA AnyConnect Premium Licenses. You get two of these free with your firewall*, with a ‘Premium License’ you can use the AnyConnect client...
Cisco ASA – Configuring for NTP
KB ID 0000608 Problem With NTP, there will be two things you want to do, 1) Allow a device behind the ASA to take its time from a public NTP server, and 2) Set the ASA to take its system time from a public NTP sever (for accurate date stanps on the logs, and for time critical things like Kerberos authentication.) Solution Allow internal host(s) to get system time though the firewall. 1. Connect to the ASA, go to “enable...