Cisco ASA – Cannot Get To Enable Mode?
KB ID 0001105 Problem After setting up some firewalls last week I quickly jumped on them whilst VPN’d into the my work network to make sure I’d be able to log into and administer them remotely via SSH, and ASDM (in case anyone else wanted to use it). SSH gave me the new certificate prompt and logged me in, ADSM logged in. I left site a happy chap. I went to login today via SSH and I could logon fine but I could not get to...
Cisco ASA – Cannot Enable Third Party Certificate (9.4 and later)
KB ID 0001106 Problem I installed a third party certificate for a client on their ASA (from Digicert). And followed my usual procedure. I enabled it on the outside interface and tested AnyConnect, it wasn’t working. The ASA refused to present anything other than its self signed certificate. Solution This is because after 9.4 the ASA will automatically present a certificate that has an elliptical curve cipher. Even if the ASA has...
Cisco ASA (acl-drop) Flow is Denied by Configured Rule
KB ID 0001108 Problem Packet-tracer is a brilliant troubleshooting tool, but sometimes interpreting the output proves to be more difficult that actually fixing the problem. If your output fails at the access-list section this is the sort of thing you will see; Petes-ASA# packet-tracer input inside tcp 10.2.2.10 80 123.123.123.123 80 —-Output removed for the sake of brevity— Type: ACCESS-LIST Subtype: Result: DROP Config:...