Cisco ASA Site to Site VPN’sSite to Site ISAKMP VPN (Main Mode)
Nov17

Cisco ASA Site to Site VPN’sSite to Site ISAKMP VPN (Main Mode)

KB ID 0000213 Problem As with most things, before you have a hope of fixing something, you will stand a better chance if you know how it works in the first place. Below is a quick run though of what’s happening with your site to site VPN’s and how they work. For the entire process we will have two Cisco ASA 5500 firewalls and a site to site VPN. Solution What’s an Initiator and a Responder? 1. Our Laptop 192.168.1.50...

Read More
Troubleshooting Phase 1 Cisco Site to Site (L2L) VPN Tunnels
Nov17

Troubleshooting Phase 1 Cisco Site to Site (L2L) VPN Tunnels

KB ID 0000216 Problem Site to Site VPN’s either work faultlessly straight away, or involve head scratching and a call to Cisco TAC, or someone like me to come and take a look. If I’m honest, the simplest and best answer to the problem is “Remove the Tunnel from both ends and put it back again”. Just about every VPN tunnel I’ve put in that did not work, was a result of my fat fingers putting in the wrong...

Read More
Troubleshooting Phase 2 Cisco Site to Site (L2L) VPN Tunnels
Nov17

Troubleshooting Phase 2 Cisco Site to Site (L2L) VPN Tunnels

KB ID 0000625  Problem It’s been over two years since I wrote Troubleshooting Phase 1 Cisco Site to Site (L2L) VPN Tunnels. I’ve always meant to come back and write the ‘Phase 2’ article but never got around to it. This article is NOT intended to be a ‘fix all” for phase 2 problems, it’s designed to point you in the right direction to locate the source of the problem. Solution Here’s my...

Read More
Cisco IOS – Enrolling for Certificates with NDES
Nov17

Cisco IOS – Enrolling for Certificates with NDES

KB ID 0000948 Problem To get your Cisco Router or Switch to enroll, and obtain a certificate from a Windows Server running NDES, this is the procedure you need to follow. Solution When dealing with certificates, it’s important that your device is maintaining the correct time. You can set this manually, but I’d recommend setting up NTP. Setting IOS Time (Manually and via NTP) 1. Choose either of the options below, (as...

Read More
Cisco ASA 5500 Client VPN Access Via Kerberos (From CLI)
Nov17

Cisco ASA 5500 Client VPN Access Via Kerberos (From CLI)

KB ID 0000049 Problem You would like to enable remote access for your clients using the Cisco VPN Client software. Solution Before you start – you need to ask yourself “Do I already have any IPSEC VPN’s configured on this firewall?” Because if its not already been done, you need to enable ISAKMP on the outside interface. To accertain whether yours is on, or off, issue a “show run crypto isakmp”...

Read More