Cisco ASA Domain Authentication and Trust (Allowing)
May08

Cisco ASA Domain Authentication and Trust (Allowing)

ASA Domain Authentication KB ID 0000973  Problem I cringed this morning when I was asked about this, last time I had to get a client to authenticate to a domain through a firewall, it was ‘entertaining’. The problem is Windows loves to use RPC, which likes to use random ports, so to make it work you either had to open TCP ports 49152 and 65535 (Yes I’m Serious). Or you had to registry hack all your domain controllers...

Read More
You were not connected because a duplicate name exists on the network
Jan17

You were not connected because a duplicate name exists on the network

Duplicate name exists KB ID 0000991  Problem I hadn’t seen this myself but it was asked in a forum the other day so I replicated it on the test bench. You were not connected because a duplicate name exists on the network. Go to System in Control Panel to change the computer name and try again. or You were not connected because a duplicate name exists on the network. If joining a domain, go to System in Control Panel to change...

Read More
Fortigate: Cannot Ping an Interface?
Nov25

Fortigate: Cannot Ping an Interface?

KB ID 0001718 Problem With other firewall vendors (i.e. Cisco) you can ping any interface you are ‘directly connected to’. With Fortigate however you cannot (by default). That’s not the end of the world you can check connectivity using ARP (see below) which is what really cool network techs do instead! But if you want to be able to ping an interface (even for a short period of time). Here’s how to do it....

Read More
Cisco Firewalls and PING
Aug01

Cisco Firewalls and PING

KB ID 0000351 Problem With regards to Ping, out of the box a Cisco firewall will allow you to ping the interface you are connected to, so in a normal setup inside clients can ping the inside interface, and the firewalls outside interface can be pinged from outside. OK – to understand pinging through a Cisco Firewall you need to understand that Ping is part of the ICMP protocol suite, and unlike other protocols is not “connection...

Read More
Mac OSX – Testing Packet Fragmentation Over VPN
Jun15

Mac OSX – Testing Packet Fragmentation Over VPN

KB ID 0001204  Problem Many moons ago I wrote a post about a problem where I had no RDP over a VPN connection, and all the hoops I jumped though to troubleshoot and fix the problem. Today I had a similar problem, I was connected to a client via Cisco AnyConnect, and I had hair-pinned that traffic, from the client site, over an IPSEC VPN to their servers in the Data Center. Pings were successful, but not RDP.  To be honest this affects...

Read More