Cisco ASA 5500 – Using a Third Party Digital Certificate
(For Identification, AnyConnect, and SSL VPN) KB ID 0000694 Problem A client asked me how to do this, so off I went to the test bench to work it out. Note: I’m this example In going to submit the request to, and issue the certificate from, my own windows domain certificate authority, you would send your request to a third party certificate authority, here’s a direct link to the certificate type you require. To use your own...
Cisco ASA – Disable SSLv3 (Force TLSv1.0) – Mitigate POODLE
KB ID 0001052 Problem By default the Cisco ASA will allow connection via SSLv3. The POODLE exploit works by forcing SSL to fall back to SSLv3 and then decrypting that communication. However you are still not completely protected as per this Threat Validation, so the ASA platform can still be attacked via TLSv1.0. Note: At time of writing TLSv1.2 is not supported, but it is on the road-map for version 9.3(2). So this procedure will not...
Cisco AnyConnect Error “The VPN client driver has encountered an error”
KB ID 0000347 Problem I rolled out AnyConnect for a client this week, and saw this error on one of the clients. Error Reads: The VPN client driver has received an error. Solution A quick search of web forums etc, sent me all over the place, the most promising link told me to do the following, Repair This issue is due to Cisco bug ID CSCsm54689 (registered customers only) . In order to resolve this issue, make sure that Routing and...
Cisco ASA5500 Change the AnyConnect Port
KB ID 0000422 Problem AnyConnect runs over TCP port 443 (That’s HTTPS/SSL), but if you only have one public IP and need to forward that port to a web server or internal host then you are a bit snookered. You can of course change the port that AnyConnect runs over, so that it’s no longer on TCP port 443. Why you would NOT want to do this. Bear in mind that https is a well known port, and its open in most places for secure...
Cisco AnyConnect – Essentials / Premium Licenses. Explained
KB ID 0000628 Problem Note: With Anyconnect 4 Cisco now use Plus and Apex AnyConnect licensing. When Cisco released the 8.2 version of the ASA code, they changed their licensing model for AnyConnect Licenses. There are two licensing models, Premium and Essentials. Solution Cisco ASA AnyConnect Premium Licenses. You get two of these free with your firewall*, with a ‘Premium License’ you can use the AnyConnect client...