It is currently Sun Sep 23, 2018 7:57 pm

News News of Security/VPN

Site map of Security/VPN » Forum : Security/VPN


ASA 8.x: Renew and Install the SSL Certificate with ASDM

Introduction

The procedure in this document is an example and can be used as a guideline with any certificate vendor or your own root certificate server. Special certificate parameter requirements are sometimes required by your certificate vendor, but this document is intended to provide the general steps required to renew an SSL certificate and install it on an ASA that uses 8.0 software.

Components Used

This procedure pertains to ASA versions 8.x with ASDM version ...
Read more : ASA 8.x: Renew and Install the SSL Certificate with ASDM | Views : 1891 | Replies : 0


Windows 8 and Cisco VPN

Are you having the same connection issue I was when trying to use the Cisco VPN client?

Here’s what the message looks like:

ciscoerror.png

Just to update, the legacy Cisco VPN client (5.0.07.0440 for x64, 5.0.07.0410 for x86) is working for some people. You need to apply a small workaround as explained below –

• Open Registry editor by typingregedit in Run prompt
• Browse to the Registry Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVirtA
• ...
Read more : Windows 8 and Cisco VPN | Views : 1576 | Replies : 0


Using Windows Server 2008 as a RADIUS Server for a Cisco ASA

Recently I needed to get a Cisco ASA 5510 to use a RADIUS Server on Server 2008 to authenticate Active Directory users for VPN access. The ASA was already configured to use a Server 2003 RADIUS server, so much of the below was just replicating the existing configuration on a 2008 server. I suspect many of the settings are less than ideal and some are unnecessary, but the below steps worked for now.

Components

    • ...
Read more : Using Windows Server 2008 as a RADIUS Server for a Cisco ASA | Views : 1399 | Replies : 0


"451 5.7.3 Cannot achieve Exchange Server authentication" Message Between 2 Exchange 2007 Servers

My situation

2 Exchange servers in 2 different sites, connected by Site-to-Site VPN with Cisco ASA's. The 2 Exchange servers could not talk to each other over SMTP.

If you open up the Queue Viewer, messages will be stuck in queue with the following error "451 5.7.3 Cannot achieve Exchange Server authentication......."

Also, if you telnet to the Exchange server on port 25, the response looks similar to the following:

    220*******************************************************0*2******0***********************
    2002*******2***0*00
This can ...


How To Generate CSR on Cisco ASA via CLI

http://www.bootstrap.net/archives/000106.html

You can complete the following procedure using ADSM but as usual is more straightforward to use the command line.

First, set the hostname and domain name so that your FQDN matches the ASA's name & domain.

Second, set the correct time. You must do this since the cert looks at the time/date.

Before you generate the certificate request you must create & authenticate a trustpoint (you will need the CA's public key for this.) ...
Read more : How To Generate CSR on Cisco ASA via CLI | Views : 1524 | Replies : 0


PIX/ASA - ADSM Error: Unconnected Sockets not Implemented

A recent update to Java Runtime V6 Update 10 or later will cause an error. There is a simple temporary solution to the problem.

When you get the error message:

“ASDM is unable to continue loading. Click OK to exit from ASDM.
Unconnected sockets not implemented.”

It will look something like this:

asdm-unconnected-sockets.jpg


Quick Solution:

Downgrade your Version of Java to provide support here Java Runtime V6 Update 7. Go to ...
Read more : PIX/ASA - ADSM Error: Unconnected Sockets not Implemented | Views : 1017 | Replies : 0


Cisco VPN client & Anywhere client Do's and don'ts

The Pix515/Pix515E will not work with the Cisco AnyConnect client. If the user has Windows Vista (32-bit) they can use the Cisco 5.x VPN client with their Pix515/515E appliance. If the user is running Windows Vista 64-bit then they have to use the AnyConnect client and the client must have and ASA firewall.
Read more : Cisco VPN client & Anywhere client Do's and don'ts | Views : 1047 | Replies : 0


Cisco Pix RA VPN Script

access-list nonat permit ip 192.168.0.0 255.255.0.0 172.16.1.0 255.255.255.0
nat 0 access-list nonat
ip local pool nbpdpool 172.16.1.1-172.16.1.100 mask 255.255.255.0
sysopt connection permit-ipsec
crypto ipsec transform-set nbpd esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set nbpd
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy ...
Read more : Cisco Pix RA VPN Script | Views : 936 | Replies : 0


Cisco ASA RA VPN Script

Remote Access VPN Script for ASA Firewalls
-----------------------------------------------------------------------------------

conf t
access-list 101 extended permit ip 192.168.100.0 255.255.255.0 192.168.101.0 255.255.255.0
access-list 101 extended permit ip 172.19.39.0 255.255.255.0 192.168.101.0 255.255.255.0
!
ip local pool ippool 192.168.101.1-192.168.101.50
!
nat (inside) 0 access-list 101
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 ...
Read more : Cisco ASA RA VPN Script | Views : 1134 | Replies : 0


Cisco ASA L2L Tunnel Script

conf t

access-list 100 extended permit ip SummitNetwork 255.255.0.0 172.29.3.0 255.255.255.0
!
access-list outside_560_cryptomap extended permit ip SummitNetwork 255.255.0.0 172.29.3.0 255.255.255.0
!
nat (inside) 0 access-list 100
!
crypto ipsec transform-set RM esp-3des esp-sha-hmac
!
crypto map newmap 560 match address outside_560_cryptomap
crypto map newmap 560 set peer Sydney
crypto map newmap 560 set transform-set RM
crypto map newmap interface outside
crypto isakmp identity address
crypto isakmp enable outside
!
crypto isakmp policy 30
authentication ...
Read more : Cisco ASA L2L Tunnel Script | Views : 1043 | Replies : 0


 

Login  •  Register


Statistics

Total posts 363 • Total topics 367 • Total members 43

cron