An Ansible playbook for dynamically determining whether an ASA has multiple contexts and backing up the running configuration accordingly.
This post on CSC caught my attention and reminded me of the challenges thrown up whilst working my first IT job at a charity. Typically trying to stitch together enterprise solutions for the bare minimum price. At time of writing to two replies to the post come in at $700 (C881W) and $670 (MX64W). The... Continue Reading →
This configuration details how to setup an SSL VPN in 'tunnel mode' on a router running v15 IOS. Such a configuration could be run implemented on a small to mid-size remote site utilising an ISR router. Firstly install the AnyConnect package onto the router: ! webvpn install svc flash:/anyconnect-linux-64-4.2.01035-k9.pkg sequence 1 ! Confirm the package... Continue Reading →
I recently upgraded the IPSec tunnel running between a customer site and my ASA used for SNMP monitoring. The same customer was also having ADSL2 issues at another site so a spare ISR G1 (1841) router from my lab was deployed. Problem with the first generation ISR is that they do not support IKEv2. This... Continue Reading →
I'm a big fan of the ASA 5505 and deploy them in various scenarios, so I am regularly sourcing them off ebay and upgrading them. They supposedly take 148pin DDR 400MHz modules, but not all are alike. Below is a table showing the compatibles that I have found: ConfirmedCisco partManf.P/NdetailvoltageCAS latencymemory timingASA v02ASA v03ASA v04ASA... Continue Reading →
The first step is to configure the ASA to Web-deploy the AnyConnect Client. Prior to version 8.0(2) it was necessary to configure WebVPN to listen on a different port to the ASDM client. This is no longer the case. ciscoasa(config)# webvpn ciscoasa(config-webvpn)# port 443 ciscoasa(config-webvpn)# enable outside ciscoasa(config-webvpn)# anyconnect image disk0:/anyconnect-win-3.1.04066-k9.pkg ciscoasa(config-webvpn)# anyconnect enable ciscoasa(config-webvpn)#... Continue Reading →
The Point-to-Point Tunnelling Protocol is a VPN implementation created by Microsoft to allow remote users access to secured networks via a PPTP server. Two protocols are used; a TCP control channel on port 1723 and a GRE tunnel to encapsulate the PPP packets. The ASA uses packet inspection to detect the control packets and allow... Continue Reading →
This is a real world scenario where I needed to route traffic from a private subnet via secondary router when a particular set of servers on a secure external network needed to be accessed.All three VLANs on the ASA were private subnets so NAT had been configured to allow traffic to be routed correctly. !... Continue Reading →