Go to the top

VPN

AnyConnect
Thursday / Aug 02, 2018 /

Importing SSL Key and Certificate on ASA for Anyconnect – CLI

Ziaul / Network Security, VPN /

Below are the steps to successfully import and use third party SSL certificate on ASA for Clientless SSLVPN and the AnyConnect client connections. Its fairly simple when the key is generated and CSR requested from ASA and then 3rd party certificate is imported. The steps below would focus the situation where the certificate already exists […]

Continue reading
VPN_Preempt
Thursday / Jan 11, 2018 /

Cisco ASA VPN failover & Preempt

Ziaul / ASA, Cisco, VPN /

In a situation where VPN failover feature on same encryption domain and preempt feature is needed, the following solution can be used. This is done using EEM script and supported from IOS 9.2+. Embedded Event Manager (EEM) feature enables debugging problems and provides general purpose logging for troubleshooting. The EEM responds to events in the […]

Continue reading
IKE Phase1 Negitiation MSGs
Sunday / Feb 21, 2016 /

Troubleshooting IKEV1 (ISAKMP) – Phase 1 of Site-To-Site (L2L) VPNs

Ziaul / ASA, Cisco, VPN /

Troubleshooting a site-to-site VPN tunnels that is not working can be a difficult task, luckily most VPN appliances provide ample debugging information to diagnose the issue. When viewing this debugging information, a good set of steps can be taken to isolate the exact issue. Each functional VPN Tunnel consists of two tunnel processes, Phase 1 […]

Continue reading
SSL_VPN
Wednesday / Feb 10, 2016 /

Configuring Cisco Anyconnect over SSL on ASA 8.4+ & LDAPS Auth – CLI

Ziaul / ASA, Cisco, VPN /

Prerequisites for tidy implementation: A DNS record mapped to the outside IP address of the ASA firewall.(For example: access.example.co.uk) SSL Certificate installed on the ASA firewall for this domain name, ideally from 3rd party supplier. Appropriate type and number of anyconnect licenses are installed on the ASA. By default 2 licenses are available on base […]

Continue reading