Configuration of Site to Site VPN with ASAv using CLI

Steps to perform configuration of Site to Site VPN with ASAv using CLI Enable IKEv2 crypto ikev2 enable outside Create object for DR Site object network Site-DR subnet 20.20.8.0 255.255.255.0 Create an ACL to allow traffic from PROD to DR Site access-list ACL_S2S_DR extended permit ip object Site-RPOD object Site-DR Create a rule for traffic … Read moreConfiguration of Site to Site VPN with ASAv using CLI

Configure NAT in Cisco ASAv to publish internal server to Internet

Steps to configure NAT in Cisco ASAv to publish internal server to Internet ubuntu server – 10.10.8.10/24 Public IP Address – 121.121.43.52 Create an object for ubuntu server object network ubuntu_ssh host 10.10.8.10 Create an object group for TCP & UDP Ports object-group service ubuntu_service tcp port-object eq 22 port-object eq 443 Create Network Translation … Read moreConfigure NAT in Cisco ASAv to publish internal server to Internet

Restrict Cisco AnyConnect VPN login based on AD Group

You can restrict Cisco AnyConnect VPN login based on AD Group by following the steps below Create a Server Group (AD) for LDAP Authentication. aaa-server AD protocol ldap aaa-server AD (inside) host 172.16.1.115 ldap-base-dn dc=lab,dc=local ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password ***** ldap-login-dn Administrator@lab.local server-type microsoft Turn on Debug for ldap and verify the authenitcation to … Read moreRestrict Cisco AnyConnect VPN login based on AD Group

Let’s Encrypt SSL Certificate for Cisco AnyConnect VPN

Please refer to the steps to apply Let’s Encrypt SSL Certificate for Cisco AnyConnect VPN Applied Let’s Encrypt SSL Certificate for Cisco AnyConnect VPN Convert the PFX file to base64 using MaboXterm openssl base64 -in cert.pfx > cert.base64 #View the content of cert.base64 cat cert.base64 Import the Let’s Encrypt SSL Wildcard Certificate to Cisco ASA … Read moreLet’s Encrypt SSL Certificate for Cisco AnyConnect VPN

Cisco AnyConnect VPN with CLI

Refer to the steps below on how to configure Cisco AnyConnect VPN with CLI Download TFTP Server and install on your workstation Download Cisco AnyConnect WebDeploy Client (anyconnect-win-4.6.03049-webdeploy-k9.pkg) from Cisco.com Transfer to Cisco AnyConnect to Flsh via TFTP Server ciscoasa# copy tftp flash Address or name of remote host []? 172.16.1.115 Source filename []? anyconnect-win-4.6.03049-webdeploy-k9.pkg … Read moreCisco AnyConnect VPN with CLI

Cisco ASA Firewall – diffie-hellman-group1-sha1

You will get the following error message when SSH to Cisco ASA 5506X Unable to negotiate with 121.121.43.52: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 There is two (2) solutions to overcome this issue A. Connecting to Cisco ASA 5506X with addtional parameter from SSH Client ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@121.121.43.52 B. Change the group1-sha1 … Read moreCisco ASA Firewall – diffie-hellman-group1-sha1