Configuration of Site to Site VPN with ASAv using CLI

Steps to perform configuration of Site to Site VPN with ASAv using CLI Enable IKEv2 crypto ikev2 enable outside Create object for DR Site object network Site-DR subnet 20.20.8.0 255.255.255.0 Create an ACL to allow traffic from PROD to DR Site access-list ACL_S2S_DR extended permit ip object Site-RPOD object Site-DR Create a rule for traffic … Read more

Configuration of Cisco ASAv with CLI

We had build a lab to understand on how to perform Configuration of Cisco ASAv with CLI Lab enviroment with a Single ESXi 6.7 Host – 1 x VYOS Router with 3 x Interface – 2 x Cisco ASAv with 2 x Interface – 2 x Workstations A. Provisioning of VYOS Router Basic Configuration of … Read more

Restrict Cisco AnyConnect VPN login based on AD Group

AAA Group for LDAP Authentication LDAP Attribute Maps New Group Policy – gp_NO-ACCESS Change the Default Group Policy to Tunnel Group Assign ldap-attribute-map to AAA Group Cisco AnyConnect VPN login based on AD Group – Member of VPN Group Cisco AnyConnect VPN login based on AD Group – Non-Member of VPN Group

Cisco AnyConnect VPN with CLI

Preparation of required components IP Pool for AnyConnect Client Enable Cisco AnyConnect VPN with CLI on outside interface Local User for AnyConnect VPN Split Tunnel Group Policy Connection Profile No NAT for AnyConnect Client Connect from Client Machine Appendix A. Stop the local user (vpn) from login to ADSM and CLI Access Lists for VPN … Read more

Cisco ASA Firewall – diffie-hellman-group1-sha1

You will get the following error message when SSH to Cisco ASA 5506X Unable to negotiate with 121.121.43.52: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 There is two (2) solutions to overcome this issue A. Connecting to Cisco ASA 5506X with addtional parameter from SSH Client ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 [email protected] B. Change the group1-sha1 … Read more