Browsing All Posts filed under »VPN«

Monitor IKE state on your VPN Gateways

November 13, 2018

0

Still we cannot find any freely available usefull IKE State Monitoring for our VPN Tunnels in 2018…thats bad. That’s why I have grabbed my laptop for a couple of sleepless nights and created from TIG Stack and Maxmind Geolite Free and with Python an IKE State Monitoring Tool. See the building blocks for that service […]

Query IPSEC VPNs with snmpwalk on Cisco ASA

May 5, 2014

3

The followings links can be used for the list of Cisco ASA SNMP MIBs. Cisco ASA SNMP MIBs: ftp://ftp.cisco.com/pub/mibs/supportlists/asa/asa-supportlist.html ftp://ftp.cisco.com/pub/mibs/v2/CISCO-IPSEC-FLOW-MONITOR-MIB.my OIDs Information page: http://www.mibdepot.com/cgi-bin/getmib3.cgi?win=mib_av&i=1&n=CISCO-IPSEC-FLOW-MONITOR-MIB&r=hp&f=ipsec-flow.mi2&v=v2&t=tree IKE SNMP Queries example 1. Check my IP in the firewall that terminates vpns. OID 1.3.6.1.4.1.9.9.171.1.2.3.1.3 OID NAME cikeTunRemoteValue OID Description The value of the local peer identity. If the local […]

Migrate Cisco ASA configuration, certificates and private keys

November 4, 2012

0

The fact I wrote this post is to clear what happens with the RSA keys if I move the whole configuration and certificates and their private keys to another firewall with the same IP Address. IF the IP has changed the migration ofthe certificate has not much sense if the certificate is based on IP. […]

Certficate renewal – how was it after years?

April 18, 2012

0

Actually you cannot renew an existing certificate, but you can generate a new one with the same subject and same mandatory fields. For that you have to generate a certificate request again within a new trustpoint and not with the old one. The issuer of the previous certificate should sign the new certificate request and […]

Export and import the trustpoint

March 16, 2012

0

To test something in a Lab with another firewall or migrate a whole VPN with certificate to another ASA firewall we have a possibility to migrate the certificate of the firewall to another one. To do it so easily on a Checkpoint firewall  will be always just a dream… The exported data holds the followings: […]

Certificate mapping to anyconnect tunnel-group II. – Special mapping

August 22, 2011

0

The users connects with Anyconnect client with IPSec to the ASA firewall. Lets say we have 2 Certificate Authorities (with the issuername IssuerA and IssuerB) and the users are mapped to tunnel-groups according to the issuer. A user called Terry Wood needs SSL as he works in a Hotel and the local proxy enables only […]

Certificate authentication and LDAP authorization with Anyconnect

July 15, 2011

2

This is a log analysis of a successful login with cisco Anyconnect. If the configuration is ready it is always useful to make a successful test with the system and raise the logging to the highest level in the meantime and save it before the first problem comes. It will come… From this log analysis […]