Subscribe:
RSS feed
-
Follow
Following
Already have a WordPress.com account? Log in now.
Normally I do not write about new releases from security product manufacturers, but this Cisco ASA version resolves some disadvantages against Checkpoint. IT IS And I would be glad to test those since I am a Cisco fun :-) The HW models are all supported, the question is if the features make it too: … […]
November 4, 2012
The fact I wrote this post is to clear what happens with the RSA keys if I move the whole configuration and certificates and their private keys to another firewall with the same IP Address. IF the IP has changed the migration ofthe certificate has not much sense if the certificate is based on IP. […]
April 18, 2012
Actually you cannot renew an existing certificate, but you can generate a new one with the same subject and same mandatory fields. For that you have to generate a certificate request again within a new trustpoint and not with the old one. The issuer of the previous certificate should sign the new certificate request and […]
March 16, 2012
To test something in a Lab with another firewall or migrate a whole VPN with certificate to another ASA firewall we have a possibility to migrate the certificate of the firewall to another one. To do it so easily on a Checkpoint firewall will be always just a dream… The exported data holds the followings: […]
August 22, 2011
The users connects with Anyconnect client with IPSec to the ASA firewall. Lets say we have 2 Certificate Authorities (with the issuername IssuerA and IssuerB) and the users are mapped to tunnel-groups according to the issuer. A user called Terry Wood needs SSL as he works in a Hotel and the local proxy enables only […]
July 17, 2011
In the old version of cisco firewalls – Version 6.x – it was not possible to disable nat control. After that cisco gave us the possibility to control it on our own with the command nat-control. This year in Version 8.3 not only the command nat-control, but the commands global, static and alias were deleted […]
July 15, 2011
I try to configure the ASA to find the tunnel for anyconnect users according the certificate details. The command look like following: firewall(config)# crypto ca certificate map <certificate-map-name> <sequencenumber> Where the sequencenumber is the Sequence to insert into certificate map entry firewall(config)# webvpn firewall(config-webvpn)# certificate-group-map <certificate-map-name> <certificate-map-index> <tunnel-group name> Where the certificate-map-index is the index […]
March 9, 2011
With the following configuration and with sufficient license we should be able to connect to our Cisco ASA firewall with Cisco Anyconnect and with the new Anyconnect Secure Mobility Client (the first Cisco IKEv2 client) and with the old Cisco VPN client with IKEv1, that is natively supported on some Apple devices, like an IPad. […]
December 13, 2010
RA VPN timeouts 1. Session timeouts 2. IPSec SA lifetimes 3. ISAKMP lifetimes and Nat-T keepalive interval 4. Timeout in the group policy 5. DPD timeouts. 1. Session timeouts As the VPN may go through many Firewall till it reaches the VPN gateway it can happen that the session is broken before the timouts here […]
itsecworks 
February 15, 2013
1