Binary Nature where the analog and digital bits of nature connect

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, 12 December 2009

SSL VPN configuration on Cisco ASA with AnyConnect VPN client

Posted on 21:46 by Unknown
This post will describe how to setup a Cisco Adaptive Security Appliance (ASA) device to perform remote access SSL VPN with the stand-alone Cisco AnyConnect VPN client. I followed a few tutorials on the web (including a couple of examples from the Cisco website), but I failed to implement a complete solution. The following recipe has been thoroughly tested and verified.




Ingredients used for the recipe:
  • Cisco 5500 Series ASA that runs software version 8.0(2)
  • Cisco AnyConnect SSL VPN client version for Windows 2.3.0254

1. Copy AnyConnect package to the Cisco ASA device
ciscoasa# copy tftp flash
Address or name of remote host ? 192.168.100.30
Source filename ? anyconnect-win-2.3.0254-k9.pkg
Destination filename [anyconnect-win-2.3.0254-k9.pkg]?

2. Create an IP address pool
ciscoasa(config)# ip local pool VPNPOOL 192.168.20.1-192.168.20.100 mask 255.255.255.0

3. Enable and configure WebVPN
ciscoasa(config)# webvpn
ciscoasa(config-webvpn)# enable outside
ciscoasa(config-webvpn)# svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1
ciscoasa(config-webvpn)# tunnel-group-list enable
ciscoasa(config-webvpn)# http redirect outside 80
ciscoasa(config-webvpn)# svc enable

4. Create access-list entries that allow traffic between the inside and remote users and also an entry for the split tunnel
ciscoasa(config)# access-list VPN-EXEMPT-NAT permit ip 192.168.100.0 255.255.255.0 192.168.20.0 255.255.255.0
ciscoasa(config)# access-list SPLIT-TUNNEL standard permit 192.168.100.0 255.255.255.0

5. Verify sysopt command is enabled
ciscoasa(config)# sysopt connection permit-vpn

6. Configure a group policy
ciscoasa(config)# group-policy CLIENTGROUP internal
ciscoasa(config)# group-policy CLIENTGROUP attributes
ciscoasa(config-group-policy)# dns-server value 192.168.100.10
ciscoasa(config-group-policy)# vpn-tunnel-protocol svc
ciscoasa(config-group-policy)# group-lock value SSLGROUP
ciscoasa(config-group-policy)# split-tunnel-policy tunnelspecified
ciscoasa(config-group-policy)# split-tunnel-network-list value SPLIT-TUNNEL
ciscoasa(config-group-policy)# webvpn
ciscoasa(config-group-webvpn)# svc keep-installer installed
ciscoasa(config-group-webvpn)# svc rekey time 30
ciscoasa(config-group-webvpn)# svc rekey method ssl
ciscoasa(config-group-webvpn)# svc ask none default svc

7. Create a new user account
ciscoasa(config)# username ssluser1 password ssluser1

8. Configure a tunnel group
ciscoasa(config)# tunnel-group SSLGROUP type remote-access
ciscoasa(config)# tunnel-group SSLGROUP general-attributes
ciscoasa(config-tunnel-general)# address-pool VPNPOOL
ciscoasa(config-tunnel-general)# default-group-policy CLIENTGROUP
ciscoasa(config-tunnel-general)# tunnel-group SSLGROUP webvpn-attributes
ciscoasa(config-tunnel-webvpn)# group-alias SSL-VPN enable

9. Configure PAT and enable NAT exemption for the VPN clients
ciscoasa(config)# global (outside) 1 interface
ciscoasa(config)# nat (inside) 1 0.0.0.0 0.0.0.0
ciscoasa(config)# nat (inside) 0 access-list VPN-EXEMPT-NAT

Read More
Posted in Cisco | No comments

Saturday, 21 November 2009

Ubuntu TFTP

Posted on 13:39 by Unknown
Setup a TFTP server, on Ubuntu 8.10, for Cisco device configuration backups.

#Install atftpd
$ sudo apt-get install atftpd

#Configure atftpd as a separate server and modify tftpboot location
$ sudo vim /etc/default/atftpd

Change the following:
USE_INETD=true -> USE_INETD=false
/var/lib/tftpboot -> /srv/tftpboot
Save and exit file.

#Run this command to refresh changes
$ sudo invoke-rc.d atftpd start

#Create and configure tftpboot directory
$ sudo mkdir -p /srv/tftpboot
$ cd /srv
$ sudo chmod -R 777 ./tftpboot
$ sudo chown -R nobody ./tftpboot

#Restart atftpd daemon
$ sudo /etc/init.d/atftpd restart

#Test the configuration from a Cisco device
ciscoasa# copy startup-config tftp

#Verify file transfer from Cisco device
$ ls -l /srv/tftpboot
Read More
Posted in Linux | No comments

Sunday, 25 October 2009

First Post!!!

Posted on 15:23 by Unknown
I thought I would submit my solution for the FizzBuzz test. I've used PowerShell and VBScript for the solution since the majority of my "dev" work is Windows sysadmin scripting.

FizzBuzz for PowerShell:
001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
for ($i = 1; $i -le 100; $i++)
{
    if (($i % 3 -eq 0) -and ($i % 5 -eq 0)) 
    { 
        Write-Host "FizzBuzz" 
    }
    elseif ($i % 3 -eq 0) 
    { 
        Write-Host "Fizz" 
    }
    elseif ($i % 5 -eq 0) 
    { 
        Write-Host "Buzz" 
    }
    else { $i }
}

... and VBScript:
001
002
003
004
005
006
007
008
009
010
011
012
013
Dim i

For i = 1 To 100
    If ((i Mod 3 = 0) And (i Mod 5 = 0)) Then
        WScript.Echo "FizzBuzz"
    ElseIf (i Mod 3 = 0) Then
        WScript.Echo "Fizz"
    ElseIf (i Mod 5 = 0) Then
        WScript.Echo "Buzz"
    Else
        WScript.Echo i
    End If
Next

Read More
Posted in | No comments
Newer Posts Home
Subscribe to: Comments (Atom)

Popular Posts

  • Cisco ASA SSL VPN with Active Directory
    There is little doubt the bring-your-own-device (BYOD) strategy is becoming a popular method to access company resources. As technical prof...
  • PowerShell Function for Windows System Memory Statistics
    Memory is one of the four primary hardware resources an operating system manages. The other three are cpu, disk, and network. Analysis of sy...
  • Integrate VMware Fusion with GNS3 on your Mac
    At long last, we can finally integrate VMware Fusion with GNS3. VMware Workstation for Windows and Linux has had this capability for quite s...
  • Configure Inter-VLAN routing on a Cisco L3 Catalyst Switch
    I recently had to configure inter-VLAN routing at a client's site. I don't have to perform this task on a regular basis, so I figur...
  • SSL VPN configuration on Cisco ASA with AnyConnect VPN client
    This post will describe how to setup a Cisco Adaptive Security Appliance (ASA) device to perform remote access SSL VPN with the stand-alone ...
  • Enable sudo for RHEL and CentOS
    Sudo is an arguably safer alternative to logging in (or using the su command) to the root account. Sudo allows you to partition and delegat...
  • Get Exchange Server Version and Update Info with PowerShell
    I prefer not to "reinvent the wheel", so I spent quite a bit of time searching the web for available code that would perform the t...
  • Cisco Security Device Manager on the Mac
    Cisco Router and Security Device Manager (SDM) is a Web-based device-management tool that enables you to deploy and manage the services on a...
  • Install Request Tracker 4 on Ubuntu Server
    The CentOS6/RT4 blog post has generated terrific feedback, so I figure an Ubuntu (and Debian) distribution port is essential. The core com...
  • Install Request Tracker 4
    The argument could be made Request Tracker is the de facto standard when it comes to issue tracking systems. Maybe the only drawback of RT ...

Categories

  • AD
  • Apache
  • AWS
  • Cisco
  • Exchange
  • FFmpeg
  • GNS3
  • Linux
  • Mac
  • MariaDB
  • MySQL
  • PowerShell
  • RT
  • Security
  • SSH
  • VMware
  • Windows
  • Zenoss

Blog Archive

  • ►  2013 (8)
    • ►  October (1)
    • ►  September (1)
    • ►  August (1)
    • ►  May (1)
    • ►  April (1)
    • ►  March (1)
    • ►  February (1)
    • ►  January (1)
  • ►  2012 (3)
    • ►  December (1)
    • ►  November (1)
    • ►  April (1)
  • ►  2011 (3)
    • ►  June (1)
    • ►  May (2)
  • ►  2010 (8)
    • ►  August (1)
    • ►  July (1)
    • ►  June (1)
    • ►  May (1)
    • ►  April (1)
    • ►  March (1)
    • ►  February (1)
    • ►  January (1)
  • ▼  2009 (3)
    • ▼  December (1)
      • SSL VPN configuration on Cisco ASA with AnyConnect...
    • ►  November (1)
      • Ubuntu TFTP
    • ►  October (1)
      • First Post!!!
Powered by Blogger.

About Me

Unknown
View my complete profile