I am using Cisco ASAv asa992-smp-k8.bin Generate RSA from Centos ssh-keygen -t rsa -b 2048 I rename this asymmetric keys as cisco_id_rsa. Then I get the contents of cisco_id_rsa.pub. Exclude the ssh-rsa and the username@hostname, only get the key and copy and paste to the cisco asa. See the screenshot on the highlighted portion. On … Continue reading [cisco]Public key authentication on Cisco ASA
For this lab I am using Firepower Threat Defence version 6.3 (FTD) and Firepower Management Center 6.3 (FMC). The FTD is a next generation firewall that does IPS/IDS, URL filtering and traditional firewall, the FTD itself can be managed individually with its own FTD manager, however it can also be managed with FMC. The IPS/IDS … Continue reading [cisco]Cisco Firepower lab setup
Tufin securetrack is monitoring the device groups from Panorama, in the dashboard you saw the status is device connected, however when you go to Settings > administration > status, the device group is amber and the status is Error:Unable to get configuration. Usually is because the Palo Alto Firewall is disconnected from Panorama. Login to … Continue reading [Tufin]Error:Unable to get configuration
this is for new setup.
The iPad native vpn client supports ikev2. I have searched many documents in the internet and most of them are example for site-to-site, very few useful documentation about remote access vpn with ipsec using ikev2 perhaps for remote access ssl vpn is more convenient and popular. So here's the sample config. The config use certificate … Continue reading Config example for ipsec vpn with iPad native vpn client
Topology Lab Objective Linux 7 and Linux 8 are within the same subnet, however all initiated traffic towards Linux 8 must be blocked. Linux 8 is allowed to access to all destination. ASAv Setup Change ASAv1 and ASAv2 into transparent firewall firewall transparent 2. Configure failover on ASAv1 as primary !one of the interface will be … Continue reading Transparent firewalling with Cisco ASAv
Introduction I was following a guide on how to create a custom location of the crl and got stuck when trying to publish the CRL, the error is Access is denied 0x80070005. Apparently even my CA has full control of the directory and NTFS permission the publishing is denied. It turns out that I need … Continue reading Access is denied when publishing CRL