Posts Tagged ‘Cisco ASA’

ISAKMP (IKE Phase 1) Status Messages MM_WAIT_MSG#

I’ve been meaning to copy this back here but haven’t had the chance until now. I reference this so much, figured it’d have stuck in my mind by now… Anyway, this is one of the best resources for quick analysis troubleshooting of MM_WAIT_MSG errors on VPN tunnels for Cisco ASA / PIX from https://www.tunnelsup.com/isakmp-ike-phase-1-status-messages/. ISAKMP (IKE…

Read More

Warning, DHCP pool range is limited to 128 addresses

For all ASA models, the maximum number of DHCP client addresses varies depending on the license: If the limit is 10 hosts, the maximum available DHCP pool is 32 addresses. If the limit is 50 hosts, the maximum available DHCP pool is 128 addresses. If the number of hosts is unlimited, the maximum available DHCP…

Read More

Configure Cisco ASA to Capture Specific Port Traffic

On a Cisco ASA you can configure capturing of data to allow for deeper troubleshooting of issues. With the recent issue of the Heartbleed bug, I needed a way to capture HTTPS traffic and inspect remote hosts for the vulnerability. If the site was vulnerable, I would create a temporary block until that site patched.

Read More

Test Cisco ASA VPN Authentication

Had an issue with a user that was failing to log into the VPN from remote.  Couldn’t initially figure it out while at home while troubleshooting the authentication.  So here’s how to test authentication from the Cisco ASA CLI.

Read More