Anyconnect 4.x to use SHA 256

Anyconnect 4.x to use SHA 256

  March 30, 2016    Raj

---

I want my any-connect to use SHA2 or SHA256 when it negotiates. How do I go about that?

Answer: use the below ciphers:

  ssl cipher tlsv1.2 custom "AES256-SHA256:AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA:RC4-SHA"


I am unable to connect using any-connect 3.x, I get an error message : Unable to reach host / verify internet connectivity.

Answer: 
Check "sh run all ssl"
make sure you have "ssl server-version tlsv1" This means that ASA supports tlsv1 and above.  Because any-connect 3.x does not support tlsv1.1 and 1.2.

Read More

How to boot ASA from/using TFTP

How to boot ASA from/using TFTP

  March 29, 2016    Raj

---

So you have issue with your flash memory and ASA is unable to pick the image from flash.
It goes into a booting loop but never boots up.

You can now boot using a TFTP server.

IP address that you want to assign to ASA:

ADDRESS=10.197.222.100


IP Address of TFTP Server:
SERVER=10.197.161.160

Default gateway IP address:
GATEWAY=10.197.222.1

Image path or name:
IMAGE=asa961-smp-k8.bin

On which port do you want to assign IP address on ASA:
PORT=Gi0/0

Enter this command to start download process: tftpdnld
==============

All the commands at once:


ADDRESS=10.197.222.100
!
SERVER=10.197.161.160
!
GATEWAY=10.197.222.1
!
IMAGE=asa961-smp-k8.bin
!
PORT=Gi0/0
!
set
!
tftpdnld

Read More

Port forwarding on ASA

Port forwarding on ASA

  March 21, 2016    Raj

---

 I need to access a resource from outside world that is in my private network at port 5900 using ASA's public IP.

object service port_vnc

service tcp source eq 5900
!
nat (inside,outside) source static obj_192.168.1.11 interface destination static any_1 any_1 service port_vnc port_vnc

Read More