Tuesday 17 May 2022

Use windows DHCP server instead of IP pool for cisco anyconnect on cisco ASA

Connect to your anyconnect so you can see what tunnels/profiles are enabled

Use "show run tun" to see your tunnel config


Re-enable anyconnect

  • Disable anyconnect (so pool is not in use)
webvpn
no enable OUTSIDE

  • Remove the pool from the tunnel-group
tunnel-group STAFF general-attributes

no address-pool STAFF-POOL

  • Install enntry in the ‘Tunnel-Group’ for your AnyConnect

dhcp-server 10.60.1.6 10.60.1.7


  • Install entry in the AnyConnect ‘Group-Policy’ as well.

group-policy GP-STAFF attributes

dhcp-network-scope 10.60.6.0


  • Remove pool if no longer in use

no ip local pool STAFF-POOL


https://www.petenetlive.com/KB/Article/0001050


Posted by at No comments:
Labels: , , ,

post network change testing list

Customers don't test properly after network changes a general list which might help:

Test

  • Internet
  • Remote access (anyconnect etc)
  • Email
  • Phones (Internal->Internal, Int->Ext, Ext->Int)
  • Teams/Webex/other IM
  • Intranet / Other internal sites
  • Windows file shares
  • Core
  • Wifi networks ?
  • Printers
  • other 3rd party web apps
  • Other remote access via S2S VPN / Wireless radio / MPLS etc

Posted by at No comments:

Friday 13 May 2022

Change the mgmt IP on FTD with minimal impact

Update mgmt IP on FTD


1. Disable management of the device in FMC. Do that via Device Management > edit the Device > Device tab > move slider next to management section.

2. Change the address on the device directly using "configure network ..." command from the cli.

3. Edit the management address in FMC from the same place you disabled management. Then move the slider back to enable management.

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)