Cisco Anyconnect Error : “The AnyConnect package on the secure gateway could not be located.“

Error: Cisco AnyConnect VPN Client The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again.

Solution :

You have to upload or locate Anyconnect .pkg file on the ASA.

1. Login to ASA via CLI and in config mode give below commands

webvpn
 enable outside
 anyconnect image disk0:/anyconnect-win-4.2.00096-k9.pkg 

Note : You need to upload the appropriate .pkg file to ASA before giving above command .You can also check the anyconnect pkg file in ASA using #show disk0: command

 asa1/act/pri# show disk0:
--#--  --length--  -----date/time------  path
   175  6487517     May 22 2014 12:49:30  anyconnect-macosx-i386-2.5.2014-k9.pkg
  176  6689498     May 22 2014 12:49:30  anyconnect-linux-2.5.2014-k9.pkg
  177  4678691     May 22 2014 12:49:32  anyconnect-win-2.5.2014-k9.pkg
   179  38191104    Feb 03 2016 16:34:36  asa912-smp-k8.bin
   184  23374256    Feb 21 2016 10:42:28  asdm-716.bin
  191  69285888    May 19 2016 13:29:32  asa942-smp-k8.bin
  192  18989375    May 22 2016 10:49:54  anyconnect-win-4.2.00096-k9.pkg <-- This file is used in this example
  193  25819140    May 23 2016 12:23:32  asdm-761.bin
  196  84805632    Aug 17 2017 10:49:16  asa963-1-smp-k8.bin
  197  26916144    Aug 17 2017 10:50:26  asdm-781-150.bin

2. To verify
Do a "show run webvpn" on your ASA to check the above.

asa1/act/pri# sh run webvpn
webvpn
 enable outside
 anyconnect image disk0:/anyconnect-win-4.2.00096-k9.pkg 1
 anyconnect enable

Save the configuration and try to login again using the anyconnect

Read More...

Cisco ASA - Remote Management (via TELNET)

Cisco ASA - Remote Management (via TELNET)

1. Log on to the firewall > Go to enable mode > Go to configure terminal mode.

CiscoASA> enable
Password: ********
CiscoASA# configure terminal
CiscoASA(config)#

2. Syntax to configure TELNET is "telnet {ip address} {subnet mask} {interface that its connected to}.

The following will just allow one host (192.168.1.100).

CiscoASA(config)#telnet 192.168.1.100 255.255.255.255 inside

The following will just allow a whole network 192.168.1.1 to 254

CiscoASA(config)#telnet 192.168.1.0 255.255.255.0 inside

3. To set the password you use the "passwd" command (yes that's spelled correctly).

CiscoASA(config)# passwd PASSWORD123

4. By default the telnet session times out after 5 mins, To change it use below command

CiscoASA(config)# telnet timeout45 (set timeout to 45 min)

5. Don't forget to save the configuration

CiscoASA# write mem

Telnet - Via ASDM

1. Connect via ASDM > Navigate to Configuration > Device Management > Management Access > ASDM/HTTPS/Telnet/SSH > Add > Select Telnet > Supply the IP and subnet > OK. (Note you can set the timeout on this page also).

NOTE:  Be aware, all ASA devices running an operating system of 8.4(2) or newer, you can NO LONGER LOG IN WITH A USERNAME OF PIX, and the telnet password, you HAVE TO define a username and password, then enable AAA Authentication for SSH.

Read More...

Cisco ASA Basic Notes – Configuration Modes

A Cisco ASA security appliance has four main administrative access modes:

Monitor Mode:
Displays the monitor> prompt. This mode enables to update the image over the network or to perform password recovery. While in the monitor mode, you can enter commands to specify the location of a TFTP server and the location of the software image or password recovery binary image file to download. You access this mode by pressing the “Break” or “ESC” keys immediately after powering up the appliance.

Unprivileged Mode:
Displays the > prompt. This prompt will be available when you first access the appliance.In new Cisco ASA 5500 Series, the prompt is ciscoasa>
This mode provides restricted view of the security appliance. On this menu, you cannot configure anything from this mode. To get started with configuration, the first command you need to know is the enable command. Type enable and hit Enter. The initial password is empty, so hit Enter again to move on the next access mode (Privileged Mode).

ciscoasa> enable <–this is to enter to  Unprivileged Mode
password:               <– Enter a password here (initially its blank)
ciscoasa#                <– Privileged Mode

Privileged Mode:
Displays the # prompt. Enables you to change the current settings. Any unprivileged command also works in this mode. From this mode you can see the current configuration by using show running-config. Still, you cannot configure anything yet until you go to Configuration Mode.You access the Configuration Mode using the “configure terminal” command from the Privileged Mode.

Configuration Mode:
This mode displays the (config)# prompt. Enables you to change all system configuration settings. Use exit from each mode to return to the previous mode.

ciscoasa> enable <– Unprivileged Mode
password:            <– Enter a password here (initially its blank)
ciscoasa# configure terminal <– Privileged Mode
ciscoasa(config)# <– Configuration Mode
ciscoasa(config)# exit
ciscoasa# exit   <– Back to Privileged Mode
ciscoasa>  <– Back to Unprivileged Mode

The (config)# mode is usually called Global Configuration Mode. Some configuration commands from this mode enter a command-specific mode and the prompt changes accordingly. For example the interface command enters interface configuration mode as shown below:

ciscoasa(config)# interface GigabitEthernet 0/1
ciscoasa(config-if)#  <– Configure Interface specific parameters

Read More...