Troubleshooting Cisco VPN Phase 2

Problem It’s been over two years since I wrote Troubleshooting Phase 1 Cisco Site to Site (L2L) VPN Tunnels. I’ve always meant to come back and write the ‘Phase 2’ article but never got around to it. This article is NOT intended to be a ‘fix all” for phase 2 problems, it’s designed to point you in the … Continue reading Troubleshooting Cisco VPN Phase 2

Troubleshooting Cisco VPN Phase 1

Problem Site to Site VPN’s either work faultlessly straight away, or involve head scratching and a call to Cisco TAC, or someone like me to come and take a look. If I’m honest, the simplest and best answer to the problem is “Remove the Tunnel from both ends and put it back again”. Just about every VPN tunnel … Continue reading Troubleshooting Cisco VPN Phase 1

Useful Cisco Site-to-Site VPN Phase 1 and 2 Status Troubleshooting Commands

One way is to display it with the specific peer ip. Check Phase 1 Tunnel ASA#show crypto isakmp sa detail | b [peer IP add] Check Phase 2 Tunnel ASA#show crypto ipsec sa peer [peer IP add] Display the PSK ASA#more system:running-config | b tunnel-group [peer IP add] Display Uptime, etc. ASA#sh vpn-sessiondb detail l2l … Continue reading Useful Cisco Site-to-Site VPN Phase 1 and 2 Status Troubleshooting Commands

Tricks: Unable to access Sonicwall Management Portal? ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Most modern web browser no longer support RC4 encrytion as it is officially declared unsecured by IETF memo RFC7465 published on February 2015. Thus if RC4-Only encryption is enabled in SonicOS, it would block access to the Firewall Management Portal and will display "err_ssl_version_or_cipher_mismatch" error on the browser. Google Chrome and Firefox were among the first ones … Continue reading Tricks: Unable to access Sonicwall Management Portal? ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Tricks: Introducing Cisco RF Planning Tool

Here is a useful planning tool in Wireless Network provisioning for Cisco Meraki AP or the Mobility Express models. This is an online tool called Cisco RF Wi-Fi Planner Tool. Check out https://rftool.cisco.com You can use this by logging in to your Cisco Account. You can put into account external factors in designing your wireless network … Continue reading Tricks: Introducing Cisco RF Planning Tool

DNS resolution over IPsec/SSL VPN on Fortigate

Description This article provides basic troubleshooting to follow when you are not able to access hostname over IPSec VPN tunnel or SSLVPN connection Solution   If you are not able to access resources across VPN tunnel by hostname, check following steps: (1)  Make sure to set DNS server properly when configuring SSL or IPsec VPN.  … Continue reading DNS resolution over IPsec/SSL VPN on Fortigate

Meraki Wifi Best Practice for multiple APs: Bridge Mode

Bridge Mode In bridge mode, the Meraki APs act as bridges, allowing wireless clients to obtain their IP addresses from an upstream DHCP server. Bridge mode should be enabled when any of the following is true: Wired and wireless clients in the network need to reach each other (e.g., a wireless laptop needs to discover … Continue reading Meraki Wifi Best Practice for multiple APs: Bridge Mode

Meraki Wifi Best Practice for single AP: NAT Mode with Meraki DHCP

Below is the recommended setup for sites with single AP. There is a known issue with this setup for sites having multiple APs, particularly with user experience as one user moves from one AP to another. There is totally no handover from one AP to another as the user devices is NAT'd per AP,  so … Continue reading Meraki Wifi Best Practice for single AP: NAT Mode with Meraki DHCP

Issue: Android users cannot connect to Wireless on Cisco Meraki APs

This article is to be used as a short reference guide on how to manually set up a WPA2-Enterprise with RADIUS Authentication (IEEE 802.1X) wireless profile on Android devices. This profile will allow the client devices to connect to the SSIDs configured with WPA2-Enterprise with 802.1X authentication as the association requirement. 1. At the home page, navigate … Continue reading Issue: Android users cannot connect to Wireless on Cisco Meraki APs

Important FortiGate CLI commands (HA and Sessions)

FortiGate High Availability Cluster CLI commands: Manage the specified FortiGate unit (X ist the unit number): execute ha manage X Set the current ForitGate Unit as master: diag sys ha set-as-master enable Get HA Status: get system ha status   FortiGate Session commands: Get all Sessions: diag sys session list Filter Sessions: diagnose sys session … Continue reading Important FortiGate CLI commands (HA and Sessions)