Useful Cisco Site-to-Site VPN Phase 1 and 2 Status Troubleshooting Commands

One way is to display it with the specific peer ip. Check Phase 1 Tunnel ASA#show crypto isakmp sa detail | b [peer IP add] Check Phase 2 Tunnel ASA#show crypto ipsec sa peer [peer IP add] Display the PSK ASA#more system:running-config | b tunnel-group [peer IP add] Display Uptime, etc. ASA#sh vpn-sessiondb detail l2l … Continue reading Useful Cisco Site-to-Site VPN Phase 1 and 2 Status Troubleshooting Commands

Tricks: Unable to access Sonicwall Management Portal? ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Most modern web browser no longer support RC4 encrytion as it is officially declared unsecured by IETF memo RFC7465 published on February 2015. Thus if RC4-Only encryption is enabled in SonicOS, it would block access to the Firewall Management Portal and will display "err_ssl_version_or_cipher_mismatch" error on the browser. Google Chrome and Firefox were among the first ones … Continue reading Tricks: Unable to access Sonicwall Management Portal? ERR_SSL_VERSION_OR_CIPHER_MISMATCH

DNS resolution over IPsec/SSL VPN on Fortigate

Description This article provides basic troubleshooting to follow when you are not able to access hostname over IPSec VPN tunnel or SSLVPN connection Solution   If you are not able to access resources across VPN tunnel by hostname, check following steps: (1)  Make sure to set DNS server properly when configuring SSL or IPsec VPN.  … Continue reading DNS resolution over IPsec/SSL VPN on Fortigate

Tricks: Steps to Fix the Cisco VPN 412 Error

Cisco VPN Error 412 for Legacy VPN Client v5.0.0.07   Reason 412. The remote peer is no longer responding". Means that the software VPN Client detected that the VPN server is not responding anymore and deleted the connection. It can be anything from IPSEC traffic being blocked by your upstream device, NAT Issues or simply misconfigured VPN Settings: Once … Continue reading Tricks: Steps to Fix the Cisco VPN 412 Error

Tricks: 5 handy and simple tools in Network troubleshooting

Sweep Ping. If you want to check all the devices on the LAN Network by doing a sweeping ping to all the IPs in a given /2 subnet. for /L %a in (1,1,254) do @ping -n 1 192.168.1.%a|find "TTL" Just replace the 192.168.1 with your first three octets. 2. DIsplay your machines Routing Table using … Continue reading Tricks: 5 handy and simple tools in Network troubleshooting

Tricks: Cisco VPN on Windows 8.1 or Windows 10 – Reason 442: Failed to enable Virtual Adapter

Problem: Error when connecting to VPN Error Message: Reason 442: Failed to enable Virtual Adapter If you receive this error on Windows 8.1 or Windows 10 while trying to connect with the Cisco VPN Client then the solution is a simple registry fix. To fix: Click Start and type regedit in the Search field and hit enter. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVirtA Find the String … Continue reading Tricks: Cisco VPN on Windows 8.1 or Windows 10 – Reason 442: Failed to enable Virtual Adapter

Tools: Flow Trace in Fortigate

The flow trace feature in the FortiGate units allows you to trace to flow of a packet through the firewall you are consoled to. It allows you to see if the packet is being denied for some reason or being allowed by a particular policy. You can also see what NAT rule and routing is … Continue reading Tools: Flow Trace in Fortigate

Eternal Blues – a free EternalBlue vulnerability scanner

So, I came across this new tool that scans for vulnerability on your network against EternalBlue (the exploited tool used as a framework for many, if not most, of the well-known Ransomwares around)  called EternalBlues.exe developed by Elad Erez. Here are some tips from Elad before running the tool: Tips If you’re about to run … Continue reading Eternal Blues – a free EternalBlue vulnerability scanner

Tricks: How to make Legacy Cisco VPN Client to work on Windows 10?

Problem: Legacy Cisco VPN Client (v5.0.07)is not working on Windows 10. Version 5.0.07 is the last version of this client application released by Cisco until they introduced Cisco AnyConnect as their new VPN Client Software. Workaround: Steps below: Step-by-step guide 1. Download and install the Sonicwall 64-bit VPN client from HERE (as of this writing). **NOTE: Make … Continue reading Tricks: How to make Legacy Cisco VPN Client to work on Windows 10?