Adrian Collier - Archive

Cisco LAN-to-LAN VPN Issues: Asymmetric Functionality & Dynamic Crypto Maps



When configuring Crypto Maps its essential that you correctly place the Dynamic Crypto Map entry. Otherwise you'll spend hours troubleshooting something that's easily fixed. Here's the documentation on how to correctly configure a Crypto Map with a Dynamic Crypto Map entry.



A crypto map set may include a dynamic crypto map. Dynamic crypto map sets should be the lowest priority crypto maps in the crypto map set (that is, they should have the highest sequence numbers) so that the adaptive security appliance evaluates other crypto maps first. It examines the dynamic crypto map set only when the other (static) map entries do not match.



Below is how NOT to configure a Crypto Map



crypto map abcmap 10 ipsec-isakmp dynamic dynamic_map
crypto map abcmap 20 match address l2l_list
crypto map abcmap 20 set peer 10.10.10.10
crypto map abcmap 20 set transform-set myset3
crypto map abcmap interface outside



Make sure you set that Crypto Dynamic Map entry with the highest sequence number!



crypto map abcmap 10 match address l2l_list
crypto map abcmap 10 set peer 10.10.10.10
crypto map abcmap 10 set transform-set myset3
crypto map abcmap 65535 ipsec-isakmp dynamic dynamic_map
crypto map abcmap interface outside



Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2
Cisco ASA 5500 Series Configuration Guide using the CLI, 8.3
Cisco ASA 5500 Series Configuration Guide using the CLI, 8.4



March 22, 2011


Installing Firefox 4 on OSX with Cisco vpnagentd



Today I tried to install Firefox 4 only to be notified that libsmime3.dylib is in use. What the heck is that!?!? A quick google tells me that Cisco's VPN Agent uses it for the vpnagentd process. Cool!



sudo killall vpnagentd



That should do the trick. NOT! The problem is soon as I kill vpnagentd the process restarts. Well, if you are experiencing the same issue I faced then here's the trick.



sudo launchctl unload /Library/LaunchDaemons/com.cisco.anyconnect.vpnagentd.plist



Instead of restarting the process this will actually unload vpnagentd from launchctl and prevent it from starting back up. Once you have successfully installed Firefox 4 then all you need to do is reload it back into launchctl.



sudo launchctl load /Library/LaunchDaemons/com.cisco.anyconnect.vpnagentd.plist



Enjoy!


March 22, 2011


How to fix Mac OS X's built in VPN Client



One of my favorite features about Mac OS X is the built in VPN Client that supports L2TP over IPSec, PPTP, and Cisco IPSec. Unfortunately it decides to get buggy once in a while preventing me from creating a VPN connection into work. One way to remedy this situation is to restart the machine, not a very good option when your're trying to get work done.

The other method is to open up the terminal and do some command line mojo. The command below will resolve the issue and get me up and working quickly.



sudo racoon



This will re-enable the service. Try reconnecting and all should be good.


March 09, 2011


Admiralty Inlet

  • Saturday
    06/24/2017
  • 7:19 PM - Slack Ebb

  • Sunday
    06/25/2017
  • 1:36 AM - Slack Flood
  • 5:31 AM - Slack Ebb
  • 1:23 PM - Slack Flood
  • 8:06 PM - Slack Ebb

  • Monday
    06/26/2017
  • 2:34 AM - Slack Flood
  • 6:23 AM - Slack Ebb
  • 2:11 PM - Slack Flood
  • 8:52 PM - Slack Ebb

  • Tuesday
    06/27/2017
  • 3:34 AM - Slack Flood
  • 7:18 AM - Slack Ebb
  • 2:59 PM - Slack Flood
  • 9:36 PM - Slack Ebb

  • Wednesday
    06/28/2017
  • 4:36 AM - Slack Flood
  • 8:17 AM - Slack Ebb

The Narrows

  • Saturday
    06/24/2017
  • 7:48 PM - Slack Ebb

  • Sunday
    06/25/2017
  • 1:32 AM - Slack Flood
  • 6:21 AM - Slack Ebb
  • 1:34 PM - Slack Flood
  • 8:37 PM - Slack Ebb

  • Monday
    06/26/2017
  • 2:24 AM - Slack Flood
  • 7:14 AM - Slack Ebb
  • 2:23 PM - Slack Flood
  • 9:23 PM - Slack Ebb

  • Tuesday
    06/27/2017
  • 3:18 AM - Slack Flood
  • 8:09 AM - Slack Ebb
  • 3:12 PM - Slack Flood
  • 10:09 PM - Slack Ebb

  • Wednesday
    06/28/2017
  • 4:12 AM - Slack Flood
  • 9:08 AM - Slack Ebb

Current & Tide
Predictions


Current
Corrections



Previous

Next