BACKGROUND In order to to maintain persistence between services (such as HTTP and HTTPS) on a single Virtual Server two persistence methods are available ; Cookie Hashing and Source IP. In order to perform “true” Cookie (insert) persistence across services an iRule is required. Note : Though cookie persistence (insert) can be performed within the … Read more
Within this article we will look into the ‘keepalive’ command. As this command isn’t greatly documented I thought this would be a good opportunity to explain in a little more detail how it works. Keepalive vs Keep-alive First of all it is worth noting that the ‘keepalive’ command (which is configured under the real server) … Read more
Within this article we will be showing the various steps required in configuring a Cisco ASA IPSEC VPN using digital certificates. These certificates will be signed by a CA (Cisco Router) and downloaded by the Client/ASA using SCEP (Simple Certificate Enrollment Protocol). Time/Date On the client, router and firewall ensure that NTP is configured and … Read more
Within this article we will show you how to purge a file from Rackspace`s Cloud File CDN Caches. Get Auth Token First all you will need to obtain the Auth Token. This token will be used to perform further actions via the API. For this you will need to obtain your API Key which can … Read more
Error When trying to connect using the Cisco VPN Client with certificate based authentication you receive the following error from you debug logs. CRYPTO_PKI: Certificate validation: Failed, status: 1873. Attempting to retrieve revocation status if necessary ERROR: Certificate validation failed. Peer certificate key usage is invalid, serial number: 210F2EDE0000000009AF, subject name: cn=xxxxx,ou=xxxx,o=xxxxx,c=xx CRYPTO_PKI: Certificate not … Read more
Within this article we look at how to rate-limit traffic via the use of an iRule. iRule The Table Command So that we can rate-limit traffic the iRule command ‘table’ is used. The table command (as the name suggests) provides the ability to create, delete, and append tables, along with being able to define timeouts … Read more
Introduction ASA 8.3 onwards brought a number of changes in how NAT is processed. First of all NAT is built around objects, this allows for IP`s to be changed and objects to be renamed much easier than previously. Also when configuring ACL`s the Real IP/Port address(s) are now used. Pre 8.3 access-list acl-outside extended permit … Read more
Issue When requesting a certificate via the browser, at the point you try to issue the certificate (via certsrv.msc) you receive the error: Error Constructing or Publishing Certificate When looking through the Events for Active Directoty Certificate Services you see the error: Active Directory Certificate Services denied request 8 because The request subject name is … Read more
Within this article we will configure a basic Anyconnect setup. The Anyconnect client provides the ability to securly connect to your LAN via TLS/DTLS (TLS over UDP). Enable WebVPN asa84(config)# webvpnasa84(config-webvpn)# enable outsideINFO: WebVPN and DTLS are enabled on ‘outside’.asa84(config-webvpn)# anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkgERROR: The specified AnyConnect Client image does not exist.asa84(config-webvpn)# anyconnect enableasa84(config-webvpn)# exit Create User … Read more
Symptoms When enabling CSW and running HTTP pipelining you may experience a breakdown in your HTTP session. Issue When enabling CSW on a Virtual Server pipelining is enabled on the designated port by default. The issue occurs when a second GET request comes in before the first GET/POST answer is fully received from the server (this … Read more