Meraki VPN Client Issues

Not sure what's up with Meraki and the native Windows 10 VPN, but there are weird issues that seem to occur.

A couple of fixes I found to work:

Not really a "fix", but reset the account password on the Meraki site > Network-wide > Configure > Users page (and don't forget the save the change).  This is a weird one, because when I originally create an account, the password is set and emailed out, but yet the password is incorrect.  Not sure if this is a browser-related issue or on their back-end, either way this has happened to me five times now of the last couple years.

This was something I found today, starting the old school app at the command line.
C:\Windows\System32\rasphone.exe -d “connection-name”
And you may need to run it a second time, as I've had it fail to find the path the first time.  And should it connect properly, the "new" Windows 10 way of connecting from the network icon should work after that.
~ And a shout out to Phil Eddies for this last one.

Cisco VPN Client PCF File

I could have sworn you exported the pcf profile (the VPN configuration file that can be imported for new installs) within the Cisco VPN IPSec Client, but I was wrong.

This little guy is actually a text file that's created as soon as you add a new connection. And it places it within the VPN client installation directory, as listed below.

C:\Program Files\Cisco Systems\VPN Client\Profiles

Once you grab your profile, you can throw it in with the installation files for the client and it will automatically be imported for use immediately upon completion (reboot is necessary, of course).

Cisco ASA 5505 Initial Configuration Commands

One thing I can say about the Startup Wizard in the Cisco ASA 5505, is that it would be kicked out of Hogwarts. Lame joke sure, but so is Cisco for selling something so complex to small businesses. What my customer of eight employees needs is a firewall with the robust dependability of a Cisco PIX with the simplicity of a Linksys. Seems like a no brainer, but since the 2003 purchase, I don't think Cisco hasn't done anything even close. Enough of my rant...

Some of the Startup Wizard went okay (like changing the external IP and enable password only), but when it came to changing the inside network, it hung a number of times, once for over 30 minutes, before I turned it off. Turned out I needed to actually change the internal IP address via the command line, but not before wiping out DHCP, because that locks the internal subnet from being changed. Oh yeah, don't forget to change the subnet from which you can access the internal web server, otherwise you're locked out of that as well. And yes, I attempted to do this via the ASDM, but it hung every time I tried to change the internal IP address. Sorry, I guess my ranting wasn't done.

Below are the commands I used to complete the above tasks...

Note: All of these require you to be logged into the "enable" account, i.e. type enable at the command-line in your terminal window and enter the password

Turn DHCP off:
ciscoasa# config term
ciscoasa(config)# no dhcpd enable inside

Updating your internal IP address/subnet (assuming it's VLAN 1)
ciscoasa# config term
ciscoasa(config)# interface Vlan 1
ciscoasa(config-if)# ip address 10.0.1.1 255.255.255.0
ciscoasa(config-if)# no shut

Adding an outside route (your gateway address (and why isn't this in the wizard?!?!))
ciscoasa# config term
ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 76.176.56.86 1

Update access to the ADSM (so you can reach it from your new network listed above)
ciscoasa# config term
ciscoasa(config)# http 10.0.1.0 255.255.255.0 inside
ciscoasa(config)# exit
ciscoasa# show run | include http
http 10.0.1.0 255.255.255.0 inside (this shows your new network has access)
http 192.168.1.0 255.255.255.0 inside

Turn on DHCP and configure for use
ciscoasa# config term
ciscoasa(config)# dhcpd address 10.0.1.201-10.0.1.240 inside
ciscoasa(config)# dhcpd dns 10.0.1.10 10.0.1.11
ciscoasa(config)# dhcpd wins 10.0.1.10
ciscoasa(config)# dhcpd lease 3000
ciscoasa(config)# dhcpd domain contoso.com
ciscoasa(config)# dhcpd enable inside

Write running config to flash (saving all of your changes)
ciscoasa# write memory

Restarting your Cisco ASA from command line
ciscoasa# reload noconfirm

Should you post any questions, I'll be happy to try and help, but I can't promise anything...

Cisco ASA 5505 Software Upgrade

So you're looking to upgrade your Cisco ASA 5505 to the latest and greatest firmware? Well take it from me, don't update the ASA software first. If the ASDM software is not compatible with the updated ASA version, you will get locked out and have to get out your console cable.

Not so bad, but if your server room is actually a storage closet with the rack eight feet in the air so you have to stand crooked on a ladder, it's a pain in the back (and a lower, rear facing location as well).

The upgrade process is in fact, quite painless.

1. Just fire up your ASDM


2. Go to Tools > Upload Software from Local Computer...


3. Choose your Image to Upload: (ADSM first, then ASA later)


4. Browse Local Files... to add the image (.bin file)


5. Click Upload Image and follow the prompts to finish (they vary depending on image uploaded)

Following the process above for our brand new firewall, the ASDM image reloaded properly to the latest version while the device was running, the ASA software however, did not. Rebooting the ASA loaded everything properly and I was on my way. (Or was I? That's blog entry to come...)