Net Worker World

  1.  Test Result: When SC detects PC is on Untrusted network, it prompts to ask the user to connect to VPN. When SC detects PC is on Trusted  network, it doesn't prompt. 2. Enable Always on     Test result User can disconnect VPN, but only can access www.google.ca and DNS server 203.0.113.2 When ASA is not reachable, "Connect Failure Policy" kick in, with "Open" policy, user is able to access any websites. When ASA is reachable again, prompt user to connect, at this moment, again, only  www.google.ca and DNS server 203.0.113.2 are able to connected. 3. Captive Portal By default, captive portal detection is enabled, as soon the PC connects a Open wifi with Captive portal,  Cisco Secure Client - Web Browser is popup, in the lab, it is display a blank page, depends on configurations in profile, the browser window may disappear in a second or stay open.  Captive portal detection need be disable if we don't want to see this browser. Windows 10 has internal mecha

 Change Admin password expert  passwd admin

 1. Capture URL  https://x.x.x.x/admin/capture/capture_name[/pcap] 2. Copy capture out copy /pcap capture:CAP1 ftp://user:pass@192.168.1.1/CAP1.pcap 3. Run command via https https://x.x.x.x:port/exec/show run https://packetpushers.net/blog/interacting-with-the-cisco-asa-cli-using-the-https-interface/

  ASA reach FTP server via MGMT interface ASA-916# backup interface MGMT location ftp://cisco:cisco@192.168.2.100/asabackup backup location entered: [ftp://cisco:cisco@192.168.2.100/asabackup] [Press return to continue or enter a backup location]: Begin backup ... Backing up [ASA Version] ... Done! Backing up [Running Configurations] ...Cryptochecksum: 5b9af45d 87cd328b 063fb1ed c1f61965  Done! Backing up [Startup Configurations] ... Done! Backing up [Identity Certificates] ... Done! Backing up [WebVPN Data] ... Done! Backing up [Anyconnect(SVC) Image(s)] ... Done! Backing up [Anyconnect(SVC) Client Profile(s)] ... Failed! Compressing the backup directory ... Done! Copying Backup ...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Done! Cleaning up ... Done! Backup finished! ASA-916#

  1. By default, it is enabled System > Configuration > REST API Preferences >Enable  REST API. 2. Create a dedicated an API user 3. Request an Authentication token.  https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/215918-how-to-generate-authentication-token-for.html

  Configure FDM External Authentication and Authorization with ISE using RADIUS https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217234-configure-fdm-external-authentication-an.pdf FDM Multiple Admin Accounts https://bluenetsec.com/fdm-multiple-admin-accounts/