https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/ We have not determined the initial access vector used in this campaign. We have not identified evidence of pre-authentication exploitation to date. While we have been unable to identify the initial attack vector, we have identified two vulnerabilities (CVE-2024-20353 and CVE-2024-20359), which we detail below. Nice.     ..read more

Hi, as the title says, I am unable to connect to my Cisco Secure VPN after updating my OS from Ubuntu 22.02 to 24.04. The error I receive is "You are missing the required libraries for the authentication method you requested." Upon closer inspection, this is the actual error: "/opt/cisco/secureclient/bin/acwebhelper: error while loading shared libraries: libwebkit2gtk-4.0.so.37: cannot open shared object file: No such file or directory /opt/cisco/secureclient/bin/acwebhelper: error while loading shared libraries: libsoup-2.4.so.1: cannot open shared object file: No such file or directory" I ha ..read more

Hi here, I'm looking for advice on editing my DefaultProfile.xml in Cisco and deploying it via policy to all Mac devices to establish a new connection. However, it seems that my Mac is retaining memory of the last successful connection, making it appear as the default option when attempting to connect again. Is there a way to reset this and have the connection specified in the DefaultProfile.xml as the default option for connection ..read more

Howdy Cisco Community! Need your help as fairly new trouble shooting site to site VPN connectivity. I am unable to establish VPN connectivity per information below. Site:1 crypto ipsec ikev2 ipsec-proposal CSM_IP_1 protocol esp encryption aes-256 protocol esp integrity sha-256 crypto ipsec security-association pmtu-aging infinite crypto map CSM_Outside_map 1 match address CSM_IPSEC_ACL_1 crypto map CSM_Outside_map 1 set peer 2xxxxx crypto map CSM_Outside_map 1 set ikev2 ipsec-proposal CSM_IP_1 crypto map CSM_Outside_map 1 set security-association lifetime seconds 3600 crypto map CSM_Outside_ma ..read more

I'm hoping I can explain this clearly enough. I have a remote site with a site-to-site tunnel. From the Home Office and the remote site, we are allowing a split tunnel, but we need to tunnel a specific external site via the home office. The IP Scope for this particular external entity is already defined in the Tunnel groups, so we know that traffic from the remote site headed for xyz.com is going through the tunnel. At the head office, we can see that clients from the remote site are attempting to access the site, but our NAT rule is not working correctly. Has anyone configured such access and ..read more

I have a requirement for VPN with MFA for a subset of users, while protecting the other users from Spray attacks.   Scenario: Customer is currently implementing VPN with MFA for a defined set of users (1/3 of staff) Most users do NOT have a requirement for VPN and MFA. The customer is currently implementing Cisco Duo for MFA, and is currently using MS NPS for RADIUS auth to on-prem AD.  Azure AD is out of the picture for the time being. The customer has a partially implemented Cisco ISE. Customer uses SCCM The customer does not have MS E3 licenses, or P1/P2   Goal: Protect non ..read more

We are having an issue were after disconnecting from AnyConnect and connecting the next day, they get a new IP in AnyConnect but in our local DNS they have another IP which I assume is probably from the day before. This obviously causing name resolution issues. The only work around I have so far is to have them do a ipconfig /registerdns Would this be something on the ASA or would this be something on our DNS server that it's not registering the new IP address. Thanks ..read more

OK, so I've got a set of ASA's and we are migrating them to Firepowers, and all seems ok. In the past we have noticed that for some reason on the ASA's, no matter what you specify as the parameters for phase 1, the rekey timer always connects at 3600 seconds. We were hoping that when we moved to the Firepowers this issue would 'go away', however on testing we are seeing the following, which is that on the ASA we have the following configured for IKEv1 -  And on the firepower we have -   So when I run the packet tracer (from the ASA to the Firepower) to test the parameters of the li ..read more

Hello Team, I have below topology : - I have ipsec vpn from on-prem to aws cloud. the two endpoints  [192.168.40.10/32, 192.168.30.10/32] work fine as they are allowed on the encryption domain. I have users using remote vpn to connect to on-prem dc to access on-prem resources - they can reach 192.168.40.10/32. There is a need for them to reach a portal on aws cloud [192.168.30.10/32].  How can I achieve this? Your support will be appreciated.   ..read more

Hello, I try to uninstall  silent Cisco AnyConnect Secure Mobility Client v4.9.06037 : "%ProgramFiles(x86)%\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -remove -silent >>> Doesn't Work   Msiexec /x {id] > not work.     Please help me ..read more