VPN use is very prevalent these days, especially for businesses and the number of mobile workers, remote offices and tunneled cloud infrastructure. Inevitably at some point the IP address of an end point will need to be changed.
This can be accomplished quickly and easy in a few steps, in this blip we’ll look at a simple IKEv1 VPN tunnel -while IKEv2 is the way to go these days – there are still a gazillion IKEv1 tunnels in operation.
Recently I was given a Cisco ASA 5508-X Firepower Threat Defense appliance to deploy. While these are the same hardware platform as the tried-true Cisco ASA 5508 firewalls, these run Cisco’s new ‘unified’ SourceFire linux based operating system (asa-ftd), which is essentially an operating system combining the SourceFire FirePower functionality with Cisco’s conventional firewalling capabilities. It’s Cisco’s new direction for combining these two platforms in to one hardware solution.
Without getting in to uber nerd verbosity, after unboxing the new unit and attempting to patch the OS to a new upgrade (version 6.0.2 -> 6.2.2), I was presented with a failed upgrade due to a corrupt MySQL database. Seriously ? This is why I loved the regular Cisco ASA in the first place, minimal OS running from flash memory, upgrades typically only require putting the new firmware in place, telling the Cisco ASA to boot the new firmware and reboot. The new SourceFire OS – it’s a full blown linux OS using MySQL for its backend, sigh… Since it was a new deployment and I couldn’t repair the tables or database I figured I’d go ahead and reach out to the Cisco TAC for insight.