Cisco Aspire Crack Token
Hello all,
My office requires us to connect to a VPN (Cisco ASA) in order to access internal systems and Web pages from home. I use a Chromebook, and my office has, until recently, supplied me with a RSA SecurID token that generates a set of random digits that I can use to authenticate. Now, however, they want us to authenticate using PKCS#11 certificates on our SmartCard (CAC). This is not currently possible with the ChromeOS version of Cisco AnyConnect, so I put my Chromebook into dev mode and set up an Ubuntu chroot to try and connect with openconnect. I got all of the middleware working so that Ubuntu recognizes the CAC and p11tools lists the token and certificate URLs, but when I attempt to connect to the VPN using openconnect, I get a 'Certificate Validation Failure' error, and it fails to make the connection.
The following is the verbose output from my connection attempt with personal information removed (see below for my comments):
The Polymath network connects token investors, KYC providers, smart contract developers and legal experts who help form the basis of your securities token.
~$ sudo openconnect -v -u adam.allgood -c 'pkcs11:model=CAC%20Token;manufacturer=U.S.%20Government;serial=;token=<LASTNAME>.<FIRSTNAME>.<MIDDLENAME>.<CAC-ID>%00%20%00;id=%00%02;object=Identity%20%231;type=cert' cpvpn.ncep.noaa.gov/cac/
POST https://cpvpn.ncep.noaa.gov/cac/
Attempting to connect to server 140.90.73.186:443
Using PKCS#11 certificate pkcs11:model=CAC%20Token;manufacturer=U.S.%20Government;serial=;token=<LASTNAME>.<FIRSTNAME>.<MIDDLENAME>.<CAC-ID>%00%20%00;id=%00%02;object=Identity%20%231;type=cert
PIN required for <LASTNAME>.<FIRSTNAME>.<MIDDLENAME>.<CAC-ID>
Enter PIN:
Using PKCS#11 key pkcs11:model=CAC%20Token;manufacturer=U.S.%20Government;serial=;token=<LASTNAME>.<FIRSTNAME>.<MIDDLENAME>.<CAC-ID>%00%20%00;id=%00%02;object=Identity%20%231;type=private
Using client certificate '<LASTNAME>.<FIRSTNAME>.<MIDDLENAME>.<CAC-ID>'
Got no issuer from PKCS#11
SSL negotiation with cpvpn.ncep.noaa.gov
Connected to HTTPS on cpvpn.ncep.noaa.gov
Got HTTP response: HTTP/1.0 302 Temporary moved
Set-Cookie: tg=0Anyconnect-CAC; path=/; secure
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Fri, 02 Nov 2018 16:14:24 GMT
X-Frame-Options: SAMEORIGIN
Location: /+webvpn+/index.html
HTTP body length: (0)
GET https://cpvpn.ncep.noaa.gov/cac/
Attempting to connect to server 140.90.73.186:443
SSL negotiation with cpvpn.ncep.noaa.gov
Connected to HTTPS on cpvpn.ncep.noaa.gov
Cisco Aspire Crack Token Codes
Got HTTP response: HTTP/1.0 302 Temporary moved
Set-Cookie: tg=0Anyconnect-CAC; path=/; secure
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Fri, 02 Nov 2018 16:14:24 GMT
X-Frame-Options: SAMEORIGIN
Location: /+webvpn+/index.html
HTTP body length: (0)
Soft Token Cisco Network
GET https://cpvpn.ncep.noaa.gov/+webvpn+/index.html
SSL negotiation with cpvpn.ncep.noaa.gov
Connected to HTTPS on cpvpn.ncep.noaa.gov
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Frame-Options: SAMEORIGIN
X-Transcend-Version: 1
HTTP body chunked (-2)
Please enter your username and password.
Certificate Validation Failure
Failed to obtain WebVPN cookie
First observation: there seems to be a few HTTP 302 redirects, which I've read can cause some issues, but I have not found a workaround. I tried passing the --no-http-keepalive option, but it did not help. Second observation: Got no issuer from PKCS#11 - I have no idea if this is a problem or not. I have successfully connected to the VPN with my CAC on a Windows machine using the Cisco AnyConnect client, so I do not believe the problem is with the certs themselves. Third observation: there are multiple certs on my CAC (the PKCS#11 URLS seem very similar, just with IDs of 01, 02, or 03), I have tried them all, with this same result.
Any insight to what may be going on would be extremely helpful! I know enough Linux to be a danger to myself and my system, but don't have a huge amount of experience working with openconnect or PKCS#11. Also, apologies in advance if this is not the right forum to pose this question. If that is the case, please feel free to steer me in the right direction!
I took a position at a new company about a month ago and I've had to hit the training and certification stuff pretty hard. While studying for the CCNA I came across several games offered by The Cisco Learning Network. A lot of these games, such as the subnetting game, have been around for years, but the Cisco Aspire game is relatively new. It's a game meant to help you train for the entire CCNA and can be downloaded here for free. Although the download is free, the game can only be completed using tokens purchased from Cisco. From what I can tell, it's based on Cisco's Packet Tracer product that they've been offering to Cisco Academy students for years as a way to simulate network equipment and provide a lab with less expense than buying the actual hardware. This is not to be confused with the Packet Tracer tool found in the Cisco ASA firewalls.
Once you've downloaded and installed it, you create a user. Then you're presented with a map of a small town with several businesses that will be your potential clients as shown in Figure A.Figure A
There are also several people you will meet that become part of your network of clients and employers. They also call you every once in a while to help them out with practice test questions as shown in Figure B.Figure B
Other than the businesses, you have a house where you can see the different awards you've won throughout the game and a training center where you can pay for training sessions on specific topics (see Figure C), and a store where you can buy networking gear for different jobs. The premise of the game is that you're kind of starting your network career and you need to build relationships and gain experience slowly but surely. There are meters of your accomplishments and money earned throughout the game.Figure C
The first couple of jobs you do are mostly to get you familiar with the simulator and where things are located. You learn how to purchase cables, computers, etc., and you learn how to connect everything together and ping or run other tools. This can all be done for free because the game starts you out with a few tokens. However, after the introductory exercises, one of the people in your network kindly explains to you that you'll need to purchase more tokens. You can purchase these tokens bit by bit or all at the same time. If you want to complete all of the levels it will cost $50 total.
After you've purchased more tokens, you can unlock the next job which is at an internet café. A little hint—the game can be very specific in what it wants. When given tasks to do something, you want to follow them to the letter. Also, when using ssh, use this format: ssh -l [user] [destination] (ex: ssh -l admin 10.0.0.2) in the command prompt. You'll pull your hair out trying to figure out the proper way to do it and you'll get punished if you try to use telnet—as you should! This job is still easing you into troubleshooting but it's pretty cool to see how you can run commands on the network equipment and everything works as if you were on the real thing! I've shown an example of this in Figure D. Once you're done here, you really get into the more advanced stuff, such as routing protocols.Figure D
Cisco Aspire Token
It would be great if they offered some sort of answer key. I know that wouldn't exactly simulate real life, as there are no answer keys in the real world, but it's pretty annoying to get stuck and not be able to try something else. There is a forum and the people on it are quick to help you out, though.
All said, this game is pretty neat. It's a little silly looking, but it does give you some practice. I'm not saying this should be a substitution for real-world experience, but it's definitely better than just reading a book and memorizing facts. The game itself isn't exactly the latest and greatest in gaming, and I highly recommend saving your game often as I've had it err out on me a few times, but it gets the job done. I'm really impressed that Cisco has put all this effort into helping techs learn networking skills and a $50 price tag really isn't too bad.