snmptable -v 1 -Cf ; -c public 10.2.210.133 .1.3.6.1.2.1.2.2 | grep up;down | grep -v down;0:0:
All posts by patrickpreuss
Cisco – Enterasys – LACP
http://reischle.net/ReischleNet/Networking-Blog/8E664038-ED23-4D24-9350-6AB76037A832.html
Cisco DNS Server
ip dns view default
dns forwarder 10.0.243.143
dns forwarder 10.0.243.144
ip dns server
http://www.nil.com/ipcorner/RouterDNS/
http://blog.ioshints.info/2006/09/use-your-cisco-router-as-primary-dns.html
Enterasys N-Series CLI
You can configure the Enterasys CLI to behave in a more common way when you use:
On a Session Base:
set line-editor emacs
set line-editor delete backspace
To make this permanent:
set line-editor emacs default
set line-editor delete backspace default
ASA NAT in routed mode
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cfgnat.html#wp1102744
Installing the Cisco Security Manager on Windows 2008 R2
Cisco Security Manager
Hardware
Manufacture | Dell | Cisco Requirements |
---|---|---|
Model | 2850 | |
CPU | 2xIntel Xeon 3.40 GHz | |
RAM | 8GB | |
OS | Windows 2008 R2 / 64bit |
Prepare Windows 2008 R8
Swap Size C: 12280MB D: 12280MB
Replace a Harddisk on a WAE-7341
We have installed some WAE-7341 Boxes in our computer center. Recently one installed harddisk has failed and we need to replace it.
Cisco AnyConnect VPN with Cisco 3845
After the implementation of the AnyConnect Client to our ASA5500 is at a good state i want to have some backup until our productional hardware will delivered. 😉
So i decided to use one of our Cisco 3845 Routers to do the job.
show version
[sourcecode gutter=”false” autolinks=”false” collapse=”true”]
C3845#show version
Load for five secs: 1%/0%; one minute: 3%; five minutes: 3%
Time source is NTP, 07:48:17.248 CET Sat Sep 11 2010
Cisco IOS Software, 3800 Software (C3845-ADVSECURITYK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 16:43 by prod_rel_team
ROM: System Bootstrap, Version 12.4(13r)T10, RELEASE SOFTWARE (fc1)
C3845 uptime is 34 weeks, 4 days, 14 hours, 47 minutes
System returned to ROM by reload at 15:53:45 CET Mon Jan 11 2010
System restarted at 15:55:20 CET Mon Jan 11 2010
System image file is "flash:c3845-advsecurityk9-mz.150-1.M1.bin"
[/sourcecode]
First i installed the AnyConnect Package on the Router.
[sourcecode gutter=”false” autolinks=”false”]
C3845(config)#webvpn install svc flash:/anyconnect-win-2.5.1025-k9.pkg sequence 1
SSLVPN Package SSL-VPN-Client (seq:1): installed successfully
[/sourcecode]
[sourcecode gutter=”false” autolinks=”false”]
ip local pool CSM_POOL_1 10.2.16.20 10.2.16.30
ip local pool vpnpool 10.2.16.31 10.2.16.41
ip local pool SSLVPNClient 10.2.16.50 10.2.16.60
!
webvpn gateway SSLVPN
ip address 192.168.10.66 port 443
ssl trustpoint TP-self-signed-2234495401
inservice
!
webvpn install svc flash:/webvpn/anyconnect-win-2.5.1025-k9.pkg sequence 1
!
webvpn context SSLVPN
ssl authenticate verify all
!
!
policy group SSLVPN
functions svc-required
svc address-pool "CSM_POOL_1"
svc keep-client-installed
svc dns-server primary 10.0.243.143
svc dns-server secondary 10.0.243.144
default-group-policy SSLVPN
gateway SSLVPN
inservice
!
[/sourcecode]
If you feel this helps a bit or may be not ? Please leave a comment.
Cisco ASA AnyConnect VPN
Some Notes what todo
http://www.block.net.au/blogs/james/pages/active-directory-vpn-authentication-with-a-cisco-asa-5510-series-appliance.aspx
radius authentication für die ASA
ASA 8.X: AnyConnect Start Before Logon Feature Configuration
Configuration Examples and TechNotes
ToDo:
av-pairs ????
certificate selection process
set the certificate on the interface : ssl trust-point MyTrustPoint Outside
Docu: Backup Gateway
Piuctures: ASDM, CCP
Write complete setup down ….
Reference the Docu.
http://www.cisco.com/en/US/docs/security/asa/asa83/getting_started/5500/guide/getstart.html
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/svc.html#wp1090595
http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/config.html
http://www.cisco.com/en/US/products/ps8411/prod_maintenance_guides_list.html
How to authentication AnyConnect VPN against RADIUS
AnyConnect and Cisco ACS Radius is a bit more complected because the ASA5500 documentation states that you can not use the Same Radius for
Authentication and Authorization. So things getting more complex by it self 😉 But if i see things in the right light we don’t need authorization at all so we will on monday how things will develope.
How to authentication AnyConnect VPN against RADIUS
The Authentication against RADIUS is quiet easy to configure.
Just add the RADIUS Servers as described here.
Than add following to the configuration:
[sourcecode gutter=”false” autolinks=”false”]
tunnel-group SSLClientProfile general-attributes
authentication-server-group AAA-RADIUS
[/sourcecode]
By debuging the radius authentication is see our freeradius deliver the av-pairs with the authentication request so lets see if the ASA accepts them.
If you feel this helps a bit or may be not ? Please leave a comment.