Category Archives: Cisco

Cisco DHCP for secondary addresses

March 21, 2012 patrick.preuss

ip dhcp smart-relay

ASA, Cisco, Computer, Juniper, Network, Security

i got my first juniper

March 14, 2012 patrick.preuss Leave a comment

It is a Netscreen 5gt. So now commands maybe usefull:

Cisco IOS	Cisco PIX Cisco ASA	Juniper Netscreen	Description
show configuration	show configuration	get config saved	get saved configuration
show running-config	show running-config	get config	get device configuration
		save	to save changes to config
show version	show version	get system	gets system information, Netscreen mode
show ip inspect session		get session info	shows load on the firewall 85+ implies there will be some latency
show interface sh ip interface		get interface	shows interfaces, zones
		get address trust/unturst	shows defined network objects
show arp sh ip arp <interface>	show arp	get arp	shows arp entries
show ip route	show route	get route	shows firewall routes
		get service	shows firewall services
		get group address	network groups
		get group service	service groups
		get policy in/out	shows applied firewall policies
		get log traffic	shows firewall logs – options: based on src/dst/IP/port
	no <command>	unset	to remove a config statement
		get user all	shows vpn users
		get log event	shows vpn logs
		get mip	shows one to one Nat’s
		get vip	shows configured port forwarding rules
		get route ip x.x.x.x	finds the specific route for an ip
		set policy id xx	put you in a specific policy then you can add more objects it instead of creating a group

Cisco, Computer, Network

Cisco Config Archive

December 14, 2011 patrick.preuss Leave a comment

c870-adventerprisek9-mz.124-15.T7.bin
c2960-lanlitek9-mz.122-50.SE3.bin

rt1#sh archive
The next archive file will be named ftp://cisco:cisco@10.0.160.230/config/rt1-4
 Archive #  Name
   0
   1       ftp://cisco:cisco@10.0.160.230/config/rt1-1
   2       ftp://cisco:cisco@10.0.160.230/config/rt1-2
   3       ftp://cisco:cisco@10.0.160.230/config/rt1-3 <- Most Recent
   4
   5
   6
   7
   8
   9
   10
   11
   12
   13
   14

sw2#sh archive
The maximum archive configurations allowed is 14.
The next archive file will be named ftp://cisco:cisco@10.0.160.230/config/sw2--18
 Archive #  Name
   1        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-30.425-8
   2        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-36.440-9
   3        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-41.926-10
   4        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-47.454-11
   5        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-54.492-12
   6        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-25-40.688-13
   7        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-25-50.788-14
   8        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-25-58.766-15
   9        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-26-07.104-16
   10       ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-26-14.092-17 <- Most Recent

ftp> dir
200 Port command successful
150 Opening data channel for directory list.
-rw-r--r-- 1 ftp ftp          20299 Dec 14 18:18 rt1-1
-rw-r--r-- 1 ftp ftp          20299 Dec 14 18:19 rt1-2
-rw-r--r-- 1 ftp ftp          20299 Dec 14 18:21 rt1-3
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:22 sw2Dec-14-17-22-39.964-0
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:23 sw2Dec-14-17-23-45.597-1
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:23 sw2Dec-14-17-23-51.393-2
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-23-56.972-3
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-03.515-4
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-08.665-5
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-14.085-6
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-24.176-7
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-30.425-8
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-36.440-9
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-41.926-10
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-47.454-11
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:25 sw2Dec-14-17-24-54.492-12
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:25 sw2Dec-14-17-25-40.688-13
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:25 sw2Dec-14-17-25-50.788-14
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:26 sw2Dec-14-17-25-58.766-15
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:26 sw2Dec-14-17-26-07.104-16
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:26 sw2Dec-14-17-26-14.092-17
226 Transfer OK
FTP: 1631 Bytes empfangen in 0,00Sekunden 815,50KB/s
ftp>

Cisco, Computer, NAT, Network, Security, VPN

Cisco IOS VPN to IPCop

December 9, 2011 patrickpreuss Leave a comment

[sourcecode]
crypto isakmp key supersecertkey address AAA.BBB.CCC.DDD
!
crypto isakmp policy 20
encr 3des
hash md5
authentication pre-share
group 2
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map CSM_CME_FastEthernet0.831 131 ipsec-isakmp
set peer AAA.BBB.CCC.DDD
set transform-set ESP-3DES-SHA
match address XY-TEST-CRYPTO-ACL
reverse-route
!
ip nat outside source static 192.168.XX.121 10.4.YYY.243 add-route
!
ip access-list extended XY-TEST-CRYPTO-ACL
permit ip 10.0.YYY.40 0.0.0.252 192.168.XX.0 0.0.0.255
!
[/sourcecode]

[sourcecode]
# Do not modify ‘ipsec.conf’ directly since any changes you make will be
# overwritten whenever you change IPsec settings using the web interface!
#
version 2.0
config setup
protostack=netkey
klipsdebug=”none”
plutodebug=”none”
#plutoload=%search
#plutostart=%search
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.5.0/255.255.255.0,%v4:!10.0.244.40/30

conn %default
keyingtries=0
disablearrivalcheck=no
leftupdown=/usr/local/bin/ipsecupdown.sh

#RED
conn RED
left=192.168.0.1
leftsubnet=192.168.XXX.0/24
right=AAA.BBB.CCC.EEE
rightsubnet=10.0.YYYY.40/30
ike=3des-sha-modp1024
esp=3des-sha1
ikelifetime=1h
keylife=24h
dpddelay=30
dpdtimeout=120
dpdaction=restart
pfs=no
authby=secret
auto=start
[/sourcecode]

Cisco

ISDN Cable

November 17, 2011 patrickpreuss Leave a comment

ISDN BRI S/T Cable

8 Pin	TE	NT	Polarity
1	Not used	Not used	Not used
2	Not used	Not used	Not used
3	Transmit	Receive	+
4	Receive	Transmit	+
5	Transmit	Receive	–
6	Receive	Transmit	–
7	Not used	Not used	Not used
8	Not used	Not used	Not used
1	Not used	Not used	Not used