Entradas

Mostrando entradas de agosto, 2013

Configuring Cisco Site to Site IPSec VPN with Dynamic IP Endpoint Cisco Routers

Imagen
Thank to:  http://www.firewall.cx/cisco-technical-knowledgebase/ This article serves as an extension to our popular Cisco VPN topics covered here on Firewall.cx. While we’ve covered  Site to Site IPSec VPN Tunnel Between Cisco Routers   (using static public IP addresses), we will now take a look on how to configure our headquarter Cisco router to support remote Cisco routers with   dynamic   IP addresses.  One important note to keep in mind when it comes to this implementation, is that Site-to-Site VPN networks with Dynamic remote Public IP addresses can only be brought up by the remote site routers as only they are aware of the headquarter's router Public IP address. IPSec VPN tunnels can also be configured using GRE (Generic Routing Encapsulation) Tunnels with IPsec encryption. GRE tunnels greatly simply the configuration and administration of VPN tunnels and are covered in our  Configuring Point-to-Point GRE VPN Tunnels  article.  Lastly, DMVPNs – a new VPN trend that provi

The Eight Basic Commands on a Cisco ASA Security Appliance

Imagen
Understanding the Eight Basic Commands on a Cisco ASA Security Appliance There are literally thousands of commands and sub-commands available to configure a Cisco security appliance.  As you gain knowledge of the appliance, you will use more and more of the commands.  Initially, however, there are just a few commands required to configure basic functionality on the appliance.  Basic functionality is defined as allowing inside hosts to access outside hosts, but not allowing outside hosts to access the inside hosts.  Additionally, management must be allowed from at least one inside host.  To enable basic functionality, there are eight basic commands (these commands are based on software version 8.3(1) or greater). interface nameif security-level ip address switchport access object network nat route Sample Network Diagram interface The interface command identifies either the hardware interface or the Switch Virtual Interface (VLAN interface) that will be configured.

Redundant or Backup ISP Links Configuration Example

Imagen
Thanks to:  http://www.cisco.com Introduction A problem with static routes is that no inherent mechanism exists to determine if the route is up or down. The route remains in the routing table even if the next hop gateway becomes unavailable. Static routes are removed from the routing table only if the associated interface on the security appliance goes down. In order to solve this problem, a static route tracking feature is used to track the availability of a static route and, if that route fails, remove it from the routing table and replace it with a backup route. This document provides an example of how to use the static route tracking feature on the PIX 500 Series Security Appliance or the ASA 5500 Series Adaptive Security Appliance in order to enable the device to use redundant or backup Internet connections. In this example, static route tracking allows the security appliance to use an inexpensive connection to a secondary Internet service provider (ISP) in the event that t