As you may or may not know, ASA does not support having two different default gateways through different interfaces, so you can not have two different internet links. As Internet is expensive in Dubai, our customer wants to use two internet ADSL links, One for browsing/emails and another link for VPN tunnels. VPN tunnels are [...]
Archive for the ‘Security’ Category
24 Oct
Cisco VPN Client for Windows 7
October 2009 seems to be a super active month for Cisco, after introducing IOS 15, ISR 2nd Generation and the new version of CCIE, (and rumors of new catalysts), it’s time for Windows 7 and MacOS Snow Leopard to have Cisco VPN Client and Cisco SSL AnyConnect VPN Client versions, available to download. Here are [...]
7 Aug
VPN Client for 64bit
Cisco VPN Client is not supported on x64 windows machines (XP 64, Vista 64 or Windows 7 64bit). The solution is either using XP compatibility mode in windows – which consumes resources OR using a compatible VPN client and good to know that it’s free! The Shrew Soft VPN Client for Windows is a [...]
16 Jul
IPsec and GRE
We can encrypt our GRE tunnels using IPsec, and it is also possible to have GRE over IPSEC, in other words: Sending GRE header inside the IPsec transport headers. (transport mode instead of tunnel mode) What we are trying to cover in this text is IPsec over GRE tunnels (as a transport) not GRE over [...]
15 Jul
ASA Few/New Features
What ASA supports and what it does not! Cisco ASA Firewall has been around for couple of years since before PIX becoming obsolete… but it’s still lacking some critical (if not say Basic) features as well as following list. Does NOT support: Policy Based Routing GRE Tunnels and Interfaces PPTP BGP NetFlow (NSEL is [...]
25 Jun
CS MARS
Cisco CS-MARS (CSMARS) or Cisco Security Monitoring, Analysis, and Response System – provides security monitoring for network devices and host applications supporting both Cisco and other vendors. Origin: Protego Networks PN-MARS CS-MARS is an appliance based SIM (Security Information Management) and STM (Security Threat Mitigation) MARS OS Version 6 is the [...]
28 Mar
CCIE Security – DMVPN made easy
DMVPN stands for Dynamic Multipoint VPN, The good point about this kind of VPN is the Dynamic part of it… When your public address is dynamic and it changes all the time (like ADSL connections), you can use DMVPN to have your own VPN network utilizing dynamic addresses on spoke sites and a static [...]
14 Mar
IP Spoofing Wallpaper – RFC3330
Based on RFC3330 – Special-Use IPv4 Addresses, global and other specialized IPv4 address blocks that have been assigned by the Internet Assigned Numbers Authority (IANA), are important for mitigating IP Spoofing attacks. Download the Wallpaper to memorize, and block these networks on your edge/border gateway by Access-lists.
8 Mar
CCIE Security – Object Groups
Object-group are very useful for writing access-lists, there are four types of object-groups: Network Protocol Service ICMP type Example: object-group network Dubai network-object 10.14.0.0 255.255.0.0 network-object 10.104.0.0 255.255.0.0 network-object 10.204.0.0 255.255.0.0 object-group protocol MyProtocol protocol-object gre protocol-object esp object-group icmp-type MyICMP icmp-object echo icmp-object echo-reply icmp-object traceroute icmp-object unreachable icmp-object source-quench access-list 100 extended permit [...]
7 Mar
CCIE Security – Multiple Contexts
If you are not dependent on Multicast, VPN and dynamic routing features on your ASA, then you can go ahead and try virtualization on your ASA through having multiple contexts. Afterall, having a virtual firewall per customer for managed services is not a bad idea, as long as you can share physical interfaces between contexts [...]
Recent Comments