Tuesday, March 23, 2010

Creating Site-to-Site VPNs with Pre-Shared Keys

Documentation:
1. Document your IKE Phase 1 negotiation criteria (example below)
  • Encryption algorithm: AES-128
  • Hashing: SHA-1
  • Authentication: pre-shared
  • Key exchange: Diffie-Hellman Group 2
2. Document your IPSec (IKE Phase 2) negotiation criteria (example below)
  • Encryption algorithm: esp-aes 128
  • Authentication: esp-sha-hmac
Configuring IKE Phase 1:
1. Enable ISAKMP: Router(config)#crypto isakmp enable
2. Create ISAKMP Policy: Router(config)#crypto isakmp policy <1-10000>
  • Router(config)#crypto isakmp policy 100
  • Router(config-isakmp)#encryption aes 128
  • Router(config-isakmp)#authentication pre-share
  • Router(config-isakmp)#group 2
  • Router(config-isakmp)#hash sha
3. Configure ISAKMP Identity: Router(config)#crypto isakmp identity <address/hostname>
4. Configure pre-shared keys: Router(config)#crypto isakmp key <key> address <remote_ip>
Configuring IKE Phase 2:
1. Create transform sets: Router(config)#crypto ipsec transform-set <name> <methods>
  • Router(config)#crypto ipsec transform-set JEREMY esp-aes 128 esp-sha-hmac
2. (optional) Configure IPSec lifetime: : Router(config)#crypto ipsec <seconds/kilobytes> <value>
3. Create mirrored ACLs defining traffic to be encrypted and the traffic expected to be received encrypted
4. Set up IPSec crypto-map: Router(config)#crypto isakmp map <name> <seq> ipsec-isakmp
  • Router(config)#crypto map MAP 100 ipsec-isakmp
  • Router(config-crypto-map)#match address <acl>
  • Router(config-crypto-map)#set peer <remote_ip>
  • Router(config-crypto-map)#set pfs <group1/2/5>
  • Router(config-crypto-map)#set transform-set <set>
Verify:
  • show crypto isakmp policy
  • show crypto ipsec transform-set
  • show crypto ipsec sa
  • show crypto map
  • debug crypto isakmp
  • debug crypto ipsec
at 6:53 AM 0 comments
Labels: , ,

Java configuration for IPS (IDM)



Step 1 Close all instances of Internet Explorer or Netscape.

Step 2 Click Start > Settings > Control Panel.

Step 3 If you have Java Plug-in 1.4.2 installed:

a. Click Java Plug-in.

The Java Plug-in Control Panel appears.

b. Click the Advanced tab.

c. Type -Xmx256m in the Java RunTime Parameters field.

d. Click Apply and exit the Java Control Panel.

Step 4 If you have Java Plug-in 1.5 installed:

a. Click Java.

The Java Control Panel appears.

b. Click the Java tab.

c. Click View under Java Applet Runtime Settings.

The Java Runtime Settings Panel appears.

d. Type -Xmx256m in the Java Runtime Parameters field and then click OK.

e. Click OK and exit the Java Control Panel.
at 5:14 AM 0 comments
Labels: , ,

Commonly Used Regular expressions

image
Technorati Tags:
at 3:21 AM 0 comments
Labels: , , , ,

Thursday, March 18, 2010

Configuring Router to Bridge mode in order to get the public IP to ASA

Technorati Tags:

At times when ISP drops an internet connection, it is needed to put the router in bridge mode so that the public ip address can be directly assigned on the inside firewall (any brand).

So you can put a cisco router in bridge mode this way;
bridge 1 protocol ieee

int fa0/0   <–connected to ISP (change interface accordingly)
no ip address
bridge-group 1

int fa0/1  <–connected to ASA (change interface accordingly)
no ip address
bridge-group 1
at 6:17 PM 0 comments
Labels: ,
Subscribe to: Posts (Atom)