Networking-Blog

My WordPress Blog

Categories

How to manage VLANs and virtual switches on ESXi/vSphere

VLANs are a great tool to manage business networks and VMware knows that very well. We’ll show you how you can configure ESX(i) to tag packets and how to create virtual switches for your VLANs.

Before reading the guide, it’s important to have VLANs configured in your network.

First of all, click F2 and access the ESX(i) console to enable VLAN architecture awareness. Select  “Configure Management Netowrk” :

Enable VLAN tagging specifying 4095 as value:

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-01
Enable VLAN tagging specifying 4095 as value:

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-02

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-03

Specify an IP address for the management network adapter:

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-04

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-05

Define DNS servers:

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-06

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-07

Press Esc and confirm:

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-08

Now your ESX(i) is VLAN architecture aware.

It’s time to launch the vSphere Client. Go to the Configuration tab and click Networking, you can see the management network with the 4095 tag:

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-09

Click Properties:

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-10

It’s time to remove the VM Network that will be replaced by the VLANs:

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-11

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-12

Create the VLANs with the IDs specified during the (physical) switch configuration clicking on Add:

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-13

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-14

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-15

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-16
how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-17

Let’s assign the VLANs to the virtual machines:

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-18

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-19

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-20

The final step is to add a second virtual switch using another network adapter. You must specify the VLAN ID of the desired network:

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-21

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-22

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-23

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-24

how-to-manage-a-vlan-aware-architecture-and-virtual-switches-with-ESXi-vSphere-25

If we try to change the network of the Srv1 virtual machine from SERVER ID 100 to VoIP ID 30, we will see the VM automatically assigned to the second vSwitch:

how to manage a vlan aware architecture and virtual switches with ESXi vSphere

how to manage a vlan aware architecture and virtual switches with ESXi vSphere

VM
No comments yet.

(No tags)

by admin

ASA – Group Object

Create a Object-Group icmp-type ICMP traffic :

object-group icmp-type INBOUND
description Permit necessary inbound ICMP traffic
icmp-object echo
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded

Create a Object-Group service for TCP traffic :

object-group service INBOUND tcp
description Inbound Access
port-object eq 3389
port-object range 9998 9999

BGP, CheckPoint, Cisco ASA, Cisco MPLS, Cisco Routers, Cisco Switch, FireBrick, FireWalls, Hot Standby, HP, IpTables, Linux, Microsoft, Routing Protocol, VM, xrio, Zyxel Router
No comments yet.

Tags: , , ,

by admin

ADSL2 v ADSL2+

There’s a common misconception that ADSL2+ is faster than ADSL2 on any line.
That’s not really the case. In simple terms,

ADSL2+ utilises twice the frequency range available on your phone line that ADSL2 does.
This again, in simple terms means twice as fast BUT that is only seen on short low attenuation lines.

If your line is only capable of supporting 7meg on ADSL2 then it’s only capable of supporting 7meg on ADSL2+
as it can only usually allow the use of the same frequencies for both (see below).

However, if you’re lucky enough to have a line that can support higher frequencies then you get up to :
 
12meg on ADSL2 (the maximum possible)
but up to
24meg on ADSL2+.

The cross over between ADSL2 and ADSL2+ is therefore in the 10-12 meg range (typically 35-40db if the line is relatively noise free).

It can give faster speeds but usually only on short lines as explained above.
The only time that wouldn’t be true is for a moderately short line
(that offered some higher frequencies above those usable by ADSL2)
that had induced noise at the lower frequencies and was clean at higher frequencies,
in which case ADSL2+ would possibly be better as it could use those higher frequencies.

There is also the possibility that a network uses equipment whose firmware works better in
certain conditions with specific ADSL modes hence why it is mentioned G.DMT sometimes being
better for problem lines.

BGP, CheckPoint, Cisco ASA, Cisco MPLS, Cisco Routers, Cisco Switch, FireBrick, FireWalls, Hot Standby, HP, IpTables, Linux, Microsoft, Routing Protocol, VM, xrio, Zyxel Router
No comments yet.

Tags: ,

by admin

Cisco: 1841 – 3G Configuration

This configuration example is for use with a 3G WIC card within a Cisco based
Router.

This was configured with a Vodafone Network.

Initialization

Place the SIM card into it, then insert the card in the router and power it on.

Create a Profile specific to your mobile ISP

  • Insert the APN told by your ISP (Vodafone UK: ‘Internet’ username: ‘web’ password: ‘web’)
  • Insert the authentication method (chap or pap) and the credentials, also supplied from your ISP

Below is an example of a Vodafone UK Cellar Profilule.
Router# cellular 0/0/0 gsm profile create 1 Internet chap web web

From the profile you’ve just created, you can review it using command

router# sh cellular 0 profile

Profile Information
====================
Profile 1 = ACTIVE
--------
PDP Type = IPv4
PDP address = 192.168.1.1
Access Point Name (APN) = Internet
Authentication = PAP
Username: web, Password: web 

* - Default profile

Configuration

You need to define a chat script first, which is used for modem setup and call
initialization. If you are familiar with IOS dial configurations, you feel at home.
Please note that the last number in the dial string (1 in the example below) refers
to the modem profile number you hopefully have defined earlier.

! your chat script
chat-script vodafone “” “ATDT*98*1#” TIMEOUT 60 CONNECT

! the bare interface config
! subcommands at the Cellular interface

interface Cellular0/0/0
ip address negotiated
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string vodafone
dialer-group 1
async mode interactive
ppp chap hostname web
ppp chap password 0 web
ppp ipcp dns request

!

ip route 0.0.0.0 0.0.0.0 Cellular0
dialer-list 1 protocol ip permit

! this is the async line assigned to the 3G modem
you need to specify your chat script here

line 0/0/0
script dialer vodaphone
no exec
rxspeed 3600000
txspeed 384000

If cellular int does not get an ip address, might need to go into
config t and add this line even thou we see it above :

line 0/0/0
script dialer vodaphone

!
!

show command:

Just in case you need it for troubleshooting, here are the show commands to use.

  • show cellular 0 network
  • show cellular 0 hardware
  • show cellular 0 connection
  • show cellular 0 radio
  • show cellular 0 profile
  • show cellular 0 security
  • show cellular 0 all Debug commands :
  • debug chat Rather than reloading the router to restart the module, you can
    actually using CLI to reset or reboot the module     :

    debug chat

    router(config)# service internal
    router(config)# exit
    router# test cellular 0 modem-power-cycle ! for rebooting
    router# test cellular 0 modem-reset ! for resetting

    debug commands :

    debug chat
    debug modem
    debug dialer events
    debug ppp authentication

  • Remember to create the Cellular Profile, after tftp config to router :
    cellular 0/0/0 gsm profile create 1 Internet chap web web
  • This is the bare configuration, you will need to add NAT, firewalls etc etc.
BGP, CheckPoint, Cisco ASA, Cisco MPLS, Cisco Routers, Cisco Switch, FireBrick, FireWalls, Hot Standby, HP, IpTables, Linux, Microsoft, Routing Protocol, VM, xrio, Zyxel Router
No comments yet.

Tags: , ,

by admin

Linux Video Driver Version Command

Video Driver Version Command

dmesg | grep NVIDIA
sudo lspci -vvnn | grep 10de

 

What I did from the command line is to find the packages for nvidia

(dpkg -l | grep nvidia)
and then
apt-get remove nvidia-173 

(or whatever package you get from the previous command).

The problem is that you will still have the nvidia modues listed in xorg.conf.
So, I also  mv /etc/X11/xorg.conf /etc/X11/xorg.conf_backup
and rebooted.

I landed in a graphical mode as usual, without the nvidia GL stuff,
but then there are graphical tools to set it up.

At this state, it’s safe to delete the xorg.conf backup you just created.

####################
Whenever I try to start my computer from kernel version 3 (it boots fine with 2.6) Kubuntu stops booting
altogether.

11.10 stops booting at “Checking battery state … [OK]”

I had to reinstall my graphics drivers.

sudo apt-get install --reinstall nvidia-173
BGP, CheckPoint, Cisco ASA, Cisco MPLS, Cisco Routers, Cisco Switch, FireBrick, FireWalls, Hot Standby, HP, IpTables, Linux, Microsoft, Routing Protocol, VM, xrio, Zyxel Router
No comments yet.

Tags: , ,

by admin

Home Linux Ubuntu Iptables Firewall Rule

# Generated by iptables-save v1.4.4 on Wed Dec 29 15:11:27 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT –reject-with icmp-port-unreachable
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 222 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 222 -m state –state NEW -m recent –update –seconds 60 –hitcount 8 –rttl –name SSH –rsource -j DROP
-A INPUT -d 172.16.254.3/32 -i eth0 -p tcp -m tcp –dport 8080 -j ACCEPT
-A INPUT -d 10.20.254.254/32 -i eth0 -p tcp -m tcp –dport 1723 -j ACCEPT
-A INPUT -d 172.16.254.3/32 -i eth0 -p udp -m udp –dport 7777 -j ACCEPT
-A INPUT -d 172.16.254.3/32 -i eth0 -p udp -m udp –dport 7778 -j ACCEPT
-A INPUT -d 172.16.254.3/32 -i eth0 -p udp -m udp –dport 7787 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 5800 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 5900 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 5901 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 5902 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 5938 -j ACCEPT
-A INPUT -s 10.20.254.249/32 -d 192.168.2.4/32 -i ppp0 -p tcp -m tcp –dport 139 -j ACCEPT
-A INPUT -s 192.168.6.0/29 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 139 -j ACCEPT
-A INPUT -s 172.16.254.3/32 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 139 -j ACCEPT
-A INPUT -s 172.16.254.3/32 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -s 10.0.0.0/24 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -s 10.0.1.0/24 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -s 192.168.6.0/29 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -s 10.20.254.249/32 -d 192.168.2.4/32 -i ppp0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -s 192.168.3.0/29 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -s 192.168.4.0/28 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -s 172.16.0.2/32 -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 445 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 21 -j ACCEPT
-A INPUT -s 192.168.2.1/32 -d 192.168.2.4/32 -i eth0 -p udp -m udp –dport 514 -j ACCEPT
-A INPUT -s 192.168.2.1/32 -d 192.168.2.4/32 -i eth0 -p udp -m udp –dport 9996 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p udp -m udp –dport 50518 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p tcp -m tcp –dport 50518 -j ACCEPT
-A INPUT -d 192.168.2.4/32 -i eth0 -p udp -m udp –dport 6881 -j ACCEPT
-A INPUT -s 192.168.2.1/32 -d 10.20.254.248/29 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 192.168.2.1/32 -d 172.16.254.2/32 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 192.168.2.1/32 -d 172.16.254.3/32 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 192.168.2.1/32 -d 172.16.254.3/32 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 192.168.4.0/28 -d 192.168.2.4/32 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 192.168.4.0/28 -d 172.16.254.3/32 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 192.168.6.0/29 -d 192.168.2.4/32 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 172.16.0.2/32 -d 192.168.2.4/32 -i eth0 -p icmp -j ACCEPT
-A INPUT -s 10.20.254.248/29 -d 10.20.254.248/29 -i ppp0 -p icmp -j ACCEPT
-A INPUT -s 10.20.254.249/32 -d 192.168.2.4/32 -i ppp0 -p icmp -j ACCEPT
-A INPUT -m limit –limit 5/min -j LOG –log-prefix “iptables denied: ” –log-level 7
-A INPUT -j DROP
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 80 -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -p tcp -m tcp –sport 8080 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 443 -j ACCEPT
-A OUTPUT -s 10.20.254.254/32 -p tcp -m tcp –sport 1723 -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -p udp -m udp –sport 7777 -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -p udp -m udp –sport 7778 -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -p udp -m udp –sport 7787 -j ACCEPT
-A OUTPUT -s 10.20.254.254/32 -p gre -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 5938 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 5900 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 21 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.2.1/32 -p tcp -m tcp –dport 2222 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.3.2/32 -p tcp -m tcp –dport 2223 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.4.2/32 -p tcp -m tcp –dport 2223 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.2.1/32 -p udp -m udp –dport 53 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 30000 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p icmp -j ACCEPT
-A OUTPUT -s 172.16.254.2/32 -d 192.168.2.1/32 -p icmp -j ACCEPT
-A OUTPUT -s 172.16.254.2/32 -d 172.16.254.1/32 -p icmp -j ACCEPT
-A OUTPUT -s 172.16.254.2/32 -d 172.16.254.3/32 -p icmp -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -d 172.16.254.1/32 -p icmp -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -d 172.16.254.2/32 -p icmp -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -d 192.168.2.4/32 -p icmp -j ACCEPT
-A OUTPUT -s 172.16.254.3/32 -d 192.168.4.0/28 -p icmp -j ACCEPT
-A OUTPUT -s 10.20.254.254/32 -d 192.168.2.1/32 -p icmp -j ACCEPT
-A OUTPUT -s 10.20.254.254/32 -d 192.168.2.4/32 -p icmp -j ACCEPT
-A OUTPUT -s 10.20.254.249/32 -d 192.168.2.4/32 -p icmp -j ACCEPT
-A OUTPUT -s 10.20.254.254/32 -d 10.20.254.249/32 -p icmp -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p udp -m udp –dport 69 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 23 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p udp -m udp –dport 123 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 81.103.221.11/32 -p tcp -m tcp –dport 25 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.2.1/32 -p udp -m udp –dport 514 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.2.1/32 -p udp -m udp –dport 161 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.2.1/32 -p udp -m udp –dport 162 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 4070 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 192.168.5.2/32 -p tcp -m tcp –dport 9100 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -d 94.136.40.61/32 -p tcp -m tcp –dport 110 -j ACCEPT
-A OUTPUT -s 192.168.2.4/32 -p tcp -m tcp –dport 1024:65535 -j ACCEPT
-A OUTPUT -m limit –limit 5/min -j LOG –log-prefix “iptables denied: ” –log-level 7
-A OUTPUT -j DROP
COMMIT
# Completed on Wed Dec 29 15:11:27 2010
# Generated by iptables-save v1.4.4 on Wed Dec 29 15:11:27 2010
*nat
:PREROUTING ACCEPT [430:32842]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [2773:170524]
COMMIT
# Completed on Wed Dec 29 15:11:27 2010
# Generated by iptables-save v1.4.4 on Wed Dec 29 15:11:27 2010
*mangle
:PREROUTING ACCEPT [1735576:104189954]
:INPUT ACCEPT [1735512:104181797]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2877496:3782379744]
:POSTROUTING ACCEPT [2874912:3782220690]
COMMIT
# Completed on Wed Dec 29 15:11:27 2010

BGP, CheckPoint, Cisco ASA, Cisco MPLS, Cisco Routers, Cisco Switch, FireBrick, FireWalls, Hot Standby, HP, IpTables, Linux, Microsoft, Routing Protocol, VM, xrio, Zyxel Router
No comments yet.

Tags: ,

by admin

PIX/ASA 7.x Easy VPN with an ASA 5500 as the Server and PIX 506E as the Client

ezvpn-asa5500-506e-1.gif

Easy VPN Server (ASA 5520)


!— Configure the outside and inside interfaces.

interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 10.20.20.1 255.255.255.0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.22.1.1 255.255.255.0
!
!

!— This access list is used for a nat zero command that prevents
!— traffic which matches the access list from undergoing
!— network address translation (NAT).

access-list no-nat extended permit ip 172.22.1.0 255.255.255.0 172.16.1.0 255.255.255.0

!— This access list is used to define the traffic
!— that should pass through the tunnel.
!— It is bound to the group policy which defines
!— a dynamic crypto map.

access-list ezvpn1 extended permit ip 172.22.1.0 255.255.255.0 172.16.1.0 255.255.255.0
!
!

!— Specify the NAT configuration.
!— NAT 0 prevents NAT for the ACL defined in this configuration.
!— The nat 1 command specifies NAT for all other traffic.

global (outside) 1 interface
nat (inside) 0 access-list no-nat
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 10.20.20.2 1
!
!

!— This defines the group policy you use with EasyVPN.
!— Specify the networks
!— that should pass through the tunnel and that you want to
!— use network extension mode.

group-policy myGROUP internal
group-policy myGROUP attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ezvpn1
nem enable
webvpn

!— Here the username and password associated with
!— this VPN connection are defined.  You
!— can also use AAA for this function.

username cisco password 3USUcOPFUiMCO4Jk encrypted
!
!

!— PHASE 2 CONFIGURATION —!
!— The encryption types for Phase 2 are defined here.
!— A single DES encryption with
!— the md5 hash algorithm is used.

crypto ipsec transform-set mySET esp-des esp-md5-hmac

!— Defines a dynamic crypto map with
!— the specified encryption settings.

crypto dynamic-map myDYN-MAP 5 set transform-set mySET

!— Binds the dynamic map to the IPsec/ISAKMP process.

crypto map myMAP 60 ipsec-isakmp dynamic myDYN-MAP

!— Specifies the interface to be used with
!— the settings defined in this configuration.

crypto map myMAP interface outside

!— PHASE 1 CONFIGURATION —
!— This configuration uses isakmp policy 1.
!— The configuration commands here define the Phase
!— 1 policies that are used.

isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400

!— The tunnel-group commands bind the configurations
!— defined in this configuration to the tunnel that is
!— used for EasyVPN.  This tunnel name is the one specified on the remote side.
!— defined in this configuration to the tunnel that is
!— used for EasyVPN.  This tunnel name is the one specified on the remote side.

tunnel-group mytunnel type ipsec-ra
tunnel-group mytunnel general-attributes
default-group-policy myGROUP
tunnel-group mytunnel ipsec-attributes
!
— The pre-shared-key used here is “cisco”.

pre-shared-key *

Easy VPN Remote Hardware Client :

PIX Version 6.3(5)

!— Brings the interfaces out of a shutdown state.

interface ethernet0 auto
interface ethernet1 auto

!— Assign the interface names.

nameif ethernet0 outside security0
nameif ethernet1 inside security100!
!

!— Assign the interface IP addresses.

ip address outside 10.10.10.1 255.255.255.0
ip address inside 172.16.1.1 255.255.255.0
!
!— Set the standard NAT configuration.
!— EasyVPN  provides the NAT exceptions needed.

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
!
!— Specify the default route.

route outside 0.0.0.0 0.0.0.0 10.10.10.2 1
!

!— EasyVPN Client Configuration —
!— Specify the IP address of the VPN server.

vpnclient server 10.20.20.1

!— This example uses network extension mode.

vpnclient mode network-extension-mode

!— Specify the group name and the pre-shared key.

vpnclient vpngroup mytunnel password ********

!— Specify the authentication username and password.

vpnclient username cisco password ********

!—- After you issue this command, the tunnel is established.

Summary :

ASA :

interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 10.20.20.1 255.255.255.0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.22.1.1 255.255.255.0
!
access-list no-nat extended permit ip 172.22.1.0 255.255.255.0 172.16.1.0 255.255.255.0
!
access-list ezvpn1 extended permit ip 172.22.1.0 255.255.255.0 172.16.1.0 255.255.255.0
!
nat (inside) 0 access-list no-nat
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 10.20.20.2 1
!
group-policy myGROUP internal
group-policy myGROUP attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ezvpn1
nem enable
webvpn
!
username cisco password 3USUcOPFUiMCO4Jk encrypted
!
crypto ipsec transform-set mySET esp-des esp-md5-hmac
crypto dynamic-map myDYN-MAP 5 set transform-set mySET
crypto map myMAP 60 ipsec-isakmp dynamic myDYN-MAP
crypto map myMAP interface outside
!
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
!
tunnel-group mytunnel type ipsec-ra
tunnel-group mytunnel general-attributes
default-group-policy myGROUP
tunnel-group mytunnel ipsec-attributes
pre-shared-key *

PIX Client : Easy VPN Client :

interface ethernet0 auto
interface ethernet1 auto
!
nameif ethernet0 outside security0
nameif ethernet1 inside security100
!
ip address outside 10.10.10.1 255.255.255.0
ip address inside 172.16.1.1 255.255.255.0
!
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
!
route outside 0.0.0.0 0.0.0.0 10.10.10.2 1
!
vpnclient server 10.20.20.1
vpnclient mode network-extension-mode
vpnclient vpngroup mytunnel password ********
vpnclient username cisco password ********

!—- After you issue this command, the tunnel is established.

BGP, CheckPoint, Cisco ASA, Cisco MPLS, Cisco Routers, Cisco Switch, FireBrick, FireWalls, Hot Standby, HP, IpTables, Linux, Microsoft, Routing Protocol, VM, xrio, Zyxel Router
No comments yet.

Tags: , ,

by admin

Linux Find List of Hardware

Run lsmod to find the modules that are loaded (probably quite a few) and use “lspci” to list your hardware.. find the ethernet card and compare to the lsmod output

Code :

lspci | grep Ethernet

Command will give you the names of the ethernet pci devices
AdditionalCommands :

dmesg | grep ‘Ethernet driver’
grep eth0 /etc/modules.conf

Additional Commands :

lspci – list all PCI devices

OPTIONS

-v
Tells lspci to be verbose and display detailed information about all devices.
-vv
Tells lspci to be very verbose and display even more information (actually everything the PCI device is able to tell). The exact meaning of these data is not explained in this manual page, if you want to know more, consult /usr/include/linux/pci.h or the PCI specs.

-n
Show PCI vendor and device codes as numbers instead of looking them up in the PCI ID database.
-x
Show hexadecimal dump of first 64 bytes of the PCI configuration space (the standard header). Useful for debugging of drivers and lspci itself.

-b
Bus-centric view. Show all IRQ numbers and addresses as seen by the cards on the PCI bus instead of as seen by the kernel.
-t
Show a tree-like diagram containing all buses, bridges, devices and connections between them.
BGP, CheckPoint, Cisco ASA, Cisco MPLS, Cisco Routers, Cisco Switch, FireBrick, FireWalls, Hot Standby, HP, IpTables, Linux, Microsoft, Routing Protocol, VM, xrio, Zyxel Router
No comments yet.

Tags: , , ,

by admin

Linux Repository

Adjust your repository settings :

Add one of the following lines according to your distribution to your /etc/apt/sources.list:

vi /etc/apt/sources.list ( package in this case is virtualbox ).

deb http://download.virtualbox.org/virtualbox/debian maverick contrib
deb http://download.virtualbox.org/virtualbox/debian lucid contrib
deb http://download.virtualbox.org/virtualbox/debian karmic contrib

save file then run the kernal update :

apt-get update

then run :


sudo apt-get install virtualbox-4.0 (this will fetch and install the software).
BGP, CheckPoint, Cisco ASA, Cisco MPLS, Cisco Routers, Cisco Switch, FireBrick, FireWalls, Hot Standby, HP, IpTables, Linux, Microsoft, Routing Protocol, VM, xrio, Zyxel Router
No comments yet.

Tags:

by admin