Cisco IOS Remote Access and Site to Site VPN on one router

Simultaneous use of Remote Access VPN and Site-to-Site VPN has a few caveats.

Important configuration lines:

1. crypto isakmp key Pr3sh4r3DKEY address 89.123.45.6 no-xauth
Make sure to include no-xauth for Site-to-Site VPN peer.

2. crypto map VPNMAP 65535 ipsec-isakmp dynamic DYNMAP
Dynamic map should be last in crypto map assigned to external interface. You may use 65535 here at is is maximum supported number.

Example of Cisco IOS configuration with multiple VPN connections on one router:

[code]

crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2

crypto isakmp key Pr3sh4r3DKEY address 89.123.45.6 no-xauth

crypto isakmp client configuration group REMOTEGROUP
key
dns 10.18.19.2
pool REMOTEPOOL
acl 110
!
!
crypto ipsec transform-set REMOTEVPN esp-3des esp-sha-hmac
!
crypto dynamic-map DYNMAP 10
set transform-set REMOTEVPN
!
!

crypto map VPNMAP client authentication list vpnuserauth
crypto map VPNMAP isakmp authorization list vpngroupauthor
crypto map VPNMAP client configuration address respond

crypto map VPNMAP 5 ipsec-isakmp
set peer 213.219.124.154
set transform-set REMOTEVPN
set pfs group2
match address VPN_ACL

crypto map VPNMAP 65535 ipsec-isakmp dynamic DYNMAP

ip local pool REMOTEPOOL 192.168.100.10 192.168.100.20

[/code]

BackTrack Remove disks or other media

After creating a bootable USB image for BackTrack 5 R3 with Unetbootin you may encounter an error:

[code]
Remove disks or other media
Press any key to restart
[/code]

This means you have incorrect image on USB drive.

Simple solution is to use a different ISO to USB utility:

You can download it from following URL:
http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/

Cisco 800W WiFi configuration example

Cisco 800-series devices have embedded AP in them.

Here is an example of simple configuration of wireless network on these routers (851W, 871W еtс).

In this example Network SSID: WiFi-SSID
Encryption is WPA-TKIP
WPA key: wpakey01
Network: 10.23.45.0/24

[code]

dot11 ssid WiFi-SSID
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 wpakey01

bridge irb

interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid WiFi-SSID

interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1

interface BVI1
ip address 10.23.45.1 255.255.255.0
ip nat inside
ip virtual-reassembly

bridge 1 protocol ieee
bridge 1 route ip

[/code]

You will probably want to have DHCP for wireless clients as well:

[code]

ip dhcp pool WiFi
network 10.23.45.0 255.255.255.0
default-router 10.23.45.1
dns-server 8.8.8.8 8.8.4.4

[/code]

Don’t forget to add new wireless network to your NAT rule, in order to reach out the Internet.

Dell PowerConnect switch firmware update

Step 1.
Download firmware archive from dell website: ftp://ftp.dell.com/Pages/Drivers/powerconnect-5548-all.html

Step 2 – Extract .ros and .rfb files and place them on TFTP server.
Copy .ros image to system partition and .rfb image to boot partition.

[code]
SW01# copy tftp:///powerconnect_55xx-4108.ros system
SW01# copy tftp:///powerconnect_55xx_boot-10014.rfb boot
[/code]

Step 3 – Check the current boot image.
[code]
GEKZNS02# show bootvar
[/code]

Unit Image Filename Version Date Status
—- —– ——— ——— ——————— ———–
1 1 image-1 4.0.1.11 16-Oct-2011 18:10:50 Active*
1 2 image-2 4.1.0.8 28-Aug-2012 11:17:36 Not active

“*” designates that the image was selected for the next boot

Step 4 – Change the active image to new firmware.
[code]
GEKZNS02# boot system image-2
[/code]

Step 5 – Verify the change.
[code]
GEKZNS02# show bootvar
[/code]

Unit Image Filename Version Date Status
—- —– ——— ——— ——————— ———–
1 1 image-1 4.0.1.11 16-Oct-2011 18:10:50 Active
1 2 image-2 4.1.0.8 28-Aug-2012 11:17:36 Not active*

“*” designates that the image was selected for the next boot

Step 6 – Reboot the switch
[code]
GEKZNS02# reload
[/code]

This command will reset the whole system and disconnect your current session. Do
you want to continue ? (Y/N)[N] Y
Shutting down …
Shutting down …
Shutting down …

CheckPoint SPLAT to Gaia migration script

CheckPont Gaia firewalls have new text-based configuration format.
Here you can download a script, that converts most of configuration on SPLAT system to new Gaia CLI commands, that can be pasted on to new system.

Script converts following data:

Interfaces (including bonding and vlans)
Routing
DNS
NTP

Bonding parameters and timezone data have to be preconfigured.

Script does not modify anything on the system, so it can be safely run on production systems.

Donwload:
splat2gaia.sh