Saturday, November 29, 2014
Saturday, October 18, 2014
Sunday, September 14, 2014
Saturday, September 13, 2014
Friday, September 12, 2014
Monday, September 8, 2014
Sunday, August 17, 2014
Friday, August 15, 2014
Thursday, August 14, 2014
Monday, August 11, 2014
Friday, August 8, 2014
Thursday, August 7, 2014
IPS Initial Setup
Cisco IPS Sensor Family
IPS 4200 Series Sensors
Special requirements: jre 1.7.~ (By default SSL 2.0 is disabled. It must be enabled in java advanced option in Windows 7 which is a management computer)
e0 port in GNS3 IDS 4240 is Out-of-Band Management port.
Boot up IPS -> ID & Password (by default Username: cisco, Password: cisco) -> change default Password
Type 'setup'
It will ask for ip address and default gateway, by default 192.168.1.2/24, 192.168.1.1.
Change to '192.168.2.120/24,192.168.2.1'
Next, set hostname 'MSensor'
Next, modify current access list, by default '192.168.1.0/24', delete 192.168.1.0/24 and permit 192.168.2.0/24.
Next, just Enter until 'Exit Option' shows up.
Type '2' which is save the configuration and exit.
Now you can connect IPS from Windows 7 (192.168.2.254/24)
Open internet explorer, and go to https://192.168.2.120
The certificate is self-signed certificate, and that's why there is certificate warning massage.
Click 'Run IDM'
Don't forget the java setting: enable SSL 2.0, and add 'https://192.168.2.120' to exception site list.
This is the Cisco IDM.
Tuesday, August 5, 2014
IPsec site-to-site VPN: IKEv2
IPsec Site-to-Site VPN
Scenario: HQ(Public IP address: 192.168.1.141/24) wants to access to a branch office(Public IP address: 192.168.1.146/24). with secured connection.
Requirements: Two ASA 5520, ASDM, knowledge of cryptography.
Monday, August 4, 2014
IPsec Remote Access VPN: IKE v1
Scenario:
Outside users want to connect inside network of MGK company by using IPsec Remote Access VPN.
Sunday, August 3, 2014
Friday, August 1, 2014
Clientless SSL VPN - Smart turnnel 2 (specific applications)
Smart tunnel 1 is for all applications to connect inside network.
This chapter will go to configure specific applications that can connect inside network using smart tunnel.
1. Add smart tunnel application lists: the name is Smart_List, and applications are RDP and Putty.
This chapter will go to configure specific applications that can connect inside network using smart tunnel.
1. Add smart tunnel application lists: the name is Smart_List, and applications are RDP and Putty.
Clientless SSL VPN - Smart tunnel 1 (all applications)
Smart tunnel make internet users to use a variety of application locally with Clientless ssl vpn which is similar to plug-ins. However, there is a big difference that when you use smart tunnel function, you can use applications outside of web site.
1. Apply Smart Tunnel to Group Policy: This will open all application through Clientless vpn.
1. Apply Smart Tunnel to Group Policy: This will open all application through Clientless vpn.
Uncheck Web acls for test purpose.
Clientless ssl VPN - plug-ins
Cisco plug-ins give more options to outside users to access inside devices such as Remote Desktop Access, VNC and SSH.
I'm going to add RDP, VNC and SSH plug-ins to ASA.
So that, people in internet with clientless ssl vpn can access inside network with more options.
First, add plug-ins to ASA. you have to copy the plug-ins from tftp to Flash.
I'm going to add RDP, VNC and SSH plug-ins to ASA.
So that, people in internet with clientless ssl vpn can access inside network with more options.
First, add plug-ins to ASA. you have to copy the plug-ins from tftp to Flash.
ASA_VPN Network
VPN Test Network
Inside Network: 192.168.0.0/24
Management Network: 172.16.0.0/24
Internet Test PC: 192.168.1.151/24
Publick IP address: 192.168.1.141/24
Scenario: outside user(192.168.1.151 / Windows 7) connects inside network through VPNs to use inside services such as Web, RDP (Remote Desktop Protocol), VNC, SSH and ftp services.
Type of VPNs
1. Web VPN (Clientless SSL VPN)
2. Anyconnect SSL VPN
3. IPsec Remote Access VPN
4. Site to Site IPsec VPN
Monday, July 7, 2014
Thursday, July 3, 2014
Friday, June 27, 2014
Thursday, June 26, 2014
Wednesday, June 25, 2014
Monday, June 23, 2014
ASA routing
In the case of adding other network in inside, ASA needs to learn about the route.
Simply add static route on ASA like ' ip route 192.168.1.0 255.255.255.0 192.168.0.100 (interface ip address of Inside_net_offices.
Static route
Subscribe to:
Posts (Atom)