This week i have started reviewing all the concepts which are part of the ccnp-route exam. I have succesfully made some prefix-lists which i wanted to share with you guys :).
With the command: wmic useraccount get name,sid
executed within the command prompt will show the sid’s of the existing users.
Now that we have finished phase 1 it is time to look at phase 2.
In phase 2 we will configure a site-to-site vpn tunnel throughout the ASDM wizard. I know it is better by cli. But i am new to Site-to-Site VPN and before you can understand the concept you need to start with the easy way. In phase 3 we will manual configure a ipsec site-to-site tunnel and give tips about what is required to be the same on both sides and what can be different.
Step 1: Create the local and remote subnet on both ASA’s
Config ASA1:
object network Local_Networks_VPN_To_Amsterdam
subnet 192.168.12.0 255.255.255.0
object network Remote_Networks_VPN_To_Heerlen
subnet 172.16.24.0 255.255.255.0
Config ASA2:
object network Local_Networks_VPN_To_Amsterdam
subnet 172.16.24.0 255.255.255.0
object network Remote_Networks_VPN_To_Heerlen
subnet 192.168.12.0 255.255.255.0
Look at this document for a step-by step guide on how it is created.
Very Important!
This is required. If no traffic is submitted the tunnel will stay down.
Why does something needs to be up when there is no traffic for the remote site?
Step 3 is also encluded in the guide with step 2.
We have multiple IPSEC Site-to-Site VPN tunnels within our company. The purpose of the VPN tunnels is to connect specific applications which are allocated within other companies. In production environments it is highly discouraged to change and test configurations. Because the Business these days does not accept any downtime.
Because of this i have chosen to emulate and learn the concepts of Site-to-Site IPSEC tunnels within a Lab environment.
Cisco ASA firewalls are expensive. For this reason I have chosen to emulate the software in GNS3.
GNS3 is free to download.
For more information follow this link: http://www.gns3.net/
Preparation in GNS3
Before we start with configuring the is a lot of preparation that needs to be done.
Topology 1
the purpose of a loopback adapter is to communicate as if you were on a real network.
To create a loopback adapter in Windows 7 follow the following steps:
Step 1: Click Start and type in the following command: Hdwwiz.exe
Setting up clientless vpn for ASA 5505
It works probable the same on a ASA 5510, 5520, etc. However no guarantees.
Before we get started you need the following:
Internal network in this example will be: 10.110.0.0 /16
Outside network IP address will be: 192.168.10.250 (in normal usage the asa would have a public ip. But i am currently in a test lab where i have the asa behind another gateway.)
I was recently preparing for a ccnp-switch exam.
I came on the topic etherchannel and wanted to document the steps for a layer 2 and layer 3 etherchannel.
conf t
hostname ASA-5505
domain-name 2ictsupport.local
username test password A!#F$F encrypted privilige 15 (* 15 is highest level. User is in God mode.)
aaa authentication ssh console LOCAL (* LOCAL is CASE SENSITIVE)
crypto key generate rsa general-keys modules 2048
The keys will be generated.
I usually use start, run, dsa a lot when i want to manage active directory users and computers.
For everbody who is looking for the complete list here it is: