I was labbing and somehow I managed to lockout my administrator account
An administrator can enter an incorrect password enough times to disable the account. The minimum and default number of attempts is five.
The account will be locked and can only be locked by mounting the ISO and resetting a new password for the admin.
To recover we need to reload the appliance and mount the ISO.
[q] Quit and reload
After that the password is reset for the admin account we can login to the CLI interface to reset the user and password for the WEB interface.
This is done by executing the command:
application reset-passwrd ise <ADMIN-WEB-USER>
After the successful reset we can login to the webinterface.
We have multiple IPSEC Site-to-Site VPN tunnels within our company. The purpose of the VPN tunnels is to connect specific applications which are allocated within other companies. In production environments it is highly discouraged to change and test configurations. Because the Business these days does not accept any downtime.
Because of this i have chosen to emulate and learn the concepts of Site-to-Site IPSEC tunnels within a Lab environment.
Cisco ASA firewalls are expensive. For this reason I have chosen to emulate the software in GNS3.
GNS3 is free to download.
For more information follow this link: http://www.gns3.net/
Preparation in GNS3
Before we start with configuring the is a lot of preparation that needs to be done.
Step 1: What are the requirements? In this case a site-2-site IPSEC VPN. So we need 2 sites, 2 different networks, 2 firewalls in which 1 is a ASA.
Step 2: Design a Topology.
Geplaatst in Cisco |
Getagged asa, cisco, cisco vpn, crypto, ike, ipsec, isakmp, s2s, site to side, site to site, vpn |
Setting up clientless vpn for ASA 5505
It works probable the same on a ASA 5510, 5520, etc. However no guarantees.
Before we get started you need the following:
Internal network in this example will be: 10.110.0.0 /16
Outside network IP address will be: 192.168.10.250 (in normal usage the asa would have a public ip. But i am currently in a test lab where i have the asa behind another gateway.)
Geplaatst in Cisco |
Getagged 5505, asa, asa 5505, asa portal, asa vpn, cisco, clientless, clientless vpn, isakmp, Nat, nat traversal, vpn |
I was recently preparing for a ccnp-switch exam.
I came on the topic etherchannel and wanted to document the steps for a layer 2 and layer 3 etherchannel.
username test password A!#F$F encrypted privilige 15 (* 15 is highest level. User is in God mode.)
aaa authentication ssh console LOCAL (* LOCAL is CASE SENSITIVE)
crypto key generate rsa general-keys modules 2048
The keys will be generated.
There are 3 possibilities for vlan tagging on a ESX host. The following description is only for the VST mode. The other 2 (EST and VGT mode) are not described in the following procedure:
I had bought 2 cisco 2950 switches for my education. The guy who sell them to me told me he had lost the passwords. So i started looking for a hard reset.
In the following instructions I am going to reset the switch to defaults:
Step 1: boot the switch and hold the mode button.