Linux policy based routing and lots of VPNs.
This post on CSC caught my attention and reminded me of the challenges thrown up whilst working my first IT job at a charity. Typically trying to stitch together enterprise solutions for the bare minimum price. At time of writing to two replies to the post come in at $700 (C881W) and $670 (MX64W). The... Continue Reading →
This post came about after answering a question on CSC regarding tunnels and VRF, and will elaborate on the the use case I suggested. Imagine two sites with multiple VRFs which need to communicate intra-VRF over a public WAN, lets run through the configuration options: Option A Each VRF would require a public IP which... Continue Reading →
This configuration details how to setup an SSL VPN in 'tunnel mode' on a router running v15 IOS. Such a configuration could be run implemented on a small to mid-size remote site utilising an ISR router. Firstly install the AnyConnect package onto the router: ! webvpn install svc flash:/anyconnect-linux-64-4.2.01035-k9.pkg sequence 1 ! Confirm the package... Continue Reading →
I recently upgraded the IPSec tunnel running between a customer site and my ASA used for SNMP monitoring. The same customer was also having ADSL2 issues at another site so a spare ISR G1 (1841) router from my lab was deployed. Problem with the first generation ISR is that they do not support IKEv2. This... Continue Reading →
Cisco ASA IPv6 Site-to-Site IPSec IKEv2 VPN I took delivery of a 5545-X from Bedfont Lakes to evaluate in my IPv6 lab; this post covers the steps to connect two ASA’s via IPv6 IPSec VPN. Current Cisco configuration documentation shows the use of 3des encryption and MD5 hashing functions. According to the Cisco document on... Continue Reading →
The Point-to-Point Tunnelling Protocol is a VPN implementation created by Microsoft to allow remote users access to secured networks via a PPTP server. Two protocols are used; a TCP control channel on port 1723 and a GRE tunnel to encapsulate the PPP packets. The ASA uses packet inspection to detect the control packets and allow... Continue Reading →