This posts covers implementing a 'tunnel VRF' topology detailed in <this post>. Essentially we are providing a method of routing between customer VRs across a WAN via (IPSec) tunnel, without needing to import the WAN routing table prefixes into customer VR. Arguably you could have the customer and WAN prefixes in one routing table and... Continue Reading →
Multi route table with PBF and VPN server
Linux policy based routing and lots of VPNs.
wireguard remote access VPN using FreeBSD
Configure FreeBSD as a remote access VPN server terminating Wireguard tunnels
Raspberry Pi – remote site IPSec wireless router
This post on CSC caught my attention and reminded me of the challenges thrown up whilst working my first IT job at a charity. Typically trying to stitch together enterprise solutions for the bare minimum price. At time of writing to two replies to the post come in at $700 (C881W) and $670 (MX64W). The... Continue Reading →
tunnel VRF
This post came about after answering a question on CSC regarding tunnels and VRF, and will elaborate on the the use case I suggested. Imagine two sites with multiple VRFs which need to communicate intra-VRF over a public WAN, lets run through the configuration options: Option A Each VRF would require a public IP which... Continue Reading →
IOS SSL VPN – tunnel mode
This configuration details how to setup an SSL VPN in 'tunnel mode' on a router running v15 IOS. Such a configuration could be run implemented on a small to mid-size remote site utilising an ISR router. Firstly install the AnyConnect package onto the router: ! webvpn install svc flash:/anyconnect-linux-64-4.2.01035-k9.pkg sequence 1 ! Confirm the package... Continue Reading →
IKEv1 and IKEv2 between IOS router and ASA
I recently upgraded the IPSec tunnel running between a customer site and my ASA used for SNMP monitoring. The same customer was also having ADSL2 issues at another site so a spare ISR G1 (1841) router from my lab was deployed. Problem with the first generation ISR is that they do not support IKEv2. This... Continue Reading →
Cisco ASA IPv6 Site-to-Site IPSec IKEv2 VPN
Cisco ASA IPv6 Site-to-Site IPSec IKEv2 VPN I took delivery of a 5545-X from Bedfont Lakes to evaluate in my IPv6 lab; this post covers the steps to connect two ASA’s via IPv6 IPSec VPN. Current Cisco configuration documentation shows the use of 3des encryption and MD5 hashing functions. According to the Cisco document on... Continue Reading →
Cisco ASA – configuring PPTP VPN
The Point-to-Point Tunnelling Protocol is a VPN implementation created by Microsoft to allow remote users access to secured networks via a PPTP server. Two protocols are used; a TCP control channel on port 1723 and a GRE tunnel to encapsulate the PPP packets. The ASA uses packet inspection to detect the control packets and allow... Continue Reading →