Saturday, August 15, 2009

VPN lan2lan using ASA template!

Hi,

If you intend to create a VPN connection using two ASAs, and you have already two static IPs at both sites, then you only need the following:

access-list inside-voice_NAT_outside extended permit ip <source lan subnet> <source lan mask> <dest. lan subnet> <dest. lan mask>
access-list outside_cryptomap_voice-inside extended permit ip <source lan subnet> <source lan mask> <dest. lan subnet> <dest. lan mask>

nat (inside-voice) 0 access-list inside-voice_NAT_outside


route outside 0.0.0.0 0.0.0.0 <DGW IP> 1



crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto map outside_map 20 match address outside_cryptomap_voice-inside
crypto map outside_map 20 set peer <Peer IP address>
crypto map outside_map 20 set transform-set ESP-AES-256-SHA
crypto map outside_map interface outside

crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400




tunnel-group <Peer IP address> ipsec-attributes
pre-shared-key <a key of your choice>


#END

I will add all kind of VPN config here, as well as I will try to make the same with Vyatta not only Cisco.

I hope it will help!
;)


Posted by at No comments:
Labels:

Thursday, July 9, 2009

My new MacBook Pro 15"

Hi,

I have purchased my new MacBook Pro 15" last week, I would like to share with all some pics of my new MAC ;)


Posted by at No comments:
Labels:

Monday, April 20, 2009

Ethernet Layer 2 Addressing & Switching and Bridging Logic

Layer 2 address is basically the MAC address, and there are three major types of MAC addresses:

Unicast: individual device to receive the frame

Multicast: group of devices to receive the frame, like radio, one transmit and group receive

Broadcast: all devices in the current network segment, always = FFFFFFFFFFFF







I/G = Individual group, 0 means unicast, 1 means multicast.

U/G = Universal group, 0 means the address in vendor assigned, 1 means the address is administratively assigned, overriding the vendor-assigned address.



So, the first byte of the MAC address is either 00, 01, 02, 03:

00 = unicast, vendor assigned

01 = multicast, vendor assigned

02 = unicast, administratively assigned

03 = multicast, administratively assigned


By setting the MAC address administratively (by hand), the device driver would not enforce the U/G to be 1, so we are able to set the MAC address to some freaky address of our choice, yet when it is being dynamically set, the U/G will be set to 1 automatically.


Here is the Switch behavior whenever a frame hits an interface incoming:

Type of Address

Switch Action

Known Unicast

Forwards frame out the single interface associated with the destination address

UnKnown Unicast

Floods frame out all interfaces, except the interface on which the frame was received

Multicast

Floods frame identically to unknown unicasts

Broadcast

Floods frame identically to unknown unicasts, unless multicast optimizations are configured


Thanks
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)