Networking

Lately, I’ve been implementing a solution to make SSH connections more secure and manageable (i.e., getting away from password authentication). A couple of benefits public-key authentication has over the default password authentication is: Memorize only the passphrase of your private key rather than possibly dozens of username/password combinations for remote hosts. A password sent across the network, even protected by an SSH secure channel, can be captured when it arrives on the remote host if that host has been compromised. Steps Generate the key pair. RSA authentication will need a passphrase to encrypt the private key. It’s highly recommended to create a strong passphrase for the private key. A strong passphrase is at least 10 - 15 characters long and not a grammatical sentence. The following command creates a 4096-bit RSA key pair and also prompts you for a passphrase: ...

I recently had to configure Inter-VLAN routing at a client’s site. I don’t have to perform this task on a regular basis, so I figured I would make a post of a sample implementation for future reference. Ingredients used for this post: Cisco 2811 Router Cisco Catalyst 3560 Cisco Catalyst 2950 Steps Configure the Corp router. enable conf t int fa 0/1 description Link_to_L3SW ip address 172.17.17.9 255.255.255.252 no shut end copy run start Configure the Cisco Catalyst 3560 switch. enable conf t vtp mode server vtp domain test vtp password test vlan 10 name Marketing exit vlan 20 name IT exit int gi 0/1 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate exit ip routing int vlan 1 ip address 10.100.1.1 255.255.255.0 no shut exit int vlan 10 ip address 10.100.10.1 255.255.255.0 no shut exit int vlan 20 ip address 10.100.20.1 255.255.255.0 no shut exit int fa 0/24 no switchport ip address 172.17.17.10 255.255.255.252 no shut exit ip route 0 0 172.17.17.9 end copy run start Configure the Cisco Catalyst 2950 switch. enable conf t vtp mode client vtp domain test vtp password test int fa 0/1 - 4 switchport mode access switchport access vlan 10 exit int fa 0/5 - 8 switchport mode access switchport access vlan 20 exit int gi 0/1 switchport trunk encapsulation dot1q switchport mode trunk switchport mode nonegotiate exit int vlan 1 ip address 10.100.1.2 255.255.255.0 no shut exit ip default-gateway 10.100.1.1 end copy run start

This post is a guide to configure a Cisco Adaptive Security Appliance (ASA) device to perform remote access SSL VPN with the stand-alone Cisco AnyConnect VPN client. I followed a few tutorials on the web (including a couple of examples from the Cisco website), but I failed to implement a complete solution. The following recipe has been thoroughly tested and verified. Ingredients used for this post: Cisco 5500 Series ASA with software version 8.0(2) Cisco AnyConnect SSL VPN client version for Windows 2.3.0254 1. Copy AnyConnect package to the Cisco ASA device. ...