So, you have discovered in your authentication logs that an ip range explicitly blocked, denied by default or even geo-blocked is somehow still attempting to gain VPN access? Since VPN traffic is going to the FTD and not through the FTD, it is handled by the control-plane rather than the data-plane. Fortunately, a solution is available, although imperfect, through the use of FlexConfig.
Continue reading Firepower Access Control Policy not blocking VPN connections
If you’ve been in the IT industry for any amount of time you are likely to have ran across fiber optic patch cables in use in various different installations. Typically, you will most often see fiber optic cables used for an uplink to an internet service provider, in between network devices between buildings in a campus network, or in a datacenter where large amounts of bandwidth and high speeds are required.
Continue reading Fiber Factoids, Part 1 – A primer on common fiber optic cable types
There are several names for a null route, such as a “bit bucket”, a “black hole”, or just a null0 route. They all refer to the same basic mechanism that points traffic to a virtual interface on a router. That in turn is used for managing unwanted traffic to prevent loops or entering routes into the RIB (routing information base) of a router.
Continue reading What is a null route and why do I need one?Many admins inadvertently design a sinkhole by null routing unused ranges within their core in order to limit unnecessary traffic. Some may even advertise these ranges from a Linux server running zebra or quagga for advanced alerting while monitoring for the propagation of worms or enumeration scans. In this post, we will discuss a similar idea for DNS using Firepower.
Continue reading FIREPOWER DNS Sinkhole
Meraki is a pretty well known company, and has been a part of Cisco since 2012. There are a multitude of cloud based managed Wi-Fi solutions, but Meraki is one of the most prolific and has a variety of cloud managed products to suit most any size company’s needs. Several of their devices have similar setup steps, but today we will cover the initial out of the box setup of a Meraki MX64 security appliance that will have your MX appliance online and configured in your dashboard in no time.
Continue reading
Sometimes you may want to quickly block a scanning/probing IP address without having to deal directly with the Access Control Policy. This can be done in the FMC within the Events view. Go to Analysis -> Connections -> Events
Depending on volume of traffic, you may have to click ‘Edit Search‘ and look by Initiator or Responder IP. Once found, right-click on the IP address and select ‘Blacklist IP Now‘ and confirm,
Continue reading Blacklist an IP in Firepower
Cisco’s ASR1000 series of routers come in many form factors that all provide a number of different features, and options in terms of scalability. One thing common to all of the devices in this product line is that their IOS XE software that performs all of the standard routing operations for the platform is running on top of a Linux kernel. This post describes how to enter a linux shell on your router and run some basic linux commands to really get an idea of what your router has going on under the hood so to speak.
Do so at your own risk, as Cisco’s advises to only use this under their supervision of Cisco Support. This post is limited to viewing different things to get an idea of what is underlying on the system. It’s best to err on the side of caution and NOT do this on a production router, and be expecially careful to not edit/delete anything that’s vital as a mistake at this level of the router can cause major issues with any or all functions of the device.
With that being said, let’s dig in. For this demonstration I opened a shell into the RP, or the route processor of the router. The ASR1000 series routers consists of a chassis/slots/cards, which make up the physical Continue reading Logging into a Linux shell from a Cisco ASR1000 Series Router
Site to site VPN tunnels are static tunnels setup between two network devices over the internet to allow multiple locations behind different firewalls access the same internal resources over a secure tunnel across the internet.
Remote access VPN is primarly used for remote workers to access internal resources from outside the network. This type of VPN involves a software client configured on a user’s PC to contact the security gateway (ASA) or other device and establish a secure tunnel dynamically between the security gateway and the user’s software client so that the user’s traffic exiting their PC is tunneled through the VPN setup by the software client on the PC.
In our example we have two Cisco ASA firewalls running 8.3(x) code or below. There are slight command differences in newer code versions so for the Continue reading Setting up a Site-to-Site VPN between Cisco ASA’s Using the CLI
NAT stands for network address translation; this is a process of modifying an IP packet as it transits a network. This involves a router or firewall modifying the IP information in packets that are passed through the network boundary that is performing the address translation. The most common use of NAT is to translate a private address to a public addresses at a firewall/router, which separates an intranet network from the internet. As traffic originates from the internal side of the network boundary, the IP information in the packet is changed to a public IP address that is routable on the internet. Once traffic returns to the firewall, the NAT translations table that is stored on the device maps the public IP back to the private IP address, and forwards the information to the correct internal IP address that requested it.
While you can do different types of NATing, the most widely used configurations are dynamic NAT and static NAT. The most Continue reading A Brief Overview of NAT – Network Address Translation
BGP is the routing protocol of the internet. It is non-proprietary and has the ability to run on many different networking devices. This is typically ran on higher end routers, or even layer 3 switches. This is what the internet backbone routers use to make routing decisions for traffic traversing the internet.
BGP specifies how routers communicate with each other and share information which dictates the possible paths for traffic to take going in or out of a network.BGP is a path vector protocol, which means that its routing decisions are based on path, policies, and/or rule sets.
Continue reading An Introduction to BGP – Border Gateway Protocol
The Network Logician 