Category Archives: Uncategorized

Setting up a Site-to-Site VPN between Cisco ASA’s Using the CLI

What is a site to site VPN used for?

Site to site VPN tunnels are static tunnels setup between two network devices over the internet to allow multiple locations behind different firewalls access the same internal resources over a secure tunnel across the internet.

How is it different from Remote Access VPN?

Remote access VPN is primarly used for remote workers to access internal resources from outside the network. This type of VPN involves a software client configured on a user’s PC to contact the security gateway (ASA) or other device and establish a secure tunnel dynamically between the security gateway and the user’s software client so that the user’s traffic exiting their PC is tunneled through the VPN setup by the software client on the PC.

Network setup:

In our example we have two Cisco ASA firewalls running 8.3(x) code or below. There are slight command differences in newer code versions so for the Continue reading Setting up a Site-to-Site VPN between Cisco ASA’s Using the CLI

ipfilter and ipv6

For people running older versions of Solaris, like 8/9, the firewall of choice to install was ipfilter. Now, with Solaris 10 it has become the default, built-in with the OS. I wanted to do a short post about adding configuration settings for ipv6 and plan to cover ipv4 in detail in a later post.

One thing to note is that ipfilter must run it’s ipv6 rules under a separate file. In Solaris 10, the default location for the filter rules is in /etc/ipf and the firewall rules are located in the files ipf.conf and ipf6.conf for ipv4 and ipv6 respectfully. Here is a sample of the current file on one of my servers,


#
# ipf6.conf
#
# IPv6 Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax. Continue reading ipfilter and ipv6 

Cisco archive command

The Cisco archive command has been around for several years now and is still valid for smaller operations that are unable to afford or require a commercial software package to do the same thing.  Two of the main benefits include backing-up your configurations after changes and logging the commands that were executed by each user. The commands necessary to accomplish these tasks are fairly straightforward,


sw1# config t
sw1(config)# archive
sw1(config-archive)# path ftp://192.168.100.50/configs/sw1
sw1(config-archive)# write-memory
sw1(config-archive)# log config
sw1(config-archive-log-config)# logging enable Continue reading Cisco archive command