CiscoSponsored by Jamf Now

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Scenario 5
This article is about building a Route Based site to site VPN tunnels with VRF and dynamic routing protocol (OSPF) in Cisco CSR1000V router with IOS XE. There are two Route Based IPsec VPN tunnels configured on CSR1000V router, traffic from app server is with NAT and rest is without NAT.
0
Ultimate Tool Kit for Technology Solution Provider
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Scenario 4
This article is about building a Route Based site to site VPN tunnels with dynamic routing protocol (OSPF) in Cisco CSR1000V router with IOS XE. There are two Route Based IPsec VPN tunnels configured on CSR1000V router, traffic from app server is with NAT and rest is without NAT.
0
Scenario 3
This article is about building a Route Based site to site VPN tunnels in Cisco CSR1000V router with IOS XE. There are two Route Based IPsec VPN tunnels configured on CSR1000V router, traffic from app server is with NAT and rest is without NAT.
0
Scenario 2
This article is about building a VRF-Aware site to site VPN tunnels in Cisco CSR1000V router with IOS XE. There are two VRF-Aware Policy Based IPsec VPN tunnels configured on CSR1000V router one with NAT and another without NAT.
0
Scenario 1
This article is about building a site to site VPN tunnels in Cisco CSR1000V router with IOS XE. There are two Policy Based IPsec VPN tunnels configured on CSR1000V router one with NAT and another without NAT.
0
 

Expert Comment

by:Isaivani Venkat
Comment Utility
ip nat outside source static 192.168.10.10 172.17.10.10 this NAT statement really required ???
0
 
LVL 2

Author Comment

by:Santosh Salunke
Comment Utility
Hi Isaivani Venkat

ip nat outside source static 192.168.10.10 172.17.10.10

This NAT is to change branch user IP from 172.17.10.10 to 192.168.10.10. I had used this to demonstrate how to do 'Destination IP NAT'.
0
Have a Cisco router that you forgot the password or maybe you bought a used router that is locked with a password? This article will guide you through the steps on how to recover the password on your Cisco gear.
0
Just after setting up Cloud PBX connectivity and migrated Skype users to SFBO, we noticed inbound calls not working but outbound calls would work.
0
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
1
Considering cloud tradeoffs and determining the right mix for your organization.
0
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Services (AWS) and Microsoft Azure.
1
Cloud Class® Course: Certified Penetration Testing
LVL 12
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
0
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be configured.
1
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
2
 

Expert Comment

by:Ranjit Shankar
Comment Utility
Great article! Useful links, also the important points "Bandwidth, Objectivity, Expertise, Strategy, ROI" and the details about the points are very much clear... "it is not only worth the discussion, but it’s likely worth doing a more detailed assessment..." - very true! Also, you are right i.e. checking the reviews is more significant before going with any cloud computing consulting services provider for a long-term relationship... Thank you!
0
Flash Dir Head

WARNING:  If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!!


I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TAC.  The basic problem was that I couldn't get the routers to route traffic in this kind of environment:



I wasn't using the firewall feature; just routing.  (The firewalls in the diagram were ASAs).

Well, the Cisco engineer couldn't figure out what was wrong, so I pulled a couple of routers out of the network and set up a small lab so the engineer could remote in and play with it.  The lab environment looked like this:



The networks were all connected with a Cisco 2950 24-port switch using VLAN and a Cisco 2601 configured as a router-on-a-stick.


I know... really old hardware, but it was just lying around collecting dust and it could do what I needed, so why not?


When I attempted to blank out the config, I couldn't get rid of the VLANs... which reminded me how frustrating VTP can be.


For example, years ago, I borrowed one of these 2950's from the datacenter where I have a few cabinets.  Before I returned it, I wiped the config.  Six months later, I get a call from their head engineer informing me that I had taken down the entire datacenter.


VTP configuration information is stored in the VLAN database, which is NOT deleted when one clears the config.  I had actually used VTP in my network, but they didn't and the VTP operating mode of all of their switches were still the default - "server".  So, when they put that switch back into production, my VTP config was pushed out across their network and every single VLAN database on every single switch was overwritten with my VLAN config.


The VLAN database is stored as a file in the flash memory.  To see it, go into privileged mode and issue a directory command for flash:



The VLAN database is stored in the file "vlan.dat".


Since Cisco represents the state-of-the-art for networking equipment, one could assume the VTP configuration could be reset by issuing a command such as "clear config vtp".  Of course, one would assume incorrectly.


You actually have to delete the file:

 


Once you've done that, you should be good to go.  Reload the switch and you'll find the VTP (and VLAN) configuration has been removed.


If you found this helpful, please click the blue "thumbs up" below!

1
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
1
Powerful tools can do wonders, but only in the right hands. Nowhere is this more obvious than with the cloud.
0
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
1
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
1
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
0
Choose an Exciting Career in Cybersecurity
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far greater than traditional on-prem options.


During and after that shift to cloud, though, one area that still poses a struggle for many organizations is what to do with their department file shares.  I’m sure you’re thinking “there are all kinds of solutions,” and most of them are far better than a traditional network share.  I’d agree with you; however, many organizations have a workforce that is accustomed to this old process.  While solutions like SharePoint, One Drive for Business, and Dropbox are nice and have additional features, most organizations still prefer the Windows file share.  


One solution that holds promise is Microsoft’s Azure File Services.  The offering was originally intended to enable companies to move applications that interacted with file shares to Azure, and it was only accessible from Virtual Machines within the same Azure data center when it was first released.  But last year Microsoft released an update that leverages SMB 3.0 and enables users to securely connect to the shares from any location.


There are some limitations if you’re looking to deploy Azure File Services within your organization.  The biggest that I found was that not all internet service providers (ISPs), such as Comcast and Charter Spectrum, will allow port 45 access across their networks.  (Here is a list of known ISPs that do and don’t block this.)


The other major limitation at this time is while you can assign Azure AD permissions to the share, when a user connects, they have to authenticate with the Azure Storage Account and key. This requirement means that everyone is authenticating with the same account.  Microsoft is aware this is a short-coming and is supposed to be addressing it in the future with an update to the service.


These two limitations aside, I see the service being useful for organizations that need to archive data and only allow access from a limited number of individuals or systems.  As Azure storage is a low-cost retention solution, the data at rest can easily be encrypted with Azure encryption services.

If you’d like to try Azure File Services for yourself, follow these steps:

Go to the Azure management portal and log in with your account.


Make sure when naming the resource to use all lower case letters (this is a Microsoft Configuration requirement).  For Account Kind, make sure to select “General Purpose.” For our demo we’ll be using Standard performance disks and Geo-redundant Storage.  We’ve also enabled Encryption to show you how easy this function is.


Once the storage account has been created, browse to it and under File Service click Files. You see a sub screen and the Create File Share Button: click it, give your file share a name, specify how large you’d like it to be, and click Create.


Congratulations – you’ve just created your first Azure File Share.  But wait! You’re asking, “How do I connect to this file share?”


If you click on Connect it will give you the command syntax to connect from either a Windows or a Linux machine.  Remember, your ISP may be blocking port 445.  However once you do connect you can upload files and interact like a normal file share. 


Look for future updates from Microsoft on this feature to add additional security and the ability to assign individualized permissions based on Azure AD accounts.

Alternatively, if you are considering Azure for your organization but need additional expertise for deployment and management services, learn more about public cloud management services like those from Concerto Cloud. 

0
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
0
 
LVL 1

Expert Comment

by:Mihai Corbuleac
Comment Utility
People should trust cloud with their businesses especially because its seems that Cloud is here to stay. Recently I read some interesting facts & figures and this industry is growing faster than expected.
0
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty.

Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs. That's one great method that's unavailable to firewall engineers.

So how does one find the remote IP address? The quick answer is a qualified, "You can't."

But there are some great ideas for sleuthing this out, and it mostly has to do with the subnet mask.

For example, on many WAN links, a subnet mask of /30 (255.255.255.252) is used. If we look at it closely, that means there are only two possible hosts using that mask.

For example, if I had a subnet of 192.168.0.0 using a mask of 255.255.255.252, .0 would be the network itself. It follows that .3 would represent the broadcast address. That would leave .1 and .2 as possible hosts on that subnet.

Two possibilities alone! And that's one of the big reasons why these subnets are commonly used on links -- they don't waste precious IP address space, right?

So if you do have a /30 on your link, you already know the IP address of the remote interface -- you know it has to be the only other host address on that subnet. So in our example above, if my ASA's interface had .1, then the other side of that link would have to have .2 in order to communicate.

But what if you don't have a /30? What if it's a /29 (255.255.255.248), which is somewhat …
0
2016 – ONPAGE YEAR IN REVIEW
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
0
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud 100 by CRN®, a brand of The Channel Company. This annual lineup recognizes the most innovative cloud technology suppliers in each of the following five categories: infrastructure, platforms and development, security, storage and software.

To learn more, visit Concerto Cloud Services. You can also find additional resources on their dedicated Vendor Topic Page.
2
For cloud, the “train has left the station” and in the Microsoft ERP & CRM world, that means the next generation of enterprise software from Microsoft is here: Dynamics 365 is Microsoft’s new integrated business solution that unifies CRM and ERP functionality into a common data platform.
0

CiscoSponsored by Jamf Now

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).