saw that we can secure ripv2 via authentication (simple and MD5) ,i undertand that simple is not quite secure because we can see the plain text when capturing RIP packets
however even with MD5 i can see the authentication data (output of MD5) and i think hacker can copy it and paste it in one RIP packet that he will generate !! isn't it ? so how much MD5 is secure ?
RIPv2 And Disabling / re-enabling Interface
View 5 Replies View RelatedI am working on a network that has four nodes/Currently I have RIP running in between R1 and R2, and between R3 and R2. These are shared and R1 can access R3 just fine.R3 is running BGP and communicating with R4.R3 can ping everything in R4's network with no difficulty.Currently R3 is not rebroadcasting the BGP routes into RIPv2 as needed.I have tried clearing my BGP session and am still not able to get the BGP routes from R4 to R1.
View 1 Replies View RelatedWe currently have 3* offices located in London, Reading and Oxford which have a (ISP) VPLS service to interconnect all sites.I am using RIPv2 for intersite routing between all offices. We plan on implementing a backup circuit at the Oxford office for resiliency.There are 2* Core 4500 Switches, Core 1 is uplinked to the Primary circuit and Core 2 will be uplinked to the Backup circuit.At the moment Core 2 learns all of its routes from Core 1.My question is, if the Primary circuit goes down, how do we get the Routing on the Core Switches to than point out of the backup circuit?
View 1 Replies View Relatedsuppose i have one switch and many RIPv2 routers connected to it.ripv2 destination address is 224.0.0.9 that is mapped to 0100:5e00:0009 normally the switch will send this frame to all ethernet ports
is there a way to take benefit from the multicast address so that the frame will be sent only to the RIP routers.i know it is possible to map staticlly the mac address to some ports but is there any dynamic solution also?
I am having a problem reaching a soho linksys e1000 router through a second hop cisco 2900 router.Here is a brief topology of the network: I am using OSPF area 100 for all networks except for
192.168.2.0 on R1 to E1000 which is RIPv2
R1 directly connects to R2 with a point-to-point serial on network 192.168.12.0 /30 with ip 192.168.1.13
R1 directly connects to a a switchport using network 192.168.2.0 /24 with ip 192.168.1.75
R3 directly connects to a switchport using network 192.168.1.128.0 /25 with ip 192.168.1.129
R3 directly connects to a different cisco router using ethernet on network 192.168.1.0 with ip 192.168.1.1
E1000 directly connects to a switchport using network 192.168.2.0 /24 with ip 192.168.2.1
The switch has a vlan ip on 192.168.1.128 /25?I can ping from R1 to E1000?I can ping from R3 to R1 192.168.2.75? I can't ping from R3 to E1000 192.168.2.1?show ip route on R2 indicates that network 192.168.2.0 is reachable via the serial connection on 192.168.1.12?I have redistributed rip to ospf area 100 and OSPF to RIP on R1?I am wondering why R1 can reach E1000 on network 192.168.2.0, and why R3 can reach R1s 192.168.2.0 newtork, but R3 can't reach the E1000.There is an R2 router than can reach R1 and also cannot reach E1000, but I assume it's for the same reasons R3 can't, so I've omitted the remainder of that topology for this question.
I started using RIPv2 on Packet Tracer. I got two subnets to connect with two routers. After I completed that, I decided to add a third router. How to setup the Routing Table for atleast R3 ?
View 5 Replies View RelatedI try to configure PGM in my 2911 plattform but it was impossible. I tried with many 15.1 version that support this protocol.
Someone configured PGM over 2911 Routers? What does correct IOS for work?
Our client ( a webhost, they have a lot of servers ) has a an older Cisco Pix, everything works fine with the PIX. They have a Cisco ASA 5500 with ASA version 8.3 , to replace the PIX. Upon migrating the PIX config to the ASA we are running into issues with Dynamic NAT. The static NAT entries are working flawlessly (there is a lot of them), however when Dynamic is enabled for the remainging hosts, outside communication works then drops off. The remaining hosts need outside access for updates. We have access lists set up but I dont se ehow that could cause a problem when the original ACL's were working fine with the PIX, they have not been altered.
The NAT config may be wrong or cluttered, have a look at the full NAT config.
The static NAT addressing is the same, example 207.11.129.65 will equal 10.10.10.65
I was given a 510 PIX Ver 6.3(1)to reconfigure but have no information on the existing configuration and need to wipe it clean and start over how can I do this to get back to the factory default settings. I have tried the "monitor>" but I don't know the IP address of the PIX interface.and am not sure how to do the setup for recovering the password.
View 7 Replies View RelatedWe have had an ASA5505 for close to two years. About a year ago, we added a second ISP ("BOB") which became our primary and our old one (SBC) became our backup. I successfully modified the config for this and it's been working well.
Now we're changing our primary ISP to Comcast and getting rid of BOB, so right now we actually have 3 ISPs coming into our building.
I removed the BOB interface and routes, then added an interface for Comcast using an IP address from the range they provided as well as a static route to the gateway they provided - everything is analagous to the previous interfaces and routes, but it doesn't work. If I physically disconnect the Ethernet cable going to the Comcast cable modem, then the ASA does fail back to the SBC interface as expected. If I put the BOB interface & route back in there, it works again through BOB.
If I connect a PC to the Comcast cable modem and use an IP/Gateway they provided, the Internet connection *does* work. Using this same exact IP info in the ASA doesn't work.
Is there some other configuration item besides interfaces and static routes that I should be modifying? Is there some way I can dig deeper into the ASA to see exactly what is failing?
I save the configuration in the ASA 5505 using write memory or using copy run start but whe i unplug the power cord and plug it back in the ASA gets its factory default configuration.. then what i do is a copy start run to get the configuration active..
View 2 Replies View RelatedI have got a working 5505 running 8.3.1 firmware and 6.3.1 ASDM.I have now purchased a second unit and ensured that both units are running the same firmware levels etc.
I have via the ASDM created a backup of the working units configuration, and now i want to load this configuration onto the second unit.I have connected the consiole cable up to the second unit and tried pasting in the contents of the configuration file but no joy.I want to ensure that my configuration will work on this unit before i configure the two units in Active/Passiove configuration.
I used my Pix config to setup the ASA 5505.Everything seems to be right. I used ASDM to view settings and it seems right. I am missing something minor, but I am going blind looking at it.
I can remote into the network from outside, but internatlly I cannot get out of network. No internet or email is passing through.
: Saved
:
ASA Version 8.2(5)
!
hostname textasa
domain-name testcorp.com
enable password 579oWRzSY5syo9yt encrypted
passwd 579oWRzSY5syo9yt encrypted
[code]....
i hav asa5520 i copying configuration from PIX to ASA5520 (7.2) everything working fine bt problem is that after sometime my DMZ interface losing connectivity ...
View 1 Replies View RelatedHow to set upo configuration & Security after reset
View 2 Replies View Relatedi just deployed Cisco NAC version 4.8.1 Virtual Gateway OOB on a LAN envieronment and on a WLAN envieronment, it works fine for some users , they can authenticate via the agent or web page, and then they are redirected to the access vlan, But for some other users in LAN and WLAN , when they try to authenticate via agent or web page the following error appears:
Invalid switch configuration-OOB Error:OOB client "mac/ip" not found.
I tried to find some pattern for the users but it dont match any pattern.
I have a problem exporting the config from a 1112 appliance.It does not boot up properly. GUI logon and authentication is not possible.I can console and SSH to it but the only thing i get is the commands below and nothing else.Could not chdir to home directory /home/admin: No such file or directory
View 2 Replies View RelatedI want to put the asa5520 to the factory default please let me know how to do that. how to remove the configuration file from it.
View 5 Replies View RelatedI recently configured WCCP with a Sophos Web Filter on my network it works good but the problem I am having is I have two 5520s so I am directing the device to look at 2 different IP addresses and since the devices are in an Active/Passive failover. The problem is because the second device is in a passive failover it is not responding which is throwing connection errors to my Sophos device. I know you can have a single management connection for the ASA's but is there a way to have a single IP for the ASAs for the WCCP?
View 1 Replies View RelatedI'm having some issues configuring NAT statements on my ASA5505 which has recently been upgraded to 8.41.
I have a single dynamic IP on the outside interface of the ASA and would like all internal hosts to NAT/PAT to it. In addition, I would like to have several ports 'forwarded' to internal hosts, one of which is TCP/4343. With the current configuration all hosts are NATing to the external interface properly but the service running on TCP/4343 is not accessible from the outside. See command output below:
"sh run object" output:
object network DrJones host 10.81.220.90object network LAN-10.81.220.0 subnet 10.81.220.0 255.255.255.0
"sh run nat" output:
object network DrJones nat (inside,outside) static interface service tcp 4343 4343object network LAN-10.81.220.0 nat (inside,outside) dynamic interface
"sh run access-list" output:
access-list inside_access_in extended permit ip 10.81.220.0 255.255.255.0 anyaccess-list outside_access_in extended permit icmp any any echo-replyaccess-list outside_access_in extended permit tcp any interface outside eq 4343
I've noticed that many people have routers with NAT as part of their security configuration. What NAT is/does? Also, I entered the router's settings and went to Advanced > Firewall > NAT ENDPOINT FILTERING .There are 3 options specified for UDP/TCP Endpont Filtering; they are:
Endpoint Independent
Address Restricted
Port and Address Restricted
What are these options? I downloaded the manual for the router but it doesn't mention what NAT, Endpoint Independent, Address Restricted, and Port and Address Restricted are.
Side Note: I thought about setting up a secure connection using WPA2. Right not I'm using an unsecured wireless network. If I setup a new secure wireless connection using WPA2 will my current unsecured connection still be available?
security configuration of the 1410 bridge and on how to test the bandwidth/throughput between two 1410 Bridges setup for point-to-point connectivity.
We have setup this in one of our Client sites.
I have a problem exporting the config from a 1112 appliance. It does not boot up properly. GUI logon and authentication is not possible. I can console and SSH to it but the only thing i get is the commands below and nothing else.
login as: admin
admin@10.10.1.126's password:
Last login: Wed May 30 11:11:42 2012 from jsmith
Could not chdir to home directory /home/admin: No such file or directory
acs>
API called before initialised at V:ismg_israel_acsAcsEndPointCoreendpoint.cpp:395
Command Description
----------------------------------------------------
? List commands
exit Log off
help List commands
csutil -dumpadmin Dump Admin Audit Information
csutil -dumpgroups Dump Group Audit Information
csutil -dumpusers Dump User Audit Information
csdbsync -syncnow RDBMS synchronization
I need to estimate the installation and configuration time of Cisco NAC (NAC Network Module spare for 2800, 3800 ISR) and Cisco NAC Manager(NAC Appliance 3315 Manager -max 3 Servers. There is some Cisco tool to estimate the installation and configuration time?
View 3 Replies View RelatedI am implementing wireless lan controller for a customer's site. This site uses Cisco WLC2112 and AIR-LAP1041. I configure via start-up wizard and WLAN security configuration. The client joining via WLAN seems to work fine, able to browse Internet. But when adding a shared printer or sharing files, the machine's unable to find the computer name. When test pinging, it replies when pinging by IP only. This is not happened when using a LAN wire.
View 3 Replies View RelatedI'm trying to configure the NAC Profiler with a 3310 CAS Collector. In the "Edit Collector" menú, it shows all the modules as "Running", except for the NetWatch module which shows a state "Invalid configuration file (missingInternalAddress)".
I configured the eth3 interface of the CAS as a monitor interface in the Profiler (see attached image), and I tested that the SPANed traffic actually reaches that interface from the access switch. I'm using software version 3.1.0_24 in both the Profiler and the Collector.
I have connected a 10BaseT device to a CISCO Catalyst 3560xPOE switch with dynamic port security. All seems to work fine when the distance between the two devices is closer then 200ft. When I connect to 10BaseT devices farther out near 300ft the response from the attached device is lost. It works ok on unmanaged switches at the longer distance. Is there a minimum response time from attached devices for dynamic port security to work properly? Is there any other explanation why it would work on cheaper switches, but not on the Port Secured Switch?
View 2 Replies View RelatedI configurated Ipsec vpn at asa 5510. my inside ip 192.168.10.156my public ip: 85.x.x.xmy peer ip : 62.x.x.x
the project is that:
the remote site want the interesting traffic like that:
source ip 172.16.1.104 can access destination ip 10.0.154.27
My inside ip is 192.168.10.0/0 and i can not to change it 172.16.1.0/24 and i can not to add this ip at my network.
I'm studying for CCNA Sec exam and looking for any security labs for GNS3 or Packet Tracer.
View 3 Replies View RelatedMy company ordered NAC and ACS 1120 My question is Can i configure 802.1X security through ACS server and NAC in layer 2 Inband Virtual Gateway.for campus switches.Is it the good design to have double security for switch ports. 1st is 802.1X and 2nd is NAC in layer 2 INBAND VG?
View 1 Replies View RelatedASA 5510 security plus edition will it support active/active failover. and does it support context with securiyt plsu edition. and how many default context do we get with asa 5510 security plus edition.
View 3 Replies View RelatedI have a Linksys WRT610N wireless system with WPA-PSK security and this works fine with several computers but now one computer detects the wireless security as WEP and can thus not connect to the router. I have tried to manually connect to the router with correct security WPA-Personal (TKIP) and correct password but then the computer says "settings saved on this computer for the network do not match the requirements of the network".How can I get the computer to detect the correct security? The computer is running Windows 7 home premium.
View 7 Replies View Related