Subscribe:
RSS feed
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
I try to configure the ASA to find the tunnel for anyconnect users according the certificate details. The command look like following: firewall(config)# crypto ca certificate map <certificate-map-name> <sequencenumber> Where the sequencenumber is the Sequence to insert into certificate map entry firewall(config)# webvpn firewall(config-webvpn)# certificate-group-map <certificate-map-name> <certificate-map-index> <tunnel-group name> Where the certificate-map-index is the index […]
March 9, 2011
With the following configuration and with sufficient license we should be able to connect to our Cisco ASA firewall with Cisco Anyconnect and with the new Anyconnect Secure Mobility Client (the first Cisco IKEv2 client) and with the old Cisco VPN client with IKEv1, that is natively supported on some Apple devices, like an IPad. […]
December 13, 2010
RA VPN timeouts 1. Session timeouts 2. IPSec SA lifetimes 3. ISAKMP lifetimes and Nat-T keepalive interval 4. Timeout in the group policy 5. DPD timeouts. 1. Session timeouts As the VPN may go through many Firewall till it reaches the VPN gateway it can happen that the session is broken before the timouts here […]
December 7, 2010
Have you already experienced that the VPN session times out without after some minutes on your IPad. No matter if the keepalive setting is reached or not, it will disconnect after some minutes. There is a document for IPads what the support regarding the IPSEC. Here ist the link: manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf (Page 68 – Certificate section.) […]
December 1, 2010
Under Linux we have a lot of apps and commands that can help us at work or to test something. Here I collected the tools and commands that I have already used or wanted to use, but up till now did not managed. Comments are welcomed if you know a better tool. Network generators tcpreplay […]
November 28, 2010
The AnyConnect client provides remote end users running Microsoft Vista, Windows XP or Windows 2000, Linux, or Macintosh OS X, with the benefits of a Cisco SSL VPN client, and supports applications and functions unavailable to a clientless, browser-based SSL VPN connection. In addition, the AnyConnect client supports IPv6 over an IPv4 network. The AnyConnect […]
November 25, 2010
Checkpoint is not a cli based firewall, the cli is generally (in the daily life) not used. What the admin wants, can do through the GUI. For troubleshooting purposes or just query something there are some useful commands. In this list I tried to collect what I already had to use (or wanted to try […]
November 25, 2010
It is not a bad idea if you have a L3 Device that you can reach whenever you want and that has all the basic troubleshooting tools like nslookup, netcat, tcpdump, openssl, ssh, openvpn… A Netgear WRN3500L router with ddwrt can be really helpful. It provides you WLAN access at home, access to your NAS […]
November 25, 2010
On Nokia Firewall you have to install to things: – IPSO image – Checkpoint Firewall package The first one is the operating system, the second one is the firewall software. If you want to upgrade your operating system then you do not have to reinstall the Firewall software as well. Image upgrade is possible through […]
November 25, 2010
0. Specification of the test enviroment 0.1 Softwares Tested Operating Systems 1. OpenSUSE 11.0 2. Fedora 9 Kernel versions Linux linux-jnwt 2.6.25.20-0.1-pae #1 SMP 2008-12-12 20:30:38 +0100 i686 i686 i386 GNU/Linux Mail server netqmail-1.06.tar.gz ucspi-tcp-0.88.tar.gz daemontools-0.76.tar.gz AntiVirus clamav-0.94.2.tar.gz Spamfilter Mail-SpamAssassin-3.2.5.tar.gz Mail scanner qmail-scanner-2.05.tgz maildrop-2.0.4.tar.bz2 DNS djbdns-1.05.tar.gz In my test the folder for all downloaded files […]
itsecworks 
July 15, 2011
1