Cisco LAN - 2 - LAN Vpn

In this article I will describe a Lan-to-Lan IPSEC VPN and provide a full configuration example with two Cisco IOS Routers using IPSEC.

With IPSEC VPNs, businesses can connect together remotely distinct LANs over the Internet with the strong encryption and security offered by the IPSEC protocol.

IPSEC is a suit of several protocols that offer secure communication over insecure paths. It is therefore ideal for LAN networks over the insecure Internet.

Configuration for Cisco ROUTER-1:

service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER-1
!
boot-start-marker
boot-end-marker
!
!
!
ip audit po max-events 100
no ip domain lookup
no ftp-server write-enable
!
!— Define Internet Key Exchange (IKE) policy.

crypto isakmp policy 10

!— Specify the 256-bit AES as the
!— encryption algorithm within an IKE policy.

encr aes 256

!— Specify that pre-shared key authentication is used.

authentication pre-share

!— Specify the shared secret.

crypto isakmp key key123 address 200.0.0.1
!
!

!— Define the IPSec transform set.

crypto ipsec transform-set aes-sha-transform esp-aes 256 esp-sha-hmac
!

!— Define crypto map entry name “aesmap” that will use
!— IKE to establish the security associations (SA).

crypto map aesmap 10 ipsec-isakmp

!— Specify remote IPSec peer.

set peer 200.0.0.1

!— Specify which transform sets
!— are allowed for this crypto map entry.

set transform-set aes-sha-transform

!— Name the access list that determines which traffic
!— should be protected by IPSec.

match address acl_vpn
!
interface FastEthernet0/0
ip address 100.0.0.1 255.255.255.0
ip nat outside

!— Apply crypto map to the outside interface.
crypto map aesmap
!

interface FastEthernet0/1
ip address 192.168.1.254 255.255.255.0
ip nat inside

ip nat inside source list acl_nat interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 100.0.0.2
no ip http server
no ip http secure-server
!

ip access-list extended acl_nat

!— Exclude protected traffic from being NAT’ed.

deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any

!— Access list that defines traffic protected by IPSec.

ip access-list extended acl_vpn
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
end

Configuration for Cisco ROUTER-2:

Version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER-2
!
boot-start-marker
boot-end-marker
!
ip audit po max-events 100
no ip domain lookup
no ftp-server write-enable
!
!— Define Internet Key Exchange (IKE) policy.

crypto isakmp policy 10

!— Specify the 256-bit AES as the
!— encryption algorithm within an IKE policy.

encr aes 256

!— Specify that pre-shared key authentication is used.

authentication pre-share

!— Specify the shared secret.

crypto isakmp key key123 address 100.0.0.1
!
!

!— Define the IPSec transform set.

crypto ipsec transform-set aes-sha-transform esp-aes 256 esp-sha-hmac
!

!— Define crypto map entry name “aesmap” that will use
!— IKE to establish the security associations (SA).

crypto map aesmap 10 ipsec-isakmp

!— Specify remote IPSec peer.

set peer 100.0.0.1

!— Specify which transform sets
!— are allowed for this crypto map entry.

set transform-set aes-sha-transform

!— Name the access list that determines which traffic
!— should be protected by IPSec.

match address acl_vpn
!
interface FastEthernet0/0
ip address 200.0.0.1 255.255.255.0
ip nat outside

!— Apply crypto map to the outside interface.
crypto map aesmap
!

interface FastEthernet0/1
ip address 192.168.2.254 255.255.255.0
ip nat inside

ip nat inside source list acl_nat interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 200.0.0.2
no ip http server
no ip http secure-server
!

ip access-list extended acl_nat

!— Exclude protected traffic from being NAT’ed.

deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 any

!— Access list that defines traffic protected by IPSec.

ip access-list extended acl_vpn
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
end












by ninjatec

Replace Failed Disk in Linux MD raid array

Replace failed disk in raid array (md)

1. isolote broken disk and replace 2. Boot system 3. find current disk config cat /proc/mdstat 4. Remove failed disk from config mdadm --manage /dev/md0 --fail /dev/sdb1 5. copy partitions from working disk to new disk sfdisk -d /dev/hda | sfdisk --force /dev/hdb 6. add new partitions to raid array (as per config found) mdadm -a /dev/md0 /dev/hdb1 mdadm -a /dev/md1 /dev/hdb2 mdadm -a /dev/md2 /dev/hdb3 7. Monitor the progress. cat /proc/mdstat Brought to you by ninjatec

Virtualisation

What is Virtualisation?

Virtualisation is the creation of a virtual version of a computer system, such as hardware, operating system.

The History of Virtualisation

Virtualisation dates back to the very first days of computing with the IBM CP-40 in 1964, this system ran in much the same way as todays cloud systems with multiple virtual computers running on a single piece of physical hardware. Over the following 40 years virtualisation remained in the realm of the uber-geek and would have very rarely been used by those people outside of academia or the military.

It was the late 1990’s before virtual computing as we know it now came to be with large and medium companies using virtualisation to consolidate lots a small systems onto a single physical hardware platform.

It was 2001 when Microsoft and VMware introduced products that allowed virtual machines to run of the hardware anybody would expect to be familiar with. With Microsoft’s virtual pc you could run a copy of windows 98 inside a copy of windows XP.

Today virtual computing is part of almost every office and home without the knowledge of the user, many web sites, email systems and corporate software all run on virtual machines. This is in a large part due the speed of modern hardware being such that a single server can do the job of many servers only a few months older. It is also a green technology as the platform running virtual servers uses much less power than each system having its own server.

The Future of Virtualisation

Virtualised desktops are becoming the next buzz, this is again not a new concept and many people use it today in the form of thin-client or remote desktop application. This is being brought to a new degree of performance and usability with the onset of cloud computing and virtualisation technology being built into the chips in devices. With these systems old problems of software incompatibility and the relative high cost of thin-clients will within the short to medium term make desktop virtualisation a possible with a return on investment making a much better prospect when setting up new systems.

Brought to you by NinjaTec

Cloud Computing

What is “Cloud Computing”

Cloud computing is the new buzz word you will see all over the internet and even making its way into main stream media. You will see Microsoft are moving heavily in this directin and will be pushing the next version of office into the cloud arena so what is it:-

The dictionary answer is
“A model of computer use in which services stored on the internetare provided to users on a temporary basis”

So What is it ?

Cloud computing is not a new phenomenon it has had several names over the years most recently when broadband internet connections became available it was sold as SAS (Software As a Service), It allows users to access their software from anywhere with an internet connection as the software is not stored on the user’s computer or businesses servers. Instead the software runs in the “Cloud”. This is a datacentre somewhere in the world. This offers the following advantages

1. Less host in building infrastructure to run the software
2. Less cost in that you only pay for what you use.

An example of this would be the Microsoft office 365 or Google docs platforms this offers users access to their documents and spread sheets from anywhere and from any computer / laptop or smartphone. The business using the service only pays for what they use so don’t have to buy a licence for every computer that could potentially be used. It also means you don’t have to buy servers and backup solutions to store the data safely.

Brought to you by NinjaTec

How to Stop Spam

http://www.ninjatec.co.uk/topic/12-5-ways-to-stop-spam.aspx

5 ways to stop spam


1. Never, ever, click on any links in any spam - especially not to "unsubscribe". All this does is confirm to the spammer that they have a "live" address.

2. Read any incoming emails in plain-text, never html. Html spam emails contain links to graphics and scripts on spammers sites, confirming your email address

3. Use a Disposable Email Addresses such as those provided by spamgourmet.com

4. When you sign up for something on the Web, there is often some innocent-looking text at the end of the form saying something like: "YES, I want to be contacted by select third parties concerning products I might be interested in." Quite often, the checkbox next to that text is already checked and your email address will be given to you don't know who.

5. Spammers use special programs that extract email addresses from Web sites and Usenet postings. To avoid ending on a spammer's mailing list when you post to a Web forum or a newsgroup by not using your real email address or use a disposable one.