Cisco Simulator

Hi Everyone,...

[Read the rest of this entry -->]

Read Full Post »

In this blog post we are going to review and compare the ways in which IOS and ASA Easy VPN servers perform ezVPN attribute authorization via RADIUS. The information on these procedure is scattered among the documentation and technology examples, so I thought it would be helpful to put the things together....

[Read the rest of this entry -->]

Read Full Post »

Hi everyone,...

[Read the rest of this entry -->]

Read Full Post »

General Logic Overview...

[Read the rest of this entry -->]

Read Full Post »

IOS Local AAA is one feature that is often overlooked for some reason. It allows turning your router into almost full-functional AAA server, allowing not only local authentication of remote VPN users but also local authorization for protocols like PPP (used with PPTP/PPPoE or dialup) or IKE (used with ezVPN). Best of all, you can use per-user attribute lists with PPP (alas, it does not seem to work with IKE). With per-user attribute-lists you can apply specific configuration policy with maximum granularity. First, here is the link from Cisco’s documentation site, just for your information:...

[Read the rest of this entry -->]

Read Full Post »

There are two phases of installation to consider, installing the AnyConnect VPN client files on the Adaptive Security Appliance (ASA) for automated download and install to systems, and the actual install on the remote PCs themselves. This document provides an overview of both phases....

[Read the rest of this entry -->]

Read Full Post »

A new topic for the CCIE Security 3.X blueprint is the Cisco AnyConnect VPN. This is an enhancement to an earlier technology that you are probably familiar with – the Clientless SSL VPN. The idea behind the Clientless SSL VPN is to provide basic VPN capabilities to a remote PC that does not possess a VPN client. The remote PC in this case just needs an SSL capable Web browser....

[Read the rest of this entry -->]

Read Full Post »

In this post we are going to speak mainly of NHRP. The other important part of DMVPN – IPsec – is relatively the same, and did not change with introduction of NHRP Phase 3. To begin with, let’s quickly recall the core features of NHRP Phase 1 & 2. For detailed overview, you may refer to DMVPN Explained...

[Read the rest of this entry -->]

Read Full Post »

High availability solutions often utilize virtual gateway protocol to avoid single point of failure. We are going to discuss high availability for the IPsec tunnel in the sample topology presented below. In this topology we need to protect traffic between VLAN67 and VLAN58 travelling across VLAN146 segment. In order to accomplish this, we will configure R6 to establish an IPsec tunnel with a virtual gateway representing both R1 and R4....

[Read the rest of this entry -->]

Read Full Post »

As you learned in the previous blog that introduced the GET VPN solution, a major facet of this exciting technology is the Group Domain of Interpretation (GDOI) as outlined in RFC 3547. This technology is such a pivotal component of GET VPN because it serves as the mechanisms to provide the cryptographic keys to a group of VPN gateways....

[Read the rest of this entry -->]

Read Full Post »

One of the new technologies to be featured in the CCIE Security 3.0 blueprint is the GET VPN. This blog post will give you the basics of this new and exciting technology....

[Read the rest of this entry -->]

Read Full Post »