Second post of this little series. While I was using my CCNP SWITCH lab for testing many different protocols, I “showed” and saved the output of those protocols as well. Refer to the lab overview of my last post in order to understand those outputs.
I basically saved them as a reference for myself in case I am interested in the information revealed by them. I won’t explain any details of the protocols nor the outputs here. Just many listings. Fly over them and reflect yourself whether you would understand anything. 😉 Here we go:
Continue reading CCNP SWITCH Lab show commands
While preparing for my CCNP SWITCH exam I built a laboratory with 4 switches, 3 routers and 2 workstations in order to test almost all layer 2/3 protocols that are related to network management traffic. And because “PCAP or it didn’t happen” I captured 22 of these protocols to further investigate them with Wireshark. Oh oh, I remember the good old times where I merely used unmanaged layer 2 switches. 😉
In this blogpost I am publishing the captured pcap file with all of these 22 protocols. I am further listing 45 CHALLENGES as an exercise for the reader. Feel free to download the pcap and to test your protocol skills with Wireshark! Use the comment section below for posting your answers.
Of course I am running my lab fully dual-stacked, i.e., with IPv6 and legacy IP. On some switches the SDM template must be changed to be IPv6 capable such as
sdm prefer dual-ipv4-and-ipv6 default .
Continue reading Wireshark Layer 2-3 pcap Analysis w/ Challenges (CCNP SWITCH)
The native Android IPsec VPN client supports connections to the Cisco ASA firewall. This even works without the “AnyConnect for Mobile” license on the ASA. If only a basic remote access VPN connection is needed, this fits perfectly. It uses the classical IPsec protocol instead of the newer SSL version. However, the VPN tunnel works anyway.
In this short post I am showing the configuration steps on the ASA and on the Android phone in order to establish a remote access VPN tunnel.
Continue reading Cisco ASA Remote Access VPN for Android
Similar to my test lab for OSPFv2, I am testing OSPFv3 for IPv6 with the following devices: Cisco ASA, Cisco Router, Fortinet FortiGate, Juniper SSG, Palo Alto, and Quagga Router. I am showing my lab network diagram and the configuration commands/screenshots for all devices. Furthermore, I am listing some basic troubleshooting commands. In the last section, I provide a Tcpdump/Wireshark capture of an initial OSPFv3 run.
I am not going into deep details of OSPFv3 at all. But this lab should give basic hints/examples for configuring OSPFv3 for all of the listed devices.
Continue reading OSPFv3 for IPv6 Lab: Cisco, Fortinet, Juniper, Palo Alto, Quagga
Cisco ASA 9.4 (and later) is now supporting Policy Based Routing. Yeah. Great news, since many customers are requesting something like “HTTP traffic to the left – VoIP traffic to the right”. Coming with a new Cisco ASA 5506-X I was happy to try the policy based routing feature.
The configuration steps through the ASDM GUI are not easy and full of errors, so I try to give some hints within this blog post.
Continue reading Policy Based Routing on a Cisco ASA
Since IPv6 gets more and more important, I am using it by default on all my test firewalls, which of course support IPv6. However, when comparing the different functions and administration capabilities, they vary significantly.
Here comes my short evaluation of the IPv6 functions on the following four firewalls: Cisco ASA, Fortinet FortiGate, Juniper SSG, and Palo Alto.
Continue reading Firewall IPv6 Capabilities: Cisco, Forti, Juniper, Palo
Following is a step-by-step tutorial for a site-to-site VPN between a Fortinet FortiGate and a Cisco ASA firewall. I am showing the screenshots of the GUIs in order to configure the VPN, as well as some CLI show commands.
Continue reading IPsec Site-to-Site VPN FortiGate < -> Cisco ASA
This blog post shows how to configure a site-to-site IPsec VPN between a FortiGate firewall and a Cisco router. The FortiGate is configured via the GUI – the router via the CLI. I am showing the screenshots/listings as well as a few troubleshooting commands.
Continue reading IPsec Site-to-Site VPN FortiGate < -> Cisco Router
I constructed a MRTG/Routers2 configuration template for the Cisco ASA firewall which consists the OIDs (graphs) for the interfaces, CPU, memory, VPNs, connections, ping times, and traceroute hop counts. With only four search-and-replace changes as well as a few further specifications, the whole SNMP monitoring for that firewall is configured.
Continue reading MRTG/Routers2: Template Cisco ASA
You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning the management options: How to add and rename objects. How to update a device. How to find log entries. Etc.
Continue reading Cisco ASA vs. Palo Alto: Management Goodies
I tested OSPF for IPv4 in my lab: I configured OSPF inside a single broadcast domain with five devices: 2x Cisco Router, Cisco ASA, Juniper SSG, and Palo Alto PA. It works perfectly though these are a few different vendors.
I will show my lab and will list all the configuration commands/screenshots I used on the devices. I won’t go into detail but maybe these listings help for a basic understanding of the OSPF processes on these devices.
Continue reading OSPF for IPv4 Test Lab: Cisco Router & ASA, Juniper SSG & Palo Alto
In a basic environment with a Cisco ASA firewall I am logging everything to a syslog-ng server. As there aren’t any reporting tools installed, I am using grep to filter the huge amount of syslog messages in order to get the information I want to know. In this blog post I list a few greps for getting the interesting data.
Continue reading Grep Commands for Cisco ASA Syslog Messages