Author Archives: cyruslab

Anyconnect VPN using local account

Posted on September 3, 2016

Network diagram Configure inside and outside interface ciscoasa(config)# int gi0/1 ciscoasa(config-if)# nameif outside INFO: Security level for “outside” set to 0 by default. ciscoasa(config-if)# ip address dhcp setroute ciscoasa(config-if)# no shut ciscoasa(config-if)# int gi0/0 ciscoasa(config-if)# nameif inside INFO: Security level … Continue reading →

Posted in General stuffs, VPN | Tagged cisco, cisco anyconnect, ssl client, ssl clientless, ssl vpn, webvpn | Leave a comment

Anyconnect VPN client: Login denied, unauthorized connection mechanism, contact your administrator

Posted on September 2, 2016

The configuration of the cisco anyconnect vpn is rather simple, I am using local user account to login to the vpn, however my client experienced a problem in authentication. See the vpn configuration: This is a very straight forward configuration, … Continue reading →

Posted in ASA/PIX, General stuffs, Security | Tagged Login denied, unauthorized connection mechanism, contact your administrator | Leave a comment

[CISCO ACI] Inter tenant contract

Posted on May 31, 2016

The ACI configuration for inter tenant contract is complicated. A contract provides two functions: Provide filter. Provide route leak. A tenant is considered a VRF itself. In this example there are two tenants T05 and T06. T05 exports the contract … Continue reading →

Posted in General stuffs, Software Defined Network | Tagged cisco aci, inter tenant contract | Leave a comment

[CISCO ACI] Same VRF contract

Posted on May 31, 2016

I have an EPG Web and an EPG DB, I have provided a contract in EPG web and consumed contract in EPG DB. The results are: DB server can ping to Web server, and Web server can ping to DB … Continue reading →

Posted in Software Defined Network | Tagged cisco aci, cisco aci contract, sdn | Leave a comment

bigip snat automap

Posted on May 24, 2016

You created a forwarder virtual server for your servers behind the bigip appliance to access the internet, your server could not get a respond back. You troubleshoot the problem and found that: Default route is configured in the bigip. You … Continue reading →

Posted in F5, General stuffs | Tagged snat automap | Leave a comment

Is bigip packet filter stateful or stateless?

Posted on May 22, 2016

Packet filter I have allowed vmnet5 to http and dns to any destination, and drop all for the rest. Nmap from client Actually nmap could not determine whether port 80 is opened or closed because there is no response. Packet … Continue reading →

Posted in General stuffs | Leave a comment

Upgrade bigip image in active/standby HA

Posted on May 22, 2016

Import the latest iso to both the active and standby bigip Install latest iso on standby bigip On command line: [root@bigip2:Standby:In Sync] config # tmsh root@(bigip2)(cfg-sync In Sync)(Standby)(/Common)(tmos)# /sys software image root@(bigip2)(cfg-sync In Sync)(Standby)(/Common)(tmos.sys.software.image)# install BIGIP-12.1.0.0.0.1434.iso volume HD1.1 HD1.1 currently … Continue reading →

Posted in F5, General stuffs, High Availability | Tagged upgrade bigip active standby ha, upgrade bigip image | Leave a comment

Author Archives: cyruslab

Anyconnect VPN using local account

[CISCO ACI] Inter tenant contract

[CISCO ACI] Same VRF contract

bigip snat automap

Is bigip packet filter stateful or stateless?

Upgrade bigip image in active/standby HA

Categories

Archives

Recent Posts

Top Posts

CCIE blogroll

External Links

IDS

Open source

Pentest Virtual Lab

Security (VA and Pentest)

Visit the Gurus

Blog Stats

Follow Blog via Email