Archive

Archive for July, 2009

Changing SID in windows

July 30th, 2009 mmjp No comments

http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx

Categories: Others Tags:

Installing Dynamips/Dynagen/PEMU on Vista 64 bit

July 22nd, 2009 mmjp 1 comment

Installation

http://www.bean-networks.org/dokuwiki/doku.php?id=wiki:dynagen:windows

Configuring

http://www.bean-networks.org/dokuwiki/doku.php?id=wiki:dynagen:net

Categories: CISCO Tags:

Cisco IPSEC VPN

July 22nd, 2009 mmjp No comments

http://it.toolbox.com/wiki/index.php/Cisco_Ipsec_VPN

Categories: CISCO Tags:

How to configure FortiGate to Cisco PIX via IPSec VPN

July 13th, 2009 mmjp No comments

http://kc.forticare.com/print.asp?id=3574&Lang=1,&SID=

This article describes how to configure an IPSec VPN on a FortiGate unit to work with a Cisco PIX firewall.

Read more…

Categories: Network Tags: , ,

How you connect to ESX 3.5 via SSH

July 11th, 2009 mmjp No comments
Categories: VMware Tags:

How to open port in isa 2004

July 10th, 2009 mmjp 1 comment

How to open port in isa 2004

From the description, I understand that you want to know how to open port
on ISA 2004. If I have misunderstood your concerns, please do not hesitate
to let me know.

AS I know, if you want to let the internal users accessing external
resource from specific port, you can create an Access rule as following:
Read more…

Categories: ISA Tags:

VCP notes

July 9th, 2009 mmjp No comments

http://www.markwilson.co.uk/blog/data/vcpcram.pdf

Categories: VMware Tags:

Site to Site IPSec VPN on Cisco Router

July 7th, 2009 mmjp 1 comment

Virtual Private Network (VPN) is a network which uses a shared network infrastructure (Internet) which allows a secure access between two networks or securely connects a remote user to his corporate network.

Let’s check out here how to configure a Site to Site VPN using a Pre-shared Key in Cisco Routers running Cisco IOS

Let’s use a HQ-Branch office network setup with the following:

Authentication Method: Pre-Shared Key

Encryption Algorithm: 3DES

Hash Algorithm: SHA

HQ Router External IP : 172.10.10.100

(Peer IP for Branch Network)

HQ Internal Network: 172.11.1.0/24

Branch Router External IP : 10.1.1.100

(Peer IP for HQ Network)

Branch Internal Network: 10.11.2.0/24

Configuring IKE Policies

Create an IKE Policy

From the global configuration mode, create a new IKE Policy.

VPN-HQ(config)# crypto isakmp policy 1

Set the Keep-Alive & Retry intervals

The default Keep-Alive time os 10 seconds and retry when the keep-alive fails is 2 seconds. If you prefer changing this value then do the following else can be ignored

VPN-HQ(config-isakmp)# crypto isakmp keepalive 15 retry 3

Specify the Encryption Algorithm

I’m using 3DES encryption method here

VPN-HQ(config-isakmp)# encryption 3des

Specify the HASH Algorithm

I’m using sha hashing algorithm here

VPN-HQ(config-isakmp)# hash sha

Set the Authentication Method

We are using Pre-shared key here for Authentication

VPN-HQ(config-isakmp)# authentication pre-share

Set the Diffe-Hellman Group Identifier

We are using DH Group-2 (1024)

VPN-HQ(config-isakmp)# group 2

Specify SA’s lifetime (seconds)

Set the lifetime of the Security Associations in seconds. I’ll set it for 24hrs (86400 seconds) here

VPN-HQ(config-isakmp)# lifetime 86400

Set Pre-shared Key

The Authentication method we use here is the Pre-Shared key. We should now set this previously agreed shared key (don’t exchange on emails. Use your phone,letters or faxes) from the global configuration mode.I’ll use a simple pre-shared key “0urVpN” but use more complex key when configuring a production system.

VPN-HQ(config)# crypto isakmp key 0urVpN address 10.1.1.100

where 10.1.1.100 is the Peer routers IP Address and “0urVpN” is the pre-shared key.

Define Transformation Set

We set the transformation of ESP-3DES transform and ESP-SHA-HMAC transform to Transformation set 3DES-SHA-HMAC

VPN-HQ(config)# crypto ipsec transform-set 3DES-SHA-HMAC esp-3des esp-sha-hmac

VPN-HQ(cfg-crypto-trans)# exit

Setup a Crypto ACL

This ACL defines the protected traffic that passes through the VPN tunnel. Customize the ACL as per your organisation needs.

VPN-HQ(config)# ip access-list 101 permit ip 172.11.1.0 0.0.0.0 10.11.2.0 0.0.0.0

Create an IPSec Map

Create an IPSec Crypto Map and assign it a Sequence number

VPN-HQ(config)# crypto map HQ-BR1-MAP 2 ipsec-isakmp

where 2 is the sequence number and HQ-BR1-MAP is the nameof the map.

Set the Network traffic to be protected

Here use the extended ACl created earlier to define the traffic that is protected and passed through the tunnel.

VPN-HQ(config-crypto-map)# match address 101

where 101 is the Extended ACL

Set the Peer Address

VPN-HQ(config-crypto-map)# set peer 10.1.1.100

Set Transform Set

VPN-HQ(config-crypto-map)# set 3DES-SHA-HMAC

Set Perfect Forwarding Secret

VPN-HQ(config-crypto-map)# set pfs group 2

Apply Crypto Map to the external Interface

VPN-HQ(config)# int fa0/0

VPN-HQ(config-if)# crypto map HQ-BR1-MAP

Allow inbound IPSec traffic from the Peer on the external interface

VPN-HQ(config)# ip access-list 102 permit udp host 10.1.1.100 any eq isakmp

VPN-HQ(config)# ip access-list 102 permit esp host 10.1.1.100 any

That completes the configuration on the Cisco Router at the HQ. Repeat the procedure with only changing

1. The Peer IP in the steps for setting the Pre-shared Key & setting Peer.

2. Modify the ACLs for the protected networks

3. Inbound ACL to allow incoming traffic from peer

To verify the configs, use the following show commands:

Display Crypto IKE Policy

VPN-HQ# show crypto isakmp policy

Display Crypto Transform Set

VPN-HQ# show crypto ipsec transform-set

Display Crypto Map entries

VPN-HQ# show crypto map

Categories: Network Tags:

Convert your windows server into SAN in less than 10 min.

July 6th, 2009 mmjp No comments

StarWind Free

StarWind Free is an iSCSI Target that converts any Windows server into a SAN in less than 10 minutes. 
This is a fully functional product at no cost.  

• Large 2 TB storage capacity 
• Unlimited number of connections 
• Virtualization environment support for VMware, Hyper-V, XenServer, Virtual Iron 
• Enhances VMware environments by enabling VMotion, VMware HA, DRS and VCB 
• Supports Windows server clustering for any application including SQL Server, Exchange, SharePoint

Categories: VMware Tags:

How to Join OpenFiler to Domain.

July 5th, 2009 mmjp No comments

http://forums.openfiler.com/viewtopic.php?id=3543

Use Windows domain controller and authentication [checked]
Security model:      Active Directory
Domain / Workgroup:  domain
Domain controllers:     dc.domain.tld
ADS realm:  DOMAIN.TLD
Join domain:      [checked]
Administrator username:     domain\Administrator
Administrator password:     password

I would need to submit the form once or twice to get the Openfiler server to showup in the Computers OU on the DC.  (waiting 2-3 minutes between attempts)
After it appears I wait another 3 minutes to see if the groups populate on OF.
If not I repeat the above again, and OF pulls the groups down.

It’s a little weird, but it’s consistent for me.

Last edited by liggyman (2009-05-23 17:33:33)

Expart Setting

Categories: VMware Tags: