Tuesday, April 26, 2011

SSH configuration on ASA 5500

Here is the configuration on how to enable SSH on ASA device.

ASA# config t
ASA(config)# enable password EPICPASSWORD
!--Enable password is necessary to enable ssh access

ASA(config)# username box password boxpasswordonly
!--Username and password for connecting using SSH

ASA(config)# aaa authentication ssh console LOCAL
!--We specified LOCAL authentication with usernamea & password above

ASA(config)# ssh 192.168.x.x 255.255.255.0 inside
!--This line allow the user with the right username and password
!--from this specific subnet (reside locally) to access the ASA
!--ssh (Outside IP) (Outside Subnet) outside
!--This is to allow user from the outside IP to access the ASA

ASA(config)# domain-name WOW.LOCAL
!--Domain name of your company.  RSA key is generated usig DOMAIN NAME
!--plus FIREWALL name combination

ASA(config)# crypto key generate rsa modulus 1024
!--ASA generate RSA key

The firewall is now ready for SSH connection.

Additional reading for ASA 8.3 configuration from Cisco site.
Posted by at No comments:
Labels: ,

Saturday, April 23, 2011

Router Configuration: IP NAT

Command:
     ip nat inside source

Mode:
     Router(config) #

Syntax:
     ip nat inside source {list {access-list-number | name} {pool name | interface dialer-name} [overload] | static local-ip global-ip}

    no ip nat inside source {list {access-list-number | name} {pool name | interface dialer-name} [overload] | static local-ip global-ip} 

Command Description:
     To enable NAT of the inside source address, use the ip nat inside source global configuration command. 

Example:

The following portion of a show running-config translates between inside hosts addressed from either the 192.168.1.0 or 192.168.2.0 networks to the globally unique 171.69.233.208/28 network:


ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28
ip nat inside source list 1 pool net-208
!
interface ethernet 0
ip address 171.69.232.182 255.255.255.240
ip nat outside
!
interface ethernet 1
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
!
ip classless
ip route 192.168.0.0 255.255.252.0 e1
ip route 0.0.0.0 0.0.0.0 e0

Original link Soft30
Posted by at No comments:
Labels: , ,

Friday, April 22, 2011

How to install Internet Authentication Service on W2K3

This is step-by-step instruction on how to install Internet Authentication Service (IAS) on W2K3.

To Install IAS
  1. Open Add or Remore Program in Control Panel.
  2. Click Add/Remove Windows Components.
  3. In the Windows Components Wizard dialog box, click Networking Services, and then click Details.
  4. In the Networking Services dialog box, select Internet Authentication Service, click OK, and then click Next.
  5. If prompted, insert your Windows Server 2003 CD.
  6. After IAS is installed, click Finish, and then click Close.
Original link from Microsoft TechNet site.
Posted by at No comments:

How to install Network Policy Server on W2K8

This is step-by-step process on how to install Network Policy Server (NPS) on W2K8 server.
  1. Click Start, and then click Server Manager. In the left pane of Server Manager, double-click Roles to expand the tree. Browse to and right-click Network Policy and Access Services, and then click Add Role Services. The Add Role Services wizard opens.
  2. In Select Role Services, in Role Services, select Network Policy Server, and then click Next.
  3. In Confirm Installation Selections, click Install.
  4. In Installation Results, review your installation results, and then click Close.
Original link from Microsoft TechNet site.
Posted by at No comments:

Why am I doing this?

This blog is just a quick remind or tips on how to do certain thing that relates to my work.
Posted by at No comments:
Subscribe to: Posts (Atom)