Press "Enter" to skip to content

Cisco IOS Internet Key Exchange version 1 (IKEv1) Vulnerability and Fix

0

Cisco IKEv1 is still popular in VPN configuration. Most of my vpn configuration is based on IKE v1 although there are more demands for v2.  I had a post “Cisco Router IKE v2 Site to Site IPSec VPN Configuration” to quickly show what the difference is between v1 and v2, and how to do v2 configuration.  Recently some vulnerabilities scan…

Cisco 3850 Mgmt VRF Configuration

0

Ethernet Management Interface VRF New Cisco Routers and Switches come with a dedicated Ethernet port which unique purpose is to provide management access to the device via SSH or Telnet. This interface is isolated in its own VRF called “Mgmt-vrf’. Placing the management Ethernet interface in its own VRF has the following effects on the Management Ethernet interface: Many features must be…

Juniper SRX Commnit Error “No rulebase configured for active policy”

0

I have been dealing with Juniper SRX IDP error many times when NSM was been used. Mostly those errors are caused by corrupted signature DB or not enough storage space on SRX itself. Here is the latest one I encountered. Symptoms From Space, if I make a new change on firewall policy and push it to gateway, I will get…

Upgrade Cisco 4500 Switches IOS and ROMM and Failed to Enable VSS (Virtual Switching System)

0

In one of my clients environment, there are two Cisco 4510 running and HSRP has been configured. It has been discussed to upgrade it to VSS (Virtual Switching System) during last a couple of months. The main driven to get VSS is to have dual homed hosts run Etherchannel to connect to those two 4510R+E switches. Obviously converting the core switches…

Install Mac OSX AnyConnect Package on Cisco Router

0

Symptoms:  One of my clients reported a Cisco AnyConnect issue. It only happened to his machine and later we found that is because he is using Mac machine. His credential works fine if he uses it at windows machine. From following screenshot, obviously there is Mac AnyConnect package missing from vpn gateway. Error Messages: “VPNThe AnyConnect package on the secure…

Juniper SRX DB mode (Debug mode)

0

During our regular maintenance, after rebooted one SRX345, and found it stuck at db mode, which is debug mode. After a short and quick analysis, I found Juniper JunOS devices may get stuck in the boot process or fail to boot the OS, in rare cases, after a sudden power loss or ungraceful power shut down. Juniper  routers, switches and…

Cisco Catalyst 2960X and 2960S Stacking

0

Working on stacking two Cisco 2060X switches recently, and two 2960X Stack module and 0.5m stacking cables received today. Product name is C2960X-STACK= and description is Catalyst 2960-X FlexStack Plus Stacking Module optional. Part Number is CMUCAEGBAA. For 3850 switches, it is in this post: Cisco Catalyst 3850 Data Stack and Power Stack