Does anyone use this client at all? I have to set it up for internal access and it would seem the documentation was very sparse. I found some guides on how to do it from the Cisco Configuration Pro:
http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080af314a.shtml
But since I was doing this from the CLI, I basically read the bottom of it and went for it. Also make sure you pick the right package to download to the router. Not all packages are meant for all situations. I will probably post a eradicated version of my config later today.
Friday, July 29, 2011
IPSEC VPN ISSUES
A couple of days ago a customer was having an issue with an ipsec vpn tunnel between a cisco and a sonicwall device. Every 8 hours or so, the vpn connection would just die and wouldn't comeback up for another 8 hours or so. Also during that time, he would get an error in his event log stating that ESP versions were different. Turns out that by default cisco goes to 3600 seconds for phase 2 negotiation and sonicwall goes to 28800 (about 8 hours). What I didn't know that you could change the time globally and per policy on the cisco device: Here is the command to change it per policy:
set security-association idle-time seconds
Here is the command to change it globally:
crypto ipsec security-association idle-time
More information can be found here:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftsaidle.html
set security-association idle-time seconds
Here is the command to change it globally:
crypto ipsec security-association idle-time
More information can be found here:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftsaidle.html
Monday, July 25, 2011
Next up CWNA
My next cert goal is CWNA. I want to try to get it done before the August 30 cut off date for free retakes. I have started reading the CWNA guide and I plan to use it, some labbing and the CBT nuggets. Stay tuned.
Monday, July 4, 2011
Updates
Starting tomorrow, I will be working at a new company in a networking engineering position. In response to that my goal is to get the CCNP done at the end of the year. I am still on for the Wireshark Exam at the end of the month. The company is heavily involved with Wireless so I am also going to be working on CWNA/CWSP but I don't have a date set for that. WCNA/CCNP are my immediate goals with the CCNA:Wireless being possible as well. I also will make sure I bake security into everything I do and do some more stuff on pfsense and linux. I plan to at least do two updates a week on here so I can get some decent content lol. Stay tuned.
Also I am doing something called the tough mudder in March so I started a new blog for that. Check it out if you want. There is no content now but I will be adding some soon:
http://kmstoughmudder.blogspot.com/
Also I am doing something called the tough mudder in March so I started a new blog for that. Check it out if you want. There is no content now but I will be adding some soon:
http://kmstoughmudder.blogspot.com/
Subscribe to:
Posts (Atom)
