Top

Categories

Archives

Twitter

Bookmarks

Support

Adium Boxee BBEdit Coda Alfred HandBrake ScreenFlow Caffeine Moom Evernote Pixelmator SecureFiles TextWrangler Transmit Shimo RapidWeaver VLC Dropbox Steam Spotify Acorn VMware Fusion Unison

Entries in Cisco (6)

Tuesday
Mar292011

Cisco Releases Linksys E4200 Dual-Band Router

DateTuesday, March 29, 2011 at 6:48PM | Print ArticlePrint Article

Back in January Cisco announced their new dual-band wireless router range, known as the E-Series. After a long wait, us Brits can finally get our hands on the flagship product, the Linksys E4200.

In theory the E4200 should be the perfect device for people looking to setup a wireless network that can stream "jitter free" high definition video. This is made possible through the use of Wireless-N technology, which utilises a 3x3 MIMO configuration for a maximum potential throughput of 450Mb/s on the 5GHz band. As the E4200 is a dual-band router it can also simultaniously deliver up to 300Mb/s on 2.4GHz band (for devices that are not compatible with 5GHz). When you add Quality of Service (QoS) to help prioritise streaming media, a four port Gigabit switch and USB 2.0 port supporting UPnP media server capabilities, things look very promising.

Cisco have released a short promotional video showing off some of the E-Series new features:

The E4200 is available now from Amazon for £130. I plan to pick one up in the next few weeks for testing and I'll do my best to post an update. In the meantime, be sure to check out the full specification on the Cisco (Linksys) Home website.

tagged , , , in , |
Sunday
Mar062011

Cisco Console Connection for iPad

DateSunday, March 6, 2011 at 12:40PM | Print ArticlePrint Article

Have you ever wanted to configure a Cisco device from your iPad? I realise this is probably a niche market, but I'm pleased to report that it's now possible!

Thanks to guys over at Get Console it is now possible to connect your iPad (or iPhone) to a Cisco device (router, switch or ASA) using the Cisco standard console (serial) connection. This is possible using the Apple certified iOS console cable, which has the standard Apple 30pin connector at one end and RJ45 (serial) at the other.

Finally, all you need is the Get Console app available from the App Store.

I haven't had a chance to play with the cable or app yet (still waiting for my order), but the guys over at Get Console have provided a short demostration video.

As you can see the cable and app seem to work very well, even offering custom keyboard buttons (such as break) and a clipboard to paste commands/output.

The final cool feature is remote console access via the iOS device, for remote engineers. This means that you can connect the iPad/iPhone to the Cisco device and have remote engineer login via the Get Console website (using a unique one time code). The diagram below shows how this works:

As soon as my cable arrives I'll post an update.

tagged , , in , |
Monday
Jan172011

Introducing Cisco AnyConnect 3.0

DateMonday, January 17, 2011 at 7:27AM | Print ArticlePrint Article

Over the past few months I have been beta testing Cisco AnyConnect 3.0, their next generation VPN solution. AnyConnect 3.0 marks a major milestone for Cisco as, for the first time, they bring all of their technologies for remote security / connectivity into one tool. The aim is to enable their vision for a "Borderless Network", meaning seamless and secure connectivity, any time, anywhere and from any device. Could this be the product every Enterprise has been waiting for?

Before we look at some of the new features in AnyConnect 3.0, let's take a quick look at the overall SSL VPN market as it stands today. Below is the December 2010 Gartner Magic Quadrant, which shows only two vendors in the "leaders" quadrant. This has been the case for the past few years, with Juniper edging out Cisco.

Although I believe this assessment of the market is fair (as AnyConnect 3.0 was not available for review in December), I fully predict that the 2011 magic quadrant will show that Cisco have significantly closed the gap, if not overtaken Juniper as the market leader.

So let's take a look at a couple of the major new features of AnyConnect 3.0:

Firstly, AnyConnect 3.0 has been re-written to enable easy customisation, via the use of modules. This means that you no longer need to install the entire AnyConnect package, but instead can pick the modules that you intend to use, resulting in a lightweight and efficient client. The modules available in AnyConnect 3.0 are: 

  • AnyConnect IPsec/SSL VPN Module (including pre-login)
  • AnyConnect Network Access Manager Module
  • AnyConnect Posture Module
  • AnyConnect Telemetry Module
  • AnyConnect Web Security Module
  • AnyConnect Diagnostic and Reporting Module

The other great thing about a modular configuration is that you can easily add or remove modules at any time, without impacting the core services. For example, as Cisco continue to improve AnyConnect, new modules will become available. If you decide to take advantage of these new services you can simply add them to your installation, safe in the knowledge that your existing install will continue to operate as expected. Personally I hope that one of the first modules Cisco looks to add is for WAN Optimisation, similar to "ProxyClient" offered by BlueCoat.

The next big change is that for the first time AnyConnect 3.0 brings IPsec/IKEv2 and SSL full tunnel VPN compatibility in the same product. Previously AnyConnect 2.x only supported SSL based VPN and customers had to use the previous generation Cisco VPN Client to get IPsec support. This proved to be a major barrier for businesses who were looking to upgrade to AnyConnect, as although SSL VPN solutions have come a long way, it is still widely accepted in the industry (especially amongst security purists) that IPsec is better optimised for latency-sensitive traffic (such as voice and video).

The final new feature worth mentioning is the web security module. This takes advantage of Cisco's recent acquisition of ScanSafe, the cloud based web security service for web-virus, malware, content filtering and forensic analysis. This module is essentially a port of the ScanSafe Anywhere+ client, where Internet traffic is sent direct (either without a VPN connection or via split tunnelling), but corporate policies and security is still maintained by the highly configurable ScanSafe cloud service. This service is a key unique selling point for AnyConnect 3.0 as it offers total security, regardless of the traffic's destination. This is perfect for roaming users that utilise cloud services, such as Google Apps, SalesForce.com or Amazon EC2, as it allows direct Internet access (via ScanSafe), without having to backhaul traffic over VPN through corporate data centres. Finally it is worth noting that you can install the AnyConnect Web Security module as a standalone product. This is useful if you want a robust cloud based web security service, but already have an existing VPN solution form another vendor (I have personally tested it with Juniper Network Connect 7.0). For more information about the web security module I suggest you head over to the ScanSafe Anywhere+ information page, as the product feature set is almost identical.

Overall I believe AnyConnect 3.0 is a significant product release for Cisco. At launch it will be available for Windows XP to 7 (x86 / x64), Mac OS X and Linux as well as Apple iOS (iPhone and iPad). Although it should be noted that not all modules have been ported to the different platforms. Cisco have also promised support for other major mobile platforms such as Google Android (expect to see that release soon). In terms of management, the AnyConnect client (including the modules) is controlled by the Cisco ASA platform, where you can do everything from remote deployment (based on a posture check) and make real time configuration changes. If you just intend to use a standalone module, such as the web security, then you can do so without an ASA, although you would need to rely on another management product (such as Altiris) to deploy and update the software. The final thing worth noting is that even though AnyConnect 3.0 has compatibility for IPsec, it is not compatible with the previous generation 3000 series concentrator, therefore you will need to life cycle these devices to the ASA platform.

As mentioned earlier, I feel that AnyConnect 3.0 is the product that gives Cisco the best remote access solution on the market. The main reason for this is that it delivers the total package of flexibility, simplicity and security, as well as being cross platform. In my experience even Juniper (current market leaders) can't match this and although visionary products such as Microsoft DirectAccess and Netmotion Mobility XE may have advantages in specific areas, they are not yet suitable for business wide deployment.

For more information on Cisco AnyConnect 3.0, including pricing and licensing options, head over to the Cisco product page.

tagged , in , |
Thursday
Jul162009

Cisco Router Password Recovery

DateThursday, July 16, 2009 at 3:14PM | Print ArticlePrint Article

If you work with Cisco routers I guarentee you will at some stage attempt to login to a router only to discover you can't remember the password. When this happens you will be forced to execute the Cisco router password recovery process. Please note this specific process is primarily for Cisco 3600 and 3800 routers although may work on other models. Please check the Cisco website for more details.

1. Connect a standard rollover cable (console cable) to the router using the console port. Open a terminal emulation application (such as Hyper Terminal on Windows) and connect with the following settings:

  • 9600 baud rate

  • No parity

  • 8 data bits

  • 1 stop bit

  • No flow control

2. Power on the router and execute the break sequence in the first 90 seconds. Each terminal emulation application has its own break sequence, for example in Hyper Terminal on Windows simply click the "Break" key.

3. The router will now enter ROMMON. Enter "config-register 0x2142" and press return. This step bypasses the startup configuration where the existing passwords are stored. Next type "reset", which reboots the router but ignores the saved configuration.

4. Once the router has rebooted answer "No" to all the initial setup procedure questions. Next enter enable mode by typing "en" and copy the start-up configuration to the running configuration by typing "copy startup-config running-config".

5. Type "conf t" and then "enable secret <password>" in order to change the enable password.

6. Finally type "config-register 0x2102" and "write mem" to save the running-configuration to the startup configuration.

When the router re-boots, you will be able to access it using the new password you previously configured.

tagged , , in , |
Thursday
Apr302009

Configure Cisco ASA & AnyConnect VPN Client

DateThursday, April 30, 2009 at 1:30PM | Print ArticlePrint Article

This article aims to explain how to configure a Cisco ASA to terminate a Cisco AnyConnect SSL VPN client using the ASDM (GUI).

The following example was configured on an ASA 5505 running software version 8.0(4). The ASA also has ASDM v6.1(5) and AnyConnect v2.3 installed on its flash and was set to the factory default configuration.

Before starting please ensure you have the latest version of Java installed on the Windows computer you intend to use to setup the ASA.

Connect a Windows computer to the inside interface of the ASA (Interface 1 is set to the Inside interface by default). The ASA should automatically allocate an IP address to the computer by DHCP. This address will likely be 192.168.1.2.

Open a browser (I recommend Internet Explorer 6/7/8 for this installation) and go to:

https://192.168.1.1

You will be prompted with the following page:

Click "Install ASDM Launcher and Run ASDM". You will be prompted for your ASA login password (if configured).

Once the ASDM has been downloaded and installed login via the ASDM:

Choose "Configuration > Device Setup > Interfaces" and check "Enable traffic between two or more hosts connected to the same interface". Please note I have also assigned the IP address 172.16.1.1/24 to the outside interface (interface 0). This is for example purposes only.

Choose "Configuration > Remote Access VPN > Network (Client) Access > Address Assignment > Address Pools" and click Add in order to create the IP address pool "vpnpool".

Choose "Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles" and under Access Interfaces, click the check box "Enable Cisco AnyConnect VPN Client or legacy SSL VPN Client on the interfaces selected in the table below". Once checked you will be asked to select the AnyConnect image stored on the ASA Flash.

Also check "Allow Access" and "Enable DTLS" for the outside interface.

Choose "Configuration > Remote Access VPN > Network (Client) Access > Group Policies" and click Add to create an internal group policy "clientgroup". Under the "General tab > More Options", select the "SSL VPN Client" check box in order to enable the WebVPN as tunneling protocol.

In the "Advanced > Split Tunneling" tab, choose "Tunnel All Networks" from the drop down list of the Policy in order to make all the packets coming from the remote PC through a secure tunnel.

To enable the "Keep Installer on Client System" option, uncheck the Inherit check box under "Advance > SSL VPN Client", and click the Yes radio button.

Click "Advance > SSL VPN Client > Login Setting" in order to set the Post Login Setting and Default Post Login Selection as shown below.

Click "Advance > SSL VPN Client > Key Regeneration"

For the" Renegotiation Interval" option, uncheck the Inherit box, uncheck the Unlimited check box, and enter 30. Security is enhanced by setting limits on the length of time a key is valid.

For the "Renegotiation Method" option, uncheck the Inherit check box, and click the SSL radio button. Renegotiation can use the present SSL tunnel or a new tunnel created expressly for renegotiation.

Finally Click OK and Apply.

Choose "Configuration > Remote Access VPN > AAA/Local Users > Local Users" click Add in order to create the new user account "ssluser1". Select a password of your choice (For example "cisco"). Click OK and then Apply.

Choose "Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles > Connection Profiles" click Add in order to create the new tunnel group "sslgroup". In the "Basic" tab apply the following settings:

Under "Advance > SSL VPN > Connection Aliases" click Add, specify the group "alias sslgroup_users" and click OK.

Choose "Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles > Login Page Setting", check "Allow user to select connection profile, identified by its alias, on the login page. Otherwise, DefaultWEBVPNGroup will be connection profile and Apply".

Finally choose "Configuration > Firewall > NAT Rules > Add Dynamic NAT Rule" so the traffic that comes from the inside network can be translated with outside IP address 172.16.1.5. Click OK when complete.

Choose "Configuration > Firewall > NAT Rules > Add Dynamic NAT Rule" for the traffic coming from the outside network. 192.168.10.0 can be translated with outside IP address 172.16.1.5. Click OK when complete.

To finish click Apply and Save.

To test you will need to connect a Windows computer to the outside interface of the ASA (interface 0) and set the IP settings to:

IP Address: 172.16.1.5

Subnet Mask: 255.255.255.0

Now open a browser (I recommend Internet Explorer 6/7/8 for this test) and establish an SSL connection with the ASA by going to:

https://172.16.1.1

You will be prompted for your login credentials.

Once authenticated (ssluser1 / cisco / sslgroup_users) your browser will automatically download the Cisco AnyConnect client, install it and establish an SSL VPN connection to the ASA.

tagged , , , , in |
Page 1 2 Next 5 Entries ยป