ISO/IEC 27001 and 27002

ISO/IEC 27001 and 27002 (International Standards Organization/International Electrotechnical Commission)(International standards for ISMS (Information Security Management Systems))(10 sections known as clauses and 4.0 to 10.0 are mandatory)(Clause 6.0 requirements are also called Annex A which has 14 sections and 114 clauses)

SNMP Configuration Cisco

Switches ip access-list standard SNMP-Permitted10 permit – ipRouteTable (IP route table) – ipNetToMediaTable (IPv4 ARP table) (deprecated by ipNetToPhysicalTable) – ipNetToPhysicalTable (combined IPv4/IPv6 translation table) – atTable (layer two address table) and snmpUsmMIB, snmpVacmMIB, and snmpCommunityMIB Objects excluded below snmp-server view Company-RO iso includedsnmp-server view Company-RO excludedsnmp-server view Company-RO excludedsnmp-server viewContinue reading “SNMP Configuration Cisco”

GETVPN (Group Encrypted Transport VPN) Config (Commands)

GETVPN is not used on public internet rather on a closed network e.g. MPLS where all the IP routing works becasue the header has the original internal source and destination IPs even after the ESP encrypted header. GM (Group Member): Encrypts and Forwards on the Data PlaneKS (Key Server): Control Plane for IPSec (IKEv1 policy,Continue reading “GETVPN (Group Encrypted Transport VPN) Config (Commands)”

DMVPN (Dynamic Multi Point VPN) Config (Commands)

(Publically reachable IP addresses in a DMVPN is called NBMA (Non-Broadcast Multi Access) network)(mGRE (Multi Point GRE) is used instead of using separate tunnel interfaces for each router)(NHRP (Next Hop Resolution Protocol) is used to know each other’s next hop NBMA address. Also, helps building spoke to spoke dynamic tunnel if there is a routeContinue reading “DMVPN (Dynamic Multi Point VPN) Config (Commands)”

GRE (Generic Route Encapsulation) over IPSec VPN Configuration on a Cisco Router

CREATING A CISCO GRE TUNNEL:R1(config)# interface Tunnel0R1(config-if)# ip address ip mtu 1400R1(config-if)# ip tcp adjust-mss 1360R1(config-if)# tunnel source tunnel destination ROUTING NETWORKS THROUGH THE GRE TUNNEL:R1(config)#route eigrp 1R1(config-router)#no auto-summaryR1(config-router)# SECURING THE GRE TUNNEL WITH IPSEC:(GRE is not protected or encrypted so we use IPSec)CONFIGURE ISAKMP (IKE) – (ISAKMP PHASE 1):R1(config)#Continue reading “GRE (Generic Route Encapsulation) over IPSec VPN Configuration on a Cisco Router”

Site to Site VPN Config on a Cisco Router

Config isakmp (IKE) – (ISAKMP PHASE 1):R1(config)# crypto isakmp policy 1R1(config-isakmp)# encr 3desR1(config-isakmp)# hash md5R1(config-isakmp)# authentication pre-shareR1(config-isakmp)# group 2R1(config-isakmp)# lifetime 86400 Config Pre-Shared Key – PSK:R1(config)# crypto isakmp key firewallcx address Create IPSec Transform (ISAKMP PHASE 2 POLICY):R1(config)# crypto ipsec transform-set TS esp-3des esp-md5-hmacR1(cfg-crypto-trans)#mode tunnel (by default it is tunnel mode so don’t haveContinue reading “Site to Site VPN Config on a Cisco Router”

Checkpoint Evaluation License steps (cplic) Learn>Product Evaluation>All-in-One-Evaluation Download the license file cplic put -l LICENSEFILE.lic cplic print -x (to get the hash and del old ones) cplic del KEY_HASH (remove all the old ones) cplic print -t (to check whether central or local) cpstop cpstart upload the license file on Smart Update as well and attach. Dettach all theContinue reading “Checkpoint Evaluation License steps (cplic)”