Author Archives: Farzand Ali

ISO/IEC 27001 and 27002 (International Standards Organization/International Electrotechnical Commission)(International standards for ISMS (Information Security Management Systems))(10 sections known as clauses and 4.0 to 10.0 are mandatory)(Clause 6.0 requirements are also called Annex A which has 14 sections and 114 clauses) https://www.itgovernance.co.uk/blog/iso-27001-the-14-control-sets-of-annex-a-explained https://www.isms.online/iso-27001/requirements-controls/

Switches ip access-list standard SNMP-Permitted10 permit 192.168.130.242 1.3.6.1.2.1.4.21 – ipRouteTable (IP route table)1.3.6.1.2.1.4.22 – ipNetToMediaTable (IPv4 ARP table) (deprecated by ipNetToPhysicalTable)1.3.6.1.2.1.4.35 – ipNetToPhysicalTable (combined IPv4/IPv6 translation table)1.3.6.1.2.1.3 – atTable (layer two address table) and snmpUsmMIB, snmpVacmMIB, and snmpCommunityMIB Objects excluded below snmp-server view Company-RO iso includedsnmp-server view Company-RO 1.3.6.1.2.1.4.21 excludedsnmp-server view Company-RO 1.3.6.1.2.1.4.22 excludedsnmp-server viewContinue reading “SNMP Configuration Cisco”

https://en.wikipedia.org/wiki/Cisco_Meraki

GETVPN is not used on public internet rather on a closed network e.g. MPLS where all the IP routing works becasue the header has the original internal source and destination IPs even after the ESP encrypted header. GM (Group Member): Encrypts and Forwards on the Data PlaneKS (Key Server): Control Plane for IPSec (IKEv1 policy,Continue reading “GETVPN (Group Encrypted Transport VPN) Config (Commands)”

(Publically reachable IP addresses in a DMVPN is called NBMA (Non-Broadcast Multi Access) network)(mGRE (Multi Point GRE) is used instead of using separate tunnel interfaces for each router)(NHRP (Next Hop Resolution Protocol) is used to know each other’s next hop NBMA address. Also, helps building spoke to spoke dynamic tunnel if there is a routeContinue reading “DMVPN (Dynamic Multi Point VPN) Config (Commands)”

CREATING A CISCO GRE TUNNEL:R1(config)# interface Tunnel0R1(config-if)# ip address 10.12.12.1 255.255.255.0R1(config-if)# ip mtu 1400R1(config-if)# ip tcp adjust-mss 1360R1(config-if)# tunnel source 15.1.1.1R1(config-if)# tunnel destination 25.2.2.2 ROUTING NETWORKS THROUGH THE GRE TUNNEL:R1(config)#route eigrp 1R1(config-router)#no auto-summaryR1(config-router)#10.0.0.0 0.255.255.255R1(config-router)#end SECURING THE GRE TUNNEL WITH IPSEC:(GRE is not protected or encrypted so we use IPSec)CONFIGURE ISAKMP (IKE) – (ISAKMP PHASE 1):R1(config)#Continue reading “GRE (Generic Route Encapsulation) over IPSec VPN Configuration on a Cisco Router”

Config isakmp (IKE) – (ISAKMP PHASE 1):R1(config)# crypto isakmp policy 1R1(config-isakmp)# encr 3desR1(config-isakmp)# hash md5R1(config-isakmp)# authentication pre-shareR1(config-isakmp)# group 2R1(config-isakmp)# lifetime 86400 Config Pre-Shared Key – PSK:R1(config)# crypto isakmp key firewallcx address 1.1.1.2 Create IPSec Transform (ISAKMP PHASE 2 POLICY):R1(config)# crypto ipsec transform-set TS esp-3des esp-md5-hmacR1(cfg-crypto-trans)#mode tunnel (by default it is tunnel mode so don’t haveContinue reading “Site to Site VPN Config on a Cisco Router”

https://help.checkpoint.com/s/ Learn>Product Evaluation>All-in-One-Evaluation Download the license file cplic put -l LICENSEFILE.lic cplic print -x (to get the hash and del old ones) cplic del KEY_HASH (remove all the old ones) cplic print -t (to check whether central or local) cpstop cpstart upload the license file on Smart Update as well and attach. Dettach all theContinue reading “Checkpoint Evaluation License steps (cplic)”