Cisco Labs

CCP Configuration: ASA ASDM basic config: Cisco 861/871 basic router configuration: Cisco IOS DHCP Configuration: IOS Zone based Firewall configuration: IOS Site-to-Site IPSec VPN Configuration: ASA Site-to-Site IPSec VPN: Cisco ASA Site to Site VPN ‘Using ASDM’ Cisco VPN Client Configuration – Setup for IOS Router: HowContinue reading “Cisco Labs”

How Does NAT-T (NAT Traversal) work with IPSec?

ESP encrypts all critical information, encapsulating the entire inner TCP/UDP datagram within an ESP header. ESP is an IP protocol in the same sense that TCP and UDP are IP protocols (OSI Network Layer 3), but it does not have any port information like TCP/UDP (OSI Transport Layer 4). This is a difference from ISAKMPContinue reading “How Does NAT-T (NAT Traversal) work with IPSec?”

Cisco VIRL (Virtual Internet Routing Lab)

Cisco Devices: IOSv, IOSvL2, IOS-XRv, CSR1000v, NX-OSv, ASAv List of supported features for IOSv: 802.1Q, AAA, ACL, BGP, DHCP, DNS, EEM, EIGRP, EoMPLS, Flex Netflow + TNF, GRE, ICMP, IGMP, IP SLA, IPSec, IPv6, ISIS, L2TPv3, MPLS, MPLS L2VPN, MPLS L3VPN, MPLS TE, Multicast, NAT, NTP, OSPF, PfR, PIM, PPPoE, RADIUS, RIP, SNMP, SSH, SYSLOG,Continue reading “Cisco VIRL (Virtual Internet Routing Lab)”

Data-plane attacks and Mitigation Techniques

CAM Table OverFlow Attack (DoS attack)(macof –i eth0): Port-Security DHCP Starvation Attack (DoS attack): Port-Security and Rate-limiting requests. DHCP Spoofing/Rogue DHCP Attack (Mitm attack): DHCP Snooping VLAN Hopping attack (negotiate trunk using DTP)(yersinia -G): set all the ports not connected to switches to no-negotiate and access ports, as by default they are set to negotiateContinue reading “Data-plane attacks and Mitigation Techniques”