Cisco IP Sec

crypto isakmp policy 2
authentication pre-share

crypto isakmp key cisco123 address 172.16.1.1

crypto ipsec transform-set ASA-IPSEC esp-des esp-sha-hmac

crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to172.16.1.1
set peer 172.16.1.1
set transform-set ASA-IPSEC
match address 100
interface FastEthernet0
ip address 172.17.1.1 255.255.255.0
duplex auto
speed auto
crypto map SDM_CMAP_1
access-list 100 remark SDM_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip 10.20.10.0 0.0.0.255 10.10.10.0 0.0.0.255
!
!
!
!--- This ACL 110 identifies the traffic flows using route map
access-list 110 deny ip 10.20.10.0 0.0.0.255 10.10.10.0 0.0.0.255 access-list 110 permit ip 10.20.10.0 0.0.0.255 any route-map nonat permit 10 match ip address 110
debug crypto isakmp
debug crypto ipsec
show crypto isakmp sa
show crypto ipsec sa

terminal monitor
terminal no monitor

clear crypto ipsec ?
clear crypto isakmp

Comments

Post a Comment

Popular posts from this blog

VIOS TIPs

HMC image locates: /extra/viosimages/2.2.3.4 To install VIO server from HMC: installios To erase the previous setting: installios -u hscroot@P7504HMC:~> cat /etc/nimol.conf # nimol.conf file NIMOL_SERVER 9.22.217.30 ORIGINAL_FILES_DIR /var/tmp/nimol_original RPCBIND_STARTED yes NFS_STARTED yes REMOTE_ACCESS_METHOD /usr/bin/rsh NIMOL_TFTPBOOT /tftpboot TFTP_ENABLED yes REMOTE_SYSLOG_ENABLED yes HMC_SYSLOG_CONF_MODIFIED yes NIMOL_SYSLOG_FACILITY local2 NIMOL_SUBNET 9.22.217.0 NIMOL_BOOTREPLYD yes LABEL default1 /extra/default1 processing hscroot@P7504HMC:~>  installios -F -e -R default1 Logging session output to /tmp/installios.24173.log. nimol_config WARNING: error from command /bin/awk nimol_config MESSAGE: Executed /usr/sbin/exportfs -ua. nimol_config MESSAGE: Executed /usr/sbin/exportfs -a. nimol_config MESSAGE: Removed /tftpboot/default1.chrp.mp.ent. nimol_config MESSAGE: Removed /extra/default1. nimol_config MESSAGE: Removed "LABEL def...
Read more

Configure Solaris 10 LDOM on Solaris 11.4

root@comglv1:~# ldm add-memory 16G htcsun1 root@comglv1: # zfs destroy zones cannot destroy 'zones': operation does not apply to pools use 'zfs destroy -r zones' to destroy all datasets in the pool use 'zpool destroy zones' to destroy the pool itself root@comglv1: # zfs destroy -r zones root@comglv1: # zpool create LDOM mirror c0t5000CCA03C0E89D8d0s0 c0t5000CCA03C2F3BB4d0s0 root@comglv1: # zfs create LDOM/htcsun1 root@comglv1: # zfs create -V 150g LDOM/htcsun1/disk0 root@comglv1: # ldm rm-vdisk vdisk0 htcsun1 root@comglv1: # ldm rm-vdsdev htcsun1-vd0@primary-vds0 root@comglv1: # ldm rm-vdsdev  vol0@primary-vds0 root@comglv1: # ldm rm-vdsdev iso@primary-vds0 root@comglv1: # add-vdsdev options=ro sol-10-u11-ga-sparc-dvd.iso htcsun1-iso@primary-vds0 root@comglv1: # ldm add-vdsdev /dev/zvol/dsk/LDOM/htcsun1/disk0 htcsun1-vd0@primary-vds0 root@comglv1: # ldm add-vdisk vdisk0 htcsun1-vd0@primary-vds0 htcsun1...
Read more

HA in Linux is pretty easy

NOTICE: -- Very important: Please do NOT FAT FINGER. Check your IP address/hostname correct first before configuring PCS. If any service(s) do(es) not startup correctly, please check the service log under /var/log/cluster or /var/log/pcsd. systemctl -xe does not help at all 1> Install PCS  yum isntall pcs -y 2>  Configure PCS. Please run the following commands on ALL nodes: systemctl start pcsd systemctl enable pcsd passwd hacluster 3> Configure PCS, Run he following commands on ONE node: pcs cluster auth <NODE-1> <NODE-2> <...> pcs cluster setup --name <CLUSTER_NAME> <NODE-1> <NODE-2> <...> pcs cluster start --all pcs cluster enable --all pcs resource create virtual_ip ocf:heartbeat:IPaddr2 ip=<IP_ADDR> cidr_netmask=32 op monitor interval=30s pcs resource create <APPLICATION_MON> ocf:heartbeat:nginx configfile=/etc/nginx/nginx.conf op monitor timeout="5s" interval="5s"  ...
Read more