Avatar
//LAN IP addres 10.0.0.0 255.255.255.0
//R2(local router) public address: 23.0.1.0 255.255.255.0
crypto isakmp policy 1
authentication pre-share
exit
crypto isakmp key cisco address 56.2.11.2
//interesting traffic
access-list 100 permit 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255
//transform set
crypto ipsec transform-set MYSET esp-sha-hmac esp-aes
//crypto map(bind all together)
crypto map MYMAP 1 ipsec-isakmp
set transform-set MYSET
set peer 56.2.11.2
match address 100
exit
//turn on policy (interface with public address)
int fa0/0
crypto map MYMAP
exit
===============================================================================
//remote network
//LAN IP address 192.168.1.0 255.255.255.0
//R4(local router) public address: 56.2.11.2
crypto isakmp policy 1
authentication pre-share
exit
crypto isakmp key cisco address 23.0.1.2
//interesting traffic
access-list 100 permit 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
//transform set
crypto ipsec transform-set OTHER_MYSET esp-sha-hmac esp-aes
//crypto map(bind all together)
crypto map MYMAP 1 ipsec-isakmp
set transform-set OTHER_MYSET
set peer 23.0.1.2
match address 100
exit
//turn on policy (interface with public address)
int fa0/0
crypto map OTHER_MYMAP
exit
//Now local hosts should be able to ping remote hosts
//verification commands
show crypto ipsec sa
/* IKE phase 1 tunnel is for private use when the two edge routers(R2 &R4) need to talk to each other,and it's used to create the IKE phase 2 tunnel (also called the IPSec tunnel).*/
: )
[ view entry ] ( 1349 views ) | print article
Lock-and-key access allows you to set up dynamic access lists that grant access per user to a specific source/destination host through a user authentication process(telnet login authentication).
See cut-through proxy, They call it like that in the ASA world.
[ view entry ] ( 1797 views ) | print article
The video demonstrates configuration of remote access IPSec VPN with Windows software client on Cisco router. We will look at both simple pre-shared key authentication as well as using client certificate. The client is placed behind a NAT router to demonstrate the significance of NAT Transparency, and compare it to raw IPSec and cTCP (IPSec over TCP). The video finishes off by showing how client can be allowed access to local subnet when a non-split tunnel is used.
Topic includes
- Easy VPN (EZVPN) with Software IPSec Client
- Client Pre-Shared Key and Certificate Authentication
- NAT Transparency (UDP 4500)
- cTCP aka IPSec over TCP
- 'include-local-lan' Option when not using Split Tunnel
[ view entry ] ( 1670 views ) | print article
vpnclient-winx64-msi-5.0.07.0290-k9.exe
https://supportforums.cisco.com/thread/2074141 (or built in software in Win7?)
"We sort of have two main categories of VPN. 1) Lan to Lan (aka Site to Site) and 2) Remote access. With lan to lan VPN's, there is some device (router, firewall, concentrator) that terminates bot ends of the connection. With Remote access, there is a piece of software installed on a PC/Laptop on one end and the other end would be terminated into a router, firewall or concentrator"
https://supportforums.cisco.com/thread/2074141
[ view entry ] ( 1565 views ) | print article
1.- The Factory
2.- The Singleton
3.- The Observer
4.- The Chain-of-Commands
5.- The Strategy
6.- The Adapter
7.- The Iterator
8.- The Decorator
9.- The Delagate
10.- The State
TO DO: Add a sample for each.
[ view entry ] ( 1586 views ) | print article
It's a common misconception that user input can be filtered. PHP even has a (now deprecated) "feature", called magic-quotes, that builds on this idea. It's nonsense. Forget about filtering (Or cleaning, or whatever people call it).
What you should do, to avoid problems is quite simple: Whenever you embed a string within foreign code, you must escape it, according to the rules of that language. For example, if you embed a string in some SQL targeting MySql, you must escape the string with MySql's function for this purpose (mysql_real_escape_string).
Another example is HTML; If you embed strings within HTML markup, you must escape it with htmlspecialchars. This means that every single echo or print statement should use htmlspecialchars.
A third example could be shell commands; If you are going to embed strings (Such as arguments) to external commands, and call them with exec, then you must use escapeshellcmd and escapeshellarg.
And so on and so forth ...
The only case where you need to actively filter data, is if you're accepting preformatted input. Eg. if you let your users post HTML markup, that you plan to display on the site. However, you should be wise to avoid this at all cost, since no matter how well you filter it, it will always be a potential security hole.
http://stackoverflow.com/questions/1296 ... t-with-php
[ view entry ] ( 1665 views ) | print article
//Generate server key
openssl genrsa -out server.key 1024
//Create a Certificate Signing Request
openssl req -new -key server.key -out server.csr
//Sign your own certificate (for development purposes)
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
//Install your certificate. Add in httpd.conf :
SSLCertificateFile "/webserver/ssl_certs/server.crt"
SSLCertificateKeyFile "/webserver/ssl_certs/server.key"
//Finally, configure a virtual-host with a document root and port 443 (httpd.conf)
:)
### Update 4-27-2018 ###
# looks like you can generate server.key and server.csr using only one command:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
#Also, it looks like wee can create a self-signed key and certificate pair with OpenSSL in a single command:
(Tested on 11/15/2023 !)
[admin@PHP8 ~]$ openssl req --x509 --nodes --days 3650 --newkey rsa:2048 --keyout nginx-selfsigned.key --out nginx-selfsigned.crt
...
[admin@PHP8 ~]$ ls -ltrh nginx-selfsigned.*
-rw-------. 1 entadmin entadmin 1.7K Nov 15 18:47 nginx-selfsigned.key
-rw-rw-r--. 1 entadmin entadmin 1.5K Nov 15 18:48 nginx-selfsigned.crt
# From Comodo.com, To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command (creates two files) :
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
# Also from Comodo.com,Alternatively one may issue the following command to generate a CSR:
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr -subj "/C=GB/ST=Yorks/L=York/O=MyCompany Ltd./OU=IT/CN=mysubdomain.mydomain.com"
# Note: If the "-nodes" is entered the key will not be encrypted with a DES pass phrase.
# 5-14-2018 - Verifying that a private key matches its Certificate
[aesteban@localhost TLS-TESTS]$ openssl x509 -noout -modulus -in nginx-selfsigned.crt | openssl md5
(stdin)= 79fc2ac98ed18c376acea99debf42086
[aesteban@localhost TLS-TESTS]$ openssl rsa -noout -modulus -in nginx-selfsigned.key | openssl md5
(stdin)= 79fc2ac98ed18c376acea99debf42086
[aesteban@localhost TLS-TESTS]$
6-15-2018 Documenting the following:
# user curl's resolve to test endpoints that are behind a CDN or loadbalancer. IPADDRESS represents the endpoint (app server) ip address.
[aesteban@localhost ~]$ curl -v https://api.example.com --resolve "api.example.com:443:IPADDRESS"
8-9-2019 - extracting expiration date from certificate
[aesteban@localhost ~]$ openssl x509 -enddate -noout -in Documents/ansible/files/star.angelcool.com.crt
notAfter=Jul 9 23:25:42 2019 GMT
[aesteban@localhost ~]$
[aesteban@localhost ~]$
[ view entry ] ( 1618 views ) | print article
PHP's SplPriorityQueue class implements a max-heap. PHP also separately has SplHeap, SplMinHeap, and SplMaxHeap classes.
CODE:
$ph= new SplPriorityQueue;
$pq->insert('Clear drains',3);
$pq->insert('Feed cat',4);
$pq->insert('Make tea',5);
$pq->insert('Solve RC tasks',1);
$pq->insert('Tax return',2);
// This line causes extract() to return both the data and priority (in an associative array),
// Otherwise it would just return the data
$pq->setExtractFlags(SplPriorityQueue::EXTR_BOTH);
while (!$pq->isEmpty()) {
print_r($pq->extract());
}
OUTPUT:
Array
(
[data] => Make tea
[priority] => 5
)
Array
(
[data] => Feed cat
[priority] => 4
)
Array
(
[data] => Clear drains
[priority] => 3
)
Array
(
[data] => Tax return
[priority] => 2
)
Array
(
[data] => Solve RC tasks
[priority] => 1
)
See:Data Structures
[ view entry ] ( 1506 views ) | print article
A GRE tunnel can be set up to use the Internet as a point-to-point link, thus dynamic routing can be enabled between two remote locations.
http://www.angelcool.net/tutorials/cisc ... ration.pdf
[ view entry ] ( 1914 views ) | print article
:) Today I passed CCNP 642-902 ROUTE exam !!!
•EIGRP
•OSPF
•IGP Redistribution(Route Maps,Prefix Lists,Distribute Lists)
•Policy-based routing and IP service-level agreement (IP SLA)
•BGP
•IPv6
•IPv4 and IPv6 coexistence
•Routing over branch Internet connections
[ view entry ] ( 1418 views ) | print article
<<First <Back | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | Next> Last>>