Menu Close
  • NIL - Network Information Library

Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication – simple configuration example for two Cisco routers

palo73 0 Comments

This config example shows a Site-to-Site configuration of IPsec VPN established between two Cisco routers. VPN will use IKEv2 protocol with PreSharedKey (PSK) remote-site authentication. Topology simulates a Branch router connected over an ISP to the HQ router. There are several options for how to configure IKEv2. In this example, I’m using the symmetric PSK witch crypto map, where the IKEv2 process is started by ACL that identifies interesting traffic. I also do not use GRE tunnel for the interconnection of both sides, instead, simple static default routes are used.

Topology

Configuration runs on GNS3 emulator and I’m using the CSR1000v platform with version 16.12.01a IOS XE as the older ISR platform (7200 15.4 IOS) does not support IKEv2. On real devices, IKEv2 is supported on Cisco ISR Generation 2 (G2) that runs Cisco IOS software version 15.2(4)M or later (for example 29xx ISR), ASA with 8.4.(1) and later (including ASA 5510).

Read more →

CCNA study – How to configure multiple IPv6 DHCP pools on a remote Cisco router

palo73 0 Comments

This config example shows how to configure three DHCPv6 pools for a network setup, where the DHCP server is running on a remote router. This situation had emerged during my remote CCNA lesson and it found me unprepared. The main problem is with the ipv6 dhcp server POOL command, that can be executed only once, all others rewrite the previous one. The solution is to use ipv6 dhcp server automatic or just pv6 dhcp server command with some additional pool command.

Topology

Configuration runs on GNS3 emulator. The Switch runs IOSv and is primarily used for the VLAN segmentation. In R1/R2 I’m using the older ISR platform (7200 15.4 IOS). CSR-1000v is also fine. Problems are with older 12.x IOSs, that do not support ipv6 dhcp server command. DHCPv6 servers/pools are configured on R2. DHCPv6 relay and nd config flags on R1 fa0/0 subinterfaces.

Read more →

How to install Microstack on Virtualbox with Ubuntu guest OS

palo73 0 Comments

MicroStack is an OpenStack distribution for Ubuntu, which is suitable for the deployment of fully functional OpenStack on a single machine. Installation is quite straightforward.

My environment

  • Host system: Win 10 Pro 64bit
  • VirtualBox 6.1.25r 64bit
  • Guest System:
    • clear server install of Ubuntu 20.04.3 :LTS with bridged networking
    • 4GB of RAM
    • 4 vPCU
    • 100GB of HDD (the size is officially recommended, but mainly is used for hosting virtual VMs)

    Single node installation steps using snap

    Official guides use the snap system, where all applications are packaged with all their dependencies. All the microstack installation is relatively fast, taking no more than 15 minutes.

Read more →

How to install Microstack on VMware with Ubuntu guest OS

Martin Sochor 0 Comments

Microstack is a pure upstream OpenStack distribution. It includes core OpenStack services and the most popular compute, network and storage options. Installation is fast and easy to perform.

My enviroment

  • VMware ESXI 6.7.0
  • Guest system:
    • server install of Ubuntu 20.04.3 LTS
    • static public IP address
    • 16GB RAM (8GB recommended)
    • 4 vCPU
    • 100GB of HDD (actual installation with one tiny instace of cirros running takes about 8GB of storage)

    Single-node installation steps using snap

    Official documentation uses the snap system for installation. The installation, together with initialization, will take about 10 to 30 minutes, depending on your internet speed and HW specification.

Read more →

Netacad Packet tracer – how to activate Security feature for Cisco IOS and VPN labs

palo73 0 Comments

Cisco Packet Tracer (PT) simulator allows performing site-to-site VPN exercises. However, the security feature of the router’s IOSs is disabled by default and has to be enabled. Then required VPN commands (crypto and etc.) will be available. The activation is quite simple and functionality was tested for PT versions 7.3 and 8.0.1:

  1. Start the packet tracer and place an 1841/1941 router on a workspace or open an existing project that is using such routers

2. Open CLI and type show version. We may see that the security feature is not activated:

Read more →

How to install DIG dns tool on windows 11

palo73 0 Comments

This guide explains how to install the dig dns tool on windows 11 in a few steps. It is just a little bit modified version of How to install DIG dns tool on windows 10 howtos.

1. First download the latest Bind9 executable for Windows. All ISC software is available at https://www.isc.org/download/. However, there is a message, that the latest win executable is 9.6.23, which we may download from the link 9.16.23.

Read more →

IOS XRv – no network interfaces in GNS3

palo73 0 Comments

A few words about the setup. We operate a remote GNS3 server setup, where all components (server even clients) are version 2.2.25. The remote server is deployed in a Linux container.

Problem

We operate several IOS XRv 9k appliances that were in default state default during the import process. We notice the following problem. Running small topos with an IOS XRv, once the router is loaded it had no network interfaces.

Read more →