Archive for January, 2008
Thursday, January 31st, 2008
Restore or Install new flash from TFTP server to Cisco Router. In this restore process existing IOS will erased completely before install the new IOS image file. Make sure you have a backup.
Requirement:
- PC with TFTP Server that have IOS (IP Address 192.168.1.1 and IOS image file d1600.bin).
- Network connection to Cisco Router.
- Make sure your new IOS is match for your Cisco Router version.
Router>
Router>enable
Password:
Router#
Router#copy tftp flash
Address or name of remote host []? 192.168.1.1
Source filename []? d1600.bin
Destination filename [d1600.bin]?
Accessing tftp://192.168.1.21/d1600.bin…
Erase flash: before copying? [confirm]
Erasing the flash filesystem will remove all files! Continue? [confirm]
Erasing device… eeeeeeeeeeeeeeee …erased
Erase of flash: complete
Loading d1600.bin from 192.168.1.1 (via Ethernet0): !!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 3289170/6578176 bytes]
Verifying checksum… OK (0xB6BD)
3289170 bytes copied in 89.272 secs (36956 bytes/sec)
Router#
Finish
Popularity: 90%
Posted in Router | No Comments »
Thursday, January 31st, 2008
Backup Cisco IOS to TFTP server and you can restore it later when your IOS damage.
Requirement:
- PC with TFTP Server (IP Address 192.168.1.1)
- Network connection to Cisco Router
Router>
Router>enable
Password:
Router#copy flash tftp
Source filename []? d2600.bin
Address or name of remote host []? 192.168.1.1
Destination filename [d2600.bin]? backup_d2600.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
3289170 bytes copied in 47.668 secs (69982 bytes/sec)
Router#
Finish
Popularity: 79%
Posted in Router | No Comments »
Wednesday, January 9th, 2008
We will create a WAN connection over ISDN multilink dialup.
An ISDN have two channel 128kbps. We will dial a channel first and then dial last one once bandwidth usage reach 128kbs. In this sample config isdn type is basic-net3, call your telco company to make sure your isdn type. Idle-timeout is 60sec.
Requirement
- Cisco router with ISDN BRI interface
- ISDN line each site
- ISDN NT1
Hostname RouterA
!
enable secret ciscopass
!
username isdnpppuser password 7 isdnppppass
ip subnet-zero
!
isdn switch-type basic-net3
!
interface FastEthernet0
ip address 192.168.1.254 255.255.255.0
no shutdown
!
interface BRI0
ip address 10.1.1.1 255.255.255.252
encapsulation ppp
dialer idle-timeout 60
dialer map ip 10.1.1.2 name isdnpppuser 123456789 <= remote isdn number
dialer load-threshold 128 either
dialer-group 1
isdn switch-type basic-net3
random-detect
ppp authentication chap
ppp multilink
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.2
!
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit any any
!
dialer-list 1 protocol ip list 101
!
line con 0
exec-timeout 0 0
!
end
===
Hostname RouterB
!
enable secret ciscopass
!
username isdnpppuser password 7 isdnppppass
ip subnet-zero
!
isdn switch-type basic-net3
!
interface FastEthernet0
ip address 192.168.2.254 255.255.255.0
no shutdown
!
interface BRI0
ip address 10.1.1.2 255.255.255.252
encapsulation ppp
dialer idle-timeout 60
dialer map ip 10.1.1.1 name isdnpppuser 987654321 <= remote isdn number
dialer load-threshold 128 either
dialer-group 1
isdn switch-type basic-net3
random-detect
ppp authentication chap
ppp multilink
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.2
!
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit any any
!
dialer-list 1 protocol ip list 101
!
line con 0
exec-timeout 0 0
!
end
Popularity: 68%
Posted in Router | No Comments »
Monday, January 7th, 2008
pixfirewall> enable
Password:
pixfirewall# configure terminal
pixfirewall(Config)# interface ethernet1
pixfirewall(Config-if)# nameif inside
pixfirewall(Config-if)# ip address 192.168.1.1 255.255.255.0
pixfirewall(Config-if)# no shutdown
pixfirewall(Config-if)#
Activate ASDM and enable http server.
pixfirewall(Config)# asdm image flash:/asdm.bin.
pixfirewall(Config)# http server enable.
Open a connection for your PC. Example your pc IP address is 192.168.1.2
pixfirewall(Config)# http 192.168.1.2 255.255.255.255 inside
Make sure all your config running properly.
pixfirewall(Config)# show running http
http server enabled
http 192.168.1.2 255.255.255.255 inside
pixfirewall(Config)#
Now your Cisco ASA/PIX can be access from your PC.
Make sure your PC and Firewall has connected and open your web browser then enter this address https://192.168.1.1/admin
Popularity: 100%
Posted in Firewall | No Comments »
Monday, January 7th, 2008
After successfull login as priviledge mode, follow this command to assign an IP address to related interface:
Router>enable
Password:
Router#config terminal
Router(config)#
For Fast Ethernet 0
Router(config)#interface Fast 0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
And for Serial 0
Router(config)#interface Serial 0
Router(config-if)#ip address 10.11.12.1 255.255.255.252
Yes, finish. Don’t forget to save your config.
Don’t know how to do it? see below.
Router(config-if)#Ctrl-Z
Router#copy running start
Press enter if your router ask some question 
Finish.
Popularity: 46%
Posted in Beginer Here | No Comments »
Tuesday, January 1st, 2008
We will create VPN tunnel for connection from SiteA to SIteB over internet connection.
Requirement:
- Internet connection each sites.
- 2 Cisco router with 1 LAN interface (Ethernet) and 1 WAN interface (Serial).
- IOS with IPSec.
- IP address plan each site network, eg. SIteA 192.168.1.0/24 and SiteB 192.168.2.0/24
- Public IP each site that assigned by your ISP, eg. SiteA 10.10.10.1 and SiteB 11.11.11.1
SITE A
hostname RouterA
!
enable password 123
!
crypto isakmp enable
crypto isakmp identity address
!
crypto isakmp policy 1
encryption des
hash md5
authentication pre-share
group 1
lifetime 86400
crypto isakmp key secretkey address 11.11.11.1
!
crypto ipsec transform-set cm-transformset-1 ah-md5-hmac esp-des esp-md5-hmac
crypto map cm-cryptomap local-address Serial 0
!
crypto map cm-cryptomap 1 ipsec-isakmp
match address 100
set peer 11.11.11.1
set transform-set cm-transformset-1
set security-association lifetime seconds 3600
set security-association lifetime kilobytes 4608000
!
interface FastEthernet 0
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
!
interface Serial 0
description connected to Internet
crypto map cm-cryptomap
ip address 10.10.10.1 255.255.255.252
!
no access-list 100
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
ip route 0.0.0.0 0.0.0.0 Serial 0
!
line console 0
exec-timeout 0 0
password 123
login
!
line vty 0 4
password 123
login
!
end
===
SITE B
hostname RouterB
!
enable password 123
!
crypto isakmp enable
crypto isakmp identity address
!
crypto isakmp policy 1
encryption des
hash md5
authentication pre-share
group 1
lifetime 86400
crypto isakmp key secretkey address 10.10.10.1
!
crypto ipsec transform-set cm-transformset-1 ah-md5-hmac esp-des esp-md5-hmac
crypto map cm-cryptomap local-address Serial 0
!
crypto map cm-cryptomap 1 ipsec-isakmp
match address 100
set peer 10.10.10.1
set transform-set cm-transformset-1
set security-association lifetime seconds 3600
set security-association lifetime kilobytes 4608000
!
interface FastEthernet 0
description connected to EthernetLAN_1
ip address 192.168.2.1 255.255.255.0
!
interface Serial 0
description connected to Internet
crypto map cm-cryptomap
ip address 11.11.11.1 255.255.255.252
!
no access-list 100
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
ip route 0.0.0.0 0.0.0.0 Serial 0
!
line console 0
exec-timeout 0 0
password 123
login
!
line vty 0 4
password 123
login
!
end
Popularity: 94%
Posted in Router | No Comments »
Tuesday, January 1st, 2008
In this sample config we will create a voip communication over cisco router.
Requirement:
- 2 units Cisco router with 1 VIC2FXS and 1 WAN interface
- WAN link
- 1 Analog Phone Handset (2 wire) each site
- IOS voice support
- Phone numbering plan, eg. 1001 and 2001
SITE A
hostname RouterA
!
enable password 123
!
interface FastEthernet 0
no description
no ip address
shutdown
!
interface Serial 0
no shutdown
description connected to RouterB
ip address 10.10.10.1 255.255.255.252
encapsulation hdlc
ip rtp header-compression
!
voice-port 1/0
no shutdown
description connected to Phone (1001)
comfort-noise
cptone US
signal loopStart
!
voice-port 1/1
no shutdown
no description
!
dial-peer voice 1 pots
port 1/0
destination-pattern 1001
!
dial-peer voice 3 voip
codec g729r8
ip precedence 5
session target ipv4:10.10.10.2
vad
destination-pattern 2001
!
ip route 0.0.0.0 0.0.0.0 10.10.10.2
!
line console 0
exec-timeout 0 0
password 123
login
!
line vty 0 4
password 123
login
!
end
===
SITE B
hostname RouterB
!
enable password 123
!
interface FastEthernet 0
no description
no ip address
shutdown
!
interface Serial 0
no shutdown
description connected to RouterA
ip address 10.10.10.2 255.255.255.252
encapsulation hdlc
ip rtp header-compression
!
voice-port 1/0
no shutdown
description connected to Phone_1 (2001)
comfort-noise
cptone US
signal loopStart
!
voice-port 1/1
no shutdown
no description
!
dial-peer voice 1 pots
port 1/0
destination-pattern 2001
!
dial-peer voice 3 voip
codec g729r8
ip precedence 5
session target ipv4:10.10.10.1
vad
destination-pattern 1001
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
line console 0
exec-timeout 0 0
password 123
login
!
line vty 0 4
password 123
login
!
end
Popularity: 48%
Posted in Telephony | No Comments »
Tuesday, January 1st, 2008
You can connect to internet securely behind NATed router as firewall.
Requirement:
- Cisco Router with 1 LAN Interface (Ethernet) and 1 WAN Interface (Serial).
- Internet connection.
hostname InternetRouter
!
enable password 123
!
no ip name-server
!
interface Ethernet 0
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface Serial 0
description connected to Internet
ip address 123.123.123.1 255.255.255.252
ip nat outside
!
no access-list 1
access-list 1 permit 192.168.1.0 0.0.0.255
!
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat inside source list 1 interface Serial 0 overload
!
ip route 0.0.0.0 0.0.0.0 Serial 0
!
line console 0
exec-timeout 0 0
password 123
login
!
line vty 0 4
password 123
login
!
end
Popularity: 48%
Posted in Router | No Comments »
