So you want to connect securely to your Pix firewall? You will need to setup SSH instead of connecting using telnet. Telnet is clear text and SSH is encrypted.
Below are the required commands to run on your pix:
Hostname "Name"
domain "domain name"
ca generate rsa key 1024
ca save all
ssh 192.168.1.1 255.255.255.255 inside
writ m
The reasons for each […]
Do you want your workstations to connect to PPTP VPNs through a Cisco Pix firewall without having to setup a static NAT for each one.
Are you getting the following error in your syslogs when you try:
"regular translation creation failed for protocol 47"
All you should have to do is add a new fixup protocol entry.
"fixup […]
So as many of you know who have used it in the past netflow is a great tool. Netflow gives you detailed information about traffic flowing through your routers. You can find out what IPs the traffic is coming from and going to, you can see what protocols, what ports and how much traffic is […]
So if you are multi-homed on BGP and you want to be able to decide yourself which path incoming and outgoing your traffic will take you will need to make a few changes. By default BGP will try to make the best decision on what path to take. Problem is a lot of time it […]
So if you want to limit one or more of your real servers in a virtual server farm to a certain amount of connections you can do it with the “maxconns” command.
Login to the CSM go into config mode, go into the serverfarm you want to restrict then go into the real server. Type in […]
First you need to know what module your CSM is in, most of you know I am sure but otherwise use this at the enable prompt:
“show module”
Next you need to session into the CSM with the following command replacing the slot number with the module number you found using the command above:
“sessions slot 1 processor […]
So like most IT security minded people I want to use SSH on everything I can because with telnet your username and password are sent over the wire in clear text. Now I know most of you say well if you are internal what matters it your password is sent in clear text who would […]
There are two major Denial-of-Service (DoS) advisories out today.
Cisco IOS SSL Vulnerability
Affects:
Hyper Text Transfer Protocol over SSL (HTTPS). This is the most commonly used protocol that employs SSL.
Cisco Network Security (CNS) Agent with SSL support
Firewall Support of HTTPS Authentication Proxy
Cisco IOS Clientless SSL VPN (WebVPN) support
Cisco Crypto Library Vulnerability
Affects:
Cisco IOS
Cisco IOS XR
Cisco PIX and […]
The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link:
http://www.kb.cert.org/vuls/id/739224
By encoding attacks using a full-width or half-width unicode character set, an attacker can exploit this vulnerability to evade detection by an […]
The Cisco IOS FTP Server feature contains multiple vulnerabilities that can result in a denial of service (DoS) condition, improper verification of user credentials, and the ability to retrieve or write any file from the device filesystem, including the device’s saved configuration. This configuration file may include passwords or other sensitive information.
The IOS FTP Server […]
RSS Feed
