DMVPN Reference

HUB: router eigrp 1000 network 150.8.8.1 0.0.0.0 network 192.168.1.0 router ospf 1 network 155.1.0.0 0.0.255.255 area 0 interface Tunnel0 ip address 192.168.1.8 255.255.255.0 no ip redirects ip mtu 1400 no ip next-hop-self eigrp 1000 no ip split-horizon eigrp 1000 ip nhrp authentication cisco ip nhrp map multicast dynamic ip nhrp Read more…

SOCKS

SOCKS proxy over SSH for browsing HTTP/SSL. In Putty, create a connection to your favorite SSH server that has unfettered access, or at least the access you need. Setup a tunnel on some port as Dynamic. Set your browser up with a SOCKS 5 proxy. Connect to the SSH server Read more…

EZVPN with DVTI

EZVPN is a client/server VPN solution where dynamic tunnels are created.http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/12-4t/sec-sec-for-vpns-w-ipsec-12-4t-book/sec-ipsec-virt-tunnl.html In IPSec, you need to remember 3 things.WhoWhatHow Who: Who’s the endpointWhat: Proxy ACLHow: Transform set !!!!SERVER! !!Configure authentication.  Local for testing! aaa new-modelaaa authentication login local_list localaaa authorization network local_list local aaa session-id common!         username cisco password cisco!!!Create Read more…

ASA VPNs

There’s a built in cheat for VPN configurations. Just type vpnsetup ? from config mode, select the type and steps, and the firewall will give you example configs and all steps involved for every type of VPN supported. You can also execute the following commands to see defaults. sh run Read more…

Simple Pseudo honeypot (Walled Garden)

Continuing on the bind RPZ stuff.  If you need to build a walled garden, Inetsim would be great for that.  It runs fake services and will serve up anything you ask it for.  Great for studying malware.  CentOS 7 this time. cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/netwwork-scripts/ifcfg-eth0:0 Edit eth0:0 and change the IP Read more…