DMVPN Reference

Configuration. !HUB:!!!ISAKMP Phase 1crypto isakmp policy 10 authentication pre-share hash md5 encr 3des group 5!!!Wildcard keycrypto isakmp key Password123 address 0.0.0.0!crypto ipsec transform-set DMVPN_TRANSFORM_SET esp-des esp-md5-hmacmode transport!!!IPSec phase 2 crypto ipsec profile DMVPN_PROFILE set transform-set DMVPN_TRANSFORM_SET!interface Tunnel0 ip address 10.255.255.5 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication Password123!!Hub is dynamic ip nhrp map multicast dynamic ip nhrp network-id Read more…

SOCKS

SOCKS proxy over SSH for browsing HTTP/SSL. In Putty, create a connection to your favorite SSH server that has unfettered access, or at least the access you need. Setup a tunnel on some port as Dynamic. Set your browser up with a SOCKS 5 proxy. Connect to the SSH server Read more…

EZVPN with DVTI

EZVPN is a client/server VPN solution where dynamic tunnels are created.http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/12-4t/sec-sec-for-vpns-w-ipsec-12-4t-book/sec-ipsec-virt-tunnl.html In IPSec, you need to remember 3 things.WhoWhatHow Who: Who’s the endpointWhat: Proxy ACLHow: Transform set !!!!SERVER! !!Configure authentication.  Local for testing! aaa new-modelaaa authentication login local_list localaaa authorization network local_list local aaa session-id common!         username cisco password cisco!!!Create Read more…

ASA VPNs

There’s a built in cheat for VPN configurations. Just type vpnsetup ? from config mode, select the type and steps, and the firewall will give you example configs and all steps involved for every type of VPN supported. You can also execute the following commands to see defaults. sh run Read more…

Simple Pseudo honeypot (Walled Garden)

Continuing on the bind RPZ stuff.  If you need to build a walled garden, Inetsim would be great for that.  It runs fake services and will serve up anything you ask it for.  Great for studying malware.  CentOS 7 this time. cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/netwwork-scripts/ifcfg-eth0:0 Edit eth0:0 and change the IP Read more…