I had an issue with cattools not backing up
I found the issue was in the banner the config had used ^C for the banner marker and it seemed to be causing an issue.
Removed it and all was good.
Thursday 19 December 2019
Tuesday 17 December 2019
checking for packet loss
ping your gateway
ping 8.8.8.8
ISP's often have a direct connection to google from their network so its best to try ping an IP that will traverse the internet like ping a server in the UK or Australia
ping the gateway
pathping -n -4 x.x.x.x
ping 8.8.8.8
ISP's often have a direct connection to google from their network so its best to try ping an IP that will traverse the internet like ping a server in the UK or Australia
ping the gateway
pathping -n -4 x.x.x.x
Friday 13 December 2019
private ip ranges in differnt formats
Private IP ranges in different formats for use in ACLs
192.168.0.0 - 192.168.255.255 (65,536 IP addresses)
172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses)
10.0.0.0 - 10.255.255.255 (16,777,216 IP addresses)
CIDR
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
Netmask
10.0.0.0 255.0.0.0
172.16.0.0 255.240.0.0
192.168.0.0 255.255.0.0
Wildcard
10.0.0.0 0.0.0.255
172.16.0.0 0.0.240.255
192.168.0.0 0.0.255.255
192.168.0.0 - 192.168.255.255 (65,536 IP addresses)
172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses)
10.0.0.0 - 10.255.255.255 (16,777,216 IP addresses)
CIDR
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
Netmask
10.0.0.0 255.0.0.0
172.16.0.0 255.240.0.0
192.168.0.0 255.255.0.0
Wildcard
10.0.0.0 0.0.0.255
172.16.0.0 0.0.240.255
192.168.0.0 0.0.255.255
Tuesday 10 December 2019
wildcard cert on firepower FTD
In this case the wildcard was installed on a windows server (exchange)
I opened mmc
added the certs snap in
Found the wildcard cert
Exported it with the private key (set a password)
Exported PFX
In firepower went to objects -> PKI -> cert enroll
Selected import from PCKS12 files
Now go to devices certficates -> add
Now go to devices -> VPN -> Remote access
Edit the anyconnect profile
Access interfaces tab
Change the two entries SSL and IKEv2 and select the new cert
Save + Deploy
Wednesday 4 December 2019
setup netflow on cisco 9300 stack
Setup netflow
x.x.x.x = your netflow collector eg solarwinds etc.
flow exporter NETFLOW-EXP-TO-ORION
destination x.x.x.x
source vlan1
transport udp 2055
Setup what you want to record
flow record NETFLOW-RECORD-IN
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match flow direction
collect interface output
collect counter bytes long
collect counter packets long
flow record NETFLOW-RECORD-OUT
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface output
match flow direction
collect interface input
collect counter bytes long
collect counter packets long
Setup the monitors
flow monitor NETFLOW-MON-OUT
exporter NETFLOW-EXP-TO-ORION
cache timeout inactive 10
cache timeout active 60
record NETFLOW-RECORD-OUT
flow monitor NETFLOW-MON-IN
exporter NETFLOW-EXP-TO-ORION
cache timeout inactive 10
cache timeout active 60
record NETFLOW-RECORD-IN
Enable the monitors on the interfaces
Enable under the interfaces you want to collect netflow data from usually these will be uplinks, links to other sites etc
interface GigabitEthernet2/0/36
ip flow monitor NETFLOW-MON-IN input
ip flow monitor NETFLOW-MON-OUT output
Don't forget to write your config.
You might need to check firewall rules between the two hosts.
Allow a few minutes for the data to populate in the collector.
x.x.x.x = your netflow collector eg solarwinds etc.
flow exporter NETFLOW-EXP-TO-ORION
destination x.x.x.x
source vlan1
transport udp 2055
Setup what you want to record
flow record NETFLOW-RECORD-IN
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match flow direction
collect interface output
collect counter bytes long
collect counter packets long
flow record NETFLOW-RECORD-OUT
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface output
match flow direction
collect interface input
collect counter bytes long
collect counter packets long
Setup the monitors
flow monitor NETFLOW-MON-OUT
exporter NETFLOW-EXP-TO-ORION
cache timeout inactive 10
cache timeout active 60
record NETFLOW-RECORD-OUT
flow monitor NETFLOW-MON-IN
exporter NETFLOW-EXP-TO-ORION
cache timeout inactive 10
cache timeout active 60
record NETFLOW-RECORD-IN
Enable the monitors on the interfaces
Enable under the interfaces you want to collect netflow data from usually these will be uplinks, links to other sites etc
interface GigabitEthernet2/0/36
ip flow monitor NETFLOW-MON-IN input
ip flow monitor NETFLOW-MON-OUT output
Don't forget to write your config.
You might need to check firewall rules between the two hosts.
Allow a few minutes for the data to populate in the collector.
Subscribe to:
Posts (Atom)