Архивы за Март, 2016

SNMP-Management

snmp configuration in cisco devices

0

For ASA 5505:

 

snmp-server host WAN *.*.*.*[ip address of collector's host] community [keyword] version 2c
snmp-server location RU, Moscow, DC ****
snmp-server contact email@host.ru

 

snmpbasics

port forwarding via Mikrotik

0

Configure via WInBox:

1) Open «NAT» and create new rule for packets forwarding from one port to another.
For RDP, example:

1 m

2

 

 

Сброс и настройка Cisco ASA 5505/5520

0

asa 5505

 

    Handles instruction

1st reset by pressing ESCAPE at the same time with boot proccess and login in ROM Monitore mode. You will see rommoon prompt (rommon#0>).
The enter command «confreg»- it's register settings.
rommon #0> confreg
rommon #1>confreg 0×41 (then after configuration need to set confreg 0×1 — its normal booting )
Reset the appliance with the boot command:
rommon #2>boot
When finishing booting proccess you will see User Mode prompt (>):
ciscoasa>
Then enter in Privileged Mode prompt: (#)
ciscoasa>ena (enable)
Password:
ciscoasa#
Then copy startup config to running configuration:
ciscoasa#copy startup-config running-config
Destination filename [running-config]? Press yes [y]

or just «wr».

----

To configure VLAN 1 for LAN. (or INSIDE)

interface Vlan1
description Local LAN
nameif LAN
security-level 100
ip address  [private ip add and mask]
no shutdown
To configure VLAN 2 for WAN (or OUTSIDE).

interface Vlan2
description WAN
nameif WAN
security-level 0
ip address [external IP add and mask]
no shutdown

 

Security leval means:
Security level 100

The highest possible level and most trusted, it is used by the inside interface by default.

Security level 0

The lowest possible level, most untrusted, it’s used by the outside interface by default.

----
Configure then defaulr route:
route WAN 0.0.0.0 0.0.0.0 [GW for the network]

------------
Configure DNS:

dns domain-lookup WAN (enable dns function)
dns nameserver 8.8.8.8 8.8.4.4 (or other DNS, can be your local)
---

Configure SSH:
ssh 0.0.0.0 0.0.0.0 WAN (all ssh access via WAN interface)
ssh version 2
crypto key generation rsa modules 2048 (use longest for more security)
aaa authentication ssh console LOCAL
-----
Create logins:

username [the name of user] password [password of the user] — access for Privileged Mode
enable password [password] — acess for User Mode
--------
Don't forget to save your settings — «wr»
Then check ping and SSH.

 

 

Cisco ASA  5520

 

asa5520

 

 

interface GigabitEthernet0/0
description WAN
nameif OUTSIDE
security-level 0
ip address *.*.*.*
!
interface GigabitEthernet0/1
description LAN
nameif INSIDE
security-level 100
no ip address
!
interface GigabitEthernet0/2
description LAN
nameif INSIDE2
security-level 100
no ip address
!
interface GigabitEthernet0/3
description LAN
nameif INSIDE3
security-level 100
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address

dns domain-lookup OUTSIDE
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 8.8.4.4
access-list inside_access_out extended permit ip any any

logging enable
logging host OUTSIDE *.*.*.*
mtu OUTSIDE 1500
mtu INSIDE 1500
mtu INSIDE2 1500
mtu INSIDE3 1500

route OUTSIDE 0.0.0.0 0.0.0.0 *.*.*.* 1

user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
snmp-server host OUTSIDE *.*.*.* community ***** version 2c
snmp-server location Moscow
telnet 0.0.0.0 0.0.0.0 INSIDE
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 OUTSIDE
ssh timeout 5
ssh version 2

 

 

Вверх