1. Boot in single user mode at ok prompt
ok > boot cdrom -s
2. use format to identify hard drives
3. do a fsck check on disk
fsck -y /dev/rdsk/c0t0d0s0
4. mount disk and slice to mount a
mount /dev/dsk/c0t0d0s0 /a
5. cd /etc/ and vi shadow file
6 remove root::6445 all content between the 2 : : colans
umount: /a busy
# umount /ar console l
a
# fsck -y /dev/rdsk/c0t1d0s0
** /dev/rdsk/c0t1d0s0
ok boot cdr
** Last Mounted on /ting ...
** Phase 1 - Check Blocks and Sizes 167MHz), No Keyboard
** Phase 2 - Check Pathnames
OpenBoot 3.1, 384
** Phase 3 - Check Connectivity87682.
** Phase 4 - Check Reference Countsnet address 8:0:20:7c:ef:22, Host I
** Phase 5 - Check Cy
# cd /a/etc/
# vi shadow
"shadow" [Read only] 16 lines, 362 characters
WARNING: force
ow" [Read only] 16 lines, 362 characterseload of drv/atf failed
root::6445::::::RNING: forceload
daemon:NP:6445::::::
bin:NP:6445::::::ING: forceload of
sys:NP:6445::::::
adm:NP:6445::::::ARNING: forceload
lp:NP:6445::::::d
smtp:NP:6445::::::
WARNING: forcel
uucp:NP:6445::::::d
nuucp:NP:6445::::::ARNING: forceload o
listen:*LK*:::::::
nobody:NP:6445::::::NG: forceload of drv
noaccess:NP:6445:::
oracle:GcLMiDjoPzzrQ:11155::::::0d0s1 as the dump device.
~
~
~
~
~
~
~
"shadow" 16 lines, 349 characters
VxVM starting special volum
# syncapvol
s# ync.
# cd
# umount /a
# sync
T
# syncle sys
# reboot/vx/rdsk
syncing file systems... done
rebooting...
Resetting ...sk/rootvol: 1
Wednesday, March 2, 2016
Wednesday, September 24, 2014
Subnetting
Subnetting
2^7 |2^6|2^5|2^4|2^3|2^2|2^1|2
128 |64 |32|16|8|4|2|1|
Network= 2^N where N=Network bits
Hosts = 2^H - 2 Where H is the host bits
Classfull Networks
A 0-191.0.0.0 255.0.0.0
B 192-223.0.0.0 255.255.0.0
C 224-
D
E
Subnetting is taking a large network and dividing it into smaller network
Network: all host bits set to Zero
Broadcast: All host bits set to one
150.50.0.0
150.50.255.255
If you have a class c network 192.168.3.0/24 and you need 4 networks
class bits = 8 bits 2^8=256 so each group will be 256/4 = 64
Network = 2^N =4
N=2 so you need 2 bits
255.255.255.11000000
Host bits
2^6 -2 = 64-2 =62 Hosts
Networks
0-63
64-127
128-191
192-255
Subnetting
2^7 |2^6|2^5|2^4|2^3|2^2|2^1|2
128 |64 |32|16|8|4|2|1|
Network= 2^N where N=Network bits
Hosts = 2^H - 2 Where H is the host bits
Classfull Networks
A 0-191.0.0.0 255.0.0.0
B 192-223.0.0.0 255.255.0.0
C 224-
D
E
subnetting is taking a large network and dividing it into smaller network
Network: all host bits set to Zero
Broadcast: All host bits set to one
150.50.0.0
150.50.255.255
If you have a class c network 192.168.3.0/24 and you need 4 networks
class bits = 8 bits 2^8=256 so each group will be 256/4 = 64
Network = 2^N =4
N=2 so you need 2 bits
255.255.255.11000000
Host bits
2^6 -2 = 64-2 =62 Hosts
Networks
0-63
64-127
128-191
192-255
2^7 |2^6|2^5|2^4|2^3|2^2|2^1|2
128 |64 |32|16|8|4|2|1|
Network= 2^N where N=Network bits
Hosts = 2^H - 2 Where H is the host bits
Classfull Networks
A 0-191.0.0.0 255.0.0.0
B 192-223.0.0.0 255.255.0.0
C 224-
D
E
Subnetting is taking a large network and dividing it into smaller network
Network: all host bits set to Zero
Broadcast: All host bits set to one
150.50.0.0
150.50.255.255
If you have a class c network 192.168.3.0/24 and you need 4 networks
class bits = 8 bits 2^8=256 so each group will be 256/4 = 64
Network = 2^N =4
N=2 so you need 2 bits
255.255.255.11000000
Host bits
2^6 -2 = 64-2 =62 Hosts
Networks
0-63
64-127
128-191
192-255
Subnetting
2^7 |2^6|2^5|2^4|2^3|2^2|2^1|2
128 |64 |32|16|8|4|2|1|
Network= 2^N where N=Network bits
Hosts = 2^H - 2 Where H is the host bits
Classfull Networks
A 0-191.0.0.0 255.0.0.0
B 192-223.0.0.0 255.255.0.0
C 224-
D
E
subnetting is taking a large network and dividing it into smaller network
Network: all host bits set to Zero
Broadcast: All host bits set to one
150.50.0.0
150.50.255.255
If you have a class c network 192.168.3.0/24 and you need 4 networks
class bits = 8 bits 2^8=256 so each group will be 256/4 = 64
Network = 2^N =4
N=2 so you need 2 bits
255.255.255.11000000
Host bits
2^6 -2 = 64-2 =62 Hosts
Networks
0-63
64-127
128-191
192-255
Tuesday, July 16, 2013
Cisco -ASA5510 VPN tunnel config
ASA5510(config)# vpnsetup
ipsec-remote-access steps
Steps to configure a remote access IKE/IPSec connection with examples:
1. Configure Interfaces
interface GigabitEthernet0/0
ip address 10.10.4.200 255.255.255.0
nameif outside
no shutdown
ip address 10.10.4.200 255.255.255.0
nameif outside
no shutdown
interface GigabitEthernet0/1
ip address 192.168.0.20 255.255.255.0
nameif inside
no shutdown
ip address 192.168.0.20 255.255.255.0
nameif inside
no shutdown
2. Configure ISAKMP policy
crypto isakmp policy 65535
authentication pre-share
encryption aes
hash sha
authentication pre-share
encryption aes
hash sha
3. Setup an address pool
ip local pool client-pool
192.168.1.1-192.168.1.254
4. Configure authentication method
aaa-server MyRadius protocol radius
aaa-server MyRadius host 192.168.0.254
key $ecretK3y
aaa-server MyRadius host 192.168.0.254
key $ecretK3y
5. Define tunnel group
tunnel-group client type remote-access
tunnel-group client general-attributes
address-pool client-pool
authentication-server-group MyRadius
tunnel-group client ipsec-attributes
pre-shared-key VpnUs3rsP@ss
tunnel-group client general-attributes
address-pool client-pool
authentication-server-group MyRadius
tunnel-group client ipsec-attributes
pre-shared-key VpnUs3rsP@ss
6. Setup ipsec parameters
crypto ipsec transform-set myset
esp-aes esp-sha-hmac
7. Setup dynamic crypto map
crypto dynamic-map dynmap 1 set
transform-set myset
crypto dynamic-map dynmap 1 set reverse-route
crypto dynamic-map dynmap 1 set reverse-route
8. Create crypto map entry and
associate dynamic map with it
crypto map mymap 65535 ipsec-isakmp
dynamic dynmap
9. Attach crypto map to interface
crypto map mymap interface outside
10. Enable isakmp on interface
crypto isakmp enable outside
--------------------------------------------------------------------------------------------
ASA5510(config)# vpnsetup
l2tp-remote-access steps
Steps to configure a remote access L2TP/IPSec connection with examples:
Steps to configure a remote access L2TP/IPSec connection with examples:
1. Configure Interfaces
interface GigabitEthernet0/0
ip address 10.10.4.200 255.255.255.0
nameif outside
no shutdown
ip address 10.10.4.200 255.255.255.0
nameif outside
no shutdown
interface GigabitEthernet0/1
ip address 192.168.0.20 255.255.255.0
nameif inside
no shutdown
ip address 192.168.0.20 255.255.255.0
nameif inside
no shutdown
2. Configure ISAKMP policy
crypto isakmp policy 65535
authentication pre-share
encryption aes
hash sha
authentication pre-share
encryption aes
hash sha
3. Setup an address pool
ip local pool client-pool
192.168.1.1-192.168.1.254
4. Configure authentication method
aaa-server MyRadius protocol radius
aaa-server MyRadius host 192.168.0.254
key $ecretK3y
aaa-server MyRadius host 192.168.0.254
key $ecretK3y
5. Define tunnel group
tunnel-group client type remote-access
tunnel-group client general-attributes
address-pool client-pool
authentication-server-group MyRadius
tunnel-group client ipsec-attributes
pre-shared-key VpnUs3rsP@ss
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
tunnel-group client general-attributes
address-pool client-pool
authentication-server-group MyRadius
tunnel-group client ipsec-attributes
pre-shared-key VpnUs3rsP@ss
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
6. Setup ipsec parameters
crypto ipsec transform-set myset
esp-aes esp-sha-hmac
crypto ipsec transform-set myset mode transport
crypto ipsec transform-set myset mode transport
7. Setup dynamic crypto map
crypto dynamic-map dynmap 1 set
transform-set myset
8. Create crypto map entry and
associate dynamic map with it
crypto map mymap 65535 ipsec-isakmp
dynamic dynmap
9. Attach crypto map to interface
crypto map mymap interface outside
10. Enable isakmp on interface
crypto isakmp enable outside
ASA5510(config)# vpnsetup site-to-site
steps
Steps to configure a site-to-site
IKE/IPSec connection with examples:
1. Configure Interfaces
interface GigabitEthernet0/0
ip address 10.10.4.200 255.255.255.0
nameif outside
no shutdown
ip address 10.10.4.200 255.255.255.0
nameif outside
no shutdown
interface GigabitEthernet0/1
ip address 192.168.0.20 255.255.255.0
nameif inside
no shutdown
ip address 192.168.0.20 255.255.255.0
nameif inside
no shutdown
2. Configure ISAKMP policy
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
authentication pre-share
encryption aes
hash sha
3. Configure transform-set
crypto ipsec transform-set myset
esp-aes esp-sha-hmac
4. Configure ACL
access-list L2LAccessList extended
permit ip 192.168.0.0 255.255.255.0 192.168.50.0 255.255.255.0
5. Configure Tunnel group
tunnel-group 10.20.20.1 type ipsec-l2l
tunnel-group 10.20.20.1 ipsec-attributes
pre-shared-key P@rtn3rNetw0rk
tunnel-group 10.20.20.1 ipsec-attributes
pre-shared-key P@rtn3rNetw0rk
6. Configure crypto map and attach to
interface
crypto map mymap 10 match address
L2LAccessList
crypto map mymap 10 set peer 10.10.4.108
crypto map mymap 10 set transform-set myset
crypto map mymap 10 set reverse-route
crypto map mymap interface outside
crypto map mymap 10 set peer 10.10.4.108
crypto map mymap 10 set transform-set myset
crypto map mymap 10 set reverse-route
crypto map mymap interface outside
7. Enable isakmp on interface
crypto isakmp enable outside
ASA5510(config)# vpnsetup
ssl-remote-access steps
Steps to configure a remote access SSL
VPN remote access connection and AnyConnect with examples:
1. Configure and enable interface
interface GigabitEthernet0/0
ip address 10.10.4.200 255.255.255.0
nameif outside
no shutdown
ip address 10.10.4.200 255.255.255.0
nameif outside
no shutdown
interface GigabitEthernet0/1
ip address 192.168.0.20 255.255.255.0
nameif inside
no shutdown
ip address 192.168.0.20 255.255.255.0
nameif inside
no shutdown
2. Enable WebVPN on the interface
webvpn
enable outside
enable outside
3. Configure default route
route outside 0.0.0.0 0.0.0.0
10.10.4.200
4. Configure AAA authentication and
tunnel group
tunnel-group DefaultWEBVPNGroup type
remote-access
tunnel-group DefaultWEBVPNGroup general-attributes
authentication-server-group LOCAL
tunnel-group DefaultWEBVPNGroup general-attributes
authentication-server-group LOCAL
5. If using LOCAL database, add users
to the Database
username test password t3stP@ssw0rd
username test attributes
service-type remote-access
username test attributes
service-type remote-access
Proceed to configure AnyConnect VPN
client:
6. Point the ASA to an AnyConnect image
webvpn
svc image anyconnect-win-2.1.0148-k9.pkg
svc image anyconnect-win-2.1.0148-k9.pkg
7. enable AnyConnect
svc enable
8. Add an address pool to assign an ip
address to the AnyConnect client
ip local pool client-pool
192.168.1.1-192.168.1.254 mask 255.255.255.0
9. Configure group policy
group-policy DfltGrpPolicy internal
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol svc webvpn
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol svc webvpn
Subscribe to:
Comments (Atom)