Tuesday, July 27, 2010

How to reset cisco router to factory default

Follow the following steps if you are already logged in
  • go to global configuration mode and enter the following commands
  • config-register 0x2142
  • reload
System configuration has been modified. Save? [yes/no]:n
Proceed with reload? [confirm]y

now after rebooting change config-register value to 
0x2102 now save the configuration and reboot

If you have forget password connect to the router using console
and start router press CTRL+BREAK
go to rommon mode type config-register 0x2142  and reset
After rebooting router change the config-register value to 0x2102
Posted by at No comments:

Wednesday, July 21, 2010

How to make cisco router as CA server

Here is a sample configuration to make a cisco router as CA server. Enter the following commands in global configuration mode.

  • crypto pki server CAname
  • issuer-name CN=domainname.com L=location C=country
  • grant auto
  • lifetime crl 24
  • lifetime certificate 200
  • lifetime ca-certificate 365
  • cdp-url http://ipaddress/CAnamecdp.CAname.crl
  • crypto pki trustpoint CAname
  • revocation-check crl
  • rsakeypair CAname
Posted by at No comments:

Certificate based IPsec between Cisco router and fortinet firewall

Reason behind failing the IPSEC is fortinet does not specify CA trustpoint to be used in its certificate. In order to force cisco router to use a specific CA trustpoint containing a specific comman name or subject name do the following,

  • use GUI to configure IPsec in fortigate firewall
  • import certificate in both cisco and fortigate
  • use the following configuration in global configuration mode at cisco router
  • crypto pki certificate map name1 10
  • subject name co cn=name2 //various options are there
  • crypto isakmp profile name3
  • ca trustpoint CAname
  • match certificate name1
here you are done.
goodluck.
Posted by at No comments:

Monday, July 19, 2010

Preshared key based IPsec configuration

Peer WAN Ip address : x.x.x.x/mask
Host LAN Ip address : y.y.y.y/mask
peer LAN Ip address : z.z.z.z/mask

text written after ! are comment


conf t

! define a phase 1 policy parameter

crypto isakmp policy 100
encr 3des
hash sha
authentication pre-share
group 2
exit

! define preshared key for peer here peer WAN IP address

crypto isakmp key 0 secret123 address x.x.x.x

! define a phase 2 policy parameter

crypto ipsec transform-set site1-site2 esp-aes 256

! define a map of phase1 and phase2 policy

crypto map VPN 1 ipsec-isakmp
set peer x.x.x.x
set transform-set site1-site2
match address 100
exit

! define a access list
! access list number should be same as defined in crypto map match address
! wild card mask can be calculated by deducting mask from 255.255.255.255

access-list 100 permit ip y.y.y.y z.z.z.z

! now apply this crypto map to the host WAN ethernet interface

conf t

! go to the WAN interface here i have assumed g0/0 is the wan interface

int g0/0

! apply crypto map
! crypto map name should be same as defined above

crypto map VPN

! apart from this debug and view commands

show crypto isakmp sa

debug crypto isakmp
Posted by at No comments:

CA server set up in ubuntu

This post is regarding CA server setup in ubuntu linux.

  • Go to /usr/lib/ssl/misc
  • any specific configuration please edit /usr/lib/ssl/openssl.cnf
  • sh CA.sh -newca
  • Now give distinguish name attributes (subject name)
  • Go to demoCA folder
  • find cacert.pem this is your CA certificate
  • to generate a CA signed certificate use the following commads
openssl x509 -req -days 365 -in .cer -CA cacert.pem -CAkey private/cakey.pem -CAcreateserial -outform PEM -out .pem
Posted by at No comments:

Tuesday, July 6, 2010

How to reset fortigate firewall password

Do the following things to reset the fortigate firewall password
  1. Connect serial port(Baud 9600, 8 bit , none , 1 none)
  2. Type in the username: maintainer
  3. The password is bcpb + The serienumber of the firewall (remember CAPS letters)
    1. Note that on some devices, after the device boots, you have 14 seconds to type in the username and password. It might, therefore, be necessary to have them ready in a text editor, and then copy and paste them into the login screen.
  4. Now you should be connected to the firewall, and to change the admin password you type the following.
    1. config system admin
    2. edit admin
    3. set password
    4. end
from website http://www.afterschool.dk/documents/network/fortigate-password-reset/
Posted by at No comments:
Subscribe to: Posts (Atom)