This occur when user have not sufficient permission to access the database
to avoid this problem to happen modify the pg_hba.conf file as per detail given below
# TYPE DATABASE USER CIDR-ADDRESS METHOD
host all all 127.0.0.1/32 trust
hopes this will work.
Good luck !!
Wednesday, August 11, 2010
Tuesday, July 27, 2010
How to reset cisco router to factory default
Follow the following steps if you are already logged in
- go to global configuration mode and enter the following commands
- config-register 0x2142
- reload
System configuration has been modified. Save? [yes/no]:n
Proceed with reload? [confirm]y
now after rebooting change config-register value to
0x2102 now save the configuration and reboot
If you have forget password connect to the router using console
and start router press CTRL+BREAK
go to rommon mode type config-register 0x2142 and reset
After rebooting router change the config-register value to 0x2102
Wednesday, July 21, 2010
How to make cisco router as CA server
Here is a sample configuration to make a cisco router as CA server. Enter the following commands in global configuration mode.
- crypto pki server CAname
- issuer-name CN=domainname.com L=location C=country
- grant auto
- lifetime crl 24
- lifetime certificate 200
- lifetime ca-certificate 365
- cdp-url http://ipaddress/CAnamecdp.CAname.crl
- crypto pki trustpoint CAname
- revocation-check crl
- rsakeypair CAname
Certificate based IPsec between Cisco router and fortinet firewall
Reason behind failing the IPSEC is fortinet does not specify CA trustpoint to be used in its certificate. In order to force cisco router to use a specific CA trustpoint containing a specific comman name or subject name do the following,
goodluck.
- use GUI to configure IPsec in fortigate firewall
- import certificate in both cisco and fortigate
- use the following configuration in global configuration mode at cisco router
- crypto pki certificate map name1
10 - subject name co cn=
name2 //various options are there - crypto isakmp profile name3
- ca trustpoint CAname
- match certificate name1
goodluck.
Monday, July 19, 2010
Preshared key based IPsec configuration
Peer WAN Ip address : x.x.x.x/mask
Host LAN Ip address : y.y.y.y/mask
peer LAN Ip address : z.z.z.z/mask
text written after ! are comment
conf t
! define a phase 1 policy parameter
crypto isakmp policy 100
encr 3des
hash sha
authentication pre-share
group 2
exit
! define preshared key for peer here peer WAN IP address
crypto isakmp key 0 secret123 address x.x.x.x
! define a phase 2 policy parameter
crypto ipsec transform-set site1-site2 esp-aes 256
! define a map of phase1 and phase2 policy
crypto map VPN 1 ipsec-isakmp
set peer x.x.x.x
set transform-set site1-site2
match address 100
exit
! define a access list
! access list number should be same as defined in crypto map match address
! wild card mask can be calculated by deducting mask from 255.255.255.255
access-list 100 permit ip y.y.y.y z.z.z.z
! now apply this crypto map to the host WAN ethernet interface
conf t
! go to the WAN interface here i have assumed g0/0 is the wan interface
int g0/0
! apply crypto map
! crypto map name should be same as defined above
crypto map VPN
! apart from this debug and view commands
show crypto isakmp sa
debug crypto isakmp
Host LAN Ip address : y.y.y.y/mask
peer LAN Ip address : z.z.z.z/mask
text written after ! are comment
conf t
! define a phase 1 policy parameter
crypto isakmp policy 100
encr 3des
hash sha
authentication pre-share
group 2
exit
! define preshared key for peer here peer WAN IP address
crypto isakmp key 0 secret123 address x.x.x.x
! define a phase 2 policy parameter
crypto ipsec transform-set site1-site2 esp-aes 256
! define a map of phase1 and phase2 policy
crypto map VPN 1 ipsec-isakmp
set peer x.x.x.x
set transform-set site1-site2
match address 100
exit
! define a access list
! access list number should be same as defined in crypto map match address
! wild card mask can be calculated by deducting mask from 255.255.255.255
access-list 100 permit ip y.y.y.y
! now apply this crypto map to the host WAN ethernet interface
conf t
! go to the WAN interface here i have assumed g0/0 is the wan interface
int g0/0
! apply crypto map
! crypto map name should be same as defined above
crypto map VPN
! apart from this debug and view commands
show crypto isakmp sa
debug crypto isakmp
CA server set up in ubuntu
This post is regarding CA server setup in ubuntu linux.
.cer -CA cacert.pem -CAkey private/cakey.pem -CAcreateserial -outform PEM -out .pem
- Go to /usr/lib/ssl/misc
- any specific configuration please edit /usr/lib/ssl/openssl.cnf
- sh CA.sh -newca
- Now give distinguish name attributes (subject name)
- Go to demoCA folder
- find cacert.pem this is your CA certificate
- to generate a CA signed certificate use the following commads
Tuesday, July 6, 2010
How to reset fortigate firewall password
Do the following things to reset the fortigate firewall password
- Connect serial port(Baud 9600, 8 bit , none , 1 none)
- Type in the username: maintainer
- The password is bcpb + The serienumber of the firewall (remember CAPS letters)
- Note that on some devices, after the device boots, you have 14 seconds to type in the username and password. It might, therefore, be necessary to have them ready in a text editor, and then copy and paste them into the login screen.
- Now you should be connected to the firewall, and to change the admin password you type the following.
- config system admin
- edit admin
- set password
- end
Subscribe to:
Posts (Atom)