Implementing GDOI into DMVPN
May29

Implementing GDOI into DMVPN

GDOI into DMVPN KB ID 0000956  Problem Just recently I covered DMVPN, which is a great scalable system for adding new sites to your network infrastructure and have them join an existing VPN solution without the need to add extra config at the ‘hub’ site. One of the advantages of DMVPN is it maintains VPN connections from your ‘Spoke’ sites back to the ‘Hub’ site, but if a spoke site needs to speak...

Read More
Windows Certificate Services – Setup a CRL
May17

Windows Certificate Services – Setup a CRL

Setup a CRL KB ID 0000957 Problem One of the often-overlooked tasks in a Public Key Infrastructure (PKI) deployment is configuring your Certificate Services Certificate Revocation List (CRL). For smaller deployments with only one server, you don’t need to worry about complex design considerations (though a CRL doesn’t have to be hosted on a Certificate Services server). In my test environment, I have only one PKI server,...

Read More
Enabling Cisco DNS Lookup (ASA and IOS)
May13

Enabling Cisco DNS Lookup (ASA and IOS)

Cisco DNS Lookup KB ID 0000969  Problem For the most part, devices are more concerned with IP and MAC addresses, but the devices do have the ability to translate those IP addresses using DNS. Solution : Cisco DNS Lookup How to Enable Cisco DNS Lookup on  ASA As ASA is ‘My Thing’ I will start with that. 1. Connect to the ASA, log in and go to enable mode, and then global configuration mode. Type help or ‘?’ for...

Read More
Cisco Router – Configure NAT (NAT Overload)
May11

Cisco Router – Configure NAT (NAT Overload)

 NAT Overload KB ID 0000971  Problem NAT is the process of taking one or more IP addresses and translating it/them into different IP addresses. You may require your router to translate all your internal IP addresses to your public (ISP allocated) IP address. To do that we use a process called NAT Overload. Solution : Nat Overload 1. Connect to the router, and got to enable mode, then global configuration mode. PetesRouter#configure...

Read More
Cisco ASA Domain Authentication and Trust (Allowing)
May08

Cisco ASA Domain Authentication and Trust (Allowing)

ASA Domain Authentication KB ID 0000973  Problem I cringed this morning when I was asked about this, last time I had to get a client to authenticate to a domain through a firewall, it was ‘entertaining’. The problem is Windows loves to use RPC, which likes to use random ports, so to make it work you either had to open TCP ports 49152 and 65535 (Yes I’m Serious). Or you had to registry hack all your domain controllers...

Read More