Cisco Simple GRE with IPSEC Tunnels
Jul01

Cisco Simple GRE with IPSEC Tunnels

Posted By on Jul 1, 2025

 GRE with IPSEC KB ID 0000951 Problem I’ve spent years setting up VPN tunnels between firewalls. The only time I’ve ever dealt with GRE is for letting VPN client software though firewalls. GRE’s job is to ‘encapsulate’ other protocols and transport those protocols inside a virtual point to point link. Below is the topology, I’m going to use. The tunnel will run form Router R1 to Router R3, once...

Read More
Implementing GDOI into DMVPN
May29

Implementing GDOI into DMVPN

Posted By on May 29, 2025

GDOI into DMVPN KB ID 0000956  Problem Just recently I covered DMVPN, which is a great scalable system for adding new sites to your network infrastructure and have them join an existing VPN solution without the need to add extra config at the ‘hub’ site. One of the advantages of DMVPN is it maintains VPN connections from your ‘Spoke’ sites back to the ‘Hub’ site, but if a spoke site needs to speak...

Read More
Windows Server – Enable LDAPS
Jan17

Windows Server – Enable LDAPS

Posted By on Jan 17, 2025

KB ID 0000962  Problem Note: Starting with Windows Server 2019, LDAPS (LDAP over SSL/TLS) is enabled by default, assuming a Server Authentication certificate is installed on the Domain Controller. Active Directory is built on LDAP, I’ve known this for a long time, but other than it’s a directory protocol that’s about all I did know. Like any directory, if you want information when you query the directory it returns a...

Read More
FortiGate Securing Remote Administration
Feb05

FortiGate Securing Remote Administration

Posted By on Feb 5, 2021

KB ID 0001734 Problem When considering Securing FortiGate  remote administration, I’ve written about changing the https management port to something other than TCP 443 before, I suppose that’s security by obfuscation (though even a script kiddy with one hours experience, will be able to spot an html responses).  Typically with other vendors you limit remote administration access, to specific IP addresses (or ranges). So...

Read More
The Web Site for the CA Must be Configured to use HTTPS
Jan13

The Web Site for the CA Must be Configured to use HTTPS

Posted By on Jan 13, 2021

KB ID 0000838  Problem When attempting to contact a server running the Certification Authority Web Enrolment role, you may see the following error. In order to complete certificate enrolment, the Web site for the CA must be configured to use HTTPS authentication Solution The correct fix is to set the web server (IIS) to serve the certificate website securely using https, though you can just set Internet explorer to ‘work’...

Read More