Tag Archives: ios

IKEv2 between IOS routers with certificate authentication

We are about to switch from pre-shared keys IKEv2 authentication to an authentication with digital certificates. Our topology remains the same, but router named SERVER has two more functions. It’s a time server and a CA server: Let’s change our … Continue reading

Posted in Certificates, Cisco, IOS, PKI, VPN | Tagged , , , , , , , | 3 Comments

IKEv2 between IOS routers (SVTI – Static Virtual Tunnel Interface)

Ok, let’s continue our IKEv2 saga… Last time we saw how to do do an IKEv2 tunnel between two IOS routers using crypto maps. This way of configuring IPSec tunnels is ok, but it evolved to SVTI or Static Virtual … Continue reading

Posted in Cisco, IOS, VPN | Tagged , , , , , , | 3 Comments

IKEv2 between two IOS routers (crypto map way)

Up to now, we saw how to do IKEv2 tunnel between two ASA firewalls and IKEv2 tunnel between an ASA firewall and an IOS router. We have solid knowledge about this IKEv2 stuff and because of that, this article will … Continue reading

Posted in Cisco, IOS, VPN | Tagged , , , , | Leave a comment

IKEv2 between ASA firewall and IOS router

In previous blog we saw hot to do a site to site IPSec VPN between two Cisco ASA devices. Using IKEv2 for policies negotiations and tunnel establishment. Now, we will change our scenario a bit so that “Company B” uses … Continue reading

Posted in ASA, Cisco, IOS, VPN | Tagged , , , , , | 7 Comments

Let’s play with a NetFlow

I like to open my blogs with a scenario. That way the problem is much more easy to cope with. Today’s problem is this: we have a server that gets hit with some traffic from the Internet. We want to … Continue reading

Posted in Cisco, IOS, Security | Tagged , , | Leave a comment

Verifying a MD5/SHA1 sums before system upgrade or install on ASA/IOS

In one of my previous blogs I stated that we should *always* verify if a download for some upgrade or installation package is correct. We can verify that by comparing MD5/SHA1 sums from the site we downloaded the software from, … Continue reading

Posted in ASA, Cisco, IOS | Tagged , , , , | Leave a comment

Cisco IOS vpn-filter

In the previous article I talked about Cisco ASA vpn-filter functionality. I said that ASAs implementation of vpn-filter is weird and I tried to explain why and how to cope with it. Then I came up with the new way … Continue reading

Posted in Cisco, IOS, VPN | Tagged , , , , , | 8 Comments