During the job I often find interesting articles on the internet, which are very useful for configuration or other purposes. Mostly I will dedicate a post on an interesting articles, but I created this page to collect these articles a publish them in a centralized repository. The articles are sorted alphabetically. So you can find article in two ways. Hope you can find some interesting stuff.
Apple iPhone 2.0 VPN Connectivity to Cisco Adaptive Security Appliances (ASA)
Beginning with the iPhone 2.0 software (available July 2008), Apple offers an advanced VPN connectivity option for communicating with Cisco security appliances, including the ASA 5500 Series and the PIX Firewall. While Apple still supports access using L2TP/IPSec, end users attain superior connectivity by selecting Apple’s new IPSec option on their iPhone.
Catalyst Switches for Microsoft Network Load Balancing Configuration Example
Network Load Balancing (NLB) technology can be used to distribute client requests across a set of servers. In order to make sure clients always experience acceptable performance levels, Windows NLB is often used to ensure that you can add additional servers to scale out stateless applications, such as IIS-based web servers, as client load increases. In addition, it reduces downtime caused by servers that malfunction. End users will never know that a particular member server in the Windows NLB is or has been down.
Cisco Guide to Harden Cisco IOS Devices
This document contains information to help you secure your Cisco IOS® system devices, which increases the overall security of your network. Structured around the three planes into which functions of a network device can be categorized, this document provides an overview of each included feature and references to related documentation
Cisco IOS Cookbook, 2nd Edition
That’s what this cookbook is for. Fortunately, most router configuration tasks can be broken down into several more or less independent steps: you configure an interface, you configure a routing protocol, you set up backup links, you implement packet filters and other access control mechanisms. What you really need is a set of recipes that show you how to perform the most common tasks, so you can quickly come up with a good configuration for your site
Cisco: Resolve IP fragmentation, MTU, MSS and PMTUD issues with GRE over IPsec
The purpose of this document is to present how IP Fragmentation and Path Maximum Transmission Unit Discovery (PMTUD) work and to discuss some scenarios involving the behavior of PMTUD when combined with different combinations of IP tunnels. The current widespread use of IP tunnels in the Internet has brought the problems involving IP Fragmentation and PMTUD to the forefront.
Cisco Router as DNS server
The cost optimization (usually in the cost-cutting direction) in the IT industry is affecting all segments of network design and implementation. Fortunately, you can reap the benefits of investing in Cisco routers: they can provide most network services locally, including DNS and DHCP service. In this article, we’ll focus on how you can use a Cisco router as a localized DNS server.
Designing Site-to-Site IPsec VPN’s
In the previous article we talked about the oldest Cisco IOS implementation option for IPsec – crypto maps. The downside of crypto maps is that they do not provide for a routable logical interface. When migrating from a traditional WAN or upgrading an existing WAN to use cryptography, it may be beneficial to reuse the existing knowledge of the routing protocols to implement dynamic routing and provide for high availability.
Ethernet Storage Best Practice
This document outlines the best practice recommendations for building enterprise class Ethernet storage networks. It provides requirements of the networking infrastructure along with proposed designs to best meet these requirements.
Virtual LAN Security: weaknesses and countermeasures
Based on Blackhat report, we decided to investigate some possibilities to attack VLANs (Virtual Local Area Network). We think that is important to study this particular threat and gain insight into the involved mechanisms, as a breach of VLAN’s security can have tremendous consequences. Indeed, VLANs are used to separate subnets and implement security zones. The possibility to send packets across different zones would render such separations useless, as a compromised machine in a low security zone [...]
Zone-Based Policy Firewall (also known as Zone-Policy Firewall, or ZFW) changes the firewall configuration from the older interface-based model to a more flexible, more easily understood zone-based model. Interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones. Inter-zone policies offer considerable flexibility and granularity, so different inspection policies can be applied to multiple host groups connected to the same router interface.