IPSec / SSL VPN, Security

Microsoft UAG – Invalid External Port bug

René Jorissen on November 2, 2011 4 Comments • Tags: #2010 #a #access #activated #address #be #cannot #choose #different #due #external #following #forefront #gateway #invalid #microsoft #port #sp1 #the #to #uag #unified

Last week I have installed a Microsoft UAG array. I installed Microsoft ForeFront Unified Access Gateway 2010 including Service Pack 1. When using an array configuration you have to deploy Microsoft’s Network Load Balancing (NLB) for redundancy and load balancing purposes. I configured NLB with multicast and IGMP support. I had configured some HTTPS trunks … Read More

Firewalling, Security

ISA Server 2006 array – renew certificate

René Jorissen on May 23, 2011 0 Comments • Tags: #2006 #array #authenticate #certificate #channel #configuration #encrypted #isa #renew #server #ssl #storage

When configuring a Microsoft ISA Server 2006 array you have two options for authentication and communication between the Microsoft ISA 2006 Configuration Storage Server and the array members. Windows Authentication: Choose this option if ISA server and the Configuration Storage server are in the same domain, or in different domains with a trust relationship between … Read More

Configuration Example, Security

Windows CA template – web server and private key export

René Jorissen on May 23, 2011 1 Comment • Tags: #ca #duplicate #export #grayed #key #out #private #server #template #web #windows

Creating a web server certificate request is very easy when using a Windows CA server. There is one disadvantage. The requested certificate is directly stored in the user store (by default) or the local computer store, if specified during the request. The disadvantage is that you cannot export the requested certificate including the private keys. … Read More

Configuration Example, Security

Tunneling sessions via Plink

René Jorissen on August 25, 2010 2 Comments • Tags: #plink #ssh #tunnel

Plink stands for PuTTY Link and is a command-line connection tool similar to Unix ssh. As a networking consultant I often need to support customers from remote locations. Access to their networking equipment is mostly blocked from unknown locations. Sometimes it is allowed to directly access networking equipment, like a company firewall, from a known … Read More

Configuration Example, Security

Restore RSA 7.1 primary database and RADIUS config

René Jorissen on June 30, 2010 2 Comments • Tags: #configutil #database #instance #ondemand #primary #radius #replica #restore #rsa #rsautil

A few days ago I was troubleshooting a problem with an ISA array after upgrading the VMware environment as you can read in this article. I had a same kind of problem with a RSA environment. After upgrading the VMware Tools and the Virtual Hardware, the RSA database didn’t start anymore. RSA noticed to much … Read More

Security

Windows LDAPS expired

René Jorissen on June 17, 2010 0 Comments • Tags: #authority #certificate #certsrv #expired #ldaps #windows

A lot of appliances and/or security solutions use LDAP to synchronize users from an Active Directory or an eDirectory environment. Active Directory is LDAP enabled by default. If you would like to harden your network,  you would like to use LDAPS. LDAPS is a term to refer to LDAP communication over SSL. Intercepted LDAPS traffic … Read More