Configuration Example, Fortinet

FortiGate – IPSec with dynamic IP

René Jorissen on April 13, 2016 5 Comments • Tags: #address #ddns #dynamic #fortigate #fortinet #ip #ipsec #vpn

Site-to-site VPN connections are a common way to connect a branch office to the corporate network. In the Netherlands it is still common to have a internet connection at a branch office with a dynamic IP address. The usage of dynamic IP address is not ideal when configuring a site-to-site VPN connection, because the configuration almost always … Read More

Configuration Example, Management

IPplan – IP address management

René Jorissen on September 30, 2009 5 Comments • Tags: #address #cacti #cactiez #dynamic #ip #ipam #ipplan #management #nmap

A lot of customers have different methods for their IP address management. Most of them use some kind of static documentation, like an Excel sheet. In the past I implemented IPplan multiple times. I like this tool, because it dynamically scans multiple IP subnets, using ICMP and/or Nmap. Another advantage of IPplan is its ability … Read More

IPSec / SSL VPN, Security

Redundant DMVPN network

René Jorissen on August 20, 2009 0 Comments • Tags: #authenticate #cloud #dmvpn #dual #dynamic #eigrp #hub #isakmp #multicast #multipoint #network-id #nhrp #redundant #resilient #single #spoke #vpn

Today I looked at the configuration DMVPN (Dynamic Multipoint VPN). A Dynamic Multipoint Virtual Private Network is an enhancement of the virtual private network (VPN) configuration process of Cisco IOS-based routers. DMVPN prevents the need for pre-configured (static) IPsec peers in crypto-map configurations and ISAKMP peer statements. This feature of Cisco IOS allows greater scalability … Read More

Configuration Example, Routing

Policy NAT on Cisco router

René Jorissen on January 14, 2009 9 Comments • Tags: #address #based #cisco #dynamic #nat #network #policy #policy-based #router #static #translation

A colleague of mine had to implement an IPSec VPN tunnel from a customer to a supplier. The customer has a Cisco router for connecting to the Internet, so nothing special. The router is already setup and in production. Configuring an extra IPSec VPN tunnel isn’t very hard, the most important part is the negotiation … Read More

Configuration Example, Security, Switching

Layer 2 security

René Jorissen on July 6, 2008 2 Comments • Tags: #address #arp #attacks #bpduguard #dhcp #dynamic #hopping #inspection #ip #layer #mac #rootguard #source #spoofing #two #vlan

I attended the session layer 2 security, because I had some discussions about layer 2 security with one of my colleagues. We were discussing about using layer 2 security and especially implementing it in the environments from our customers. Looking at my/our customers, I don’t see environments where layer 2 threats would be immediate. But … Read More

Firewalling

Cisco Firewall Design and Deployment

René Jorissen on June 25, 2008 0 Comments • Tags: #access #active #asa #bridging #context #dynamic #fwsm #mixed #mode #multi-context #multicast #multiple #protocol #redundancy #redundant #remote #routed #routing #site-to-site #standby #transparant #virtualization #vpn

The session about firewall design and deployment didn’t reveal a lot of new things about the Cisco ASA appliance or FWSM module. The only new thing for me was the possibility to configure a redundant interface for a Cisco ASA appliance. The screen shot below shows the cabling scheme for an implementation with and without … Read More