Entries by talebi_it@yahoo.com

CentOS network configuration

You can configure network interface by editing configuration files stored in /etc/sysconfig/network-scripts/ directory. Lets configure the first network interface eth0. Edit the interface configuration file. # vi /etc/sysconfig/network-scripts/ifcfg-eth0 (if file doesn’t exist, create it with name of ifcfg-ethx) Append/Modify as follows: For a system using a Static IP Address DEVICE=”eth0″ BOOTPROTO=”none” ONBOOT=”yes” IPADDR=”″ NETMASK=”″ GATEWAY=”″ For a […]

Cisco ASA FirePOWER Services: how to install FMC?

Technology: Network Security Area: Next Generation Firewalls Vendor: Cisco Software: 8.X, 9.X, FMC 5.X, 6.X, SFR module 5.X , 6.X Platform: Cisco ASA, Firepower Management Center VM Firepower Management Center installation steps 1. Deployment from OVF   2. Assign the hostname for VM 3. Choose the right ovf and vmdk files   4. Select proper vNIC (the one you will […]

Migrating ASA to FTD

For this post, we will be discussing migrating an ASA with FirePOWER services to a Firepower Threat Defense (FTD) image on an ASA 5506-X appliance. At a high level, you reimage the ASA unit with a FTD then use the migration tool (if you have an existing ASA configuration) to import the ASA configuration into […]

DVTI on Hub-Spoke IKEV2

R1 —————– (config)#crypto pki certificate map CAMP 1 #issuer-name co talebi (config)# default crypto ikev2 proposal (config)# crypto ikev2 proposal default # encryption aes-cbc-256 # integrity sha256 # group 14 (config)# default crypto ikev2 policy (config)# crypto ikev2 profile IKEV2-Profile # identity local dn # match certificate CMAP # authentication remote rsa-sig # authentication local […]

FlexVPN – Part 2

-Proposal ==>Dephi Helman Group – Encryption – Integrity -Policy -Profile (match), (keyring) show crypto ikev2 proposal default show crypto ikev2 policy default show crypto ikev2 transform-set default show crypto ipsec profile default Changing the default proposal (config)# crypto ikev2 proposal default (config-ikev2-proposal)# encryption aes-cbc-256 (config-ikev2-proposal)# integrity sha256 (config-ikev2-proposal)# group 2 revert back the default proposal […]