ASR920 vlan translation (swap)

Only 2 VLAN translate operations (1:1 and 2:1, pop:push) are supported on ASR 920, it was introduced in 3.16 release. Prior to 3.16 no translations were supported.

 

rewrite ingress tag pop 1 symmetric

rewrite ingress tag pop 2 symmetric

rewrite ingress tag push dot1q <TAG> symmetric rewrite ingress tag translate 1-to-1 dot1q <TAG> symmetric rewrite ingress tag translate 2-to-1 dot1q <TAG> symmetric

FWSM – ASA migratie

FWSM

Boot de laatste FWSM versie:

ASA

Software upgrade 8.2 -> 8.4.6 -> 9.5.1

Boot de eerste ASA versie:

ASA-lab# changeto context admin

boot system disk0:/asa825-smp-k8.bin

reload

INFO: Fetching url tftp://10.70.0.78/FW.cfg

………….INFO: rt_lab_vm interface address added to PAT pool
INFO: Outside interface address added to PAT pool
INFO: Global 1.1.1.1 will be Port Address Translated
INFO: Global 1.1.1.1 will be Port Address Translated
INFO: Global 1.1.1.1 will be Port Address Translated
INFO: BVS-PAS interface address added to PAT pool
INFO: HIP-lab-beheer interface address added to PAT pool
INFO: HIPbeheer interface address added to PAT pool
..nat 0 192.168.99.0 will be identity translated for outbound
nat 0 192.168.150.0 will be identity translated for outbound
…..
timeout pptp-gre 0:02:00
^
ERROR: % Invalid input detected at ‘^’ marker.

Cryptochecksum (changed): 3a1f451f aa2f04d4 cf1b9703 680d1fc5
INFO: Context FW-RoutIT-Intern was created with URL tftp://10.70.0.78/FW.cfg
ASA-lab(config-ctx)#
ASA-lab(config-ctx)#
ASA-lab(config-ctx)#
ASA-lab(config-ctx)# wr
Building configuration…
Cryptochecksum: 13698ab8 af50ec07 302f19e9 0b6b967b

4215 bytes copied in 1.690 secs (4215 bytes/sec)
[OK]
ASA-lab(config-ctx)#
ASA-lab(config-ctx)#
ASA-lab(config-ctx)#
ASA-lab(config-ctx)#
ASA-lab# wr mem all
Building configuration…
Saving context : system : (000/002 Contexts saved)
Cryptochecksum: 13698ab8 af50ec07 302f19e9 0b6b967b

4215 bytes copied in 1.690 secs (4215 bytes/sec)
Saving context : admin : (001/002 Contexts saved)
Cryptochecksum: 781324cf 8e513753 e4866436 c10d584c

2688 bytes copied in 0.610 secs
Saving context : FW : (002/002 Contexts saved)
Cryptochecksum: 60613717 db0c1f33 871263fd c32228d7
!!!!!!!!!!!
43402 bytes copied in 0.630 secs
[OK]
ASA-lab#

 

+++

ASA-lab# sh start | inc boot
boot system disk0:/asa941-smp-k8.bin
ASA-lab# dir

Directory of disk0:/

67 -rwx 17232256 12:20:13 Aug 18 2015 asdm-645-206.bin
68 -rwx 24047892 12:20:56 Aug 18 2015 asdm-722.bin
56 -rwx 25088760 08:39:50 Jul 27 2014 asdm-731.bin
50 -rwx 19884888 10:45:06 Oct 09 2014 asdm-731-101.bin
69 -rwx 26353488 12:21:37 Aug 18 2015 asdm-742.bin

52 -rwx 4338 12:15:03 Aug 18 2015 admin.cfg

64 -rwx 17786880 12:16:48 Aug 18 2015 asa825-smp-k8.bin
65 -rwx 31223808 12:17:37 Aug 18 2015 asa846-smp-k8.bin
55 -rwx 52586496 12:48:32 Aug 22 2014 asa931-smp-k8.bin
6 -rwx 69820416 12:19:04 Aug 18 2015 asa941-5-smp-k8.bin

AVM password recovery

  1. Set your IP manually to something in the 169.254.1.x range (169.254.1.3)
  2. Unplug the router and wait 10 seconds Plug it back in
  3. Open a command windows (cmd) and do ping 169.254.1.1 -t
  4. As soon as you get reply’s go to the webinterface at 169.254.1.1
  5. You have a option ‘click here if you forgot your password’ (click on here)
  6. Then click ‘Restore factory settings’ (This option disappears after about 10 minutes)

Of

call the number #991*15901590* form an fon port

Cisco IOS DNS auth/recursive

ip dns view Event-Wifi
domain timeout 5
dns forwarder 208.67.222.222
dns forwarder 208.67.220.220
ip dns view-list Event-Wifi
view Event-Wifi 100
restrict source access-group 2
!
ip dns server view-group Event-Wifi
ip dns server
ip dns primary event.wifi soa ns.event.wifi postmaaster.event.wifi 21600 900 7776000 86400

Cisco IOS reflective ACL

interface Cellular0
ip access-group public-inbound-packet-catcher in
ip access-group public-outbound-packet-listener out
!
ip access-list extended public-inbound-packet-catcher
remark -= icmp permit’s and deny’s =-
permit icmp any any net-unreachable
permit icmp any any host-unreachable
permit icmp any any port-unreachable
permit icmp any any packet-too-big
permit icmp any any administratively-prohibited
permit icmp any any source-quench
permit icmp any any ttl-exceeded
permit icmp any any echo-reply
deny icmp any any
permit tcp any any eq 1723
permit gre any any
permit udp any eq isakmp any eq isakmp
permit esp any any
remark -= allow ssh and dns =-
permit tcp any any eq 22 log
permit tcp any any eq www log
permit udp any eq domain any
remark -= returning traffic =-
evaluate outside-access-in-reflexive-temporary-list
deny ip any any log-input
ip access-list extended public-outbound-packet-listener
permit tcp any any reflect outside-access-in-reflexive-temporary-list timeout 3600
permit udp any any reflect outside-access-in-reflexive-temporary-list timeout 3600

 

1 2 3 4 6