Tag Archives: cisco

BGP as-path regular expressions

A regular expression is the character pattern that can be matched against an input string. Regular expressions can be built using letters (A through Z, a through z), numbers (0 through 9) and other keyboard characters, such as the exclamation point (!) or a tilde (~). A regular expression can be a single-character pattern or… Read More »

Loading

VPN Ports

  PPTP:To allow PPTP tunnel maintenance traffic, open TCP 1723.To allow PPTP tunneled data to pass through router, open Protocol ID 47. L2TP over IPSecTo allow Internet Key Exchange (IKE), open UDP 500.To allow IPSec Network Address Translation (NAT-T) open UDP 4500.To allow L2TP traffic, open UDP 1701. OpenVPN: OpenVPN uses port 1194 udp and… Read More »

Loading

FIB vs RIB

Terminology: RIB – Routing Information Base FIB – Forwarding Information Base RIB This is a routing protocols database of routing prefixes that could potentially be installed in the routing table. Derived from the control plane, it is not used for forwarding. Every protocol such as OSPF, EIGRP, BGP has its own RIB and select their… Read More »

Loading

Allowing tracert in Cisco ASA firewall

I was under impression that allowing icmp in the service policy will enable tracert to work. I was wrong. After scouting around I found below tweaks that will enable tracert to run correctly. 1. Set decrement TTL ASA# configure terminal ASA(config)# policy-map global_policy ASA(config-pmap)# class class-default ASA(config-pmap-c)# set connection decrement-ttl ASA(config-pmap-c)# exit 2. Permit icmp… Read More »

Loading

Microsoft VPN PPTP client through Cisco ASA Firewall

Scenario: Using Microsoft Windows built in VPN Client to connect to remote PPTP VPN server through Cisco ASA firewall. Symptom: Error 619 Solution: In ASA Firewall, enter below command. ASA-active#conf t ASA-active(config)#policy-map global_policy ASA-active(config-pmap)# class inspection_default ASA-active(config-pmap-c)#inspect pptp ASA-active(config-pmap-c)#exit ASA-active(config)#access-list $Inbound_Interface_ACL permit gre $source_ip/network any ASA-active(config)#access-list $Inbound_Interface_ACL permit permit tcp $source_ip/network any eq pptp Common… Read More »

Loading