Cisco Packet Tracer Practice Labs (CCNA)–from Ranet

Part 1: Basic Networking

- 1-1 Basic Configuration http://www.ranet.co.th/packetlab/ccna/NA-1-1-BasicConfig.pka

- 1-2 IPv4 Addressing http://www.ranet.co.th/packetlab/ccna/NA-1-2-IPv4addressing.pka

- 1-3 IPv6 Addressing http://www.ranet.co.th/packetlab/ccna/NA-1-3-IPv6addressing.pka

Part 2: LAN Technology

- 2-1 InterVLAN Routing http://www.ranet.co.th/packetlab/ccna/NA-2-1-InterVLAN.pka

- 2-2 VTP http://www.ranet.co.th/packetlab/ccna/NA-2-2-VTP.pka

- 2-3 STP http://www.ranet.co.th/packetlab/ccna/NA-2-3-STP.pka

Part 3: WAN Technology

- 3-1 PPP - PAP http://www.ranet.co.th/packetlab/ccna/NA-3-1-PPP-PAP.pka

- 3-2 PPP - CHAP http://www.ranet.co.th/packetlab/ccna/NA-3-2-PPP-CHAP.pka

- 3-3 Frame Relay - Multipoint http://www.ranet.co.th/packetlab/ccna/NA-3-3-FR-Multipoint.pka

- 3-4 Frame Relay - Point-to-Pointhttp://www.ranet.co.th/packetlab/ccna/NA-3-4-FR-P2P.pka

Part 4: IP Routing and Services

- 4-1 Static and Default Route http://www.ranet.co.th/packetlab/ccna/NA-4-1-Static-Default-Route.pka

- 4-2 RIP http://www.ranet.co.th/packetlab/ccna/NA-4-2-RIP.pka

- 4-3 OSPF http://www.ranet.co.th/packetlab/ccna/NA-4-3-OSPF.pka

- 4-4 EIGRP http://www.ranet.co.th/packetlab/ccna/NA-4-4-EIGRP.pka

- 4-5 Port Security http://www.ranet.co.th/packetlab/ccna/NA-4-5-PortSecurity.pka

- 4-6 Access Control List http://www.ranet.co.th/packetlab/ccna/NA-4-6-AccessList.pka

- 4-7 NAT http://www.ranet.co.th/packetlab/ccna/NA-4-7-NAT.pka

- 4-8 VPN-IPsec http://www.ranet.co.th/packetlab/ccna/NA-4-8-VPN.pka

- 4-9 DHCP http://www.ranet.co.th/packetlab/ccna/NA-4-9-DHCP.pka

Solutions:

1.1 Basic Configuration:http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L11-Solution.pdf

1.2 IPv4 Addr: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L12-Solution.pdf

1.3 IPv6 Addr: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L13-Solution.pdf

2.1 InterVLAN: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L21-Solution.pdf

2.2 VTP: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L22-Solution.pdf

2.3 STP: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L23-Solution.pdf

3.1 PPP PAP: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L31-Solution.pdf

3.2 PPP CHAP: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L32-Solution.pdf

3.3 FR multipoint: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L33-Solution.pdf

3.4 FR p2p: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L34-Solution.pdf

4.1 static route: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L41-Solution.pdf

4.2 RIP: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L42-Solution.pdf

4.3 OSPF: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L43-Solution.pdf

4.4 EIGRP: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L44-Solution.pdf

4.5 Portsec: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L45-Solution.pdf

4.6 ACL: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L46-Solution.pdf

4.7 NAT: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L47-Solution.pdf

4.8 VPN: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L48-Solution.pdf

4.9 DHCP: http://www.ranet.co.th/packetlab/ccna/solution/ART-CNA-003-L49-Solution.pdf

If u hav problem with ip cal, use this http://www.ranet.co.th/IPsubnet01-eng.php

with the instruction in http://www.ranet.co.th/articles/ART-CNA-001-IPv4addressing-Eng.pdf

Source: Cisco Learningnetwork

SSTP VPN Error–The parameter is incorrect (Error 87)

When trying connect to office network via sstp vpn (based on MS TMG 2010), receive error 87 – The parameter is incorrect (параметр задан неверно (Ошибка 87))

SOLUTION:

NPS fails

Method 3: Configure Schannel to no longer send the list of trusted root certificate authorities during the TLS/SSL handshake process

To set this registry entry, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

3. On the Edit menu, point to New, and then click DWORD Value.
4. Type SendTrustedIssuerList, and then press ENTER to name the registry entry.
5. Right-click SendTrustedIssuerList, and then click Modify.
6. In the Value data box, type 0 if that value is not already displayed, and then click OK.
7. Exit Registry Editor.

Collection of Check Point "how to" links

CheckPoint useful links from SecureKnowledge CheckPoint base:

"How To" Solutions and Documents

Source: CCMA's blog

Подключаем Яндекс.Диск как сетевой диск

Откройте меню Пуск и нажмите правой кнопкой мыши на пункте Компьютер: в появившемся меню выберите Подключить сетевой диск.

Откроется окно для настройки соединения.

1. Введите в поле Папка адрес сервера: https://webdav.yandex.ru

   

2. Установите флажок Восстанавливать при входе в систему.

3. Нажмите кнопку Готово.

4. Введите логин и пароль вашей учетной записи на Яндексе.

   Примечание. Если вы вставляете пароль из буфера обмена (например, сочетанием клавиш Ctrl+V), может возникнуть ошибка «В доступе отказано». Попробуйте ввести пароль вручную.

   

Файлы Диска будут доступны на созданном сетевом диске.

Источник: help.yandex.ru

Check Point and GOST encryption tutorial

 

 

 

 

 

 

 

Дружим Check Point и ГОСТовое шифрование

Installing SSL Certificate on Cisco wireless controller WLC 5508

Overview: SSL Certificates on a WLC?

• Internal HTTPS Server on the WLC enabled by default for Web

Administration & Web Policy (Web Authentication/Passthrough)

• Provides SSL encryption between Wireless Client & WLC to protect Web

Authentication credentials.

• Problem

End-Users receives a Security Warning when triggering the Web Policy page on

the WLC. A Self-Signed Certificate (SSC) is installed on the WLC by default.

• Solution

Deploy a 3” Party Certificate Signed by a Public CA

‘in this presentation we will outline the steps required to install a Chained 3t Party Certificate for Web Authentication/Passthrough (most common).

 

WLC Requirements

• Wireless Controller Code Version 5.1.151.0, or higher.

• OpenSSL 0.9.8 (1.0.0 is not compatible at this time).

• Up to Level 2 Certificates are supported on the WLC:

Level O: Device Certificate

Level 1: Device & Root Certificates

Level 2: Device, Intermediate, & Root Certificates

• 1024 and 2048-bit certificates are currently supported

 

Step 1 — Generate a CSR using OpenSSL 0.9.8

1) Install and open the OpenSSL application.

http://gnuwin32.sourceforge.net/packages/openssl.htm

If using GnuWin32 OpenSSL for Windows: Open via Command Line:

C:\Program Files\GnuWin32\OpenSSL\bin\openssl.exe

2) Issue the following command:

OpenSSL>req –new -newkey rsa:1024 -nodes -keyout mykey.pem –out myreq.pem

Note: Either 1024 or 2048bНt requests can be used on the WLC.

3) Provide the requested information including Common Name.

Common Name must match DNS Hostname on the Virtual Interface

Note: don’t need A challenge password

4) Once complete, two files created:

myreq.pem — This is the request that will be sent to the CA

mykeypem — This is the key file which will be used once the certs arrive

Step 2 — Obtain the Certificates from your CA

1) Login to your Certificate Authority’s web portal (Microsoft CA), provide the

myreq.pem file when creating a new certificate, choose Web Server Template and click “Submit”.

2) Your CA will notify you when your Certificate is ready, and provide a

method for download (choose DER encoded, Download certificate chain).

3) When downloading the certificate, ensure that you obtain the

following:

1) Device Certificate

2) Intermediate Certificate

3) Root Certificate

 

Step 3 — Chaining the Certificates

1) Once you have all the three certificates, copy and paste the contents

into a new file as follows:

----BEGIN CERTIFICATE ----

‘Device cert’

---- END CERTIFICATE ----

---- BEGIN CERTIFICATE ----

‘Intermediate CA cert’

---- END CERTIFICATE ----

---- BEGIN CERTIFICATE ----

‘Root CA cert’

---- END CERTIFICATE ----

2) Save the file as AII-certs.pem

3) Move the following files into the folder where OpenSSL.exe resides

(typically C:\Program Files\GnuWin32\OpenSSL\bin\):

• mykey.pem

• AII-certs.pem

 

Step 3 — Chaining the Certificates (Continued)

1) Open OpenSSL (via Command Line) and issue the following commands (in one line !!!):

    a) openssl>pkcs12 –export -in All-certs.pem -inkey mykey.pem –out All–certs.p12

-clcerts -passin pass:check123 -passout pass:check123

    b) openssl>pkcs12 –in All-certs.p12 –out final-cert.pem -passin pass:check123 –passout

pass:check123

Note: In this command, you must enter a password for the parameters –passin and

-passout. The password that is configured for the -passout parameter must match

the certpassword parameter that is configured on the WLC. In this example, the

password that is configured for both the -passin and -passout parameters is

check123.

If all is successful, you will now have a file called ‘flnal-cert.pem”. Move this

file into your TFTP Root Directory.

 

Step 4 — Downloading final-cert.pem to the WLC

1) Open your TFTP Server, and verify that final-cert.pem is within the Root

Directory on the server (OpenTFTPServer).

http://sourceforge.net/projects/tftp-server/

2) Login to you WLC via the Web GUI, and choose the following path:

Web GUI - Security - Web Auth - Certificate:

Check the box: "Download SSL Certificate"

3) When ready, click "Apply" in the upper right hand corner of the page.

4) Next, if installation successful click “Save Configuration” in the upper right hand corner of the page and then Reload WLC – “Save and Reboot” after click “Click Here” line. Wait 5-10 minutes till configuration saved and WLC booting up.

5) Go to MANAGEMENT – HTTP-HTTPS section and do the same as from Step 4 for management interface name.

 

Troubleshooting Tips:

1) OpenSSL does not Generate All-certs.p12 or final-cert.pem:

     • Verify that the AII-certs.pem file has the certificates in the following order: device (top),intermediate, root.

     • Verify that the mykey.pem file is the same used to originally create the CSR (myreq.pem).

     • If an optional password was set within the CSR, ensure that this password was provided to the Certificate Authority when requesting the certificate.

2) Certificate fails to install to the WLC:

     • Run the following debug:

         debug transfer all enable

. Verify that the passin/passout password Ўs used when downloading to the WLC

3) Client still receives Security Warning after successful installation:

     • Browse to the Web Policy page, and double-click the SSL icon in your browser to view the certificate. Review the certificate path.

 

Frequently Asked Questions:

1) Can I install the same certificate on multiple WLCs ?

Yes. The Virtual Interface IP address and hostname must be the same on au WLCs.

2) If I’m using a Guest Anchor WLC, where do I need to install the certificate ?

The 3rd Party SSL Certificate is only required on the Anchor WLC.

3) My company has a wildcard SSL certificate. Can I use this with the WLC ?

Yes, however please ensure that the certificate is a Level 2 or lower.

4) My certificates are not in .pem format. Can I convert these ?

Yes. You can use OpenSSL to perform the conversion:

http://myonlineusb.wordpress.com/2011/06/19/how-to-convert-certificates-between-pem-der-p7bpkcs7-pfxpkcs12/

or use the following Web-based tool:

https://www.sslshopper.com/ssl-converter.html (External Site)

==================================================================

Sources:

https://supportforums.cisco.com/thread/2015441

https://supportforums.cisco.com/videos/1871

https://supportforums.cisco.com/videos/1878

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

Installing Third Party SSL Certificates for Guest Access

Installing a 3rd Party SSL Certificate for Guest Access part 2 of 2