Network Design
Implement SSH Public Key Authentication on the Cisco ASA, which is common in server operation. This makes it possible to operate more securely and efficiently. Official information Environment information Setting up SSH public key authenti…
In this article I connected the Docker container with an external network 802.1Q VLAN Tag. en-designetwork.hatenablog.com This time with define as Docker-Compose file to make it easier to operate. If I make it further, I think that network…
I am considering a system that utilizes the Docker container for tests such as network communication and route confirmation. It is inefficient to prepare a large number of PCs for testing, so we would like to utilize a lightweight and spee…
This article implemented DS-Lite Internet access at ZOOT NATIVE & CentOS. en-designetwork.hatenablog.com However, it is troublesome (problem of familiarity) to operate CentOS (Linux) as a router, so build an equivalent DS-Lite environment …
Since the speed of home Internet has slowed and dissatisfaction has become bigger, I will try to introduce IPv6 aiming for improvement. Although there are restrictions for continued use of the Cisco ASA, it was possible to construct a mini…
When load balancing HTTP/S with F5 BIG-IP, make S-NAT and add X-Forwarded-Proto, X-Forwarded-For HTTP header. The setting method of this time is based on the information of this discussion. https://devcentral.f5.com/questions/x-forwarded-p…
I attempted to deploy F5 BIG-IP VE (Virtual Edition) to VMware ESXi 6.5 for evaluation, but an error occurred and the deployment failed. As a result, ALL, LTM's OVA image could not be deployed, and deployment succeeded with 1 SLOT model. E…
A problem occurred in the home lab's wireless AP Cisco Aironet AIR1131AG, in which the status of the Dot11Radio interface became reset after recovery from a power outage. The cause of the blackout was due to excess power supply capacity of…
Since the Cisco ASA is a security device, It does not support CDP/LLDP which collects information on neighboring NW devices. Information on the Cisco Support Community Several questions on ASA's CDP/LLDP compliance status are being made. T…
I am building a DMZ in my home lab with the Cisco ASA 5505. In the case of a simple inside-outside setting, set the security level to inside: 100, outside: 0 and allow traffic from outside by FW and NAT. However, inclusion of the DMZ makes…
I had trouble communicating from the DMZ to the inside when I built a DMZ with ASA 5505 in my home laboratory. Components Cisco ASA 5505 (BASE License, Ver.9.2 (3)) Cisco Catalyst 2960 VMware ESXi Because ASA 5505 can not use VLAN trunk wi…
When implementing HTTPS (SSL), examination of certificates is also required. When publishing many sites, there are many FQDNs, but you can reduce the number of certificates by using wild card certificates, multi domain (SANs) certificates.…
With the basic license, the Cisco ASA 5505 can set up to three VLANs. However, if you try to set it normally, you will get an error when setting nameif in the third VLAN. Describe how to resolve the error and set nameif in the third VLAN. …
Used as internal domain (Internal Domain Name) .Local. In many cases it uses local domains such as test.local and test.internal. Describe the problem of "How to do SSL certificate" which is one of problems occurring while using local domai…
X-Forwarded-For (XFF) header to be important in the HTTP communication of NAPT environment of Proxy environment. In many cases Cisco ASA, which is used as a NAPT router, describes the grant of XFF header. Check result Defect information Al…
Some of the settings to ensure proper operation of the traceroute in an environment that uses a Cisco ASA as a NAT router is required. NAPT in the Internet connection part, inspect, ACL, note for reviewing the various settings, such as pol…
In order to allow the traceroute to be used in the communication confirmation of the network in the FW is passed, it is necessary one time. Traceroute : command to check the network path by utilizing a TTL expired Specification of tracerou…