designetwork(EN)

IT technical memo of networking

Network Design

Cisco ASA SSH login with Public Key Authentication

Implement SSH Public Key Authentication on the Cisco ASA, which is common in server operation. This makes it possible to operate more securely and efficiently. Official information SSH related configuration guide of Cisco ASA is here www.c…

Create MACVLAN (802.1Q VLAN Tag) network with Docker-Compose

In this article I connected the Docker container with an external network 802.1Q VLAN Tag. en-designetwork.hatenablog.com This time with define as Docker-Compose file to make it easier to operate. If I make it further, I think that network…

Connecting the Docker container to the external network via VLAN Tag

I am considering a system that utilizes the Docker container for tests such as network communication and route confirmation. It is inefficient to prepare a large number of PCs for testing, so we would like to utilize a lightweight and spee…

DS-Lite (IPv4 over IPv6) Internet connection with VyOS

This article implemented DS-Lite Internet access at ZOOT NATIVE & CentOS. en-designetwork.hatenablog.com However, it is troublesome (problem of familiarity) to operate CentOS (Linux) as a router, so build an equivalent DS-Lite environment …

IPv6 connection to the Internet with the Cisco ASA 5505 and NAPT

Since the speed of home Internet has slowed and dissatisfaction has become bigger, I will try to introduce IPv6 aiming for improvement. Although there are restrictions for continued use of the Cisco ASA, it was possible to construct a mini…

Setting to add X-Forwarded-Proto in BIG-IP

When load balancing HTTP/S with F5 BIG-IP, make S-NAT and add X-Forwarded-Proto, X-Forwarded-For HTTP header. The setting method of this time is based on the information of this discussion. devcentral.f5.com Verification configuration Veri…

BIG-IP VE cannot be deployed to ESXi6.5 by postNFCData failed

I attempted to deploy F5 BIG-IP VE (Virtual Edition) to VMware ESXi 6.5 for evaluation, but an error occurred and the deployment failed. As a result, ALL, LTM’s OVA image could not be deployed, and deployment succeeded with 1 SLOT model. E…

Reason why Dot11Radio is reset in the Cisco AIR1131AG

A problem occurred in the home lab’s wireless AP Cisco Aironet AIR1131AG, in which the status of the Dot11Radio interface became reset after recovery from a power outage. The cause of the blackout was due to excess power supply capacity of…

Cisco ASA Series does not support CDP/LLDP

Since the Cisco ASA is a security device, It does not support CDP/LLDP which collects information on neighboring NW devices. Information on the Cisco Support Community Several questions on ASA's CDP/LLDP compliance status are being made. T…

Security level setting when building DMZ with ASA

I am building a DMZ in my home lab with the Cisco ASA 5505. In the case of a simple inside-outside setting, set the security level to inside: 100, outside: 0 and allow traffic from outside by FW and NAT. However, inclusion of the DMZ makes…

Can not communicate from DMZ to inside at home lab ASA

I had trouble communicating from the DMZ to the inside when I built a DMZ with ASA 5505 in my home laboratory. Components Cisco ASA 5505 (BASE License, Ver.9.2 (3)) Cisco Catalyst 2960 VMware ESXi Because ASA 5505 can not use VLAN trunk wi…

CANNOT issue certificates of multi domain and wild card

When implementing HTTPS (SSL), examination of certificates is also required. When publishing many sites, there are many FQDNs, but you can reduce the number of certificates by using wild card certificates, multi domain (SANs) certificates.…

Resolve VLAN nameif setting error with ASA 5505 of basic license

With the basic license, the Cisco ASA 5505 can set up to three VLANs. However, if you try to set it normally, you will get an error when setting nameif in the third VLAN. Describe how to resolve the error and set nameif in the third VLAN. …

How to proceed with local domain SSL certificates

Used as internal domain (Internal Domain Name) .Local. In many cases it uses local domains such as test.local and test.internal. Describe the problem of "How to do SSL certificate" which is one of problems occurring while using local domai…

Insert the X-Forwarded-For header with Cisco ASA in NAPT environment

X-Forwarded-For (XFF) header to be important in the HTTP communication of NAPT environment of Proxy environment. In many cases Cisco ASA, which is used as a NAPT router, describes the grant of XFF header. Check result In July 2016 it is no…

Cisco ASA traceroute settings via NAPT

Some of the settings to ensure proper operation of the traceroute in an environment that uses a Cisco ASA as a NAT router is required. NAPT in the Internet connection part, inspect, ACL, note for reviewing the various settings, such as pol…

Allow the Cisco and Linux traceroute in Firewall

In order to allow the traceroute to be used in the communication confirmation of the network in the FW is passed, it is necessary one time. Traceroute : command to check the network path by utilizing a TTL expired Specification of tracerou…


This Blog is English Version of my JP's.

Sorry if my English sentences are incorrect.

designetwork