French web TV on Open Sources

Uncategorized | Thursday May 20 2010 5:31 pm | Comments (0)

This post is for my French fellow as it’s about a french web TV so I’ll continue in French :)

Si vous aimez vous tenir informés sur le monde de l’open source et que vous voulez quelque chose d’un peu plus interactif qu’un site comme Linuxfr, je vous conseil de jetter un oeuil sur http://www.intelli-n.tv/

Ce site assez recement demarré est plein d’info sur différents sujets, en general pas trop technique, toujours interessants :)

Il y a un JT chaque jours et bien d’autre chose a voire comme parole d’expers, …

le contenue est plutot orienté metier que geeky techy mais encore une fois, sa vaut definitivement d’aller getter un oeuil!
intelli-n.tv

Catalyst Switched Port Analyzer (SPAN)

Cisco | Thursday May 6 2010 8:38 am | Comments (0)

I’m pretty sure everyone how works on networking stuff had to trace packets, monitor a port on a switch and things like that.
If you need to see what’s going through a specific port on a Cisco switch, the solution is the port spanning.
It allows you to reproduce the traffic of a port on to another one!

I could have done a post describing some basic configuration of a span but quite often, Cisco has a good page on their site to explain in details what it is and how to configure it.

So here is the link to a Cisco article about SPAN.
Switched Port Analyzer

And here the PDF

enableing ssh on a cisco device

Cisco | Wednesday May 5 2010 6:12 pm | Comments (0)

As I’m working on a project related to our new network infrastructure, I’ll post some of the stuff I’m doing here so the next few post will likely be all related to Cisco, security, VPN and other things like that.

Here I’ll just quickly show how to configure ssh on a Cisco PIX. If you need to configure a switch or a router, you first have to make sure that your IOS support it, but then, the config will be slightly different.

pix(config)#hostname pix
pix(config)#domain-name mydomain.co.uk
pix(config)#passwd securePassword
pix(config)#ca gen rsa key 2048
pix(config)#ssh 10.20.128.128 255.255.255.255 inside
pix(config)#ssh timeout 60
pix(config)#ca save all

The 3 fist lines are not specific to an SSH configuration, you probably already have that configured as its usually one of the fist things you change!

The ca gen will generate the key, you can choose something smaller that 2048 but is the standard now (and also the maximum on a PIX)

The line after that is a specific access list that say only 10.20.128.128 can establish an SSH connection from the inside interface. Should you want to get your PIX accessible from everywhere (which is a bit silly but good for testing), here is what you need:

pix(config)#ssh 0.0.0.0 0.0.0.0 outside

Just to clarify one little thing, if you arrive from a site-to-site VPN connection, you’ll hit the inside connection… so if your remote network is say 10.21.0.0 255.255.255.0 and you want to SSH your PIX from there, you should have something like that:

pix(config)#ssh 10.21.0.0 255.255.255.0 inside

As this is a SSH connection, you need to provide a login and a password. The default login is “pix”

so from a linux client you would do

ssh pix@ip_addr_pix

if you want to add some more user, you have to proceed that way:

! add user
user name password *x!7&@a4
!
pix(config)#aaa authentication ssh console LOCAL

Of course you can also authenticate your ssh session against a TACACS or a Radius server but aaa authentication is not covered here

Upgrade the software Images of a Cisco ASA firewall

Cisco | Tuesday May 4 2010 3:09 pm | Comments (0)

This is a very quick post to explain how to update your ASA firewall. Nothing big as it’s very easy but since I had to put together the info to get that documented for my colleagues, I thought I could post it here too.

1. Copy the file on a FTP (CI33024)
2. Logon to the firewall
3. Issue the following commands:
en
copy ftp://[ipaddress]/[filename] disk0:[filename]

You‘ll have to confirm the parameters and then you should see something like that:
Accessing tftp://172.16.31.1/asa722-k8.bin...!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/asa722-k8.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
8312832 bytes copied in 163.350 secs (50998 bytes/sec)

4. Chech that the file has been copied correctly

show disk0:

You should see something similar:
-#- --length-- -----date/time------ path
6 5124096 Jan 01 2003 00:06:22 asa702-k8.bin
7 5623108 Feb 12 2010 00:23:48 asdm-631.bin
10 5539756 Feb 12 2007 00:14:18 asdm-521.bin
11 8294400 Dec 07 2006 05:47:20 asa721-24-k8.bin
12 6002680 Dec 21 2006 03:58:30 asdm-52034.bin
13 8312832 Feb 12 2010 22:46:30 asa831-k8.bin

23949312 bytes available (38932480 bytes used)

5. Go to the configuration mode (conf t) and type the following command:
boot system disk0:/asa831-k8.bin

This will replace the path of the image the firewall boot on.
If you update de asdm, the command is slightly different.

asdm image disk0:/asdm-631.bin

6. Save the config:
write memory

7. Reload the config:
reload