Rick Donato

Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.

Router – Access-lists

Below shows you a basic access-list configuration. R3>enableR3#configure terminalR3(config)#access-list 56 permit 192.12.10.3R3(config)#access-list 56 deny 192.12.10.0 0.0.0.255R3(config)#access-list 56 permit anyR3(config)#interface serial 0R3(config-if)#ip access-group 56 inR3(config-if)#exitR3(config)#exit

PIX – Create a Read Only account

Below shows you the commands for creating a read only account on a Cisco PIX firewall. hostname(config)# username client password 123 privilege 5hostname(config)# privilege show level 5 command running-confighostname(config)# privilege show level 5 command startup-confighostname(config)# privilege show level 5 command access-listhostname(config)#aaa authentication ssh console LOCAL

Configuring AAA on a Cisco PIX

Below shows the required configuration commands for configuring AAA. Authentication Interactive user #(config) aaa-server <server name> protocol <tacacs/radius>#(config) aaa-server <server name> <interface> host <AAA server IP>#(config) aaa authentication include <https/https/ftp/telnet>  inbound 0 0 0 0#(config) access-list 111 permit tcp any any eq ftp#(config) aaa authentication match 111 <interface> <AAA server name> Console Access #(config) aaa … Read more

Router – Installing IOS onto new FLASH

You will need to first install the flash module into the device. Then run the following commands via the console port (rommon), to check your systems resources for the install. rommon 1 > devrommon 2 > meminfo    Then to copy it from your tftp server… rommon 3 > IP_ADDRESS=192.168.4.1     rommon 4 > IP_SUBNET_MASK=255.255.255.0   rommon 5 … Read more

Cisco PIX – Routing

Static To send all traffic to 192.168.0.1 out the outside interface.To send any traffic in 10.0.1.0/24 to 10.0.0.1 out the inside interface (config)#Route outside 0 0 192.168.0.1(config)#Route inside 10.0.1.0 255.255.255.0 10.0.0.1 RIP Allow RIP updates to be received on the outside interface with a key of cisco and id of 2.Pass RIP updates out the … Read more

Enabling ASDM upon your PIX

Below shows you how to enable ASDM upon your PIX. First of all you will need to copy the ASDM image to you PIX firewall. I find the easiest way to do this is to enable scopy (scp) on your pix using the command ssh scopy enable. And then using the putty tool pscp to … Read more

Configuring HA Failover on a PIX Firewall

Below shows you how to configure stateful LAN based failover. Primary (config)#interface eth0(config-if)#nameif inside(config-if)#ip add 10.1.1.10 255.255.255.0 standby 10.1.1.20 (config)#interface eth1(config-if)#no nameif(config-if)#no shut (config)#interface eth2(config-if)#no nameif(config-if)#no shut (config)#failover(config)#failover lan unit primary(config)#failover lan interface failover eth1(config)#failover lan enable(config)#failover key <key>(config)#failover link state eth2(config)#failover interface ip failover 172.16.50.10 255.255.255.0 standby 172.16.50.20(config)#failover interface ip state 172.16.51.10 255.255.255.0 standby … Read more

How do I Enable SNMP on a PIX / ASA ?

Below shows you the commands to enable SNMP (polls or traps) on PIX/ASA v7.x or later….. pix(config)# snmp-server host [interface_name] [ip_address] trap community [community string] pix(config)# snmp-server host [interface_name] [ip_address] poll community [community string]

How to enable SSH on a PIX

Below shows you the necessary steps required to enable SSH on a PIX firewall, crypto key generate rsa modulus 1024ssh [ip] [mask] [interface]aaa authentication ssh console LOCALusername [username] password[password] privilege 15