As you might know, Cisco ASA can not terminate GRE tunnels. However, you can pass GRE traffic through a Cisco ASA 5500 firewall as described in this tutorial.
802.11r is the IEEE standard for fast roaming which is being aggresively implemented by WLAN vendors in their products.
The standard is quite involved, however, we have implemented and tested it extensively, and to help others, the presentation is a snapshot of our learning of the standard.
Варианты организации на FlexVPN таких конфигураций как L2L VPN (site to site VPN), RA VPN (remote access VPN), DMVPN (dynamic multipoint VPN).
Запись вебинара: https://www.youtube.com/watch?v=GJfFrVRLquU
Neighbor Wi-Fi networks, RF noise sources, misbehaving clients, indoor and outdoor coverage patterns can all impact mobile device performance on wireless networks. Join us in this session to discuss how you can design for RF coverage and capacity in challenging environments, proactively monitor your wireless LAN and put together a process for troubleshooting those toughest connectivity issues.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
802.11r is the IEEE standard for fast roaming which is being aggresively implemented by WLAN vendors in their products.
The standard is quite involved, however, we have implemented and tested it extensively, and to help others, the presentation is a snapshot of our learning of the standard.
Варианты организации на FlexVPN таких конфигураций как L2L VPN (site to site VPN), RA VPN (remote access VPN), DMVPN (dynamic multipoint VPN).
Запись вебинара: https://www.youtube.com/watch?v=GJfFrVRLquU
Neighbor Wi-Fi networks, RF noise sources, misbehaving clients, indoor and outdoor coverage patterns can all impact mobile device performance on wireless networks. Join us in this session to discuss how you can design for RF coverage and capacity in challenging environments, proactively monitor your wireless LAN and put together a process for troubleshooting those toughest connectivity issues.
To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com
Mobile Transport Evolution with Unified MPLSCisco Canada
Mobile Service Providers are seeing unprecedented challenges in relation to their Transport architectures with the 3GPP evolution towards IP based Node Bs, LTE (Long Term Evolution) and LTE-Advanced. This presentation will initially discuss the network migration trends and factors that are changing how mobile networks are evolving. A description is provided on Unified MPLS and the current issues that need to be fixed and how this architecture addresses this. A more detailed analysis will then examine the options available for transporting GSM/2G, UMTS/3G traffic and IP/Ethernet Node B deployments and some of factors that need consideration like scalability, resiliency and security. Finally, there is a detailed description of the LTE/LTE - A evolution and the feature requirements made on the transport network. There will be detailed analysis of different LTE models and also some technical enhancements and proposals considered for the implementation of LTE in a Unified MPLS environment.
Mobile Transport Evolution with Unified MPLSCisco Canada
Mobile Service Providers are seeing unprecedented challenges in relation to their Transport architectures with the 3GPP evolution towards IP based Node Bs, LTE (Long Term Evolution) and LTE-Advanced. This presentation will initially discuss the network migration trends and factors that are changing how mobile networks are evolving. A description is provided on Unified MPLS and the current issues that need to be fixed and how this architecture addresses this. A more detailed analysis will then examine the options available for transporting GSM/2G, UMTS/3G traffic and IP/Ethernet Node B deployments and some of factors that need consideration like scalability, resiliency and security. Finally, there is a detailed description of the LTE/LTE - A evolution and the feature requirements made on the transport network. There will be detailed analysis of different LTE models and also some technical enhancements and proposals considered for the implementation of LTE in a Unified MPLS environment.
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfadityacommunication1
Lab8 Controlling traffic using Extended ACL
Objectives
Perform basic configuration tasks on a router.
Applying Static routes and default route.
Exploring the routing table entry.
Applying Extended (named) access control lists (ACLs).
Testing the access control lists (ACLs).
Required Resources
2 Cisco Routers (1841)
2 Cisco Switches (2950-24)
3 Computers
UTP (straight through and cross over) cables
Tasks:
A. Build up the topology.
B. Perform Basic Router Configurations
Steps:
1. Connect the components as shown in Fig 1.
2. Configure the router hostname to match the topology diagram.
3. Configure IP addresses and masks on all devices.
4. Configure a loopback interface (loopback 0) on R2 to simulate the ISP. (search on the internet
how to configure loopback interface)
C. Enable Static route for all networks.
Steps:
1. For Router 1
R1(config)# ip route 192.168.20.0 255.255.255.0 serial 0/0/0
Default root can be configured as:
R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.2
2. For Router 2
R2(config)# ip route 192.168.10.0 255.255.255.0 serial 0/0/1
R2(config)# ip route 192.168.11.0 255.255.255.0 serial 0/0/1
D. Verify full IP connectivity using the ping command and the routing table of routers.
Step#1:
For R1 and R2, use the command show ip route, take a snapshot for the resulting routing table,
and discuss the outputs:
*Routing table of R1(Screenshoot)
*Routing table of R2 (Screenshot)
Step#2:
Make sure that the whole network nodes can ping each other.
Before configuring and applying this ACL, be sure to test connectivity from Laptop1 to the
loopback interface (ISP - 209.165.200.225)
E. Configuring an Extended ACL
In this section, you are configuring an extended ACL on R1 that blocks traffic originating from any
device on the 192.168.10.0/24 network to access the 209.165.200.255 host (the simulated ISP).
This ACL will be applied outbound on the R1 Serial 0/0/0 interface.
Steps:
1. Configure a named extended ACL.
R1(config)#ip access-list extended EXTEND-1
R1(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 host 209.165.200.225
2. Apply the ACL.
With standard ACLs, the best practice is to place the ACL as close to the destination as possible.
Extended ACLs are typically placed close to the source.
R1(config)#interface serial 0/0/0
R1(config-if)#ip access-group EXTEND-1 out
3. Test the ACL.
From Laptop1; ping the loopback interface on R2.
R1(config-ext-nacl)#permit ip any any
**Please provide full code and screenshoots from Cisco packet tracer.
Table -1 begin{tabular}{|c|ccc|} hline Device & Interface & IP Address & Default Gateway & & & R1
& Fa0/0 & 192.168.10.1/24 & N/A & Fa0/1 & 192.168.11.1/24 & N/A & So/0/0 & 10.1.1.1/24 & N/A
& Fa0/1 & 192.168.20.1/24 & N/A R2 & So/0/1 & 10.1.1.2/24 & N/A & loopback 0 &
209.165.200.225/8 & N/A & & & & & 192.168.10.10/24 & 192.168 .10 .1 hline Laptop1 & NIC &
192.168.11.10/24 & 192.168 .11 .1 hline Laptop2 & NIC & 192.168.20.254/24 & 192.168 .20 .1
hline hline PC3 & NIC & & hline end{tabular}.
Cisco CCNA Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Elevating Tactical DDD Patterns Through Object Calisthenics
Configuring GRE Tunnel Through a Cisco ASA Firewall
1. Configuring GRE Tunnel Through a Cisco
ASA Firewall
In this configuration tutorial I will show you how to configure a GRE tunnel
between two Cisco IOS routers. One of the routers is located behind a Cisco ASA
5500 Firewall, so I will show you also how to pass GRE traffic through a Cisco
ASA as well.
As you might know already, GRE tunnel termination is not supported on Cisco
ASA firewalls. However, this is fully supported on Cisco routers. GRE tunnels are
not secure (no traffic encryption takes place through GRE). However, GRE tunnels
are useful in cases where we need to pass “non-unicast” traffic between two remote
sites (e.g through the Internet). Two scenarios that come to my mind now include
passing routing protocols (such as OSPF) between two remote sites, and also
passing multicast traffic through the GRE tunnel from one site to another.
We will be using the following network diagram:
2. As shown from diagram above, we have two remote sites (LAN1 and LAN2)
which we need to connect through the Internet via a GRE tunnel. The GRE tunnel
will be terminated between routers R1 and R2. When configuring GRE, a virtual
Layer3 “Tunnel Interface” must be created. The GRE tunnel will be running
between the two Tunnel Interfaces (10.0.0.1 and 10.0.0.2 as shown from diagram).
Also, the Tunnel Interfaces will be using as actual source IPs the addresses of the
3. outside router interfaces (20.20.20.1 for R1 and 50.50.50.1 for R2). Therefore, IP
routing reachability must be in place between 20.20.20.1 and 50.50.50.1.
As shown, router R1 is behind a Cisco ASA firewall. This is exactly what makes
this scenario a little bit different from others. Since R2 must be able to reach R1,
the only way to “expose” R1 to the outside world is by creating a static NAT on
the ASA firewall. The static NAT rule will translate 20.20.20.1 (R1 outside IP) to
an outside public IP, let’s say 30.30.30.3. Therefore, R2 will be able to reach R1
via 30.30.30.3 public IP. Also, we must configure an access list on the ASA
(applied on the outside ASA interface) which must allow GRE traffic from
50.50.50.1 to 20.20.20.1
Lets see the configuration, starting with the routers first:
ROUTER R1
!First configure IP addresses on R1
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 20.20.20.1 255.255.255.0
duplex auto
speed auto
!Default route towards ASA
ip route 0.0.0.0 0.0.0.0 20.20.20.2
4. !Now configure GRE Tunnel Interface. Note that we reduce the MTU size in
order to accommodate the extra headers added from the GRE protocol.
interface Tunnel0
ip address 10.0.0.1 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 20.20.20.1
tunnel destination 50.50.50.1
!
!Now tell the router that remote subnet of LAN2 can be reached via the GRE
endpoint 10.0.0.2
ip route 192.168.2.0 255.255.255.0 10.0.0.2
Now let’s move on to configuring R2.
ROUTER R2
!First configure IP addresses on R2
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 50.50.50.1 255.255.255.0
duplex auto
speed auto
!Default route towards ISP
ip route 0.0.0.0 0.0.0.0 50.50.50.2
5. !Now configure GRE Tunnel Interface. Note that the tunnel destination is the
mapped (static NAT) IP address of router R1 (30.30.30.3)
interface Tunnel0
ip address 10.0.0.2 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 50.50.50.1
tunnel destination 30.30.30.3
!
!Now tell the router that remote subnet of LAN1 can be reached via the GRE
endpoint 10.0.0.1
ip route 192.168.1.0 255.255.255.0 10.0.0.1
That’s it for the routers. Let us see now how to configure the ASA.
ASA Configuration
!First configure IP addresses on ASA
interface GigabitEthernet0
nameif outside
security-level 0
ip address 30.30.30.2 255.255.255.0
!
interface GigabitEthernet1
nameif inside
security-level 100
ip address 20.20.20.2 255.255.255.0
!
!Default route towards ISP
Route outside 0.0.0.0 0.0.0.0 30.30.30.30
6. !Create a static NAT which translates 20.20.20.1 to 30.30.30.3
object network router_static
host 20.20.20.1
nat (inside,outside) static 30.30.30.3
!Allow GRE traffic from R2 to R1. The ACL below is for ASA 8.3 and later.
access-list OUT-IN extended permit gre host 50.50.50.1 host 20.20.20.1
access-group OUT-IN in interface outside
NOTE:
The ACL created above is for ASA version 8.3 and later. For ASA version prior to
8.3 the ACL would be as following:
access-list OUT-IN extended permit gre host 50.50.50.1 host 30.30.30.3
This is because from ASA version 8.3 and later, any access-list statement must
reference a “Real IP” address and not a “Mapped” IP address. From versions prior
to 8.3, the opposite was true.
Now if you ping a host to LAN2 from LAN1 (and vica-versa) you should get
ICMP replies.
Please note also that I have not configured any security protection on the GRE
tunnel. If you want you can configure IPSEC on top of GRE in order to encrypt all
data passing through the GRE tunnel.
About the Author
Harris Andrea is a Cisco Certified Professional with more than 18 years of experience
working with Cisco network technologies. He is the author of two Cisco Books
(“Cisco ASA Firewall Fundamentals” and “Cisco VPN Configuration Guide”) which
have been embraced by thousands of Cisco professionals all over the world. You can
find more Cisco configuration guides and tutorials on his blog here
http://www.networkstraining.com