Uncategorised

Resetting a VPN connection on CISCO ASA-5505

A had this challenge on how to reset or reconnect the VPN service in the office whenever I am mobile and do not have access to the Cisco ASDM-IDM. I do however have access to the device via SSH, so here is how you can reset or reconnect the VPN session using CLI.

  1. Connect and login to the device via SSH (granting you have already enabled the service on your device).

    iOS: Terminus 3.6.3
    Android: Terminus 3.0.5
    or any of your preferred SSH client.

  2. Enable config mode.
    Type help or '?' for a list of available commands.
    CISCO> enable
    Password: ********
    CISCO#
  3. Get a list of the site-to-site VPN tunnels that are up. Issue the following command:
    CISCO# show vpn-sessiondb l2l
    
    Output example:
    
    Session Type: LAN-to-LAN
    
    Connection   : 192.168.50.1
    Index        : 4                      IP Addr      : 192.168.50.1
    Protocol     : IKEv1 IPsec IPsecOverNatT
    Encryption   : IKEv1: (1)3DES  IPsec: (1)3DES  IPsecOverNatT: (1)3DES
    Hashing      : IKEv1: (1)SHA1  IPsec: (1)SHA1  IPsecOverNatT: (1)SHA1
    Bytes Tx     : 8022844                Bytes Rx     : 389894534
    Login Time   : 09:56:20 PHST Wed Aug 1 2018
    Duration     : 1h:31m:11s
  4. You can now logoff or disconnect the VPN session using the “Index” number.
    CISCO# vpn-sessiondb logoff index 4
  5. Confirm the session has been restarted, issue the following command and check the “Login Time” and “Duration”.
    CISCO# show vpn-sessiondb l2l
Uncategorized

Upgrading Ubuntu desktop or headless server

      1. Upgrade existing software.
        sudo apt update && sudo apt dist-upgrade
      2. Make sure you have update-manager-core package installed.
        sudo apt install update-manager-core
      3. Edit the configuration file /etc/update-manager/release-upgrades

        sudo nano /etc/update-manager/release-upgrades
      4. Change the value of Prompt from lts to normal.
        Prompt=normal
      5. Save and close the file and run the following command to begin the upgrade process and follow the on-screen instructions.
        sudo do-release-upgrade
      6. Once the upgrade is finished, reboot your Ubuntu desktop or server.
      7. To check your Ubuntu version, run:
        lsb_release -a

     

Uncategorized

Throttling bandwidth in CISCO ASA 5505

This example shows how to throttle the bandwidth to 1 Mbps for a specific user in the outbound direction.

  1. Create access list:
    ciscoasa(config)# access-list WEB-LIMIT permit ip host 192.168.10.1 any
    ciscoasa(config)# class-map Class-Policy
    ciscoasa(config-cmap)# match access-list WEB-LIMIT
    ciscoasa(config-cmap)#exit
  2. Create policy map:
    ciscoasa(config)# policy-map POLICY-WEB
    ciscoasa(config-pmap)# class Class-Policy
    ciscoasa(config-pmap-c)# police output 1000000 conform-action transmit exceed-action drop
    ciscoasa(config-pmap-c)#exit
    ciscoasa(config-pmap)#exit
  3. Enable the policy:
    ciscoasa(config)# service-policy POLICY-WEB interface outside
Uncategorized

Enable SNMP on ESXi 6.5

  1. SSH or Telnet to your ESXi node using root-level credentials.
  2. Execute the following commands. Replace YOUR_STRING with your desired community string.
    esxcli system snmp set -r
    esxcli system snmp set -c YOUR_STRING
    esxcli system snmp set -p 161
    esxcli system snmp set -L "City, State, Country"
    esxcli system snmp set -C noc@example.com
    esxcli system snmp set -e yes
  3. Check status in Host –> Manage –> Services, you should see snmpd as “Running”