Archive

Archive for January, 2011

How to recover a VPN key

January 14, 2011 Leave a comment

While troubleshooting a VPN connection I wanted to confirm that the pre-shared key is identical on both ends. In order to do so I used a cool, relatively unknown command that allow you to recover the pre-shared key:
more system:running-config

Using the more system:running-config command result in clear text pre-shared key:

tunnel-group tunnel_name ipsec-attributes
pre-shared-key cleartextpassword

While this is the easiest way, you might encounter a device with an old version (pre 7.x) that does not support this command. Don’t worry, there are more opitons. using TFTP you can copy the config to your TFTP server which saves the password in clear text. This is the required command:

copy running-config tftp:

You can also use the less known write net command for the same task. In both cases, the text file containing the configuration on the TFTP server will show the pre-shared key in clear text.

By the way, older ASDM versions  will show the passwords in clear text but I hope you’re not using those old versions 🙂

PIX\ASA as DHCP server

January 12, 2011 Leave a comment

After a long while I had a chance to work with our firewall. Part of the task was setting up our old PIX as DHCP server.

The configuration is simple:

dhcpd address 172.16.1.100-172.16.1.200 inside
dhcpd dns 172.16.1.1
dhcpd wins 172.16.1.2

You can see that the configuration is really simple but I found on interesting detail I wasn’t aware of: You can only use 256 addresses

Well, to be exact it is 253 addresses and it is a software limitation:

The size of the address pool is limited to 256 addresses per pool on the security appliance. This cannot be changed and is a software limitation. The total can only be 256.

One note – this limitation is per interface so if you have more than one inside interface you can use 253 addresses per interface.

2010 in review – Thanks you all

January 2, 2011 Leave a comment

This an email I just received from WordPress:

The stats helper monkeys at WordPress.com mulled over how this blog did in 2010, and here’s a high level summary of its overall blog health:

Healthy blog!

The Blog-Health-o-Meter™ reads Wow.

Crunchy numbers

Featured image

About 3 million people visit the Taj Mahal every year. This blog was viewed about 54,000 times in 2010. If it were the Taj Mahal, it would take about 7 days for that many people to see it.

 

In 2010, there were 129 new posts, growing the total archive of this blog to 131 posts. There were 128 pictures uploaded, taking up a total of 11mb. That’s about 2 pictures per week.

The busiest day of the year was January 26th with 660 views. The most popular post that day was New CCNP – Official Announcement.

Where did they come from?

The top referring sites in 2010 were linkedin.com, social.technet.microsoft.com, routemyworld.com, en.wordpress.com, and Google Reader.

Some visitors came searching, mostly for new ccnp track 2010, ospf bgp lab, netdom.exe, new ccnp, and eigrp variance.

Attractions in 2010

These are the posts and pages that got the most views in 2010.

1

New CCNP – Official Announcement January 2010
6 comments

2

Cisco VPN Client for Win7 64-bit (beta) March 2010
1 comment

3

New CCNP track – Countdown started January 2010
19 comments

4

Labs February 2010

5

BSCI – BGP Lab February 2010