computers.
NetFlow: in fact, most Cisco routers support the NetFlow protocol, which can calculate bandwidth utilization. Although its configuration is the most complex, it is still the most powerful and suitable method for networks with large network communication traffic. Cisco devices that support NetFlow can track the bandwidth utilization of the network from
Cisco ASA Advanced Configuration first, to prevent IP Shard Attack 1 , Ip the principle of sharding; 2 , Ip security issues with sharding; 3 , Prevention Ip Shards. these three questions have been described in detail before and are not introduced here. For more information, please check the previous article:IP sharding principle and analysis. Second, URL Filter Use AS
accessed through the extranet IP.To turn on NAT:Global (outside) 1 interfaceNat (inside) 1 192.168.3.0 255.255.255.0Do port mapping:static (inside,outside) TCP interface 192.168.3.222 3389 netmask 255.255.255.255To do access control for an external network port:Access-list outside_access Extended permit IP any anyAccess-group Outside_access in Interface OutsideThe above directive realizes, the external network user accesses the internal terminal through the public network IP, but the intranet u
Premise: With the development of the network, network security has become an important topic at present. More and more companies will choose to use the firewall as the company's egress device. Compared with the router, the firewall not only has the forwarding routing function, it can also filter internal and external traffic to further enhance the security of the company's network.
Tutorial topology:
650) This. width = 650; "Title =" 1.png" src = "ht
:* Disable the Cisco ASA firewall to redirect Web traffic to the Cisco asa ngfw module:ASA (config) # policy-map cx_traffic_policyASA (config-pmap) # class cx_trafficASA (config-pmap-c) # no cxcs* Disable fragment Message Processing for
Cisco's ASA Firewall is a stateful firewall that maintains a connection table (conn) about user information, by default the ASA provides stateful connections to TCP and UDP traffic, and is non-stateful to the ICMP protocol.The message traversal process for Cisco ASA is as fo
ASA-防火墙-cisco
The role of the ASA firewall1, in the network to isolate dangerous traffic, no point.The principle of the ASA firewall1. Distinguish different areas by security level: internal area, external area, demilitarized zone.By default: High-level
In this article, I'll briefly explain the Active/standby failover configuration on the Cisco ASA. The lab is do in GNS3.
Physical topology:
ConfigurationCiscoasa/act/pri (config) # sh run failoverFailoverFailover LAN Unit PrimaryFailover LAN Interface failover_stateless GIGABITETHERNET0/2Failover link failover_stateful gigabitethernet0/1Failover interface IP failover_stateless 169.254.0.15 255.255.255
packet reassembly process. Otherwise, someone could send an endless stream of fragmented packets and exhaust the ASA ' s memory. Virtual Packet reassembly is limited in the following ways by default:
A maximum of the unique packets that can be reassembled, per interface
A maximum of fragments for a single packet
A maximum time of 5 seconds for all fragments of a packet to arrive
Commands used to Configure Virtual Packet
ASA supports two same-security-traffic types. Their application scenarios are1: different interfaces with the same security-level2: traffic between the same interfaces: cisco is called IPSEC hairpinnig, which is mainly defined in ipsec vpn.Description: ipsec vpn is not used for tunneling, or tunneling is not allowed. A
In actual cases also encountered this kind of problem, the customer intranet has a server map on the Internet, extranet user access Global-ip no problem, but intranet users want to access Global-ip will not pass, typical is the user will intranet server made public network DNS a record, Both internal and external networks are accessed through domain names.JUNIPER series equipment including NETSCREEN/ISG/SSG no such problems, directly through the ordinary dip can be achieved, the subsequent produ
Step 1 of Cisco ASA firewall VPN configuration: Create an address pool. To remotely access the client, you need to assign an IP address during logon. Therefore, we also need to create a DHCP address pool for these clients. However, if you have a DHCP server, you can also use a DHCP server. QUANMA-T (config) # ip local pool vpnpool 192.168.10.100-192.168.10.199 mask 255.255.255.0 Step 2: Create IKE Phase 1.
I will talk about two tips, one about monitoring switch port traffic and the other about store value.
1. Monitor switch port traffic
Switch monitoring document in the production environment on the Internet. Therefore, it is complete, and a key knowledge is interspersed in the middle. Zabbix is still innocent .!!! In this demonstration, I used the production envir
Recently changed jobs, the company more than 40 people share a 20M bandwidth wireless network, the router for Cisco R2911. Boss, let me make a cacti to monitor Cisco routed network card traffic. The whole days can not get the SNMP data, finally to the routing permission to find that the last operation to the routing SN
Introduction
MRTG (Multi Router Traffic Grapher, MRTG) is a tool software used to monitor network link traffic load. It obtains device traffic information through the SNMP protocol, in addition, the traffic load is displayed to the user in HTML document containing PNG format
data from the next time.#第一次提示OK ..., enter this command again after 30 seconds[Email protected] ~]#/usr/local/nagios/libexec/check_traffic.sh-v 2c-c public-h 192.168.5.209-i 10001-w 200,300-c 400,500-k-BOk-the traffic in are 1.00KB, out are 0.62KB, Total is 1.62KB. The Check Interval is 46s | In=1.00kb;200;400;0;0 Out=0.62kb;300;500;0;0 Total=1.62kb;500;900;0;0 Interval=46s;1200;1800;0;04. Add the check_traffic command in Commands.cfg (added in moni
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.