Inilah 12 Tablet Saingan iPad

Inilah 12 Tablet Saingan iPad

bandwith imitation cisco

Limit Bandwidth per-host Cisco Router

Wednesday, 25 August 2010 by waspan 1 Comment

Sekedar share to reader.. di Kantorku kebutuhan akan bandwidth terus meningkat dari awal 2MB untuk main link internet, sekarang sudah 8 MB, dan kebutuhan itu terus meningkat seiring user dikantor terus bertambah dan haus akan informasi lewat internet. Maka itu saya membuat bandwidth limit untuk mengatur ip public di router gateway.

Fungsi pengaturan bandwidth (QoS) yang saya terapkan yaitu untuk menjaga supaya server-server operasional yang menggunakan ip public tidak tersedot bandwidthnya oleh yg laen terutama oleh proxy server yang digunakan untuk browsing, sehingga perlu dikelompokkan dalam 4 class untuk membatasi b/w hal ini. Berikut konfigurasi yang saya tambahkan di router gateway.

# Pasang Access-list untuk membatasi tiap host yang akan di shapping

access-list 102 permit ip any host 114.4.14.244
access-list 103 permit ip any host 114.4.14.245
access-list 104 permit ip any host 114.4.14.248
access-list 105 permit ip any host 114.4.14.242

access-list diatas dibagi dalam 4 untuk masing-masing host yang akan di filter/limit

#Pasang Class yang akan di shapping

class-map match-any SERVER-1
description SERVER-1
match access-group 102
class-map match-any SERVER-2
description SERVER-2
match access-group 103
class-map match-any SERVER-3
description SERVER-3
match access-group 104
class-map match-any SERVER-4
description SERVER-4
match access-group 105

#Pasang Policy Global shapping berikut:

policy-map BW-SHAPPING
class SERVER-1
police 3000000 35000 35000 conform-action transmit exceed-action drop violate-action drop
class SERVER-2
police 3000000 35000 35000 conform-action transmit exceed-action drop violate-action drop
class SERVER-3
police 1000000 35000 35000 conform-action transmit exceed-action drop violate-action drop
class SERVER-4
police 1000000 35000 35000 conform-action transmit exceed-action drop violate-action drop

Penjelasan diatas SERVER-1 dan SERVER-2 akan dibatasi download dan upload sebesar 3MB sedangkan untuk SERVER-3 dan SERVER-4 akan dibatasi maksimal 1MB.

#Pasang service policy di interface outside to provider

interface FastEthernet0/0
service-policy input BW-SHAPPING
service-policy output BW-SHAPPING
!

Untuk melihat input class bandwith yang sudah di shapping lakukan perintah berikut

show policy-map interface Fa0/0 input class SERVER-1

command diatas untuk melihat shapping class SERVER-1.

done

Transparent Web Proxying with Cisco, Squid, and WCCP

Kerry Thompson, July 2010

Contents

Introduction
A Basic Network and Web Proxy
Cisco Configuration
Squid Configuration
Linux Network Configuration
Testing
Closing Notes
References

Introduction

There are a number of good reasons for companies to deploy proxies for user access to the Internet. Amongst these are

• Monitoring of web sites and traffic volumes
• Restricting web access - by user, web sites, time of day, etc.
• Using caching to reduce traffic volumes
• Managing bandwidth

There are also a number of challenges faced when implementing proxies. Probably the top one is the job of configuring all of the web browsers to use the proxy, and then comes the problem of what to do if the proxy fails.

This article proesents a solution of web proxying which is transparent to the end-user - it requires no browser configuration. It is also resilient to failure, in that if the proxy server fails then web access continues to be provided without disruption.

A Basic Network and Web proxy

In the network drawing below I show a basic network with access to the Internet, this is a very common configuration for small business networks.

Figure 1: A basic network and proxy

In larger security-conscious organisations it is necessary to protect the proxy server against attack and misuse. This is usually performed by connecting the proxy into a DMZ network as shown in the next drawing.

Figure 2: A basic network with DMZ-protected proxy

A common solution for transparent proxying is to have all outbound traffic pass through a server which will detect web access and redirect the request to an internal proxy. This has a number of problems - not least of which is that it can't support multiple proxies, and when the server fails then all web access fails along with it.

WCCP Overview

Most Cisco routers support a protocol called Web Cache Control Protocol, or WCCP. This protocol is used by a proxy server, such as a LInux server running the Squid proxy, to tell the router that it is alive and ready to process web access requests. WCCP uses the UPD protocol on port 2048 - it is essentially a one-way communication from the proxy to the router.

Figure 3: WCCP between the proxy and router

WCCP has a number of advantages when used between a proxy and the gateway router.

• You can have multiple proxy servers. In fact, you can have almost any number if your router is big enough to handle them. THis means for large organisation the load will be spread amongst them improving performance.
• Access is resilient to failure. If a proxy fails, then the router will immediately start using another (if you've got more than one configured), otherwise it will stop using proxies and forward requests directly to the Internet. The router can also be configured to block Internet web access if there are no running proxies available.
• Optimised hashing of URLs. When you have more than one proxy a user will request a web page that will then be cached by a proxy. The next time any user requests the same page, the router will send the request to the same proxy with the cached copy of the page.

One caveat here to note though : WCCP is patented by Cisco, and is generally only available on Cisco routers and some high-end Cisco switches. A few other vendors such as BlueCoat also support WCCP, but not many.

WCCP proxy traffic flows are a little bit unusual, and can be very confusing to begin with. The following drawing shows the main flows for a WCCP proxy:

Figure 4: WCCP traffic flows

There's some interesting things to note about the traffic flows here.

• The Squid proxy sends a WCCP packet to the router every 10 seconds to tell the router that the proxy is alive and ready to receive web requests. You can now see here that it is easy to have multiple proxy servers that can work with the router.
• When a client makes a request for an Internet web page, it sends it directly to the Internet via the outer, as shown in (1) above.
• The router captures the request, encapsulates it in a GRE packet, and forwards it to the proxy as shown in (2) above.
• The linux system un-encapsulates the GRE packet and sends the request to the Squid proxy by performing a Destination NAT operation on the packet - note that Squid now receives the original packet with its original source and destination IP addresses.
• The Squid proxy now fetches the web page from the Internet server in the normal fashion shown in (3) above - it uses its own IP address as the source and the original destination IP address for the destination. Note that the router does not intercept and attempt to proxy this request.
• Once Squid has downloaded the page, it saves the data in its own cache, then replies directly back to the client on the internal network. And this is the tricky thing right here - when Squid replies it uses the IP address of the Internet server as the source in the packet, and the client IP address as the destination, this is shown in (4) above.

So, while the client thinks it is interacting with the remote web server via the Internet router, in actual fact it is interacting with the Squid proxy which is caching pages behind the scenes. If another user on another client makes a request for the same page they go through the same flow, but because the page is cached there is no need for Squid to fetch the page from the Internet server again.

In the remainder of this paper I will briefly show the Cisco, Linux, and Squid configurations required to get this working.

Cisco Configuration

In this example, I will have 2 proxies configured on the internal network (192.168.1.0/24) with IP addresses of 192.168.1.252 and 192.168.1.253. The first step is to define an access list containing the addresses of the proxies, and assign this as the list of WCCP proxies:

access-list 10 permit 192.168.1.252
access-list 10 permit 192.168.1.253
ip wccp web-cache group-list 10

Next we define another access-list to define direct or WCCP-proxied internet access. The proxies on 192.168.1.252 & 253 are denied access to WCCP, all other hosts on 192.168.1.0/24 are proxied when going to port 80, all others are denied. Denial implies direct access to the remote web server.

access-list 120 remark ACL for WCCP proxy access
access-list 120 remark Squid proxies bypass WCCP
access-list 120 deny ip host 192.168.1.253 any
access-list 120 deny ip host 192.168.1.252 any
access-list 120 remark LAN clients proxy port 80 only
access-list 120 permit tcp 192.168.1.0 0.0.0.255 any eq 80
access-list 120 remark all others bypass WCCP
access-list 120 deny ip any any
!
! Assign ACL to WCCP
ip wccp web-cache redirect-list 120

Now set WCCP version 2:

ip wccp version 2

Verify the configuration - it should be active on version 2 with no caches connected until the Squid proxy is configured.

Router#sh ip wccp          
Global WCCP information:
   Router information:
       Router Identifier:                   -not yet determined-
       Protocol Version:                    2.0

   Service Identifier: web-cache
       Number of Service Group Clients:     0
       Number of Service Group Routers:     0
       Total Packets s/w Redirected:        0
         Process:                           0
         Fast:                              0
         CEF:                               0
       Redirect access-list:                120
       Total Packets Denied Redirect:       0
       Total Packets Unassigned:            0
       Group access-list:                   -none-
       Total Messages Denied to Group:      0
       Total Authentication failures:       0
       Total Bypassed Packets Received:     0

Router#

At this point, client browsers which are not configured to use the Squid proxy explicitly may not be able to reach Internet web sites if the Squid proxy is registered with the router. If this is an issue for the users then the best option to disable & enable WCCP proxying is to remove the configuration from the interface (Fastethernet/0 in this case):

int f0
!
no ip wccp web-cache redirect in

and to enable it:

int f0
!
ip wccp web-cache redirect in

Squid Configuration

Now we need to configure a Squid proxy on a Linux server. I won't cover the basic installation - just the configuration part, so I assume you know a little bit about configuring Squid. To start with, check that Squid is installed and is working as a proxy by setting it up in your browser and fetching a few web pages through it. First of all, check that your Squid has been built ready for WCCP proxying. Run squid -v and verify that the following options are included:

--enable-linux-netfilter
--enable-wccpv2

If those options aren't there then you'll have to download the squid source code and build it from scratch with these options included in the ./configure build command. Now to configure WCCP for your Squid proxy. In this example I add a new listening port (port 3127) to Squid for transparent proxying, leaving the default port of 3128 available for normal proxying. Add the following lines to /etc/squid/squid.conf:

# additional port for transparent proxy
http_port 3127 transparent

# WCCP Router IP
wccp2_router 192.168.1.254

# forwarding 1=gre 2=l2
wccp2_forwarding_method 1

# GRE return method gre|l2
wccp2_return_method 1

# Assignment method hash|mask
wccp2_assignment_method hash

# standard web cache, no auth
wccp2_service standard 0

Restart the Squid proxy once the changes have been made, and verify the following:

• Squid is listening on port 3128 & serving normal proxy requests
• Squid is listening on 3127
• Check no errors in Squid logs

You can now go back to your Cisco router and check that the Squid proxy has registered with WCCP, with the show ip wccp command.

Linux Network Configuration

Now that Squid is working, we need to get requests redirected from the Cisco router to the proxy. This is done by the router encapsulating the request packet within a GRE packet, hten forwarding it to the IP address of the Squid proxy. On the router side, this is automatic. But we need to configure the Linux system to receive these GRE-encapsulated packets, un-encapsulate them, and forward them to the listening proxy. I'm using a RedHat Linux system here, so the configuration files are those used by RedHat. Create a new interface, gre0 for the GRE interface, create the file /etc/sysconfig/network-scripts/ifcfg-gre0 with the following contents:

DEVICE=gre0
TYPE=GRE
BOOTPROTO=none
MY_INNER_IPADDR=172.16.1.1
PEER_OUTER_IPADDR=192.168.1.254
PEER_INNER_IPADDR=172.16.1.2
NETMASK=255.255.255.252
ONBOOT=yes
IPV6INIT=no
USERCTL=no

Run "ifdown gre0" and "ifup gre0" to test it, then run "ifconfig gre0" and verify the IP addressing. Enable IP forwarding, disable route packet filters, configure DNAT in IPtables Run the following commands:

# bring up GRE interface
ifup gre0

# enable IP forwarding, disable route packet filters
# between interfaces
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/gre0/rp_filter

# The following line redirects all http packets which exit gre0
# to port 3127 on the local Squid server.
iptables -F -t nat
iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 \
   -j DNAT --to-destination 192.168.1.253:3127

You'll need to run these are system boot time, add the commands to the start section of the /etc/init.d/squid script.

Testing

tcpdump is your friend when testing this configuration. Check the flows in order shown in Figure 4 above and verify that each one works in order. Remember that the Squid proxy will use the IP address of the Internet web server when replying back to the client, so be aware of this. If your proxy is behind a firewall you will probably have to disable anti-spoofing mechanisms to allow the proxy to spoof the web server's IP address.

Most problems seem to occur in the Linux GRE & NAT configuration. And don't forget to check the Squid logs for errors.

Closing Notes

In this paper I've described a method of transparently caching web requests using a Squid proxy and WCCP-enabled Cisco router. As described in the introduction this solution can be used to implement security controls and bandwidth management without having to reconfigure client systems to explicitly use a proxy server.

cisco router failover connection

There are often requests for information regarding Cisco failovers. The following seems to work with 12.4 and higher. It should also work with 12.3, but this has not been tested.

Cisco provides a little known item called a tracking object. None of the following can be done through the SDM. It must be done through the CLI, however, it's recommended that you do everything through the CLI. The SDM has some interesting inadequacies (for another article).

You will need at least two remote IPs to use as a test. For example, you can use 4.2.2.1 for the first and 4.2.2.2 for the second. These two IPs are never down. You will need to create a host static route for each of the IPs going out the interface to test. There is an example of this in the config. Also included are the overload statements.

Hopefully the following helps. If you know if a better way to do this, please share it here. This was created using a known good configuration of a real client.

LEGEND

• your_first_test_ip = the ip you will use to test your primary connection.
• your _second_test_ip = the ip you will use to test your secondary connection.
• your_primary_firsthop_ip = the first outside hop of your primary connection. Default route for primary connection.
• your_secondary_firsthop_ip = the first outside hop of your secondary connection. Default route for secondary connection.
• primary_interface = the interface name of your primary Internet connection.
• secondary_interface = the interface name of your secondary Internet connection.
• internal_ip_range = ip range of your internal devices.

This sample config assumes 2 connections. Once secondary and one primary.

Config:
IP sla monitor 1
 type echo protocol ipIcmpEcho your_first_test_ip source-ipaddr your_source_ip
 timeout 2000
 threshold 2000
 frequency 3
IP sla monitor schedule 1 life forever start-time now

IP sla monitor 2
type echo protocol ipIcmpEcho your_second_test_ip source-ipaddr your_source_ip
 timeout 2000
 threshold 2000
 frequency 3
IP sla monitor schedule 2 life forever start-time now

track 100 rtr 1 reachability
track 200 rtr 2 reachability

IP route 0.0.0.0 0.0.0.0 your_primary_firsthop_ip track 100
IP route 0.0.0.0 0.0.0.0 your_secondary_firsthop_ip track 200
IP route your_first_test_ip 255.255.255.255 your_primary_firsthop_ip
IP route your_second_test_ip 255.255.255.255 your_secondary_firsthop_ip

IP nat inside source route-map primary interface primary_interface overload
IP nat inside source route-map secondary interface secondary_interface overload

IP access-list extended primary-route
10 permit ip internal_ip_range 0.0.0.255 any

IP access-list extended secondary-route
10 permit ip internal_ip_range 0.0.0.255 any

route-map primary permit 10
match ip address primary-route
set ip next-hop your_primary_firsthop_ip

route-map secondary permit 10
match ip address secondary-route
set ip next-hop your_secondary_firsthop_ip

Two notes for troubleshooting.

Sh track

• This will show you what state your tracking objects are in.

sh ip access-list

• Watch for hits to your acl's. This way you can verify your natting.

netflow cisco ios

Configuring NetFlow Export on an IOS Device

---

Follow the steps below to configure NetFlow export on a Cisco IOS device.

Refer the Cisco Version Matrix for information on Cisco platforms and IOS versions supporting NetFlow

Enabling NetFlow Export

Enter global configuration mode on the router or MSFC, and issue the following commands for each interface on which you want to enable NetFlow:

interface {interface} {interface_number}

ip route-cache flow

bandwidth

exit

In some recent IOS releases Cisco Express Forwarding has to be enabled. Issue the command ip cef in global configuration mode on the router or MSFC for this.

This enables NetFlow on the specified interface alone. Remember that on a Cisco IOS device, NetFlow is enabled on a per-interface basis. The bandwidth command is optional, and is used to set the speed of the interface in kilobits per second. Interface speed or link speed value is used to later calculate percentage utilization values in traffic graphs.

Exporting NetFlow Data

Issue the following commands to export NetFlow data to the server on which NetFlow Analyzer is running:

Command	Purpose
ip flow-export destination {hostname|ip_address} 9996	Exports the NetFlow cache entries to the specified IP address. Use the IP address of the NetFlow Analyzer server and the configured NetFlow listener port. The default port is 9996.
ip flow-export source {interface} {interface_number}	Sets the source IP address of the NetFlow exports sent by the device to the specified IP address. NetFlow Analyzer will make SNMP requests of the device on this address.
ip flow-export version 5 [peer-as | origin-as]	Sets the NetFlow export version to version 5. NetFlow Analyzer supports only version 5, version 7 and version 9. If your router uses BGP you can specify that either the origin or peer AS is included in exports - it is not possible to include both.
ip flow-cache timeout active 1	Breaks up long-lived flows into 1-minute fragments. You can choose any number of minutes between 1 and 60. If you leave it at the default of 30 minutes your traffic reports will have spikes. It is important to set this value to 1 minute in order to generate alerts and view troubleshooting data.
ip flow-cache timeout inactive 15	Ensures that flows that have finished are periodically exported. The default value is 15 seconds. You can choose any number of seconds between 10 and 600. However, if you choose a value greater than 250 seconds, NetFlow Analyzer may report traffic levels that are too low.
snmp-server ifindex persist	Enables ifIndex persistence (interface names) globally. This ensures that the ifIndex values are persisted during device reboots.

For more information on BGP reporting in NetFlow Analyzer, look up the section on Configuring NetFlow for BGP

Verifying Device Configuration

Issue the following commands in normal (not configuration) mode to verify whether NetFlow export has been configured correctly:

Command	Purpose
show ip flow export	Shows the current NetFlow configuration
show ip cache flow	These commands summarize the active flows and give an indication of how much NetFlow data the device is exporting
show ip cache verbose flow

A Sample Device Configuration

The following is a set of commands issued on a router to enable NetFlow version 5 on the FastEthernet 0/1 interface and export to the machine 192.168.9.101 on port 9996.

router#enable Password:***** router#configure terminal router-2621(config)#interface FastEthernet 0/1 router-2621(config-if)#ip route-cache flow router-2621(config-if)#exit router-2621(config)#ip flow-export destination 192.168.9.101 9996 router-2621(config)#ip flow-export source FastEthernet 0/1 router-2621(config)#ip flow-export version 5 router-2621(config)#ip flow-cache timeout active 1 router-2621(config)#ip flow-cache timeout inactive 15 router-2621(config)#snmp-server ifindex persist router-2621(config)#^Z router#write router#show ip flow export router#show ip cache flow

*repeat these commands to enable NetFlow for each interface

Please note that NetFlow data export has to be enabled on all interfaces of a router in order to see accurate IN and OUT traffic. Suppose you have a router with interface A and B. Since NetFlow, by default, is done on an ingress basis, when you enable NetFlow data export on interface A, it will only export the IN traffic for interface A and OUT traffic for interface B. The OUT traffic for interface A will be contributed by the NetFlow data exported from interface B. Even if you are interested in managing only interface A, please enable NetFlow data export on A and B. You may subsequently unmanage interface B from the License Management link.

Turning off NetFlow

Issue the following commands in global configuration mode to stop exporting NetFlow data:

Command	Purpose
no ip flow-export destination {hostname|ip_address} {port_number}	This will stop exporting NetFlow cache entries to the specified destination IP address on the specified port number
interface {interface} {interface_number}	This will disable NetFlow export on the specified interface. Repeat the commands for each interface on which you need to disable NetFlow.
no ip route-cache flow
exit

For further information on configuring your IOS device for NetFlow data export, refer Cisco's NetFlow commands documentation

Blackberry menjadi modem

Blackberry jadi Modem

Administrator

Ada kalanya Anda membutuhkan modem untuk koneksi ke PC atau Laptop anda, selain screen yang luas, browsing dengan PC atau Laptop juga bisa menjadi solusi jika browsing pake BB anda dirasa kurang maksimal.

Berikut cara yang bisa dilakukan untuk menjadikan Blackberry anda sebagai Modem:

• Anda tentu sudah punya Blackberry Desktop Manager di komputer anda, jika belum silahkan download di http://blackberry.com , kemudian buka aplikasi tersebut dan hubungkan BB Handset dengan komputer pake kabel USB.
  

  

• Kemudian buka Control Panel caranya klik Start, pilih Control Panel

• Lalu pilih Phone and Modem Options

• Pada Box Phone and Modem Options, klik tab Modem

• Kemudian Pilih Standard Modem, lalu klik Properties

• Kemudian Pilih tab Diagnostics, klik tombol Query Modem, lalu akan muncul informasi modem dengan simbol AT

• Kira-kira lebih hasil query modem adalah seperti ini:

• Langkah terakhir untuk setting modem yaitu mengisi kode pada Extra Initialization, dengan cara klik tab Advanced pada kotak isian Extra Initialization commands: tulis command sesuai dengan operator yang anda gunakan :

- Untuk Telkomsel : at+cgdcont=1,"IP","Telkomsel"

- Untuk Indosat : at+cgdcont=1,"IP","www.indosatgprs"

- Untuk XLl : at+cgdcont=1,"IP","www.xlgprs.net"

PERHATIAN! silahkan anda lihat di website masing-masing operator untuk kejelasan command ini

Setelah selesai setting Modem langkah berikutnya anda perlu menambah koneksi Internet, caranya baca di bagian menambah koneksi internet blackberry

Artikel ini adalah lanjutan dari menjadikan Blackberry sebagai modem, silahkan anda baca caranya disini setelah selesai menjadikan Blackberry anda sebagai modem, langkah selanjutnya adalah menambah koneksi Internet dengan cara

• Klik Start lalu klik Control Panel

• Klik Create a new connection

• Pada Box New connection wizard pilih Connect to the Internet

• Klik Next lalu pilih pilihan kedua Set up my connection manually

• klik Next lalu pilih Connect using a dial-up modem

• Lalu select device Modem-standard modem (yang telah kita create sebelumnya-baca artikel sebelumnya)

• Kasih nama connection yang akan dibuat (penamaan terserah anda :)

• Pada pertanyaan Phone number, isikan *99# atau *99***1# (perhatian! jika belum jelas silahkan anda check atau tanyakan pada operator masing-masing untuk kejelasan pengisian ini)

• Pada isian username dan password silahkan dikosongkan saja.

• Klik Next Kemudian klik tombol Finish

• Klik Dial Kini anda siap mengarungi dunia maya dengan Blackberry anda sebagai modem.

WARNING! apa yang anda di lihat di gambar mungkin sedikit berbeda, dikarenakan versi windows atau yang lainnya, silahkan anda tanyakan ke operator masing-masing jika ada yang belum jelas, Andapun dapat mendiskusikan artikel ini di bagian Forum FORUMBLACKBERRY.COM

Allowing New port in Juniper Firewall SSG5

Allowing New port in Juniper Firewall SSG5

I was digging for allowing a new port in Juniper SSG5 firewall, an entry level firewall which used for internet connection, after long R&D i was able to do that, and planning to share it with you
A step by step approach for more clarity

1.Internet explorer take http://192.168.x.x or https://192.168.x.x Userid: netscreen
and password

Step - I

Creating a port

1.Policy ->Policy elements ->Services -> Custom -> Click on New
a.Give service name abc(for which purpose you are opening port give
description of that ex- if you are opening port 1111 for abc give service
name abc)
b.Select Transport protocol -> TCP
c.Source port -> Low =0 High -> 65535 (default)
d.Destination port -> Low= 1111(the port you want to open ex-1111)
High=1111(the port you want to open ex-1111) low and high should be same

Step - II
Assigning new port to group

1.Policy -> Policy elements -> Services -> Group -> edit group1
a. Select the service name you have given from left side and add them

konfigurasi tftp server untuk cisco devices

untuk mendownload menggunakan TFTP Server, ada beberapa langkah yang perlu dilakukan:

1. Personal Computer (PC)�
   • Instal terlebih dahulu TFTP server ke PC/Remote Host
   • Pastikan TFTP server berjalan dengan baik [service TFTP running]
   • Atur di Folder mana file TFTP akan di simpan, Defaultnya berada di C:\TFTP-Root, [menggunakan Solarwinds TFTP Server]
   • Jangan lupa untuk mengkonfigurasi IP pada PC dengan Network dan Subnet yang sama dengan cisco equipment yang ada
   • PC harus terhubung ke cisco equipment dengan menggunakan Cable Console (untuk bisa masuk ke Command line Interface) dan Patch Cord (untuk download)
   • Pastikan port yang digunakan untuk jalur download sudah AKTIF [No SHUTDOWN]
   • INGAT, jangan lupa untuk mematikan FIREWALL, klo Firewall dalam keadaan ON, maka pada saat kita melakukan download akan terjadi error. “Error Opening TFTP://192.168.12.10/s72033-ipservices_wan-vz.122-18.SFX9.bin (Time out) lebih kurangnya kaya gini”
2. Cisco Equipment (CE)�
   • Selanjutnya, Konfigurasi cisco equipement dengan memberikan IP dan subnet yang sama dengan PC
   • Jangan lupa untuk mengkatifkan interface yang sudah diberi IP tadi, dengan memberikan perintah “No Shutdown“. (biasanya kita konfigurasi interface di native vlan 1/default)
   • cek koneksi antara cisco equipment dengan PC yang kita gunakan sebagai TFTP server, dengan memberi perintah “PING 192.168.12.1 dari Command From PC dan PING 192.168.12.10 dari console cisco equipment”
   • selanjutnya kembali ke console, dan lakukan urutan2 berikut ini:
     
     • ! Cek terlebih dahulu konfigurasi yang sedang berjalan
     • switch#show running-config
     • ! Cek version IOS dan path-nya
     • switch#show version
     • ! pastikan dengan langsung menuju direktori dari IOS itu berada
     • switch#show bootflash: | sup-bootflash: | sup-bootdisk0: | flash:
     • switch#copy flash:s72033-ipservices_wan-vz.122-18.SFX9.bin tftp:
     • Address or Name of Remote host []?192.168.12.10
     • Destination Filename [s72033-ipservices_wan-vz.122-18.SFX9.bin]?
     • ! Tunggu proses download hingga selesai.
     • !
     • !
     • ! download running-config ke TFTP-Root Directory
     • switch#copy running-config tftp:
     • source filename []?
     • Address or Name of Remote host []?192.168.12.10
     • destination filename[switch_config.cfg]? |
     • tunggu proses download hingga selesai

Selamat Mencoba. semoga bermanfaat.

paket bb one dan bb gaul xl

[Info] BB GAUL - Rp. 2.000/hr

01. 02. 2010 um 16:16 Uhr

Per tanggal 1 Februari 2009, layanan Blackberry Chat RESMI di launch dengan nama BLACKBERRY GAUL

FITUR YANG DI DAPAT
• Mendapatkan fitur ”Chat networking” seperti Facebook, mySpace
• Mendapatkan fitur chatting standar seperti Yahoo Messenger, MSN, Google Talk, Blackberry Messenger

FITUR YANG DI TUTUP
• Tidak mendapatkan fitur untuk Browsing
• Tidak mendapatkan fitur untuk Email

CARA REGISTRASI
*** I. SMS [Prepaid & Postpaid]
☑ HARIAN
• Ketik “BB [spasi] Gaul” kirim ke 568
BB Gaul - kirim ke 568
• Setelah terima sms notifikasi lalu Ketik “YA [spasi] Gaul” Kirim ke 568
YA Gaul - kirim ke 568

asa behind router cisco vpn nat

WORK IN PROGRESS...

The following devices are in this scenario:

* An end-user device on a public network with the Cisco VPN client.
* A Cisco 3845 router connected to a public network and a private network
* A Cisco ASA 5540 firewall behind the router, configured with private networks.

Cisco 3845 base configuration

interface GigabitEthernet0/0
description Outside interface
ip address 67.211.112.133 255.255.255.224
ip nat outside
interface GigabitEthernet0/1
description Inside interface
ip address 192.168.255.12 255.255.255.248
ip nat inside
ip route 0.0.0.0 0.0.0.0 67.211.112.129
ip nat inside source list 1 interface GigabitEthernet0/0 overload
access-list 1 permit 192.168.255.0 0.0.0.255



Cisco ASA 5540 base configuration

interface GigabitEthernet0/0
nameif eth0
security-level 0
ip address 192.168.255.9 255.255.255.248


Cisco 3845 configuration

ip nat inside source static esp 192.168.255.9 interface gigabitEthernet 0/0
ip nat inside source static udp 192.168.255.9 500 interface gigabitEthernet 0/0 500
ip nat inside source static udp 192.168.255.9 4500 interface gigabitEthernet 0/0 4500


ip nat inside source static tcp 192.168.255.9 22 67.211.112.133 1022 extendable


Cisco ASA 5540 configuration
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 3600
isakmp enable eth0
ip local pool vpnpool 172.16.15.10-172.16.15.200 mask 255.255.255.0
crypto ipsec transform-set vpn-transform esp-3des esp-md5-hmac
tunnel-group vpn-tunnel-group type ipsec-ra
tunnel-group vpn-tunnel-group general-attributes
address-pool vpnpool
tunnel-group vpn-tunnel-group ipsec-attributes
pre-shared-key Test9847
crypto dynamic-map dynmap 1 set transform-set vpn-transform
crypto map mymap 1 ipsec-isakmp dynamic dynmap
crypto map mymap interface eth0



Configuring the VPN client
Host: 67.211.112.133
Group Authentication Name: vpn-tunnel-group
Password: Test9847

configurasi asa 5510 vpn remote access

Konfigurasi Remote Access VPN dengan Cisco ASA

Remote access VPN memungkinkan remote atau mobile user untuk bisa terkoneksi ke jaringan perusahaan. Kalau dulu service ini dilayani oleh koneksi dial up dengan menggunakan modem analog. Perusahaan menyediakan banyak pool modem dan akses server untuk mengakomodasi kebutuhan remote tersebut.

Dalam perkembangan selanjutnya koneksi dial up digantikan dengan koneksi broadband DSL dan cable modem yang memungkinkan user korporat berpindah dari dial up ke remote akses vpn untuk komunikasi yang lebih baik.

Berikut adalah langkah-langkah (command line) untuk mengkonfigurasi remote access vpn di Cisco ASA:
Pertama, konfigurasi interface ASA
!–interface name
ASA(config)#interface GigabitEthernet 0/1
ASA(config-if)# no shutdown
ASA(config-if)# nameif outside
!–security level
ASA(config-if)#security-level 0
!–ip address
ASA(config-if)# ip address 20.1.1.50 255.0.0.0
!–Enable crypto isakmp
ASA(config)# crypto isakmp enable outside

Kedua, konfigurasi IP Pool
!–konfigurasi IP Pool
ASA(config)# ip local poolname 30.1.1.1-30.1.1.50
ASA(config)# route outside 0 0 20.0.0.0

Ketiga, konfigurasi user account
ASA(config)# username ism password Cisco.123

Keempat, mendefinisikan ISAKMP policy: authentication, encryption, hash, dan group
!–mendefinisikan isakmp policy 10
ASA-(config)#crypto isakmp policy 10
!–enable des ecryption
ASA(config-isakmp)#encryption des
!–enable algorithm md5 for hashing
ASA(config-isakmp)#hash md5
!–enable metode Pre-shared
ASA(config-isakmp)#authentication pre-share
!–enable diffie-Helman group 2
ASA(config-isakmp)#group 2
!–keluar dari mode crypto isakmp
ASA(config-isakmp)#exit

Kelima, membuat IPsec transform set
!–tipe enkripsinya des dan tehnik hashingnya md5-hmac
ASA(config)#crypto ipsec transform-set ts2 esp-des esp-md5-hmac
!–terapkan transform set
ASA(config)# crypto dynamic-map dmap 10 set transform-set ts2
!–panggil dynamic-map di crypto map dengan nama imap
ASA(config)#crypto map imap 10 ipsec-isakmp dynamic dmap

Keenam, konfigurasi tunnel group
!–create group untuk IT departemen
ASA(config)# tunnel-group itdept type ipsec-ra
!–create group policy
ASA(config)# tunnel-group itdept general-attributes
ASA(config-general)# address-pool poolname
ASA(config-general)# exit
ASA(config)# tunnel-group itdept ipsec-attributes
ASA(config-ipsec)# pre-shared-key Cisco
ASA(config-ipsec)# exit

Tujuh, apply crypto map di interface outside
ASA(config)# crypto map imap interface outside

Delapan, verifikasi secure tunnel dengan menggunakan Cisco VPN Client
Tunnel group: itdept
share key: Cisco
Username: ism
Password:Cisco.123

Semoga membantu.