web-archive-net.com » NET » M » MAJORNETWORK.NET

Total: 263

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Majornetwork – Gateway of last resort is not set
    3 2015 Networking 3 Comments In this post I will show two flavours of configuring a LAN to LAN IPsec VPN tunnel with Juniper SRX policy based and route based I have been under impression that those ways are mutually exclusive so that only one way is valid for a given endpoint in the opposite side How wrong have I been Here is the Read Post Juniper SRX Traffic Processing Markku Leiniö February 1 2015 Networking 1 Comment Some pointers to documentation in juniper net that describe the traffic processing in Juniper SRX platform Juniper Networks Devices Processing Overview Junos 12 1X47 Flow Based Processing Feature Guide for Security Devices Junos 12 1X47 SRX Getting Started Troubleshooting Traffic Flows and Session Establishment KB16110 Short version of the processing order Per packet policer Per packet filter For Read Post Cygwin Vim vimrc Location Markku Leiniö January 18 2015 Uncategorized Comments Just wanted to say this In Vim under Cygwin the user s vimrc is not looked up as vimrc One of the correct locations is vim vimrc It will be read whether you start your editor as vi or as vim You can use a template to start with Markku T540p mkdir vim Markku T540p Read Post Look New Look Markku Leiniö January 14 2015 Uncategorized Comments As you can see I changed the blog theme I like this Frontier theme for it s clarity it s easy to see where everything is Some customizations may still occur Read Post Setting Up a Syslog Server Markku Leiniö December 17 2014 Networking Server Virtualization 3 Comments In the field of networking it is very useful to have a centralized location for your logs as the system itself the network is distributed Syslog is the usual method of collecting the logs There are

    Original URL path: https://majornetwork.net/ (2016-04-25)
    Open archived version from archive


  • About – Majornetwork
    and don t reflect any of my employers customers whatever All copyrights if any are retained by their respective owners You can contact me by email at markku leinio at gmail com on Twitter as majornetwork and on Google as Markku Leiniö May the default gateway be reachable for you all as suitable in your respective network designs Search for Markku Leiniö Senior Network Architect Senior Technology Consultant and CCIE 26438 Routing Switching in Finland Majornetwork on Twitter Markku Leiniö on Google Your IPv4 IPv6 Status You are using IPv4 address 81 198 240 36 Recent Posts majornetwork net Is Now TLS Enabled IPsec VPN Tunnel between F5 BIG IP and Juniper SRX SoftEther VPN with a VPN Address Pool Juniper SRX IPsec LAN to LAN VPN Part 2 Juniper SRX IPsec LAN to LAN VPN Part 1 Tags 15 0SY 15 1SY ba bridge assurance cat6500 catalyst 6500 cisco cli cmp console cygwin dual homed esxi fabric extender fabricpath fast hello fex hypervisor ios ipsec ipv6 issu juniper junos lacp linux nexus 5000 nexus 5500 nexus 7000 nx os private vlan pvlan qsfp srx srx100 sup2t sup32 sup720 switch profile sxi sxj vmware vpc vpn vsphere Archives October 2015

    Original URL path: https://majornetwork.net/about/ (2016-04-25)
    Open archived version from archive

  • majornetwork.net Is Now TLS-Enabled – Majornetwork
    t report not working with IE 6 on Windows XP It s not me it s you Updated October 16 2015 22 28 Tags tls Previous Post Leave a Reply Cancel reply Search for Markku Leiniö Senior Network Architect Senior Technology Consultant and CCIE 26438 Routing Switching in Finland Majornetwork on Twitter Markku Leiniö on Google Your IPv4 IPv6 Status You are using IPv4 address 81 198 240 36 Recent Posts majornetwork net Is Now TLS Enabled IPsec VPN Tunnel between F5 BIG IP and Juniper SRX SoftEther VPN with a VPN Address Pool Juniper SRX IPsec LAN to LAN VPN Part 2 Juniper SRX IPsec LAN to LAN VPN Part 1 Tags 15 0SY 15 1SY ba bridge assurance cat6500 catalyst 6500 cisco cli cmp console cygwin dual homed esxi fabric extender fabricpath fast hello fex hypervisor ios ipsec ipv6 issu juniper junos lacp linux nexus 5000 nexus 5500 nexus 7000 nx os private vlan pvlan qsfp srx srx100 sup2t sup32 sup720 switch profile sxi sxj vmware vpc vpn vsphere Archives October 2015 July 2015 May 2015 February 2015 January 2015 December 2014 November 2014 August 2014 June 2014 May 2014 September 2013 August 2013 July 2013 June 2013

    Original URL path: https://majornetwork.net/2015/10/majornetwork-net-is-now-tls-enabled/ (2016-04-25)
    Open archived version from archive

  • Markku Leiniö – Majornetwork
    Nexus FEX Lineup Cat6500 6800 IOS 15SY Feature and Packaging Information Hostname or Path Does It Matter Home Computing History QSFP Specifics on Nexus 5500 and Nexus 6000 Series Switches Originating Default Route in OSPF in Junos Junos authentication order Configuration Review Sena Parani SD1000 Bluetooth Serial Adapter Configuring BGP Sessions in IPv6 Cisco Nexus 7000 Features Available on Modules Search for Markku Leiniö Senior Network Architect Senior Technology Consultant and CCIE 26438 Routing Switching in Finland Majornetwork on Twitter Markku Leiniö on Google Your IPv4 IPv6 Status You are using IPv4 address 81 198 240 36 Recent Posts majornetwork net Is Now TLS Enabled IPsec VPN Tunnel between F5 BIG IP and Juniper SRX SoftEther VPN with a VPN Address Pool Juniper SRX IPsec LAN to LAN VPN Part 2 Juniper SRX IPsec LAN to LAN VPN Part 1 Tags 15 0SY 15 1SY ba bridge assurance cat6500 catalyst 6500 cisco cli cmp console cygwin dual homed esxi fabric extender fabricpath fast hello fex hypervisor ios ipsec ipv6 issu juniper junos lacp linux nexus 5000 nexus 5500 nexus 7000 nx os private vlan pvlan qsfp srx srx100 sup2t sup32 sup720 switch profile sxi sxj vmware vpc vpn vsphere Archives

    Original URL path: https://majornetwork.net/author/markku/ (2016-04-25)
    Open archived version from archive

  • Networking – Majornetwork
    to LAN IPsec VPN tunnel with Juniper SRX policy based and route based I have been under impression that those ways are mutually exclusive so that only one way is valid for a given endpoint in the opposite side How wrong have I been Here is the Read Post Juniper SRX Traffic Processing Markku Leiniö February 1 2015 Networking 1 Comment Some pointers to documentation in juniper net that describe the traffic processing in Juniper SRX platform Juniper Networks Devices Processing Overview Junos 12 1X47 Flow Based Processing Feature Guide for Security Devices Junos 12 1X47 SRX Getting Started Troubleshooting Traffic Flows and Session Establishment KB16110 Short version of the processing order Per packet policer Per packet filter For Read Post Setting Up a Syslog Server Markku Leiniö December 17 2014 Networking Server Virtualization 3 Comments In the field of networking it is very useful to have a centralized location for your logs as the system itself the network is distributed Syslog is the usual method of collecting the logs There are lots of different solutions to collect syslogs ranging from general purpose servers or virtual machines running some syslog daemon software Read Post Juniper SRX Old and New DHCP with Problems Markku Leiniö November 30 2014 Networking 9 Comments At some point I tried to configure Juniper SRX100 with DHCPv6 server with no luck The configurations didn t just work I gave up at that time but returned to the matter some days ago I realized something in Junos DHCP configurations people are talking about old and new ways to configure DHCP server and client Read Post Cisco Nexus FEX Lineup Markku Leiniö August 23 2014 Networking Comments Cisco has had Fabric Extenders in their Nexus datacenter switch portfolio since 2009 Since there are various models and they all

    Original URL path: https://majornetwork.net/category/networking/ (2016-04-25)
    Open archived version from archive

  • IPsec VPN Tunnel between F5 BIG-IP and Juniper SRX – Majornetwork
    500 spi a5b74270c20eef8f b94e0f24c366914d Clearly there is something wrong Since SRX said Remote IKE ID 127 0 0 1 something has to be done in BIG IP Let s go back to the IKE peer configuration and change the Presented ID settings Select Override in Presented ID and enter the system s own IP address actually the cluster IP address as this is a device cluster in the value field That helped the tunnel came up in SRX Jul 12 16 55 45 srx210 rpd 1502 EVENT UpDown st0 2 index 83 Up Broadcast PointToPoint Multicast Jul 12 16 55 45 srx210 kmd 1508 Local gateway 203 0 113 2 Remote gateway 198 51 100 10 Local ID ipv4 172 31 31 0 172 31 31 255 Remote ID ipv4 172 17 73 0 172 17 73 255 Direction inbound SPI 0xa71aae87 AUX SPI 0 Mode Tunnel Type dynamic Traffic selector TS 1 Jul 12 16 55 45 srx210 rpd 1502 EVENT UpDown st0 2 index 83 Up Broadcast PointToPoint Multicast Jul 12 16 55 45 srx210 kmd 1508 Local gateway 203 0 113 2 Remote gateway 198 51 100 10 Local ID ipv4 172 31 31 0 172 31 31 255 Remote ID ipv4 172 17 73 0 172 17 73 255 Direction outbound SPI 0x90ed5c76 AUX SPI 0 Mode Tunnel Type dynamic Traffic selector TS 1 Jul 12 16 55 45 srx210 kmd 1508 VPN instance GT F5 TS 1 268173315 from 198 51 100 10 is up Local ip 203 0 113 2 gateway name GW F5 vpn name GT F5 TS 1 tunnel id 268173315 local tunnel if st0 2 remote tunnel ip Not Available Local IKE ID 203 0 113 2 Remote IKE ID 198 51 100 10 XAUTH username Not Applicable VR id 0 Traffic selector TS 1 Traffic selector local ID ipv4 172 31 31 0 172 31 31 255 Traffic selector remote ID ipv4 172 17 73 0 172 Jul 12 16 55 45 srx210 srx210 ip mon reth scan interface st0 2 trigger reth scan Jul 12 16 55 45 srx210 mib2d 1501 ifIndex 535 ifAdminStatus up 1 ifOperStatus up 1 ifName st0 2 And in BIG IP 2015 07 12 16 55 45 INFO respond new phase 1 negotiation 127 0 0 1 500 203 0 113 2 500 2015 07 12 16 55 45 INFO begin Identity Protection mode 2015 07 12 16 55 45 INFO received Vendor ID DPD 2015 07 12 16 55 45 WARNING SPI size isn t zero but IKE proposal 2015 07 12 16 55 45 WARNING ignore INITIAL CONTACT notification because it is only accepted after phase1 2015 07 12 16 55 45 INFO ISAKMP SA established 127 0 0 1 500 203 0 113 2 500 spi 937b460c9efe69e7 c2694ed94cc8ad70 2015 07 12 16 55 45 INFO respond new phase 2 negotiation 127 0 0 1 500 203 0 113 2 500 2015 07 12 16 55 45 INFO best sp match 172

    Original URL path: https://majornetwork.net/2015/07/ipsec-vpn-tunnel-between-f5-big-ip-and-juniper-srx/ (2016-04-25)
    Open archived version from archive

  • SoftEther VPN with a VPN Address Pool – Majornetwork
    the Edit the static routing table to push button is 10 1 0 0 255 255 0 0 10 1 32 1 Again this is the route that will be pushed to the VPN users computers so that the correct traffic can be tunneled to VPN The VPN hub is not locally bridged to any of the NICs That s why I have the dotted line in the diagram above The bridging is not needed because the incoming users will be mapped to the VPN hub in the L2TP configuration The Virtual Layer 3 Switch Ok now we have the two Virtual Hubs but we need to get them talking to each other somehow So there comes the Virtual Layer 3 Switch I create one with name Router and then I create two Virtual Interfaces for it Virtual Hub VPN IP address 10 1 32 1 Subnet Mask 255 255 255 0 Virtual Hub LAN IP address 10 1 1 5 Subnet Mask 255 255 255 240 The VPN hub interface 10 1 32 1 will be the gateway address for the VPN users tunneled routes It was used as the gateway for the pushed route in the SecureNAT configuration above The LAN hub interface IP address 10 1 1 5 is not the IP address of the Debian server This is the address where the VPN pool 10 1 32 0 24 will be routed in the firewall Additionally I configure the default route in Router pointing to the inside network Network Address 0 0 0 0 Subnet Mask 0 0 0 0 Gateway Address 10 1 1 1 Metric Value 1 This route is only used for the traffic that comes from the VPN users to the VPN server It is also possible to just add the 10 1 0 0 16 route instead of the default route if you don t plan allowing tunneled Internet access for the VPN users Just add all the inside routes instead of the default route Note that the Debian server s default route still points to the public Internet RADIUS Configurations In the VPN hub you can configure RADIUS authentication against your RADIUS server with these configurations Create a user with User Name of just the star it is a wildcard meaning all users Set the Auth Type in the user properties to RADIUS Authentication Then go to Authentication Server Settings and input your RADIUS server information IP address port shared secret I m not going through here how to configure the RADIUS server side see your appropriate documentation or contact the admin But there is a catch in order to reach the RADIUS server you need to have appropriate inside routing in the VPN server OS Provided that the RADIUS server is reachable via the inside NIC of the server you need to have a static route pointing to the inside In Debian I set the route commands in etc network interfaces the inside NIC iface eth1 inet static address

    Original URL path: https://majornetwork.net/2015/05/softether-vpn-with-a-vpn-address-pool/ (2016-04-25)
    Open archived version from archive

  • Server Virtualization – Majornetwork
    daemon software Read Post Installing VMware Tools on Debian Linux Markku Leiniö March 2 2013 Server Virtualization 5 Comments Apparently there is no official deb installer available for installing VMware Tools on Debian Linux Instead you need to install it manually Here is a brief memo of actions required on Debian 6 x and 7 x In vSphere Client use the command Guest Install Upgrade VMware Tools it inserts the VMware Tools ISO in the CD Read Post Building My Own VMware vSphere Hypervisor Host Markku Leiniö January 1 2013 Server Virtualization 8 Comments As I wrote in my previous post I m building my own VMware vSphere Hypervisor a k a ESXi host Today I was able to get the first Debian server running on it Let me go through the platform install for us Planning the Hardware I was totally not planning to get a rackmount server or even a Read Post Installing VMware vSphere Hypervisor 5 x on a USB Stick Markku Leiniö December 29 2012 Server Virtualization 5 Comments I m planning to get my own virtual server platform installed at home for testing purposes The easy way would be to just run the free VMware Player on the laptop but I want to play with the free VMware vSphere Hypervisor as well Apparently vSphere Hypervisor is the engine that has been known as ESXi Read Post Search for Markku Leiniö Senior Network Architect Senior Technology Consultant and CCIE 26438 Routing Switching in Finland Majornetwork on Twitter Markku Leiniö on Google Your IPv4 IPv6 Status You are using IPv4 address 81 198 240 36 Recent Posts majornetwork net Is Now TLS Enabled IPsec VPN Tunnel between F5 BIG IP and Juniper SRX SoftEther VPN with a VPN Address Pool Juniper SRX IPsec LAN to LAN VPN

    Original URL path: https://majornetwork.net/category/server-virtualization/ (2016-04-25)
    Open archived version from archive



  •