...Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.1 Document Revised: Document Published: November 25, 2013 August 9, 2012 Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Text Part Number: THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED...
Words: 126829 - Pages: 508
...captured from a massive footprint of security devices into dynamic updates and actionable intelligence, such as "reputation" scores, and pushes that intelligence out to a business's network security infrastructure for protective action. By incorporating Global Correlation, Cisco IPS 7.0 is up to two times as effective in stopping malicious attacks, in a shorter amount of time, than traditional signature-only IPS technologies. • Cisco ASA 5500 Series 8.2 Software: This offering in the Cisco Adaptive Security Appliances family is designed to enhance end-to-end security for offices of all sizes, improving threat mitigation and enabling companies to more securely connect, communicate and conduct business. With a new Botnet Traffic Filter for identifying infected clients, IPS availability for small offices, and increased clientless remote-access capabilities, Cisco now offers support for the widest range of platforms, operating systems and endpoints in the industry. • Cisco ASA Botnet Traffic Filter: The new Botnet Traffic Filter enables Cisco ASA 5500 Series appliances to...
Words: 532 - Pages: 3
...arbitrary number (ie 40:40). The vrf must be created on each layer3 hop as it is not propagated throughout the network (must be added on all 4900’s that participate in ospf) router(config)#ip vrf vpn1 router(config#)rd 50:50 Create VRF Interfaces You can add any layer3 interface to the vrf but it can only belong to a single interface. To have multiple vrf’s share the same physical interface, you can use a trunk port and assign the individual vlans(4000’s are used in your network for vrf routing between 4900’s) to specific vrfs. The interfaces must be added to the correct vrf on each 4900 for connectivity. Here is an example config for Hotel1A(this is only vrf configuration, ip address and glbp mu8st also be configured): router(config)#interface vlan 2150 router(config)#description lan vlan router(config)#ip vrf forwarding vpn1 router(config)#interface vlan 4051 router(config)#ip vrf forwarding vpn2 router(config)#description routing to hotel1B router(config)#interface vlan 4052 router(config)#ip vrf forwarding vpn1 router(config)#description routing to core1A router(config)#interface vlan 4053 router(config)#ip vrf forwarding vpn1 router(config)#description routing to core1B router(config)#interface vlan 4054 router(config)#ip vrf forwarding vpn1 router(config)#description routing hotel distribution You should now be able to ping across vrf interfaces after all of them have been configured. To verify: ping vrf1 <ip> Enable...
Words: 983 - Pages: 4
...Table of Contents Chapter 1 Evaluating the Cisco ASA VPN Subsystem .......................................3 Chapter 2 Deploying Cisco ASA IPsec VPN Solutions ............................. 42 Chapter 3 Deploying Cisco ASA AnyConnect Remote-Access SSL VPN Solutions..............................109 Chapter 4 Deploying Clientless RemoteAccess SSL VPN Solutions ................148 Chapter 5 Deploying Advanced Cisco ASA VPN Solutions .............................184 CCNP Security VPN 642-648 Quick Reference Cristian Matei ciscopress.com [2] CCNP Security VPN 642-648 Quick Reference About the Author Cristian Matei, CCIE No. 23684, is a senior security consultant for Datanet Systems, Cisco Gold Partner in Romania. He has designed, implemented, and maintained multiple large enterprise networks, covering the Cisco security, routing, switching, service provider, and wireless portfolios of products. Cristian started this journey back in 2005 with Microsoft technology and finished the MCSE Security and MCSE Messaging tracks. He then joined Datanet Systems, where he quickly obtained his Security and Routing & Switching CCIE, among other certifications and specializations, such as CCNP, CCSP, and CCDP. Cristian has been a Cisco Certified Systems Instructor (CCSI) since 2007, teaching CCNA, CCNP, and CCSP curriculum courses. In 2009, he received a Cisco Trusted Technical Advisor (TTA) award and became certified as a Cisco IronPort Certified Security Professional (CICSP) on E-mail...
Words: 52748 - Pages: 211
...ASA/PIX 7.x and Later: Mitigating the Network Attacks - Cisco Systems Page 1 of 11 ASA/PIX 7.x and Later: Mitigating the Network Attacks Document ID: 100830 Contents Introduction Prerequisites Requirements Components Used Related Products Conventions Protecting Against SYN Attacks TCP SYN Attack Mitigation Protecting Against IP Spoofing Attacks IP Spoofing Mitigation Spoofing Identification Using Syslog Messages Basic Threat Detection Feature in ASA 8.x Syslog Message 733100 Cisco Support Community - Featured Conversations Related Information Introduction This document describes how to mitigate the various network attacks, such as Denial-of-Services (DoS), using Cisco Security Appliance (ASA/PIX). Prerequisites Requirements There are no specific requirements for this document. Components Used The information in this document is based on the Cisco 5500 Series Adaptive Security Appliance (ASA) that runs software version 7.0 and later. The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Related Products This document can also be used with Cisco 500 Series PIX that runs software version 7.0 and later. Conventions Refer to Cisco Technical Tips Conventions for more information on document conventions. Protecting...
Words: 5299 - Pages: 22
...VPN Concepts A virtual private network (VPN) is used to transport data from a private network to another private network over a public network, such as the Internet, using encryption to keep the data confidential. In other words, a VPN is an encrypted connection between private networks over a public network, most often the Internet. VPNs provide the following services: Confidentiality: VPNs prevent anyone in the middle of the Internet from being able to read the data. The Internet is inherently insecure as data typically crosses networks and devices under different administrative controls. Even if someone is able to intercept data at some point in the network they won’t be able to interpret it due to encryption. Integrity: VPNs ensure that data was not modified in any way as it traversed the re Internet. Authentication: VPNs use authentication to verify that the device at the other end of VPN is a legitimate device and not an attacker impersonating a legitimate device. Cost savings - VPNs enable organizations to use the global Internet to connect remote offices and remote users to the main corporate site, thus eliminating expensive, dedicated WAN links and modem banks. Security - VPNs provide the highest level of security by using advanced encryption and advanced authentication protocols that protect data from unauthorized access. Scalability - Because VPNs use the Internet infrastructure within ISPs and devices, it is easy to add new users. Corporations...
Words: 6523 - Pages: 27
...World-Wide Trading Company: Project Implementation Plan Group 3 Kristine Bird (AD Forest Domain OU, Groups and GPO Implementation) Ryan Bonisch (Contact list and LAN Implementation Tasks) Anthony Campo (Configuration of Routers, Switches, and VLANs) Gerald Casanada (Voice VLAN, Wireless, DHCP and DNS) Jennifer Coleman (AD Implementation and Tasks lists for AD Policies) Billie Jo Derouin (Security Implementation) Raymond Mack (Security Technology and Timeline) University of Maryland University College CMIT 495 Professor Sam Musa February 28, 2016 Table of Contents Introduction 2 Purpose 3 Implementation Requirements 3 Project Contact List 3 Tool List 3 Equipment Installation Plan 5 Project TimeLine 6 Lan Implementation task 7 Security Implementation task 11 Configuration Routers 41 Switches 46 VLAN Configurations 49 Voice VLAN and Wireless 51 DHCP and DNS 54 Active Directory Implementation Task 56 Active Directory Policies 58 AD Forest Domain OU formation/AD Group Formation/AD GPO Implementation 68 Security Technologies 88 Introduction The implementation of the WWTC is crucial to keep the business functioning and growing. To ensure that new office installation goes smooth group 3 will create a functional implementation plan from the design we proposed to WWTC over the last 7 weeks. Purpose The purpose of this plan is to provide a step by step guide on the network designed proposed...
Words: 13687 - Pages: 55
...CCNA Notes Introduction Cisco offers two options for obtaining the CCNA certification: Pass Exam 640-802 OR Pass Exam 640-822 AND Exam 640-816 While you can use these notes to prepare for either exam, the notes are geared towards passing the single exam. I recommend you study all of the material and take the single exam option rather than taking two exams. Cisco Device Icons The following table lists the specific icons Cisco uses to represent network devices and connections. Represents Icon Hub Bridge Switch Router Access point Network cloud Ethernet connection Serial Line connection Wireless connection Virtual Circuit The OSI Model As you study this section, answer the following questions: What is the OSI model and why is it important in understanding networking? How does the third OSI model layer relate to administering routers? Which OSI model layer is concerned with MAC addresses? What protocols correspond to the Presentation and Session layers? What is the difference between the TCP and UDP protocols? What is the EIA/TIA 232 protocol concerned with? This section covers the following exam objectives: 103. Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network 105. Describe the purpose and basic operation of the protocols in the OSI and TCP models 110. Identify and correct common network problems at layers 1, 2, 3 and 7 using a layered model approach ...
Words: 73801 - Pages: 296
...WeMakeConnections TTI Multi Campus Network Executive Summary: WeMakeConnections is an up-and-coming networking and infrastructure company; we offer network solutions that are customized to each client, and their specific financial and technical needs. We provide a le82vel of service you would expect from a close friend, not a company. We service all network sizes, large and small, and have worked extensively with existing network upgrades, as well as total network creation. WeMakeConnections offers personalized services to match any budget. In this day and age competition is fierce, and money is tight. That is why we only hire people who love networking; they know what works, what doesn't, and where we can cut waste. That is why WeMakeConnections is the only company that offers a complimentary follow up, one month after your network is complete. We want to make sure you love your network. Each of our eight core employee's graduated from the prestigious ITT Tech, San Diego. Each has a passion for networking, and genuine love for problem solving. From the cabling in the walls to workstations on the desks, a trained professional will be on the job. Based on the request for proposal from TTI, we have created what may be, our masterpiece work. The following pages detail our plan of action for TTI's success, and subsequent expansions. We are confident that our network provides the best return on investment for TTI's four additional campuses, and will be easily scaled to...
Words: 18593 - Pages: 75
...* CCNA Routing & Switching 200-120 * Chapter 1 – Understanding Networks and their Building Blocks * 1-1 Introduction to Networks * 1-2 Networking Types * 1-3 OSI Reference Model * 1-4 TCP/IP Model * 1-5 Ethernet Technologies and Cabling * 1-6 Cisco 3 Layer Model * 1-7 Summary * Chapter 2 – IP Addressing and Subnets * 2-1 IP Addresses – Composition, Types and Classes * 2-2 Private and Public IP addresses * 2-3 Subnetting * 2-4 Variable Length Subnet Masks (VLSM) * 2-5 Route Summarization * 2-6 Troubleshooting IP Addressing * Chapter 3 Introduction to Cisco Routers, Switches and IOS * 3-1 Introduction to Cisco Routers, Switches, IOS & the Boot Process * 3-2 Using the Command-Line Interface (CLI) * 3-3 Basic Configuration of Router and Switches * 3-4 Configuring Router Interfaces * 3-5 Gathering Information and Verifying Configuration * 3-6 Configuring DNS & DHCP * 3-7 Saving, Erasing, Restoring and Backing up Configuration & IOS File * 3-8 Password Recovery on a Cisco Router * 3-9 Cisco Discovery Protocol (CDP) * 3-10 Using Telnet on IOS * 3-11 CCNA Lab #1 * Chapter 4 Introduction to IP Routing * 4-1 Understanding IP Routing * 4-2 Static, Default and Dynamic Routing * 4-3 Administrative Distance and Routing...
Words: 95744 - Pages: 383
...Unit One Project Heidar Alshabany IT 535 Kaplan University May 13, 2014 Unit One Project Network address Translation (NAT) is a technology that can be used by network administrators to configure IP addresses of network communication. NAT permits a network device like a router to act as an agent between public and private networks. NAT provides the capability for enterprises and home users to use a single IP address to represent a group of computers on a public domain. The translation part of NAT between private and public addresses, allows a node or a group of nodes already setup with internal addresses to be stamped with an outside address, therefore permitting them to communicate over the Internet. Moreover, NAT helps in managing the private and public portion of the network because it can isolate the internal and exterior address spaces. This address isolation makes devices in a private network independent of the IP address hosts in the public network. There should be a distinction between NAT solution and firewall solution. The confusion comes from the fact that a large number of software packages do both function within the same device which is labelled a NAT box (Balchunas, 2013). NAT is a solution that allows the connection several nodes by using a single public IP address that is often confused with a firewall solution, which is intended to implement the security procedures of the organization. The scheme of NAT is centred on the point that only a few dedicated...
Words: 2865 - Pages: 12
...Table of Contents INTRODUCTION 2 DESIGNING AND IMPLEMENTING AN AUTOMATIC IP-ADDRESSING MECHANISM 3 AUTOMATIC IP-ADDRESSING SCHEME FOR THE UWS NETWORK 3 INSTALLING AND AUTHORIZING A DHCP SERVER 4 CREATING AND CONFIGURATION OF DHCP SCOPES 8 CREATING AND TESTING DHCP CLIENT RESERVATIONS 10 IMPLEMENTING DHCP RELAY AGENTS 12 DOMAIN NAMING STRATEGY 16 DOMAIN NAME SERVICE INSTALLATION 17 DOMAIN NAME SERVICE LOOK UP ZONES 18 ZONE AUTHORITY DELEGATION 23 DNS DYNAMIC UPDATES 25 DNS RESOURCE RECORDS 25 NETBIOS NAME RESOLUTION 27 INSTALLATION OF WINS 27 STATIC WINS RECORD 28 CONFIGURING REPLICATION PARTNERS 30 ALTERNATIVE IP ADDRESSING STRATEGY 31 ALTERNATE NAME RESOLUTION TECHNIQUES 32 NETWORK PLAN FOR THE UWS GLASGOW SITE 32 NETWORK PLAN FOR THE UWS CLYDE SITE 33 NETWORK PLAN FOR THE UWS HEAD OFFICE SITE 33 OVERVIEW OF THE UWS NETWORK INFRASTRUCTURE AS A WHOLE 34 TROUBLESHOOTING STRATEGY FOR UWS NETWORK 34 BACK UP AND FAULT TOLERANCE STRATEGY FOR NETWORK SERVICES 38 NETWORK HEALTH MONITORING AND ANALYSES 38 CONNECTIVITY SOLUTIONS FOR MULTI-VENDOR -ENVIRONMENT 40 REMOTE CONNECTIVITY TO UWS NETWORK USING VPN 41 CONFIGURING INBOUND VPN CONNECTION 41 CONFIGURING REMOTE ACCESS POLICIES 45 CONFIGURING OUTBOUND VPN CONNECTION 48 NETWORK COUNTERACTIVE APPROACHES WITH REGARDS TO SECURITY THREATS 50 IMPLEMENTATION OF CERTIFICATE SERVICES 51 IPSEC IMPLEMENTATION 56 References 62 INTRODUCTION This is a case study about a company...
Words: 5792 - Pages: 24
...The Launching of Mozilla Firefox- A Case Study in Community-Led Marketingi Sandeep Krishnamurthy Associate Professor of E-Commerce and Marketing Business Administration Program University of Washington, Bothell Box 358533, 18115 Campus Way NE, Room UW1-233 Bothell, WA 98011-8246 Phone: (425) 352 5229 Fax: (425) 352 5277 E-mail: sandeep@u.washington.edu URL: http://faculty.washington.edu/sandeep Version 1.0 January 27, 2005 Usage Policy 1This is an early draft of the paper. I expect to revise it many times and submit it to an academic journal for publication at a later date. Your input is welcome. You are welcome to use the document in its current form for teaching or research purposes. If you use it in your classroom, e-mail me about how this was received and tell me how I can improve it. Always cite the original document when using. You may cite it asKrishnamurthy, Sandeep (2005), “The Launching of Mozilla Firefox- A Case Study in Community-Led Marketing”, Working Paper, Available at http://opensource.mit.edu/papers/sandeep2.pdf. 4If you notice any errors or omissions in this document or if you have other suggestions for improvement or collaboration, e-mail me at sandeep@u.washington.edu. 2- 3- 2 The Launching of Mozilla Firefox- A Case Study in Community-Led Marketing ABSTRACT Mozilla Firefox is a Free/Libre/Open Source (FLOSS) browser supported by the Mozilla Foundation. This browser was recently released and has met with considerable success- it has...
Words: 7053 - Pages: 29
...WWTC Comprehensive AAP Executive Summary The comprehensive visions for the World-Wide Trading Company (WWTC), an aggressively growing online broker firm, is to increase revenue from 10 billion to 40 billion and reduce operating costs from 30 to 15 percent by the year 2018. The key to gains in exponential growth and revenue was addressed by the leased office location in the notoriously known broker/financial capital of the United States, Wall Street, New York City, New York. WWTC encompasses a staff of 9,000 trained employees scattered across the globe. The World-Wide Trading Company’s corporate headquarters will remain in Hong Kong, while The New York office will be used as an international extension. This office will house approximately 200 staff members. The newly hired IT team will provide the New York office with a state of the art network design. The initiative will focus on the reinforcement of reported security vulnerabilities at other WWTC locations. This design will exceed all other previous standards and set the mold for other businesses to emulate. Project Goal The goal of this project is to increase WWTC revenue from 10 billion to 40 billion dollars by the within the next three to four years. The focus lies within reducing operating costs from 30 to 15 percent by using an automated system for the buying and selling of goods, or, e-commerce. With the implementation of a new, highly scalable, fast and efficient Local/Wide Area Network (LAN/WAN), WWTC will...
Words: 7472 - Pages: 30
...IPV6 IN DE REALITEIT Stijn Willems Promotoren Dhr. A. Geraerts Dhr. J. Cleuren Cegeka XIOS Hogeschool Limburg Bachelorproef academiejaar 2010-2011 2 IPV6 IN DE REALITEIT Stijn Willems Promotoren Dhr. A. Geraerts Dhr. J. Cleuren Cegeka XIOS Hogeschool Limburg Systemen & Netwerken Bachelorproef academiejaar 2010-2011 XIOS Hogeschool Limburg Universitaire Campus – Gebouw H – 3590 Diepenbeek Cegeka Universiteitslaan 9 – 3500 Hasselt 4 Dankbetuiging Deze scriptie is het eindstadium van mijn professionele bacheloropleiding Toegepaste Informatica aan de XIOS Hogeschool Limburg. Om mijn kennis en vaardigheden in praktijk om te zetten, heeft Cegeka mij de kans gegeven een boeiend stageproject uit te werken. Verschillende mensen hebben hun steentje bijgedragen aan dit eindwerk. Graag zou ik deze mensen willen bedanken voor hun steun en kennis die ze mij hebben toevertrouwd. In de eerste plaats zou ik graag mijn bedrijfspromotor, Andy Geraerts, willen bedanken voor de tijd die hij voor mij heeft vrijgemaakt. Zijn begeleiding en steun hebben mij veel bijgebracht. Verder zou ik graag mijn stagepromotor, Johan Cleuren, willen bedanken voor de steun en het vertrouwen tijdens de realisatie van deze scriptie. Graag richt ik ook een dankwoordje aan alle werknemers van de afdeling Network & Security voor de aangename werksfeer. Mijn bijzondere dank gaat uit naar mijn ouders. Zij hebben mij de kans gegeven om deze opleiding te volgen en hebben mij...
Words: 8346 - Pages: 34
