Posts By :

tiptechnologies_6agik4

Hello world!

Hello world! 150 150 tiptechnologies_6agik4

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

TROUBLESHOOT VPN

TROUBLESHOOT VPN 150 150 tiptechnologies_6agik4

We understand that a lot of our customers and users have issues troubleshooting Site-to-Site VPN tunnels.
Here’s a small reference sheet that you could use while trying to sort such issues.

Introduction#

Firstly, the two most important commands when troubleshooting any vpn tunnel on a cisco device:

1. “show crypto isakmp sa” or “sh cry isa sa”

2. “show crypto ipsec sa” or “sh cry ips sa”

The first command will show the state of the tunnel. For an tunnel to be perfectly up and passing traffic like it is supposed to, you should see a status “MM_ACTIVE” on an ASA and “QM_IDLE” on a router. The second command will show you the tunnel stats in detail showing clearly the number of packets encapsulated and decapsulated through the vpn tunnel. These numbers should be more or less equal.

(Henceforth throughout the document, I shall be referring to the above mentioned commands as command 1 and command 2 respectively)

Tips to Remember

1. Upon issuing command 1, if you see the status as “MM_NO_STATE” on an ASA or “MM_WAIT_MSG2” on a router, then you would want to –

a. Check the ISAKMP policies that are configured on both the ends of the tunnel to check if the parameters are matched. By ISAKMP policies, I am referring to the parameters that have been configured after issuing the command “crypto isakmp policy <policy-number>” within the sub-prompt. Out of the multiple policies that may have been configured at both ends, at least one policy must match completely with the peer policy, else you would see this status message. Make sure that you match the parameter “group” as well else you will still see this status message.

b. Check if you are able to ping the peer IP address. Also check with your ISP providers on both ends to see if they have blocked UDP port 500 at their end. Blocking of port 500 can also result in this status message.

2. Upon issuing command 1, if you see the status as “MM_WAIT_MSG4” on a router, you would want to check the value of the “group” parameter set under the “crypto isakmp policy <policy-number>” for the policy that is supposed to match on both ends of the tunnel. This parameter has to match on both ends, just like all the other parameters.

3. Upon issuing command 1, if you see the status as “MM_KEY_EXCH” on an ASA or “MM_WAIT_MSG6” on a router, then you would want to ensure that the pre-shared-key you are using on both ends is exactly matched, character by character.

4. Upon issuing command 1, if you see the status “MM_ACTIVE” on an ASA or “QM_IDLE” on a router, issue command 2. If for some reason the traffic is not passing through the vpn tunnel successfully, then you might want to check the IPSEC transform set that has been set under the crypto map for both ends. Here too, the parameters must match at all times.

5. Upon checking to see if traffic is passing successfully, if you find that traffic is not successfully passing through the tunnel, you would also need to check if the traffic for that vpn tunnel has been either exempted from the NAT process by using the “nat (interface-name) 0” command or if the crypto acl has the natted IP of the subnet and not the real IP.

Must DO’s

1. Always enable ISAKMP on the interface that you want to terminate the VPN tunnel on. You can do this by issuing the command “crypto isakmp enable <interface-name>”.

2. Always apply the crypto map to the same interface that has the isakmp enabled. The command “crypto map <map-name> interface <interface-name>” should do the trick!

3. Ensure that there is only one crypto map applied to a particular interface.

4. Ensure that the crypto acl’s or access-list that are used to match traffic to go through the vpn tunnel do not overlap with other access-lists applied to tunnels going to other peers.
This can cause a major traffic passage issue although the status of the tunnel will show as “MM_ACTIVE” or “QM_IDLE”. Hope this helps!

Cyber Security July Free seminar

Cyber Security July Free seminar tiptechnologies_6agik4

JULY 19 at 18:00

Introduction To Cyber Security

About this event

Cyber security is one of the world’s most challenging business concerns, impacting national security, infrastructure, and economy, hence cyber security skills are a most sought-after necessity.

This webinar enables you understand concepts in the cyber space, such as cyber risks, threats, vulnerabilities, risk management, and so on. Ideal for both professionals looking for a career change and novices wanting to break through the cyber security industry.

The course also emphasizes an understanding of the cybersecurity lifecycle, industry standard frameworks and best practices that help an organization achieve a robust and mature cybersecurity posture.

Join some of the security professionals and academics in this free webinar to learn security essentials, and practices for everyday use in the prevention of cybercrime, and data protection.

This event will cover:

• Benefits of Cyber Security.

• Securing your network.

• The route to a successful cyber security specialist career.

• Means of securing your PC.

• Setting up a two-factor authentication.

Book your tickets now via the following link;

Tips Technologies cyber Security webinar

Cyber Security Free Seminar

Cyber Security Free Seminar tiptechnologies_6agik4

June 21 at 18:00 

Introduction to Cyber Security 

About this event 

Cyber security is one of the world’s most challenging business concerns, impacting national security, infrastructure, and economy, hence cyber security skills are a most sought-after necessity.  

This webinar enables you understand concepts in the cyber space, such as cyber risks, threats, vulnerabilities, risk management, and so on. Ideal for both professionals looking for a career change and novices wanting to break through the cyber security industry. 

The course also emphasizes an understanding of the cybersecurity lifecycle, industry standard frameworks and best practices that help an organization achieve a robust and mature cybersecurity posture. 

Join some of the security professionals and academics in this free webinar to learn security essentials, and practices for everyday use in the prevention of cybercrime, and data protection. 

This event will cover: 

• Benefits of cyber security. 

• Securing your network. 

• The route to a successful cyber security specialist career. 

• Means of securing your PC. 

• Setting up a two-factor authentication.  

Book your tickets now via the following link; Tip Technologies Webinar Invitation  

Policy Based Routing

Policy Based Routing 150 150 tiptechnologies_6agik4

Policy based routing

This is more like a filter for networks. It has 3 basic steps

ACL to define interesting traffic
Routemap to refer to the ACL (If/Then statement)
Apply route Map to ingress interface

Normal traffic outward flow
R1 – R3 – R5 – R4 – R7
Return path
R7 – R4 – R5 – R3 – R1

Apply Route-Map on R4 to change the return Path
Return path

R7 – R4 – R3 – R1

R4# show access list

#access-list 100 permit ip host 7.7.7.7 any
#route-map PBR
#match IP address 100 // looking for Access list that matches acl 100. The “Match” is the “IF” portion
#set ip next-hop 10.34.0.3 //The “Set” is the “Then” portion
exit

//Please Note: If you do not specify a match statement, and only specify Set, it will match every other route to the PBR. If we dont set an alternative match statement, it will use the dedault route table.
//to check the route path

R7# traceroute 1.1.1.1
R7# traceroute 1.1.1.1 source 7.7.7.7

//to change the path, go to R4 ingress interface to apply the route map

R4# int se1/1.478
#ip policy route-map PBR

Verify the PBR you just applied

R4# sh ip policy
R4# Debug ip policy

// Lets go to R7
R7# traceroute 1.1.1.1
//Traffic flows normally as it is not coming from 7.7.7.7 but from 10.7.7.7
R7# traceroute 1.1.1.1 source 7.7.7.7
//Now you see the traffic path changes acording to PBR

Reference …From Keith Barker’s CBT.

Blog Post Title

Blog Post Title 150 150 tiptechnologies_6agik4

What goes into a blog post? Helpful, industry-specific content that: 1) gives readers a useful takeaway, and 2) shows you’re an industry expert.

Use your company’s blog posts to opine on current industry topics, humanize your company, and show how your products and services can help people.

Get Started With Cisco DevNet

Get Started With Cisco DevNet 150 150 tiptechnologies_6agik4

Start by Building your lab your Lab on your PC.

Cisco DevNet

Source control systems like git or Subversion are a core part of the software development workflow.

Examples of shells include:
bash (or “Bourne-again shell”) is a common shell Mac, Linux and other “Unix-like” operating systems
cmd.exe is the native command line interpreter for Windows systems
PowerShell is a combination shell and scripting framework from Microsoft that has recently become open source and cross platform

git has become one of the most commonly used source control systems in the development
‘repos’ – Cisco DevNet are hosted in git repositories
leverage the git-bash shell that is included with git for Windows.

Node.js is a JavaScript runtime that is very popular for developers because of the JavaScript foundation providing a consistent language across web (sometimes called “frontend”) and application (sometimes called “backend”) development.
VS Code is ideal for JavaScript development, and has powerful and complete language support for Python, .NET, Java and other languages as well.
Find out more at https://code.visualstudio.com/.

Postman is a powerful REST API client that provides a set of capabilities for testing, exploring, and writing REST APIs.
ngrok is one of several possible tools that aims to solve this problem for developers. It is an application you’ll run on your environment, and it builds a connection path from the public internet to your local workstation

if you do not have AnyConnect, the open source alternative OpenConnect can be used.

Docker is not the only application container engine, and wasn’t even the first. But it is definitely the most popular one in use today,

Installation and setup
=========================

Navigate to git-scm.com/downloads.
Click the link for “Windows”
Consider changing the default text editor for Git to another option, if you have one available. For example, Notepad++

Open git-bash
within the terminal, run
git –version
Attempt to clone a repository from GitHub.
git clone https://github.com/CiscoDevNet/hello_network

Change to the hello_network directory that you cloned down in the last step.
cd hello_network

included in the repository is a bash shell script called hello_network.sh, run it to verify you have a functioning bash shell.
./hello_network.sh
# Expected Output
Hello Network!

Installing Python 3
====================

Navigate to www.python.org/downloads/windows/.

Click the link “Latest Python 3 Release – Python 3.6.9”.
In the list, download “Windows x86-64 executable installer” (If you are on 32 bit Windows download the x86 version).
Run the downloaded installation file taking the defaults with the following suggestions.
On the first page “Install Python 3.6.9” screen, check the box to “Add Python 3.6 to PATH” at the bottom of the screen.

Verify Python installation
============================
Note: If the following verifications do not work as expected, restart your computer to ensure the updated “PATH” variables are fully applied.

Open a git-bash terminal.
Verify Python 3 was correctly installed. (The py application is the “Python launcher for Windows” that provides an easy method on Windows to identify Python versions)
py -3 -V
# Expected Output
Python 3.6.9

Check the version set as the “Default Python Version”. (The default version is the version of Python that is executed when you enter python).
python -V
# Expected Output
Python 3.6.9

https://developer.cisco.com/learning/modules/dev-setup/dev-win/step/5

Note: To open an interactive Python interpreter you can typically just use the command python at the command prompt. Within git-bash you need to use the command python -i to explicitly start the interactive interpreter.

Python virtual environments
===============================
Before leaving the Python setup, you need to know how to create a Python virtual environment. Python virtual environments are a method of creating isolated “environments” where specific versions of Python can be installed along with independent sets of libraries and dependencies.

Virtual environment usage is very common and is recommended practice when working in Python, and most DevNet labs encourage you to create and work within virtual environments.

Create a Python 3 virtual environment using the venv module included with Python 3.

py -3 -m venv py3-venv
Now “activate” the environment. Look for the name of the virtual environment to be enclosed in parenthesis after activation.

source py3-venv/Scripts/activate
# Expected Output
(py3-venv)
IEUser@IE11Win10 MINGW64 ~/code
Now verify that python is now linked to Python 3

python -V
Python 3.6.9

Deactivate the virtual environment.

deactivate

Installing Node
===================
Navigate to nodejs.org/en/download/ and download the “Windows Installer.”
Run the downloaded installer taking the defaults.

Open a git-bash terminal.

Check the installed node version.

node -v
# Expected Output
v8.11.1

Step 5: Text Editors and IDE
===============================
You probably don’t need two different IDEs…but you might enjoy taking Atom and Visual Studio Code for a side-by-side test run, so we’ve included installation instructions for each

Atom
=========
Installation
Navigate to atom.io

The site should detect your OS and offer you an appropriate download link

Run the downloaded installer taking the defaults

Verification
Once installation finishes, Atom should open and display the interface

Select “Yes, Always” to the question about registering the atom:// URI handler

Visual Studio Code
=====================
Installation
Navigate to code.visualstudio.com

The site should detect your OS and offer you an appropriate download link

Run the downloaded installer taking the defaults

Verification
Once installation finishes, open VS Code to display the main interface

In the upper left, select the Extensions view, search for “python” and install the top hit, i.e. the “Python” extension (by Microsoft)

Step 6: Development Tools and Clients
=========================================
Postman
Installation
Navigate to www.getpostman.com/apps.
Click the download link for “Windows”. (If you are using a 32 bit version of Windows, be sure to change the option.)
Run the downloaded installer taking the defaults.

Verification
Once the installation completes, Postman will open and allow you to sign-up or sign-in. You do NOT need to sign in to use Postman, you can simply click the link “Take me straight to the app. I’ll create an account another time.” to bypass login.

Test that you can make REST API calls with Postman with this fun “Dad Joke” API. Beside the lunch pad click the + sign… Enter https://icanhazdadjoke.com/ into the address bar. Click the “Headers” tab and add an entry for Accept with a value of application/json. Then click “Send” and enjoy your joke 🙂

ngrok Installation
====================
Navigate to ngrok.com/download.
Click the download link for “Windows”. (If you are using a 32 bit version of Windows, be sure to change the option.)
Open the zip file and extract it to the ngrok subdirectory under your user folder.

OpenConnect
=============
If you do not already have Cisco AnyConnect installed, you can install OpenConnect for an open source VPN client to use to connect to DevNet Sandboxes.

Installation
Navigate to the OpenConnect-GUI Releases page.
Download the latest Windows release.
Run the downloaded installer with the following suggestions.
On the “Install Options” page, “Add the openconnect-gui to the system PATH for all users.”
Also on the “Install Options” page, “Create openconnect-gui Desktop Icon.”
Verification
To fully verify OpenConnect installation you’ll need a VPN server to connect to. If you don’t have one handy, go on over to the DevNet Sandbox Catalog and reserve one of our possible sandboxes. Once the reservation is ready, you’ll be provided the VPN credentials to connect to.
Open the OpenConnect GUI, and create a “New profile.” Enter the VPN address as the “Gateway” and “Save & Connect”. You’ll then be prompted for your username and password.

You should now have an active VPN connection to your sandbox, and be able to reach the resources contained within your pod.

Step 7: Application Container Engine
===========================================
Docker
DevNet Express Cloud Collaboration for IT Pros participants can skip Docker installation

Installation
=============
Docker for Windows 10 leverages the Hyper-V feature of the operating system and requires you enable it before Docker for Windows will install and work.
Open the “Turn Windows features on or off” control panel.
Make sure both “Hyper-V Management Tools” and “Hyper-V Platform” are enabled under “Hyper-V”.
Changes to these settings will require a reboot of the workstation.
NOTE: While the Hyper-V feature is enabled on Windows 10, other hypervisor platforms like VirtualBox and VMware Workstation will NOT work.

Navigate to Install Docker Desktop on Windows.
================================================
https://docs.docker.com/docker-for-windows/install-windows-home/

Click “Download from Docker Hub” link. The new page is refreshed with “Docker Desktop for Windows” details.
Click “Get Docker” link to start download.
Run the downloaded installer taking the defaults.

Note:
Please make sure that you will turn ON the virtualization in the BIOS.
If any error occurs during Docker installation, refer to Docker troubleshooting page.

Verification
=============
Open a git-bash terminal.
Enter the following command to start a test container based on the “busybox” image.

docker run busybox

The container will start, and then stop showing no output. Verify it worked with the following command.

docker ps -a
# Sample Output
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d9a3285ba957 busybox “sh” 20 seconds ago Exited (0) 15 seconds ago quizzical_bartik

http://cs.co/dev10

First, clone a repository
The Getting Started project is a simple GitHub repository which contains everything you need to build an image and run it as a container.

Install Git if you don’t have it already.

git clone https://github.com/docker/getting-started.git

Now, build the image
A Docker image is a private file system just for your container. It provides all the files and code your container needs.

cd getting-started
docker build -t docker101tutorial .

Run your first container
Start a container based on the image you built in the previous step. Running a container launches your application with private resources, securely isolated from the rest of your machine.

docker run -d -p 80:80 –name docker-tutorial docker101tutorial

Now save and share your image
You must be signed in to Docker Hub to share your image.
https://hub.docker.com/

 

The next step will be to access this link – https://developer.cisco.com/learning/tracks

using your cisco account. If you dont have one already, create a free Cisco account.

Overlay vs Underlay Networks

Overlay vs Underlay Networks tiptechnologies_6agik4

Difference Between Overlay And Underlay Network In Tabular Form

BASIS OF COMPARISON UNDERLAY NETWORK OVERLAY NETWORK
Description Underlay Network is physical infrastructure above which overlay network is built. An Overlay Network is a virtual network that is built on top of an underlying Network infrastructure/Network layer (the underlay).
Traffic Flow Transmits packets which traverse over network devices like switches and routers. Transmits packets only along the virtual links between the overlay nodes.
Deployment Time Less scalable and time consuming activity to setup new services and functions. Ability to rapidly and incrementally deploy new functions through edge-centric innovations.
Packet Control Hardware oriented. Software oriented.
Packet Encapsulation And Overhead Packet delivery and reliability occurs at layer-3 and layer-4. Needs to encapsulate packets across source and destination, hence incurs additional overhead.
Multipath Forwarding Less scalable options of multipath forwarding. In fact using multiple paths can have associated overhead and complexity. Support for multi-path forwarding within virtual networks.
Managing Multitenancy NAT or VRF based segregation required which may face challenge in big environments. Ability to manage overlapping IP addresses between multiple tenants.
Scalability Less Scalable due to technology limitation. Designed to provide more scalability than underlay network. E.g VLAN (Underlay Network) provides 4096 VLAN support while VXLAN (Overlay Network) provides up to 16 million identifiers.
Packet Delivery Responsible for delivery of packets. Offloaded from delivery of packets.
Protocols Underlay protocols include Ethernet Switching, VLAN, Routing etc. Overlay network protocols include Virtual Extensible LAN (VXLAN), Network Virtualization using Generic Encapsulation (NVGRE), Stateless Transport Tunneling (STT), Generic Routing Encapsulation (GRE), IP multicast and Network Virtualization overlays 3 (NVO3).

 

Old protocols = VLANs and MPLS, are now replaced by VXLAN which is more scalable .

Ref: https://vivadifferences.com/10-difference-between-underlay-and-overlay-networks/

Top 10 Web Application Security Risks

Top 10 Web Application Security Risks tiptechnologies_6agik4

Top 10 Web Application Security Risks

  1. Injection
  2. Broken Authentication
  3. Sensitive Data Exposure

Network and Data Science BootCamp July-Sep 2020

Network and Data Science BootCamp July-Sep 2020 tiptechnologies_6agik4

Would you like to learn about Network Automation, Data Science, use Data for prediction, detection and much more…

Join us in our BootCamp in July.