Cisco switches (running IOS) have plenty of features that are critical to modern networks. Some are Cisco security features that eliminate several important attack vectors on layer 2. This is arguably the most important defense mechanism because ACLs and security mechanisms on software (layer 7) will sometimes fall short protecting the network because of the extreme complexity of communication up in this layer. So the earlier you close the holes the better! As an example security features like protected ports can…
Posts tagged as “cisco”
In this blog post we will cover IPSEC tunnel between Linux StrongSWAN and Cisco IOS. The strongSWAN config file can copied exactly as is to another server with the IP of Cisco Router and the tunnel will be connected between two linux routers. That is you do not need to change right and left in config files. It will be automatically detected from interface IP address (if available of course) Cisco IOS configuration is very similar to previous post. Here are…
Cisco GRE over IPSEC In the following is a sample configuration for GRE/IPSEC in Cisco IOS devices. you can tailor this to your needs (changing encryption algorithms, IP addresses etc), just remember to make sure they are the same on both sides (except for IP of course). In later posts we will discover how to do this scenario in other platforms like Cisco ASA and StrongSWAN on Linux.