Using Ansible for Automated Network Testing

The problem with making changes to any decent-sized network, which is running a routing protocol such as OSPF, is that in order to fully verify the change you will need to log into every device in the network and verify that your change has worked. This post shows how Ansible can be used to perform basic tests on Cisco IOS devices.
Continue reading

Permanent link to this article: https://www.crypt.gen.nz/2017/11/26/using-ansible-for-automated-network-testing/

ciscoios-acl – A Fail2ban Module for Managing Cisco IOS ACLs

I’ve been using fail2ban to protect a number of services from external attacks. The software works well, but what I wanted to do is to have fail2ban update an ACL on a Cisco IOS router rather then the IPtables on the host itself. Here’s the code and some tips on setting it up.
Continue reading

Permanent link to this article: https://www.crypt.gen.nz/2017/09/20/ciscoios-acl-a-fail2ban-module-for-managing-cisco-ios-acls/

Blanket Box

I made a pair of these blanket boxes a few years ago, and finally got around to taking photos and publishing the result.
Continue reading

Permanent link to this article: https://www.crypt.gen.nz/2017/09/09/blanket-box/

Dual Stack Policy Rules on Cisco IOS Zone-Based Firewall

The Cisco Zone-based firewall was derived from the old “firewall feature set” and allows the administrator to define firewall rules based on zones, where each zone may contain one or more logical interfaces. Using Cisco’s zone-based firewall isn’t as easy as many other solutions (e.g. Juniper SRX, Cisco ASA), and recently I needed to configure one which was to pass both IPv4 and IPv6 services. Here’s an example of how it’s done.
Continue reading

Permanent link to this article: https://www.crypt.gen.nz/2017/09/09/dual-stack-policy-rules-on-cisco-ios-zone-based-firewall/

New Zealand Wood Pigeon – Kereru

Every year these large pigeons come and eat the new shoots from the trees around our house. Here’s a picture of a recent visitor.

Continue reading

Permanent link to this article: https://www.crypt.gen.nz/2017/08/20/new-zealand-wood-pigeon-kereru/

Restricting Management Access to Fortigate Firewalls

Sometimes it’s just unavoidable that you need to do in-band management of firewalls. This is particularly the case if the firewall is hosted externally – such as within AWS. Here’s a quick recipe on restricting management access to the Fortigate firewall.
Continue reading

Permanent link to this article: https://www.crypt.gen.nz/2017/08/18/restricting-management-access-to-fortigate-firewalls/

Juniper OSPF and Unexpected Features

I had an interesting situation in a lab environment the other day. It seems Juniper has been tweaking how OSPF works with their routers with some interesting consequences.
Continue reading

Permanent link to this article: https://www.crypt.gen.nz/2017/08/08/juniper-ospf-and-unexpected-features/

Cisco ASA 5505 – Dual Internet Connections with a Base Licence

The client’s requirements were simple: they had an existing Cisco ASA 5505 with a base and unlimited users licence connected to the Internet with a PPPoE interface over ADSL. They wanted to add more bandwidth and redundancy so decided to add an additional 100mbps fibre link. Is it possible? Read on …
Continue reading

Permanent link to this article: https://www.crypt.gen.nz/2017/08/01/cisco-asa-5505-dual-internet-connections-with-a-base-licence/

Small Coffee Table

A recently-finished woodwork project.
Continue reading

Permanent link to this article: https://www.crypt.gen.nz/2017/07/01/small-coffee-table/

Juniper Filter-based VLANs

So during my efforts to study for the Juniper JNCIP-Ent ( Enterprise Routing & Switching ) exam, I happened to come across a Juniper switching feature called Filter-based VLANs.

In normal VLAN-based switching, a device’s assigned VLAN is configured on it’s access port and can’t be changed no matter what is connected to that port.

Filter-based VLANs work a bit differently – they allow the engineer to map the VLAN based on packet properties.
Continue reading

Permanent link to this article: https://www.crypt.gen.nz/2017/06/27/juniper-filter-based-vlans/