Installation of CME software
After you download the .zip CME software file from Cisco, uncompress the file on a local TFTP server. You will get several individual files and several TAR archives. We assume the TFTP server is at 192.168.10.1 and has access to the CallManager router.
For individual files:
Use the regular copy command to transfer the file from TFTP to the router’s flash:
Example:
Router# copy tftp://192.168.10.1/P00307020300.sbn flash:
For TAR archive files:
Use the archive command to transfer the files and extract them at the same time to the router’s flash:
Example:
To transfer the Basic Files tar archive (cme-basic-3.0.3.tar) to callmanager router:
Router# archive tar /xtract tftp://192.168.10.1/cme-basic-3.0.3.tar flash:
After all required files are installed, use the “show flash” command to list the files installed on flash memory.
Monday, February 9, 2009
Configuring Connection Limits on Cisco ASA Firewalls
STEP1: Identify the traffic to apply connection limits using a class map
ASA(config)# access list CONNS-ACL extended permit ip any 10.1.1.1 255.255.255.255ASA(config)# class-map CONNS-MAPASA(config-cmap)# match access-list CONNS-ACL
STEP2: Add a policy map to set the actions to take on the class map traffic
ASA(config)# policy-map CONNS-POLICYASA(config-pmap)# class CONNS-MAP! The following sets connection number limitsASA(config-pmap-c)# set connection {[conn-max n] [embryonic-conn-max n][per-client-embryonic-max n] [per-client-max n] [random-sequence-number {enable disable}]}
where the conn-max n argument sets the maximum number of simultaneous TCP and/or UDP connections that are allowed, between 0 and 65535.
The embryonic-conn-max n argument sets the maximum number of simultaneous embryonic connections allowed, between 0 and 65535.
The per-client-embryonic-max n argument sets the maximum number of simultaneous embryonic connections allowed per client, between 0 and 65535.
The per-client-max n argument sets the maximum number of simultaneous connections allowed per client, between 0 and 65535.
! The following sets connection timeoutsASA(config-pmap-c)# set connection timeout {[embryonic hh:mm:ss] {tcp hh:mm:ss[reset]] [half-closed hh:mm:ss] [dcd hh:mm:ss [max_retries]]}
STEP3: Apply the Policy on one or more interfaces or Globaly
ASA(config)# service-policy CONNS-POLICY {global interface interface_name}
ASA(config)# access list CONNS-ACL extended permit ip any 10.1.1.1 255.255.255.255ASA(config)# class-map CONNS-MAPASA(config-cmap)# match access-list CONNS-ACL
STEP2: Add a policy map to set the actions to take on the class map traffic
ASA(config)# policy-map CONNS-POLICYASA(config-pmap)# class CONNS-MAP! The following sets connection number limitsASA(config-pmap-c)# set connection {[conn-max n] [embryonic-conn-max n][per-client-embryonic-max n] [per-client-max n] [random-sequence-number {enable disable}]}
where the conn-max n argument sets the maximum number of simultaneous TCP and/or UDP connections that are allowed, between 0 and 65535.
The embryonic-conn-max n argument sets the maximum number of simultaneous embryonic connections allowed, between 0 and 65535.
The per-client-embryonic-max n argument sets the maximum number of simultaneous embryonic connections allowed per client, between 0 and 65535.
The per-client-max n argument sets the maximum number of simultaneous connections allowed per client, between 0 and 65535.
! The following sets connection timeoutsASA(config-pmap-c)# set connection timeout {[embryonic hh:mm:ss] {tcp hh:mm:ss[reset]] [half-closed hh:mm:ss] [dcd hh:mm:ss [max_retries]]}
STEP3: Apply the Policy on one or more interfaces or Globaly
ASA(config)# service-policy CONNS-POLICY {global interface interface_name}
Sunday, February 8, 2009
how to make public servers secure so that they can be accessed through LAN and WAN at the same time
it is possible through DMZ.
In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet. One or more computers also run outside the firewall, in the DMZ. Those computers on the outside intercept traffic and broker requests for the rest of the LAN, adding an extra layer of protection for computers behind the firewall.
In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet. One or more computers also run outside the firewall, in the DMZ. Those computers on the outside intercept traffic and broker requests for the rest of the LAN, adding an extra layer of protection for computers behind the firewall.
Subscribe to:
Comments (Atom)
