Posts tagged: Cisco

Cisco Periodic Reboot Using Perl

A request to reboot a Cisco ASA every week came in today. Under Cisco IOS there is a kroon which would accommodate us here, however there appears to be no such thing under the ASA OS (is it still called FOS?). The next best thing is to run a Perl script which utilises the Net::SSH::Expect module to negotiate the SSH login.

As we are using an ASA without any kind of AAA usernames we also need to get past uplifting our privileges using en.

I’m on a FreeBSD server so I need to install the correct Perl module via the ports first:

# cd /usr/ports/net/p5-Net-SSH-Expect/

# make install

Now we can write and test the script:

#! /usr/bin/perl -w

 

use strict;

use Net::SSH::Expect;

 

my $host_ip = “1.1.1.1”;

my $login_name = “xxxx”;

my $login_password = “yyyy”;

my $en_password = “zzzz”;

 

my $ssh = Net::SSH::Expect->new (

host => $host_ip,

password=> $login_password,

user => $login_name,

raw_pty => 1

);

 

my $login_output = $ssh->login();

if ($login_output !~ /Type help/) {

die “Login has failed. Login output was $login_output”;

}

 

$ssh->send(“en”);

$ssh->waitfor(‘Password:’, 1) or die “prompt ‘Password:’ not found after 1 second”;

$ssh->send($en_password);

$ssh->exec(“reload noconfirm”);

Add the script to the crontab and we’re away!

Managed Services Update

cisco_managed_banner_small

Citrix_consultancy_banner_small

linux_banner_small

We’re starting on our new marketing campaign this week and the subject matter is our 3 core managed service offerings:

Its all go with website updates, new printed literature and technical specs and PDF data sheets brought up to date. The products themselves are not something new for Gconnect but its nice to have it formalised. Our management services utilise our many years of industry experience, ITIL compliant support system, vendor accreditations and certified engineers to provide a reliable, polished experience. So if you need some help with managing those non-mainstream applications and operating systems, let us know!

Work Diary: VPN, VPN and more VPN

This last week has been a week of many VPNs. We started with encrypting our L2TPv3 VPN over  a tunnel based IPSec VPN between two Cisco IOS routers – now my preferred method of site to site VPN. The next configuration was a Cisco ASA to Cisco IOS router which, unfortunately, does not support the tunnel method so a ‘traditional’ style was needed on the router to match up with ASA. Site-to-site VPNs are fairly straightforward but we have  had several requests this week for modifications and changes to Remote Access VPN setups.

The RA VPN can have a lot of configuration to include split tunnelling, split DNS, Active directory Authentication and the list goes on, and on, and on. The requirements this week were for data hair-pinning and reaching other site to site destinations from a remote access user. At Gconnect we have traditionally deployed the Cisco IPSec VPN client mainly due to licensing constraints but recently have bee using the SSL VPN, both client-less and with the AnyConnect client – but as one client found out this week, there is a significant RAM requirement for some of these features.

Gconnect can manage your Cisco IOS and security devices – for more information see here

cisco_partner

Work Diary: Layer2 VPNs

We had an enquiry this week from somebody who had found us on the Cisco website (Thanks Cisco!) who needed a layer2 VPN setting up. As the story unfolded, he wanted a layer2 VPN to run over a couple of broadband lines. This type of VPN solves a lot of problems in certain situations, in his case, there are 2 devices which have only MAC addresses and need to communicate over ethernet. Other uses include, extending the company LAN back to remote sites or home offices – meaning the remote users can use telephone systems, DHCP servers and the like over the link. Normally we would have delivered it over our MPLS network but as we are not the connectivity provider here we had to come up with a new solution. We used a technique using the open standard L2TPv3 (Layer 2 Tunneling Protocol v 3) which supports Layer 2 VPN and pseudo wires and ended up with a fully configured Lab setup deployed on 2 Cisco routers and 2 Gconnect broadband lines.

Gconnect Cisco Consultancy
L2TPv3 Layer 2 Tunneling Protocol v3
Cisco Cloud and Managed Services Partners

Cisco_Powered_Universal_145px_225_RGB

 

Work Diary: A bit of BGP (Border Gateway Protocol)

We manage a couple of BGP Autonomous Systems (AS) for a service provider client. Today we have been advertising some new prefixes out of  1 autonomous system, ensuring that we have multiple connections announcing the same ranges for resiliency and diversity. Gconnect , as Cisco Cloud and Managed Service Partners, can leverage our experience in managing large Cisco networks whilst maintaining controls, checks and balances. Although we use a formal change control process, stringent backup and configuration archiving we are still agile enough to perform an update like this in a couple of hours, rather than days. You can find out more about how the internet is glued together with BGP (Border gateway Protocol) here.

Gconnect Cisco Consultancy
Cisco Cloud and Managed Services Partners

Cisco_Powered_Universal_145px_225_RGB

Gconnect are “Cisco Powered”!

Gconnect have now achieved Cisco Cloud and  Managed Services Express Partner with ‘Cisco Powered’ MPLS-VPN status. What does that mean? Well, Cisco sent down some auditors to check out our processes and procedures along with our technical setup to ensure we are operating in a manner that meets their standards. In order to start the process we also had to meet other pre-requisites such as certified engineers and a proven track record in delivering Cisco based services. Gconnect are the smallest Cisco Cloud and  Managed Services Express Partner in the UK making us the ideal partner for companies wanting the assurance of third party audit and the responsiveness of  small dynamic ISP.

Gconnect MPLS and connectivity products
‘Cisco-Powered’ Information
Cisco Cloud and  Managed Services Information

Cisco_Powered_Universal_145px_225_RGB

Gconnect attain Cisco ‘Select’ partnership status

Gconnect have attained the Cisco Small Business Specialisation making us ‘Select’ partners. This means that we have proved to Cisco we have the skills and experience to service SME’s with products and services ‘fit for and built for’ their needs. The scope covers all aspects of Cisco’s product portfolio including:

  • Switching
  • Routing
  • Collaboration
  • Security
  • Wifi

Gconnect continue to work with Cisco on future projects and accreditations.