cisco – Webex not using DNSSEC

our government issued a statement that all video/voice online enabling software needs to use DNSSEC for all address translations and all used DNS servers need to support DNSSEC.

I tried few DNSSEC checkers and analyzers (https://dnssec-analyzer.verisignlabs.com/www.webex.com) for “my_organization.webex.com” or even “webex.com” and to me it seems like this domain doesn’t use/support DNSSEC.

I can’t find any relevant information on Cisco/Webex website.

I for one can’t believe Cisco Webex wouldn’t use DNSSEC so my question is: Am I missing something? Or is there a reason to not use it?

Thank you

Cisco acquires cloud security company OpenDNS for $635M

Hi Guys

Cisco has acquired cloud security firm OpenDNS for $635M, see this VentureBeat article:

http://venturebeat.com/2015/06/30/cisco-acquires-cloud-security-company-opendns-for-635m/

OpenDNS routes customers’ Internet connections through its own servers and blocks malicious activity at its end.

Can Cisco ASA PBR route to specific IP/port?

I am working on setting up PBR on our ASA-5505, and was trying to figure out if this scenario is possible.

  1. Traffic coming in via one public externa IP on port 443.
  2. ASA identify traffic via ACL and uses PBR to route traffic using next-hop IP

Question, is it possible to specify a destination port in step 2?

Basically I want so setup 2 PBR where step 1 is the same, but 2 would route traffic to same IP but different ports.

Disclaimer: I normally do not work with this kind of stuff. Nothing can go wrong. :-]

mac osx – IPSec Cisco VPN on macOS not hide my public IP, is it causes by macos vpn client?

I have 2 vpn, first one is on Cisco and second one is strongswan. In both case I have protocol IPsec. I configured connection to both vpn on my macbook – macOS Big Sur 11.0.1. I use default macOS client for vpn. I found that my public address IP not change after I connect to one of this vpn. I verified that case by using site https://www.whatismyip.com/ where my public ip was showed instead of address of vpn when I connected to that vpn. So I would like to ask you to help me find where what cause that my public Ip is not hide behind vpn IP. I need this feature of hidin IP because I want to add this VPN IP to whitelist in my htaccess on wordpress. Till now I tried various things: First I thought that problem is with vpn client on macOS, because in another type vpn we can find option Send all traffic over VPN (source: https://ingerslev.io/2019-11-05-routing-macos-vpn-traffic/). Similar case I found for windows (IKEV2 VPN doesn’t hides real IP from Windows client) where “Use default gateway on remote network”.

Unfortunately for IPsec I cannot find option “Send all traffic over VPN” on MacOS, which I am guessing is causes of not hiding my real public IP.

I also checked my routing my command netstat -rn, I attached part of it, which showing default gateway

before vpn 
Internet:
Destination        Gateway            Flags        Netif Expire
default            192.168.1.1        UGSc           en0

after vpn
Destination        Gateway            Flags        Netif Expire
default            192.168.1.1        UGSc           en0
default            link#16            UCSI         utun2

Cisco ASA ,CVE-2020-3452 – Information Security Stack Exchange

Stack Exchange Network


Stack Exchange network consists of 176 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Visit Stack Exchange

network – Seeking Advice/Guidance on configuring VPN to Ubiquiti USG behind Cisco Meraki

Abstract:

Access the USG network via VPN, through a Meraki MX84.

Summary:

I am currently working on setting up some new hardware and re-configuring a network that I am responsible for.

The objective is to have an individual VPN into the USG network.

The USG is on it’s own network behind a Meraki MX84.

The USG is connected to the MX84 via a VLAN configured port (configured within the Meraki Dashboard).

The USG Network can be accessed when connected to the local network that the Meraki is connected to, and can also be accessed when VPNing to the Meraki,

but

I seek to allow a user to VPN directly to the USG network through the MX84, without having to VPN to the Meraki first (without having to double VPN).

Ramblings:

I must admit that this is new to me. I have a general understanding of networking, but a lot of this in unfamiliar grounds.

On the USG side, there are two settings for a VPN (well, three actually, but one doesn’t work with this): Remote VPN and Site-2-site VPN.

I have two different thoughts about this,

I could setup the USG with a Remote VPN and have those seeking to connect with the USG be pushed/ported through via rules on the Meraki,

or

I could link the Meraki and USG via a site-2-site VPN connection via a VLAN.

My Troubles:

I’m not sure which is the best approach.

Also, all of the VPN clients I have used ask for an IP or Name Server (DNS, Domain Name, why is there no standard?), yet, from my understanding, we, via our ISP, are only given one IP address, and the Meraki itself can be given a Domain Name that matches that IP address (as it is set in the settings of the Dashboard), so I am not sure how a remote user can actually get to the USG via a VPN client if the USG isn’t actually visible on the internet.

Another thing, once a remote user connects to the Meraki, how does the Meraki know which data to send to the USG VLAN if all the data is coming from one source without anything distinguishing it from the other data? I recognize that there is a chain in the way data moves through routers and the such, but from my position, how am I to tell my simple VPN client “Go to (IP), and THEN go to (IP).”

I assume there are rules that can be set within the Meraki that will sort all of this out.

I assume I am thinking too hard about this, and/or don’t have enough experience.

HP switch module / Cisco switch modules

Please guide me on which manufacture is best for the 24-Port Switch module. HP switch module or Cisco switch modules.

linux – Connecting to server through SSH, disconnects outbound Cisco AnyConnect VPN on the same server

I have a server that hosts several front ends and APIs, and these APIs need AnyConnect VPN to be able to get access to a remote database.
For the last 2 weeks though (After a complete server restart I suspect) when I connect to my server by SSH, this VPN is disconnected and needs to be manually reconnected, which causes disruptions with the API’s and has been bringing a lot of downtime. Has anyone encountered a similar problem?

I know for a fact that before these last 2 weeks, connecting to the server through SSH was fine and caused no issues with the VPN connection. The only cause I can think of, is that because the connection has been up for months on end, maybe after a reconnect, it did auto updates that changed some settings that created this SSH issue, or that the server restart changed something related to IP routing

After going through the release notes of the different versions, I can see a difference from 4.7(what I believe was the version the VPN was using) to 4.9 (the most recent version):
“Using VPN CLI without GUI sessions (for example SSH) is not supported.”
This specific line was not on version 4.7 and lower. Could this be a potential reason?

After looking at more people encountering problems with ssh into a server with a VPN connection, I found this https://serverfault.com/a/660106/603910 , which states:
“The idea is that currently when you connect to your public IP address, the return packets are being routed over the VPN. You need to force these packets to be routed over your public interface”

Sadly I am unable to try this at the moment, as it is the busiest month for the company so the server needs to be up and running at all times,plus I am afraid to change with its settings and mess something up since I have no experience with IP configuration without being sure of what it will do. I might try it in the future if I feel more confident or get desperate and give a further update, however I would appreciate if someone would give their input, if they think that potential solution would apply for me.

Cisco ASA will not route INSIDE to OUTSIDE

I am learning ASA and have set up a basic topology to learn. I can’t seem to get my ASA to route or even ping from the inside to the outside. I am trying to ping from LN1_PC to the HQ Router so I can get basic communications working. I appreciate if anyone can help.

I have checked the following but I am not sure if my config is correct

Interfaces are up

Routes are in

NAT is there

Security level is set for INSIDE, OUTSIDE, DMZ

ICMP is allowed

I can ping from HQ to ASAs ETH0 interface

Cannot ping from LN1_PC to any outside interface, router or to the webserver.

Topology

https://www.imgpaste.net/image/OzvHU

ASA Run config

https://pastebin.com/8eQCHxC4

cisco – inter vlan routing and access switch default gateway

I have a question. If we have 5 2960 layer 2 switches with vlans 2,3,4,5,6 that they are connected via trunk port to 3850 and we’ve created vlans(2,3,4,5,6) on 3850 and gave them an ip each in it’s vlan range. They all need to ping each other. does we need to set default gateway on 2960 to it’s vlan ip on 3850? or we just need to set that IP on clients in each vlan?
If we make vlan 1 as management does we need to set a default gateway for it?
Thank you in advance