Jump to content
Sadikhov IT Certification forums

jalakampradeep

Members
  • Content Count

    50
  • Joined

  • Last visited

Community Reputation

0 Neutral

About jalakampradeep

  • Rank
    Member
  1. jalakampradeep

    Router Advertisements

    Dear All, As I was studying about IPV6 neighbor discovery mechanism, in one of the article I saw that the unsolicited router advertisements sent to all hosts multicast address is harmful as it would lead to possible DOS attacks. Hence solicited router advertisements in response to router solicitation are acceptable. So my doubt is if this is the case when any configuration changes are being done in router, how does it alerts all nodes. Thanks in advance for your replies
  2. jalakampradeep

    SSL

    Hi Everyone, While studying the securing a website using a SSL I got sucked in the middle as I was having a confusion. My confusion was how does the message integrity was achieved in this as I understood that the web browser and web server both gets a secret key for encryption/decryption and which key will be used for signing a message for integrity check. Below are the steps involved between web browser and web server: 1) The browser now creates a "premaster secret" that will be used to encrypt the rest of the session. This is a random key that it encrypts using the agreed upon encryption method (see left side panel) combined with the server's public key string that it recieved and sends the new encrypted secret string back to the server 2) With the new "premaster secret" string, both the browser and the web site server create a new "master secret" string and use it to create session keys (long strings of generated characters) that their encryption programs use for the rest of the session to scramble and descramble (or encrypt/decrypt) all transmissions for the rest of the session. With the Master Secret key in place, both sides are also able to verify that the data didn't change in route. 3) The browser now has the information it needs to establish secure communication and it sends a message to the server saying that it will start using the new session key. 4) The browser (now talking in the encrypted format) verifies to the web server that it is finished locking / securing it's part of the session. 5) The web server then sends a message to the browser saying that it too will start using the new session key. 6) The web server (now talking in the encrypted format) verifies to the browser that it is finished locking / securing it's part of the session And one more thing whether the client/web browser needs to get the CA certificate to identify that the certificate sent by the web server was issued by the trusted CA. Plz reply to query as early as possible. Awaiting your response.
  3. jalakampradeep

    URL FILTERING

    Hi Laf_c Thanks for your reply.In my scenario which i tested using the above mentioned config it is blocking me from getting into the router R1.As per my understanding it should allow me to get into the router R1 but when i navigate to show diagonostics tool which contains LOG keyword in the URI than it should be blocked due to content filtering service but it is not happening.Plz let me know anything wrong in my config.Thanks in advance for your reply.Awaiting your response.
  4. jalakampradeep

    URL FILTERING

    Dear all, I configured URL filtering policy in router and below are the config done in router. My topology is R1àR2àPC As per the below mentioned parameter map which I configured matches LOG option. Hence while logging in to the router R1via web browser which is connected to R2 from PC the web page displays that it is blocked due to content filtering service. My intention is that the web page should be opened and if at all I am clicking the Log option (i.e. Show diagnostics tool) than it should be blocked because my pattern map matches LOG option & also I defined in URLfilter classmap saying match url-keyword urlf-glob LOG. Where the LOG is parameter map name. Kindly let me know anything wrong in my configuration. Thanks in advance for your reply. Awaiting your response. R2#sh running-config Building configuration... Current configuration : 2306 bytes ! ! Last configuration change at 04:54:28 UTC Fri Feb 11 2011 ! upgrade fpd auto version 15.0 parser config cache interface service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! ip source-route ip cef ! ! ! ! no ipv6 cef ! multilink bundle-name authenticated parameter-map type urlfpolicy local URLFILTER block-page message "Dont Even Try To Go There" parameter-map type urlf-glob LOG pattern log ! ! ! ! ! ! ! ! ! redundancy ! ! ! class-map type urlfilter match-any SOCIAL match url-keyword urlf-glob LOG class-map type inspect match-all WEB match protocol http ! ! policy-map type inspect urlfilter SOCIAL parameter type urlfpolicy local URLFILTER class type urlfilter SOCIAL log reset policy-map type inspect policy-new class type inspect WEB inspect service-policy urlfilter SOCIAL class class-default drop ! zone security inside zone security outside zone-pair security IN-OUT source inside destination outside service-policy type inspect policy-new ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.10.1 255.255.255.0 zone-member security inside duplex auto speed auto ! ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ! interface Serial1/0 ip address 192.168.20.2 255.255.255.0 zone-member security outside clock rate 64000 ! ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! ! interface Serial1/4 no ip address shutdown serial restart-delay 0 ! ! interface Serial1/5 no ip address shutdown serial restart-delay 0 ! ! interface Serial1/6 no ip address shutdown serial restart-delay 0 ! ! interface Serial1/7 no ip address shutdown serial restart-delay 0 ! ! ! ! router eigrp 10 network 192.168.10.1 0.0.0.0 network 192.168.20.2 0.0.0.0 ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ! ! ! ! ! ! ! control-plane ! ! ! mgcp fax t38 ecm mgcp behavior g729-variants static-pt ! ! ! gatekeeper shutdown ! ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! end
  5. jalakampradeep

    IPSEC VPN

    Hi All, Can anyone tell me which key is used for actual data traffic encryption in an IPSec VPN.In IPSEC VPN if we use shared secret key for peer authentication the session key will be shared between the peers in IKE phase 1.Will this key be used for actual data encryption or any other.As one of my colleague said data encryption will be done using the key which is generated by symmetric algorithms like DES,3DES...etc.Thanks in advance for your reply.Awaiting your response.
  6. jalakampradeep

    802.1q tunnel

    Hi Chrcel, Thanks for your reply.The link which u posted i read already but my confusion is how can i provide the internet access via 802.1q tunnel by using native lan.Kindly help me out the configuration with some scenario.Thanks a lot for your advanced reply.Awaiting your response.
  7. jalakampradeep

    802.1q tunnel

    Hi Guys, Thanks for your reply,Can u plz explain the configuration with some example because i got confused.Awaiting your response.Thanks in advance for your reply.
  8. jalakampradeep

    802.1q tunnel

    Dear All, I am working in service provider and we have given VPN connections to the customer using switches with the help of 802.1q tunnel mechanism. Now they are requesting for internet access also. Is it possible to provide an internet access for the customers using 802.1q tunnel. I heard it can done by using native vlans, i am not pretty sure about the configuration.If so please help me out with some example. Thanks in advance for your reply. Awaiting your swift response.
  9. HI Everyone, Currently i am concentrating on VPN topics.Today i saw a lab stating the Peer authentication by using RSA signatures,in this they explained site to site IPsec VPN by configuring router as a CA(certificate authority) server.I got a doubt while studying the notes that they mentioned the Simple Certificate Enrolment Protocol (SCEP) is the default one used for enrollment.Can anyone tell me how SCEP really works and how to find whether the router supports SCEP or not. If it doesn't support what other method i can use.Your reply is awaited.Thanks in advance for your reply.
  10. jalakampradeep

    IPsec VPN

    Hi Everyone, I have a doubt in ipsec vpn ,can I configure the ipsec vpn without the quick mode negotiation.Any command to configure the same.Is really a quick mode negotiation is required.Kindly let me know this stuff.Thanks in advance for your reply.Awaiting your response.
  11. jalakampradeep

    GRE Tunnel with VRF

    Hi Meigloo, Can u Plz post the configuration of the above scenario which u stated.Thanks for ur reply.Awaiting your response.
  12. jalakampradeep

    GRE Tunnel with VRF

    Hi Meigloo, Can u plz explain with an example,how exactly it works.Thanks for your reply.Awaiting your response.
  13. jalakampradeep

    GRE Tunnel with VRF

    HI everyone, Can anyone explain me how exactly the GRE Tunnel with VRF works?As i read few documents and in all the examples the tunnel has been established from CE to PE router.For example in the topology CE1-----CE2-----PE1-----PE2----CE3 in this the GRE Tunnel with VRF was established between the CE1 & PE1.Can we establish the same in betweem PE1 & PE2.If i'm wrong kindly let me know in which scenarios we exactly use this GRE Tunnel with VRF & what is the use of it?Thanks in advance for your reply.Awaiting your response at the earliest.
  14. jalakampradeep

    Aggregated FEC in MPLS

    Hi everyone, When i was doing some labs on MPLS,Suddenly i went through the feature of Aggregated FEC and i'm very much confused in doing that lab.Kindly plz assist me if anyone knows this stuff.For your information I'm attaching the PPT of Aggregated FEC,kindly go through and let me know plz how i can do this lab.Thanks a lot in advance for your reply.Awaiting your response. mpls-4.ppt
  15. jalakampradeep

    MPLS TTL

    Hi Meigloo, What exactly that 'POP' & '1' in the above command refers to?What this command does?Kindly explain with an eg.Awaiting your response.
×