0

How-to : Integrate Cisco Easy VPN authentication with Microsoft NPS RADIUS on Windows Server 2008 R2

-

In this article will go through configuration of Cisco Easy VPN along with Microsoft NPS RADIUS on Windows Server 2008 R2.

Article covers:

  1. Basic information about Cisco Easy VPN
  2. Cisco IOS router configuration for Easy VPN
  3. Windows Server 2008 R2 NPS and RADIUS configuration

Let’s go…

(more…)

0

Apps : Cisco7PCF for Windows

-

Just released small app for Windows platform. This app allows to decrypt type 7 password from Cisco devices as well as passwords from Cisco VPN profiles (PCF files).

Password which can be recovered using this app:

  • wireless keys fro Cisco access points,
  • RADIUS/TACACS shared secrets
  • NTP authentication keys
  • Enable passwords (NOT enable secrets, which are stored using MD5)
  • enc_GroupPwd – VPN group password from PCF file
  • enc_UserPassword – VPN user password from PCF file

Application also allows to store password and/or send tchem via email after decryption.

You can find app in Windows Store:

Cisco Password Decryptor

0

Config snippets : Cisco: Reload command might be handy

-

Few times in the past when I was doing some changes on Cisco devices remotely I was a victim of myself, when wrong order of commands just disconnected me from device without ability to connect back. After few experiences of this kind I discovered magic command “reload” which can help and save the day.

So, when doing changes which can impact remote terminal connection to device it’s a good idea to initiate reload before making changes. In case something goes wrong device will reboot itself and will come back with previous configuration.

lab-r01#
lab-r01#reload in 15
Reload scheduled in 15 minutes by admin on console
Reload reason: Reload Command
Proceed with reload? [confirm]
lab-r01#
*Mar  1 03:11:11.659: %SYS-5-SCHEDULED_RELOAD: Reload requested for 03:26:09 UTC Fri Mar 1 2002 at 03:11:09 UTC Fri Mar 1 2002 by admin on console. Reload Reason: Reload Command.
lab-r01#

Once everything is configured and connectivity to device was not lost we can cancel reload process.

lab-r01#
lab-r01#reload cancel
lab-r01#

***
*** --- SHUTDOWN ABORTED ---
***

*Mar  1 03:11:19.415: %SYS-5-SCHEDULED_RELOAD_CANCELLED: Scheduled reload cancelled at 03:11:19 UTC Fri Mar 1 2002
lab-r01#

It is very helpful and can save time and rescue from trouble.

0

Config snippets : Setting NTP server on Cisco IOS device

-

Quick config snippet to setup external NTP server to synchronize time on Cisco IOS router.

labisr-01(config)#ip name-server 4.2.2.2
labisr-01(config)#ntp server 0.europe.pool.ntp.org
Translating "0.europe.pool.ntp.org"...domain server (4.2.2.2) [OK]
labisr-01(config)#clock timezone GMT 0
labisr-01(config)#
Please note that first I setup nameserver on router to be able to resolve NTP server FQDN.

Once NTP server is set we can check status of it:

labisr-01#sh ntp associations
address         ref clock     st  when  poll reach  delay  offset    disp
*~88.191.227.26    82.197.188.130    3    37    64  377    38.7    2.04     1.4
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
labisr-01#
labisr-01#sh ntp status
Clock is synchronized, stratum 4, reference is 88.191.227.26
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18
reference time is D442C30E.7A93ED17 (22:58:22.478 GMT Mon Nov 5 2012)
clock offset is 2.0449 msec, root delay is 71.69 msec
root dispersion is 61.25 msec, peer dispersion is 1.36 msec
labisr-01#
0

Config snippets : Timezones for Cisco devices

-

One thing which came handy for me was list of timezones I can use on Cisco devices. That came very useful during NTP deployment. So, here is is… timezones available for use on Cisco platform.

(more…)