Posts

Showing posts from November, 2021

GRE Tunnel Configuration on Paloalto Firewall

Image
 GRE Tunnel Configuration on Paloalto Firewall  Network Topology:   Configuration:    devices {     localhost.localdomain {       network {         interface {           ethernet {             ethernet1/1 {               layer3 {                 ipv6 {                   neighbor-discovery {                     router-advertisement {                       enable no;                     }                   }                 }                 ndp-proxy {                   enabled no;                 }                 interface-management-profile mgmt;                 lldp {                   enable no;                 }                 ip {                   192.168.0.111/24;                 }               }             }           }           loopback {             adjust-tcp-mss {               enable no;             }             ip {               11.11.11.111/32;             }             interface-management-profile mgmt;           }           tunnel {             units;          
Post a Comment
Read more

Adding extension to a self-signed x509 certificate and signing a CSR with extensions (basic constraint CA:True/False, key usage, extended key usage, SAN etc.)

Image
Adding extension to a self-signed x509 certificate and signing a CSR with extensions (basic constraint CA:True/False, key usage, extended key usage, SAN etc.) Generating self-signed x509 certificate with extensions(basic constraint, key usage, extended key usage, SAN) :   > openssl req -x509 -nodes -newkey rsa:2048 -keyout key.pem -out certificate.pem -days 1000  -addext "keyUsage = digitalSignature, keyEncipherment, keyCertSign" -addext "extendedKeyUsage = serverAuth" -addext basicConstraints=critical,CA:FALSE -addext "subjectAltName = DNS:tgclean.cisco.com, IP:10.106.72.231" Generating CSR with extensions (basic constraint, key usage, extended key usage, SAN):   >openssl.exe req -x509 -out signing.csr -new -newkey rsa:2048 -nodes -keyout signing.key -addext "keyUsage = digitalSignature, keyEncipherment, keyCertSign"  -addext "extendedKeyUsage = serverAuth" -addext basicConstraints=critical,CA:FALSE -addext "subjectAltName =
Post a Comment
Read more

OSPF-over-IPsec [Fortigate<>SRX]

Image
 OSPF-over-IPsec [Fortigate<>SRX] Topology:    Fortigate: Interface Configuration: config system interface     edit "OSPF-over-ipsec"         set vdom "root"         set ip 1.1.1.8 255.255.255.255         set allowaccess ping         set type tunnel         set remote-ip 1.1.1.200 255.255.255.0         set snmp-index 5         set mtu-override enable         set mtu 1400         set interface "port1"     next end OSPF Configuration: config router ospf     set router-id 1.1.1.8     config area         edit 0.0.0.0         next         edit 0.0.0.1         next     end     config ospf-interface         edit "ipsec-tunnel"             set interface "OSPF-over-ipsec"             set dead-interval 40             set hello-interval 10             set network-type point-to-point         next         edit "port2"             set interface "port2"             set dead-interval 40             set hello-interval 10       
Post a Comment
Read more