This is a very basic configuration example for a site-to-site IPSec VPN. You should understand what the parameters mean, before you set it up for production.
Lately I stumbled upon a Cisco 877 security hardening guide. The suggestion is to block (via source IP) private, reserved and unallocated IP ranges. I will explain why this is a bad idea and how to properly block malicious traffic.
When you have two or more 3750 in a Stack Configuration and need to upgrade the image, you will have a long service disruption (it can take about 7 – 10 minutes, because – depending on the image – the bootloader will be upgraded too and POST tests also take their time). However, if you have a redundant configuration, you can limit the downtime to a few seconds.
We have a wireless network with about 80 APs and 2 4404 WLC’s running, however, we ran into several issue when working with the Wireless Controllers.
In this post I will talk about ICMP unreachables, the security concerns about them and why you shouldn’t disable it on your routing boxes.