In this post, I recorded all steps regarding how to launch a free tier AWS instance and how to use a client to access the instance.
1. Launch a EC2 Instance
1.1 Access Amazon AWS site :
Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow. Millions of users are currently leveraging AWS cloud products and solutions to build sophisticated applications with increased flexibility, scalability and reliability.
In this post, I recorded all steps regarding how to launch a free tier AWS instance and how to use a client to access the instance. 1. Launch a EC2 Instance 1.1 Access Amazon AWS site :
0 Comments
I was looking for some online tools to create impressive AWS diagram for my learning process. Most of online diagram websites provide certain free usages. In my My Top Internet / Network Tools post, I mentioned following online diagram drawing websites which I used before:
Here are some good AWS diagram websites I found useful to me. 1. AWS 3D Diagram from Cloudcraft.coIt is quite impressive when I started to make my first diagram. Limit grid size is a big pain when you try to draw a detail diagram for your AWS VPC, but it is good enough to draw a three tier application deployment. Cloudcraft allows registered user to create AWS diagrams for free using all available components with some feature limited. Upgrade to Cloudcraft Pro for import of live AWS data and unlimited size diagrams. It can automatically calculate the cost for your design, and also provides live connection to your AWS account. The smart components feature makes it much easier to connect other components you lay on the grid than any other websites I tried. Love it. So far, I think it is best site for me . Monthly $49 can get your subscription to pro level to unlock those restrictions. 3. Building a scalable AWS architecture (ELB, ASG, RDS)
You may need NAT for VPN. Two types NAT methods: NAT Instance and NAT Gateway
AWS has a good documentation Quick Start deployment guide which present a good example to build a VPC environment with the following features:
What is Differences between IKEv1 and IKE v2?
1. Different negotiation processes − IKEv1
Issue Symptons:
root@fw-mgmt-2> show security policies hit-count node1: -------------------------------------------------------------------------- Logical system: root-logical-system Index From zone To zone Name Policy count 1 Vlan2 Vlan1 Baramondi_Monitor 0 2 Vlan2 Vlan1 10 4428 3 Vlan2 Vlan1 50 0 4 Vlan2 Vlan1 40 11136 5 Vlan2 Vlan1 default-logdrop 0 6 Vlan2 Vlan1 53 2007 7 Vlan2 Vlan1 54 0 8 Vlan2 Vlan1 55 0 9 Vlan2 MGMT 6 538 10 Vlan2 MGMT 23 0 11 Vlan2 MGMT 74 2 12 Vlan2 MGMT default-logdrop 81 13 Office Vlan1 default-logdrop 0 14 Office Vlan1 60 447 15 Office Vlan1 Office_Archive 0 16 Office Vlan1 58 0 17 Office Vlan1 Baramondi_Monitor-1 0 18 Office MGMT Office_Archive-1 0 19 Office MGMT default-logdrop 0 20 Vlan1 Vlan2 Baramondi_Rules 0 21 Vlan1 Vlan2 VA 0 22 Vlan1 Vlan2 A_Office_2_Vlan2 292 23 Vlan1 Vlan2 default-logdrop 1696 24 Vlan1 Office VA-1 0 25 Vlan1 Office Baramondi_Rules-1 0 26 Vlan1 Office Device-Zone-1 0 27 Vlan1 Office 4 1299 28 Vlan1 Office default-logdrop 0 ........ It is clearly there is hit counts on SRX itself, but they are not being pulled/pushed into Space. Log collecter has beenconfigured and it is receiving logs from this SRX.
Cisco IOS command list is getting longer , and it has been split into two posts:
1. Auto secureCisco also provides a One-step lockdown-like feature at the command line! This feature is called AutoSecure. It uses the command shown below:auto secure [management | forwarding] [no-interact | full] [ntp | login | ssh | firewall | tcp-intercept] 2. Change Site-to-Site VPN Idle time out to 5 minutes For IOS Router
For ASA
There was a VPN issue to troubleshoot recently. It was between Juniper SRX and Cisco Router. It seems straightforward but it took quite a long time to troubleshoot because of communication. All steps listed here for my future reference.
Some other related posts:
Diagram
1. Enabled Debugging on Cisco IOS Router
vpn-R1#debug crypto ipsec
Crypto IPSEC debugging is on
vpn-R1#debug crypto isakmp
Crypto ISAKMP debugging is on
vpn-R1#debug crypto engine
Crypto Engine debugging is on
vpn-R1#terminal monitor
|
|