http://www.kuncar.net/blog Wed, 12 May 2010 00:09:53 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 http://www.kuncar.net/blog/ipsec-general-principles-overwiev/2009/ http://www.kuncar.net/blog/ipsec-general-principles-overwiev/2009/#comments Tue, 30 Jun 2009 15:10:39 +0000 tnk http://www.kuncar.net/blog/?p=336 http://www.kuncar.net/blog/ipsec-general-principles-overwiev/2009/feed/ 0 http://www.kuncar.net/blog/l2tp-over-ipsec-scenario/2009/ http://www.kuncar.net/blog/l2tp-over-ipsec-scenario/2009/#comments Sat, 09 May 2009 23:59:14 +0000 tnk http://www.kuncar.net/blog/?p=77 http://www.kuncar.net/blog/l2tp-over-ipsec-scenario/2009/feed/ 5 http://www.kuncar.net/blog/some-greipsec-and-basic-qos-scenarios-on-ar-19-x-and-vrp-520-part-ii/2009/ http://www.kuncar.net/blog/some-greipsec-and-basic-qos-scenarios-on-ar-19-x-and-vrp-520-part-ii/2009/#comments Fri, 20 Mar 2009 16:51:17 +0000 tnk http://www.kuncar.net/blog/?p=52 So after previous post the whole setup should be working. But there are some things to be done yet. The heading says that the missing part is the QoS. So let's have a closer look. Step one is easy - just create some ACLs to match the traffic in our case it is goes like this: # acl number 3001 name black rule]]> http://www.kuncar.net/blog/some-greipsec-and-basic-qos-scenarios-on-ar-19-x-and-vrp-520-part-ii/2009/feed/ 0 http://www.kuncar.net/blog/troubleshooting-ipsec-on-huawei-routers/2009/ http://www.kuncar.net/blog/troubleshooting-ipsec-on-huawei-routers/2009/#comments Sun, 11 Jan 2009 00:23:07 +0000 tnk http://www.kuncar.net/blog/?p=62 Ok so in my previous posts I described the most common config of IPsec with IKE. For troubleshooting this config there are few simple things one should check for basic troubleshoot. No. 1 Check display IKE sa command in user view Output of this command should show you two IKE entries. It is necessary to be two because if there is]]> http://www.kuncar.net/blog/troubleshooting-ipsec-on-huawei-routers/2009/feed/ 3 http://www.kuncar.net/blog/some-gre-ipsec-and-basic-qos-ar-19-x-and-vrp-520-part-i/2008/ http://www.kuncar.net/blog/some-gre-ipsec-and-basic-qos-ar-19-x-and-vrp-520-part-i/2008/#comments Thu, 25 Dec 2008 02:21:29 +0000 tnk http://www.kuncar.net/blog/?p=44 As I promised there goes some stuff I was having fun with lately. Followingscenario is from real life and includes some interesting combinations of features. The problem is stated as follows:

1. AR 19-X is a CPE that is connected to ADSL (SHDSL) line of ISP
2. You need to use GRE tunnel for transporting L3 multicast (especially for OSPF) and IPSec for

]]> http://www.kuncar.net/blog/some-gre-ipsec-and-basic-qos-ar-19-x-and-vrp-520-part-i/2008/feed/ 6 http://www.kuncar.net/blog/ipsec-troubles-part-ii/2008/ http://www.kuncar.net/blog/ipsec-troubles-part-ii/2008/#comments Mon, 02 Jun 2008 20:47:28 +0000 tnk http://www.kuncar.net/blog/?p=9 Ok so from the previous post is clear how to make one tunnel using IPSec, IKE and isakmp. So what if the situation is that you need multiple tunnels on one ip interface. There is a limitation of one IPSec policy being applied on particular interface at one time so it is impossible to use more various policies. But there is a workaround -]]> http://www.kuncar.net/blog/ipsec-troubles-part-ii/2008/feed/ 0 http://www.kuncar.net/blog/ipsec-troubles-part-i/2008/ http://www.kuncar.net/blog/ipsec-troubles-part-i/2008/#comments Wed, 14 May 2008 18:09:06 +0000 tnk http://www.kuncar.net/blog/?p=7

tunnel between two peers that are stable (two routers)

tunnel utilizing the "client-server" where only router has a stable public IP and clients are some PC's

Of course I do realize that in IPSec there are no  clients and server but just a peers on the same level, but I]]> http://www.kuncar.net/blog/ipsec-troubles-part-i/2008/feed/ 4