Archive for January, 2014

Troubleshooting ISAKMP Phase 1 Messages – Part 2

January 24th, 2014 No comments

This post explains the IKE Debug message: “Duplicate first packet detected”

This event is logged when packets do not reach their destination, usually due to network routing problems. The Phase 1 IKE exchange between the tunnel peers fail at MM_WAIT_MSG2

( see: Troubleshooting ISAKMP Phase 1 Messages – Part 1 to understand the IKE Messages further)

1) IKE initator sends MM_SND_MSG1 and goes into MM_WAIT_MSG2 state
2) IKE responder receives MM_SND_MSG1 and sends MM_SND_MSG2 back to the initiator and goes into a MM_WAIT_MSG3 state, expecting MM_SND_MSG3 as the next exchage from the initiator
3) IKE initiator having not received MM_SND_MSG2 from the responder, resends MM_SND_MSG1, resulting in the “Duplicate first packet detected” being logged on the responder. Read more…

Categories: CISCO, Security Tags: , ,

Understanding IPSec VPN

January 16th, 2014 No comments

IPSec involves many component technologies and encryption methods. Yet IPSec’s operation can be broken down into five main steps. The five steps are summarised as follows:

Step 1 Interesting traffic initiates the IPSec process—Traffic is deemed interesting when the IPSec security policy configured in the IPSec peers starts the IKE process.
Step 2 IKE phase one—IKE authenticates IPSec peers and negotiates IKE SAs during this phase, setting up a secure channel for negotiating IPSec SAs in phase two.
Step 3 IKE phase two—IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers.
Step 4 Data transfer—Data is transferred between IPSec peers based on the IPSec parameters and keys stored in the SA database.
Step 5 IPSec tunnel termination—IPSec SAs terminate through deletion or by timing out.

A crypto map—is a Cisco IOS software configuration entity that performs two primary functions. First, it selects data flows that need security processing. Second, it defines the policy for these flows and the crypto peer that traffic needs to go to. A crypto map is applied to an interface. The concept of a crypto map was introduced in classic crypto but was expanded for IPsec.  This aide-memoir pulls together items from to provide a useful recipe and refresher. Read more…

Categories: CISCO, Security, SSL/TLS Tags:

Using IP SLA Monitor with Cisco EEM

January 14th, 2014 No comments

Here is a handy way to use EEM to failover to a second ISP – use with a route-map:

Cisco EEM configuration: Read more…

Categories: CISCO, EEM Scripts Tags:

Testing SMTP using Telnet

January 2nd, 2014 No comments

This is the syntax to use to test SMTP relays. Commands are in bold:

telnet x.x.x.x 25
250 Hello ([]), pleased to meet you Read more…

Categories: Security Tags: