With the current IOS you can archive the running config. To create an archive, enter archive configuration mode and specify the target for the archived files. For example, if you’d like to place the archive on a TFTP server at 192.168.0.2 using the filename Alex, you would do this: Router(config)#archive Router(config-archive)#path tftp://192.168.0.2/Alex This adds an archive […]

Most Cisco customers would naturally recognize that the ASA Security appliance is THE platform on which to implement SSL VPN types of any sort (clientless or using the AnyConnect® client). The ASA has been a replacement for the VPN Concentrator in this technology area since its introduction in mid-2005. What is not widely known however, […]

Let’s say that you’ve made numerous changes to your running config, but you haven’t yet saved the config to NVRAM. Now, for whatever reason, you decide that you’d like to roll back the running config to what you had before you made the changes. Easy enough … you’d simply use copy start run, right? Wrong! […]

Since IOS flash has a general-purpose file system, you can copy any files you want into it using the standard copy source destination syntax. For example, if you want to copy the running config into flash and name it “Alan.txt”, you could use copy running-config flash:Alan.txt. If you want to copy the startup config into […]

Last month Cisco announced a Cisco IOS TCP Denial of Service Vulnerability. What is more notable than the vulnerability itself (limited only to release 15.1(2)T and concerning the TCP state table being “stuck” in SYNSENT or SYNRCVD states) is the reference cited as a guide for hardening of the IOS on the router. Immediately upon […]

In this multi-part series, we’ll examine the effects of Cisco IOS “network” statements for various IP routing protocols. Let’s start with the IGPs (Interior Gateway Protocols)…

A recent student question in an Implementing Cisco Intrusion Prevention Systems class prompted me to write this article. I would paraphrase that question: “How can I configure a signature to look for a defined sequence of characters at a fixed depth within the packet?” The basis for the query was a very legitimate concern for possible […]

This post is the third of a series of articles on the new security features of IOS 15.0 code. The topic of our discussion here is Flexible Packet Matching (FPM). Some specific enhancements of this feature which debuted in the IOS release 12.4(4)T Advanced Security image will be discussed in this article, namely the use of […]

This post is the second of a series of articles on the new security features of IOS 15.0 code. The topic of discussion here is Dynamic Multipoint Virtual Private Networks (DMVPNs) and the new feature is Tunnel Health Monitoring and Recovery. Before the specifics of monitoring and recovery can be delineated, a quick review of […]

This blog is the first of a series of articles on the new security features of IOS 15.0 code. Our focus will be on what we view as the more significant and complex singular aspects of this major rollout with regards to the security components. One such major improvement is in the area of the […]