Dla szukaj\u0105cych jak ograniczy\u0107 dost\u0119p do us\u0142ug uruchamianych na Cisco ASA, mam na my\u015bli SSL VPN, czy IKE na samy dole jest aktualizacja jak to zrobi\u0107 dla IKE przy podatno\u015bci\u00a0CVE-2016-1287<\/p>\n
Poni\u017cej przedstawi\u0119 jak ograniczy\u0107 dost\u0119p do SSL VPN dla okre\u015blonych ip lub sieci.<\/p>\n
ASA(config)# object-group network access_ssl_vpn\r\nASA(config-network-object-group)# network-object host ip_kt\u00f3re_wp\u00f3\u015bcimy\r\nASA(config-network-object-group)# network-object adres_sieci 255.255.255.0<\/pre>\n<\/li>\n
ASA(config)# access-list internet extended permit tcp object-group access_ssl_vpn any eq 443<\/pre>\n<\/li>\n
ASA(config)# access-list internet extended deny tcp any any eq 443<\/pre>\n<\/li>\n
ASA(config)# access-group internet in interface outside control-plane<\/pre>\n<\/li>\n<\/ol>\nMam nadziej\u0119 \u017ce komu\u015b si\u0119 przyda moja notatka<\/p>\n
Aktualizacja:<\/b><\/p>\n
W taki spos\u00f3b r\u00f3wnie\u017c mo\u017cemy ograniczy\u0107 dost\u0119p do IKE aby kupi\u0107 sobie czas na podatno\u015b\u0107\u00a0Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability (CVE-2016-1287)<\/strong><\/p>\n
wystarczy doda\u0107 do access listy internet:<\/p>\n
tworzymy obiekt access_to_ike<\/strong> gdzie umieszczamy wszystkie adresy naszych peer\u00f3w z kt\u00f3rymi zestawiamy VPN<\/p>\n
oraz dodajemy wpis do ACL’ki<\/p>\n
access-list internet extended permit udp object-group access_to_ike any eq isakmp\r\naccess-list internet extended deny udp any4 any eq isakmp<\/pre>\n<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Dla szukaj\u0105cych jak ograniczy\u0107 dost\u0119p do us\u0142ug uruchamianych na Cisco ASA, mam na my\u015bli SSL VPN, czy IKE na samy dole jest aktualizacja jak to zrobi\u0107 dla IKE przy podatno\u015bci\u00a0CVE-2016-1287 Poni\u017cej przedstawi\u0119 jak ograniczy\u0107 dost\u0119p do SSL VPN dla okre\u015blonych ip lub sieci. definiujemy Grup\u0119 w kt\u00f3ra b\u0119dzie zawiera\u0107 list\u0119 host\u00f3w lub sieci kt\u00f3re b\u0119d\u0105 […]<\/p>\n","protected":false},"author":1,"featured_media":319,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[4],"tags":[117,41,13,187,188,119,189,116,125,176,118,30],"class_list":["post-457","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cisco","tag-acl","tag-asa","tag-cisco","tag-cisco-asa-software-ikev1-and-ikev2-buffer-overflow-vulnerability","tag-cisco-sa-20160210-asa-ike","tag-control-plane","tag-cve-2016-1287","tag-https","tag-ike","tag-isakmp","tag-ssl-vpn","tag-vpn"],"yoast_head":"\n
Cisco ASA - Ograniczenie dost\u0119pu do SSL VPN oraz IKE - SafeKom Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/\" \/>\n<meta property=\"og:locale\" content=\"pl_PL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cisco ASA - Ograniczenie dost\u0119pu do SSL VPN oraz IKE - SafeKom Blog\" \/>\n<meta property=\"og:description\" content=\"Dla szukaj\u0105cych jak ograniczy\u0107 dost\u0119p do us\u0142ug uruchamianych na Cisco ASA, mam na my\u015bli SSL VPN, czy IKE na samy dole jest aktualizacja jak to zrobi\u0107 dla IKE przy podatno\u015bci\u00a0CVE-2016-1287 Poni\u017cej przedstawi\u0119 jak ograniczy\u0107 dost\u0119p do SSL VPN dla okre\u015blonych ip lub sieci. definiujemy Grup\u0119 w kt\u00f3ra b\u0119dzie zawiera\u0107 list\u0119 host\u00f3w lub sieci kt\u00f3re b\u0119d\u0105 […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/\" \/>\n<meta property=\"og:site_name\" content=\"SafeKom Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/safekompl\" \/>\n<meta property=\"article:published_time\" content=\"2015-12-30T09:41:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-03-30T12:09:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Micha\u0142 Iwa\u0144czuk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@MIwaczuk\" \/>\n<meta name=\"twitter:site\" content=\"@MIwaczuk\" \/>\n<meta name=\"twitter:label1\" content=\"Napisane przez\" \/>\n\t<meta name=\"twitter:data1\" content=\"Micha\u0142 Iwa\u0144czuk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Szacowany czas czytania\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minuta\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/\"},\"author\":{\"name\":\"Micha\u0142 Iwa\u0144czuk\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/fd4cc931b624af4b7353d36d92ba7181\"},\"headline\":\"Cisco ASA – Ograniczenie dost\u0119pu do SSL VPN oraz IKE\",\"datePublished\":\"2015-12-30T09:41:12+00:00\",\"dateModified\":\"2016-03-30T12:09:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/\"},\"wordCount\":198,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1\",\"keywords\":[\"acl\",\"asa\",\"cisco\",\"Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability\",\"cisco-sa-20160210-asa-ike\",\"control plane\",\"CVE-2016-1287\",\"https\",\"ike\",\"isakmp\",\"ssl vpn\",\"vpn\"],\"articleSection\":[\"Cisco\"],\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/\",\"url\":\"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/\",\"name\":\"Cisco ASA - Ograniczenie dost\u0119pu do SSL VPN oraz IKE - SafeKom Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1\",\"datePublished\":\"2015-12-30T09:41:12+00:00\",\"dateModified\":\"2016-03-30T12:09:51+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#breadcrumb\"},\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#primaryimage\",\"url\":\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1\",\"width\":400,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Strona g\u0142\u00f3wna\",\"item\":\"https:\/\/www.safekom.pl\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cisco ASA – Ograniczenie dost\u0119pu do SSL VPN oraz IKE\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/#website\",\"url\":\"https:\/\/www.safekom.pl\/blog\/\",\"name\":\"SafeKom Blog\",\"description\":\"Notatki Architekta i in\u017cyniera zwi\u0105zanego rozwi\u0105zaniami on-prem\",\"publisher\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.safekom.pl\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pl-PL\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/#organization\",\"name\":\"SafeKom Blog\",\"url\":\"https:\/\/www.safekom.pl\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/05\/cropped-logo.png?fit=512%2C512&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/05\/cropped-logo.png?fit=512%2C512&ssl=1\",\"width\":512,\"height\":512,\"caption\":\"SafeKom Blog\"},\"image\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/safekompl\",\"https:\/\/x.com\/MIwaczuk\",\"https:\/\/www.linkedin.com\/in\/michaliwanczuk\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/fd4cc931b624af4b7353d36d92ba7181\",\"name\":\"Micha\u0142 Iwa\u0144czuk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g\",\"caption\":\"Micha\u0142 Iwa\u0144czuk\"},\"description\":\"Pasjonat komputerowy od zawsze oraz maniak w zakresie sieci, wirtualizacji oraz bezpiecze\u0144stwa IT. Kompetentny in\u017cynier z du\u017cym do\u015bwiadczeniem w realizacji projekt\u00f3w informatycznych i telekomunikacyjnych. Wieloletni administrator IT, kt\u00f3ry utrzymuje systemy informatyczne dostosowuj\u0105c je do wymog\u00f3w biznesowych z zapewnieniem dost\u0119pno\u015bci 24\/7\/365.\",\"url\":\"https:\/\/www.safekom.pl\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cisco ASA - Ograniczenie dost\u0119pu do SSL VPN oraz IKE - SafeKom Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/","og_locale":"pl_PL","og_type":"article","og_title":"Cisco ASA - Ograniczenie dost\u0119pu do SSL VPN oraz IKE - SafeKom Blog","og_description":"Dla szukaj\u0105cych jak ograniczy\u0107 dost\u0119p do us\u0142ug uruchamianych na Cisco ASA, mam na my\u015bli SSL VPN, czy IKE na samy dole jest aktualizacja jak to zrobi\u0107 dla IKE przy podatno\u015bci\u00a0CVE-2016-1287 Poni\u017cej przedstawi\u0119 jak ograniczy\u0107 dost\u0119p do SSL VPN dla okre\u015blonych ip lub sieci. definiujemy Grup\u0119 w kt\u00f3ra b\u0119dzie zawiera\u0107 list\u0119 host\u00f3w lub sieci kt\u00f3re b\u0119d\u0105 […]","og_url":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/","og_site_name":"SafeKom Blog","article_publisher":"https:\/\/www.facebook.com\/safekompl","article_published_time":"2015-12-30T09:41:12+00:00","article_modified_time":"2016-03-30T12:09:51+00:00","og_image":[{"width":400,"height":300,"url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1","type":"image\/png"}],"author":"Micha\u0142 Iwa\u0144czuk","twitter_card":"summary_large_image","twitter_creator":"@MIwaczuk","twitter_site":"@MIwaczuk","twitter_misc":{"Napisane przez":"Micha\u0142 Iwa\u0144czuk","Szacowany czas czytania":"1 minuta"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#article","isPartOf":{"@id":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/"},"author":{"name":"Micha\u0142 Iwa\u0144czuk","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/fd4cc931b624af4b7353d36d92ba7181"},"headline":"Cisco ASA – Ograniczenie dost\u0119pu do SSL VPN oraz IKE","datePublished":"2015-12-30T09:41:12+00:00","dateModified":"2016-03-30T12:09:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/"},"wordCount":198,"commentCount":0,"publisher":{"@id":"https:\/\/www.safekom.pl\/blog\/#organization"},"image":{"@id":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1","keywords":["acl","asa","cisco","Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability","cisco-sa-20160210-asa-ike","control plane","CVE-2016-1287","https","ike","isakmp","ssl vpn","vpn"],"articleSection":["Cisco"],"inLanguage":"pl-PL","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/","url":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/","name":"Cisco ASA - Ograniczenie dost\u0119pu do SSL VPN oraz IKE - SafeKom Blog","isPartOf":{"@id":"https:\/\/www.safekom.pl\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#primaryimage"},"image":{"@id":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1","datePublished":"2015-12-30T09:41:12+00:00","dateModified":"2016-03-30T12:09:51+00:00","breadcrumb":{"@id":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#breadcrumb"},"inLanguage":"pl-PL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/"]}]},{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#primaryimage","url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1","width":400,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Strona g\u0142\u00f3wna","item":"https:\/\/www.safekom.pl\/blog\/"},{"@type":"ListItem","position":2,"name":"Cisco ASA – Ograniczenie dost\u0119pu do SSL VPN oraz IKE"}]},{"@type":"WebSite","@id":"https:\/\/www.safekom.pl\/blog\/#website","url":"https:\/\/www.safekom.pl\/blog\/","name":"SafeKom Blog","description":"Notatki Architekta i in\u017cyniera zwi\u0105zanego rozwi\u0105zaniami on-prem","publisher":{"@id":"https:\/\/www.safekom.pl\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.safekom.pl\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pl-PL"},{"@type":"Organization","@id":"https:\/\/www.safekom.pl\/blog\/#organization","name":"SafeKom Blog","url":"https:\/\/www.safekom.pl\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/05\/cropped-logo.png?fit=512%2C512&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/05\/cropped-logo.png?fit=512%2C512&ssl=1","width":512,"height":512,"caption":"SafeKom Blog"},"image":{"@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/safekompl","https:\/\/x.com\/MIwaczuk","https:\/\/www.linkedin.com\/in\/michaliwanczuk\/"]},{"@type":"Person","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/fd4cc931b624af4b7353d36d92ba7181","name":"Micha\u0142 Iwa\u0144czuk","image":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g","caption":"Micha\u0142 Iwa\u0144czuk"},"description":"Pasjonat komputerowy od zawsze oraz maniak w zakresie sieci, wirtualizacji oraz bezpiecze\u0144stwa IT. Kompetentny in\u017cynier z du\u017cym do\u015bwiadczeniem w realizacji projekt\u00f3w informatycznych i telekomunikacyjnych. Wieloletni administrator IT, kt\u00f3ry utrzymuje systemy informatyczne dostosowuj\u0105c je do wymog\u00f3w biznesowych z zapewnieniem dost\u0119pno\u015bci 24\/7\/365.","url":"https:\/\/www.safekom.pl\/blog\/author\/admin\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p7i9ri-7n","jetpack-related-posts":[{"id":647,"url":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/","url_meta":{"origin":457,"position":0},"title":"LAB – IPSec Palo – Cisco ASA","author":"Micha\u0142 Iwa\u0144czuk","date":"23.03.2016","format":false,"excerpt":"Poni\u017cej pokazuj\u0119 jak zestawia\u0107 po\u0142\u0105czenie IPsec pomi\u0119dzy PaloAlto Networks a Cisco ASA. W mym przypadku oba urz\u0105dzenia s\u0105 w wersji wirtualnej ale konfiguracja ich odpowiada tak jak by\u015bmy konfigurowali urz\u0105dzenia fizyczne. Za\u0142o\u017cenia: Faza 1 aes256 sha-1 pfs g2 86400s Faza 2 aes256 sha-1 pfs g2 28800s Palo Cisco ASA Sieci\u2026","rel":"","context":"In "Cisco"","block_context":{"text":"Cisco","link":"https:\/\/www.safekom.pl\/blog\/category\/cisco\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":171,"url":"https:\/\/www.safekom.pl\/blog\/cisco\/lab-ipsec-juniper-srx-cisco-router\/","url_meta":{"origin":457,"position":1},"title":"Lab – IPSEC Juniper SRX – Cisco router","author":"Micha\u0142 Iwa\u0144czuk","date":"21.08.2015","format":false,"excerpt":"Dzi\u015b postanowi\u0142em opisa\u0107 troch\u0119 labowania, temat ostatnio bardzo mocno przerabiany IPSEC. Poni\u017cej opisz\u0119 wariant policy base vpn, kt\u00f3ry jest bardzo elastyczny. Za\u0142o\u017cenia: Faza 1 aes256 sha-1 pfs g2 3600s Faza 2 aes256 sha-1 pfs g2 3600s Cisco Juniper SRX Sieci kt\u00f3re b\u0119d\u0105 podlega\u0142y szyfrowaniu 172.16.10.0\/24 10.10.10.0\/24 Cisco Juniper SRX Interfejs\u2026","rel":"","context":"In "Cisco"","block_context":{"text":"Cisco","link":"https:\/\/www.safekom.pl\/blog\/category\/cisco\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/junos_multicolor_burst.png?fit=361%2C393&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":610,"url":"https:\/\/www.safekom.pl\/blog\/cisco\/asav-pierwsze-uruchomienie-w-labie\/","url_meta":{"origin":457,"position":2},"title":"ASAv – pierwsze uruchomienie w labie","author":"Micha\u0142 Iwa\u0144czuk","date":"06.03.2016","format":false,"excerpt":"Pierwsze uruchomienie Cisco ASAv w Labie. Pokazuj\u0119 podstawow\u0105 konfiguracj\u0119 od importu po zalogowanie si\u0119 po ssh lub asdm.","rel":"","context":"In "Cisco"","block_context":{"text":"Cisco","link":"https:\/\/www.safekom.pl\/blog\/category\/cisco\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":624,"url":"https:\/\/www.safekom.pl\/blog\/cisco\/asav-activestandby-konfiguracja-minimalna\/","url_meta":{"origin":457,"position":3},"title":"ASAv – Active\/Standby konfiguracja – minimalna","author":"Micha\u0142 Iwa\u0144czuk","date":"09.03.2016","format":false,"excerpt":"Witam, wcze\u015bniej napisa\u0142em jak w labie postawi\u0107 Cisco ASAv, dzi\u015b poka\u017c\u0119 jak szybko i bez problem\u00f3w skonfigurowa\u0107 dwie wirtualki w trybie failover A\/P - jedyny tryb kt\u00f3ry obs\u0142uguje na chwil\u0119 obecn\u0105. Rysunek pogl\u0105dowy: Za\u0142o\u017cenia konfiguracyjne: Interfejs Praimary Secondary zona GigabitEthernet 0\/0 192.168.1.80 192.168.1.81 NET_LAB GigabitEthernet 0\/1 172.16.1.1 172.16.1.2 LAN GigabitEthernet\u2026","rel":"","context":"In "Cisco"","block_context":{"text":"Cisco","link":"https:\/\/www.safekom.pl\/blog\/category\/cisco\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":460,"url":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-managmentu\/","url_meta":{"origin":457,"position":4},"title":"Juniper – ograniczenie dost\u0119pu do managmentu","author":"Micha\u0142 Iwa\u0144czuk","date":"30.12.2015","format":false,"excerpt":"Poni\u017cej przedstawiam jak ograniczy\u0107 dost\u0119p dla wybranej listy sieci oraz host\u00f3w do ssh i https dla urz\u0105dze\u0144 Juniper. Definiujemy grup\u0119 kt\u00f3ra b\u0119dzie mia\u0142a dost\u0119p do ssh i https set policy-options prefix-list management-hosts 10.0.0.0\/8 set policy-options prefix-list management-hosts 172.16.0.0\/12 set policy-options prefix-list management-hosts sie\u0107_public\/24 Definiujemy filtr\u00a0kt\u00f3ry blokuje dost\u0119p do ssh oraz\u2026","rel":"","context":"In "Juniper"","block_context":{"text":"Juniper","link":"https:\/\/www.safekom.pl\/blog\/category\/juniper\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":690,"url":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-jak-wgrac-ponownie-plik-z-image-jak-wlasciwy-jest-uszkodzony\/","url_meta":{"origin":457,"position":5},"title":"Cisco ASA – jak wgra\u0107 ponownie plik z Image jak w\u0142a\u015bciwy jest uszkodzony","author":"Micha\u0142 Iwa\u0144czuk","date":"30.03.2016","format":false,"excerpt":"Ostatnio aktualizowa\u0142em Cisco ASA i po wgraniu nowego pliku z softem i zmianie parametry boot w konfiguracji zrobi\u0142em reload i lipa urz\u0105dzenie nie wstaje. w konsoli widz\u0119: Booting system, please wait... CISCO SYSTEMS Embedded BIOS Version 1.0(11)5 08\/28\/08 15:11:51.82 Low Memory: 631 KB High Memory: 1024 MB PCI Device Table.\u2026","rel":"","context":"In "Cisco"","block_context":{"text":"Cisco","link":"https:\/\/www.safekom.pl\/blog\/category\/cisco\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts\/457","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/comments?post=457"}],"version-history":[{"count":0,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts\/457\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/media\/319"}],"wp:attachment":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/media?parent=457"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/categories?post=457"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/tags?post=457"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}