Co zrobi\u0107 aby na urz\u0105dzeniu na kt\u00f3rym jest uruchomiona us\u0142uga IKE na skanach bezpiecze\u0144stwa nie pojawia\u0142o si\u0119 \u017ce jest w\u0142\u0105czony aggressive mode. Najszybciej b\u0119dzie za\u0142o\u017cenie filtru kt\u00f3ry b\u0119dzie nam dopuszcza\u0142 wybrane adresy peer\u00f3w do us\u0142ugi IKE i ESP<\/p>\n
set policy-options prefix-list allow_peer 8.8.8.8\r\nset policy-options prefix-list allow_peer 172.10.10.0\/24<\/pre>\n<\/li>\n
set firewall family inet filter filter-VPN-in term block_esp from source-address 0.0.0.0\/0 \r\nset firewall family inet filter filter-VPN-in term block_esp from source-prefix-list allow_peer except \r\nset firewall family inet filter filter-VPN-in term block_esp from protocol esp \r\nset firewall family inet filter filter-VPN-in term block_esp then discard \r\nset firewall family inet filter filter-VPN-in term block_udp500 from source-address 0.0.0.0\/0 \r\nset firewall family inet filter filter-VPN-in term block_udp500 from source-prefix-list allow_peer except \r\nset firewall family inet filter filter-VPN-in term block_udp500 from protocol udp \r\nset firewall family inet filter filter-VPN-in term block_udp500 from destination-port 500 \r\nset firewall family inet filter filter-VPN-in term block_udp500 then discard \r\nset firewall family inet filter filter-VPN-in term accept_default then accept \r\n<\/pre>\noraz\u00a0filter-VPN-out<\/p>\n
set firewall family inet filter filter-VPN-out term block_esp from destination-address 0.0.0.0\/0 \r\nset firewall family inet filter filter-VPN-out term block_esp from destination-prefix-list allow_peer except \r\nset firewall family inet filter filter-VPN-out term block_esp from protocol esp \r\nset firewall family inet filter filter-VPN-out term block_esp then discard \r\nset firewall family inet filter filter-VPN-out term block_udp500 from destination-address 0.0.0.0\/0 \r\nset firewall family inet filter filter-VPN-out term block_udp500 from destination-prefix-list HQ-LOT except \r\nset firewall family inet filter filter-VPN-out term block_udp500 from protocol udp \r\nset firewall family inet filter filter-VPN-out term block_udp500 from port 500 \r\nset firewall family inet filter filter-VPN-out term block_udp500 then discard \r\nset firewall family inet filter filter-VPN-out term accept_default then accept \r\n<\/pre>\n<\/li>\n
set interfaces fe-0\/0\/7 unit 0 family inet filter input filter-VPN-in \r\nset interfaces fe-0\/0\/7 unit 0 family inet filter output filter-VPN-out<\/pre>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"
Co zrobi\u0107 aby na urz\u0105dzeniu na kt\u00f3rym jest uruchomiona us\u0142uga IKE na skanach bezpiecze\u0144stwa nie pojawia\u0142o si\u0119 \u017ce jest w\u0142\u0105czony aggressive mode. Najszybciej b\u0119dzie za\u0142o\u017cenie filtru kt\u00f3ry b\u0119dzie nam dopuszcza\u0142 wybrane adresy peer\u00f3w do us\u0142ugi IKE i ESP Definiujemy grup\u0119 w kt\u00f3rej b\u0119dzie lista adres\u00f3w IP i sieci kt\u00f3re b\u0119d\u0105 mog\u0142y si\u0119 zestawi\u0107 IPSEC’a oraz […]<\/p>\n","protected":false},"author":1,"featured_media":463,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[5],"tags":[130,126,127,128,124,125,77,70,73,75,123,129],"class_list":["post-465","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-juniper","tag-500-vpn","tag-allow","tag-block","tag-esp","tag-filtr","tag-ike","tag-ipsec","tag-juniper","tag-junos","tag-srx","tag-term","tag-udp"],"yoast_head":"\n
Juniper - Ograniczenie dost\u0119pu do IKE - SafeKom Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/\" \/>\n<meta property=\"og:locale\" content=\"pl_PL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Juniper - Ograniczenie dost\u0119pu do IKE - SafeKom Blog\" \/>\n<meta property=\"og:description\" content=\"Co zrobi\u0107 aby na urz\u0105dzeniu na kt\u00f3rym jest uruchomiona us\u0142uga IKE na skanach bezpiecze\u0144stwa nie pojawia\u0142o si\u0119 \u017ce jest w\u0142\u0105czony aggressive mode. Najszybciej b\u0119dzie za\u0142o\u017cenie filtru kt\u00f3ry b\u0119dzie nam dopuszcza\u0142 wybrane adresy peer\u00f3w do us\u0142ugi IKE i ESP Definiujemy grup\u0119 w kt\u00f3rej b\u0119dzie lista adres\u00f3w IP i sieci kt\u00f3re b\u0119d\u0105 mog\u0142y si\u0119 zestawi\u0107 IPSEC’a oraz […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/\" \/>\n<meta property=\"og:site_name\" content=\"SafeKom Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/safekompl\" \/>\n<meta property=\"article:published_time\" content=\"2015-12-30T10:41:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/12\/Junos_sw_logo.jpg?fit=300%2C189&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"189\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Micha\u0142 Iwa\u0144czuk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@MIwaczuk\" \/>\n<meta name=\"twitter:site\" content=\"@MIwaczuk\" \/>\n<meta name=\"twitter:label1\" content=\"Napisane przez\" \/>\n\t<meta name=\"twitter:data1\" content=\"Micha\u0142 Iwa\u0144czuk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Szacowany czas czytania\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minuty\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/juniper\\\/juniper-ograniczenie-dostepu-do-ike\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/juniper\\\/juniper-ograniczenie-dostepu-do-ike\\\/\"},\"author\":{\"name\":\"Micha\u0142 Iwa\u0144czuk\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#\\\/schema\\\/person\\\/fd4cc931b624af4b7353d36d92ba7181\"},\"headline\":\"Juniper – Ograniczenie dost\u0119pu do IKE\",\"datePublished\":\"2015-12-30T10:41:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/juniper\\\/juniper-ograniczenie-dostepu-do-ike\\\/\"},\"wordCount\":145,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/juniper\\\/juniper-ograniczenie-dostepu-do-ike\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/12\\\/Junos_sw_logo.jpg?fit=300%2C189&ssl=1\",\"keywords\":[\"500 vpn\",\"allow\",\"block\",\"esp\",\"filtr\",\"ike\",\"ipsec\",\"Juniper\",\"Junos\",\"srx\",\"term\",\"udp\"],\"articleSection\":[\"Juniper\"],\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/juniper\\\/juniper-ograniczenie-dostepu-do-ike\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/juniper\\\/juniper-ograniczenie-dostepu-do-ike\\\/\",\"url\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/juniper\\\/juniper-ograniczenie-dostepu-do-ike\\\/\",\"name\":\"Juniper - Ograniczenie dost\u0119pu do IKE - SafeKom Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/juniper\\\/juniper-ograniczenie-dostepu-do-ike\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/juniper\\\/juniper-ograniczenie-dostepu-do-ike\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/12\\\/Junos_sw_logo.jpg?fit=300%2C189&ssl=1\",\"datePublished\":\"2015-12-30T10:41:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/juniper\\\/juniper-ograniczenie-dostepu-do-ike\\\/#breadcrumb\"},\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/juniper\\\/juniper-ograniczenie-dostepu-do-ike\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/juniper\\\/juniper-ograniczenie-dostepu-do-ike\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/12\\\/Junos_sw_logo.jpg?fit=300%2C189&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/12\\\/Junos_sw_logo.jpg?fit=300%2C189&ssl=1\",\"width\":300,\"height\":189},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/juniper\\\/juniper-ograniczenie-dostepu-do-ike\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Strona g\u0142\u00f3wna\",\"item\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Juniper – Ograniczenie dost\u0119pu do IKE\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/\",\"name\":\"SafeKom Blog\",\"description\":\"Notatki Architekta i in\u017cyniera zwi\u0105zanego rozwi\u0105zaniami on-prem\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pl-PL\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#organization\",\"name\":\"SafeKom Blog\",\"url\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/05\\\/cropped-logo.png?fit=512%2C512&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/05\\\/cropped-logo.png?fit=512%2C512&ssl=1\",\"width\":512,\"height\":512,\"caption\":\"SafeKom Blog\"},\"image\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/safekompl\",\"https:\\\/\\\/x.com\\\/MIwaczuk\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/michaliwanczuk\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#\\\/schema\\\/person\\\/fd4cc931b624af4b7353d36d92ba7181\",\"name\":\"Micha\u0142 Iwa\u0144czuk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g\",\"caption\":\"Micha\u0142 Iwa\u0144czuk\"},\"description\":\"Pasjonat komputerowy od zawsze oraz maniak w zakresie sieci, wirtualizacji oraz bezpiecze\u0144stwa IT. Kompetentny in\u017cynier z du\u017cym do\u015bwiadczeniem w realizacji projekt\u00f3w informatycznych i telekomunikacyjnych. Wieloletni administrator IT, kt\u00f3ry utrzymuje systemy informatyczne dostosowuj\u0105c je do wymog\u00f3w biznesowych z zapewnieniem dost\u0119pno\u015bci 24\\\/7\\\/365.\",\"url\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Juniper - Ograniczenie dost\u0119pu do IKE - SafeKom Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/","og_locale":"pl_PL","og_type":"article","og_title":"Juniper - Ograniczenie dost\u0119pu do IKE - SafeKom Blog","og_description":"Co zrobi\u0107 aby na urz\u0105dzeniu na kt\u00f3rym jest uruchomiona us\u0142uga IKE na skanach bezpiecze\u0144stwa nie pojawia\u0142o si\u0119 \u017ce jest w\u0142\u0105czony aggressive mode. Najszybciej b\u0119dzie za\u0142o\u017cenie filtru kt\u00f3ry b\u0119dzie nam dopuszcza\u0142 wybrane adresy peer\u00f3w do us\u0142ugi IKE i ESP Definiujemy grup\u0119 w kt\u00f3rej b\u0119dzie lista adres\u00f3w IP i sieci kt\u00f3re b\u0119d\u0105 mog\u0142y si\u0119 zestawi\u0107 IPSEC’a oraz […]","og_url":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/","og_site_name":"SafeKom Blog","article_publisher":"https:\/\/www.facebook.com\/safekompl","article_published_time":"2015-12-30T10:41:00+00:00","og_image":[{"width":300,"height":189,"url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/12\/Junos_sw_logo.jpg?fit=300%2C189&ssl=1","type":"image\/jpeg"}],"author":"Micha\u0142 Iwa\u0144czuk","twitter_card":"summary_large_image","twitter_creator":"@MIwaczuk","twitter_site":"@MIwaczuk","twitter_misc":{"Napisane przez":"Micha\u0142 Iwa\u0144czuk","Szacowany czas czytania":"2 minuty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/#article","isPartOf":{"@id":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/"},"author":{"name":"Micha\u0142 Iwa\u0144czuk","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/fd4cc931b624af4b7353d36d92ba7181"},"headline":"Juniper – Ograniczenie dost\u0119pu do IKE","datePublished":"2015-12-30T10:41:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/"},"wordCount":145,"commentCount":0,"publisher":{"@id":"https:\/\/www.safekom.pl\/blog\/#organization"},"image":{"@id":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/12\/Junos_sw_logo.jpg?fit=300%2C189&ssl=1","keywords":["500 vpn","allow","block","esp","filtr","ike","ipsec","Juniper","Junos","srx","term","udp"],"articleSection":["Juniper"],"inLanguage":"pl-PL","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/","url":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/","name":"Juniper - Ograniczenie dost\u0119pu do IKE - SafeKom Blog","isPartOf":{"@id":"https:\/\/www.safekom.pl\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/#primaryimage"},"image":{"@id":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/12\/Junos_sw_logo.jpg?fit=300%2C189&ssl=1","datePublished":"2015-12-30T10:41:00+00:00","breadcrumb":{"@id":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/#breadcrumb"},"inLanguage":"pl-PL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/"]}]},{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/#primaryimage","url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/12\/Junos_sw_logo.jpg?fit=300%2C189&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/12\/Junos_sw_logo.jpg?fit=300%2C189&ssl=1","width":300,"height":189},{"@type":"BreadcrumbList","@id":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Strona g\u0142\u00f3wna","item":"https:\/\/www.safekom.pl\/blog\/"},{"@type":"ListItem","position":2,"name":"Juniper – Ograniczenie dost\u0119pu do IKE"}]},{"@type":"WebSite","@id":"https:\/\/www.safekom.pl\/blog\/#website","url":"https:\/\/www.safekom.pl\/blog\/","name":"SafeKom Blog","description":"Notatki Architekta i in\u017cyniera zwi\u0105zanego rozwi\u0105zaniami on-prem","publisher":{"@id":"https:\/\/www.safekom.pl\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.safekom.pl\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pl-PL"},{"@type":"Organization","@id":"https:\/\/www.safekom.pl\/blog\/#organization","name":"SafeKom Blog","url":"https:\/\/www.safekom.pl\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/05\/cropped-logo.png?fit=512%2C512&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/05\/cropped-logo.png?fit=512%2C512&ssl=1","width":512,"height":512,"caption":"SafeKom Blog"},"image":{"@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/safekompl","https:\/\/x.com\/MIwaczuk","https:\/\/www.linkedin.com\/in\/michaliwanczuk\/"]},{"@type":"Person","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/fd4cc931b624af4b7353d36d92ba7181","name":"Micha\u0142 Iwa\u0144czuk","image":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g","caption":"Micha\u0142 Iwa\u0144czuk"},"description":"Pasjonat komputerowy od zawsze oraz maniak w zakresie sieci, wirtualizacji oraz bezpiecze\u0144stwa IT. Kompetentny in\u017cynier z du\u017cym do\u015bwiadczeniem w realizacji projekt\u00f3w informatycznych i telekomunikacyjnych. Wieloletni administrator IT, kt\u00f3ry utrzymuje systemy informatyczne dostosowuj\u0105c je do wymog\u00f3w biznesowych z zapewnieniem dost\u0119pno\u015bci 24\/7\/365.","url":"https:\/\/www.safekom.pl\/blog\/author\/admin\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/12\/Junos_sw_logo.jpg?fit=300%2C189&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p7i9ri-7v","jetpack-related-posts":[{"id":460,"url":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-managmentu\/","url_meta":{"origin":465,"position":0},"title":"Juniper – ograniczenie dost\u0119pu do managmentu","author":"Micha\u0142 Iwa\u0144czuk","date":"30.12.2015","format":false,"excerpt":"Poni\u017cej przedstawiam jak ograniczy\u0107 dost\u0119p dla wybranej listy sieci oraz host\u00f3w do ssh i https dla urz\u0105dze\u0144 Juniper. Definiujemy grup\u0119 kt\u00f3ra b\u0119dzie mia\u0142a dost\u0119p do ssh i https set policy-options prefix-list management-hosts 10.0.0.0\/8 set policy-options prefix-list management-hosts 172.16.0.0\/12 set policy-options prefix-list management-hosts sie\u0107_public\/24 Definiujemy filtr\u00a0kt\u00f3ry blokuje dost\u0119p do ssh oraz\u2026","rel":"","context":"W \u201eJuniper"","block_context":{"text":"Juniper","link":"https:\/\/www.safekom.pl\/blog\/category\/juniper\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":171,"url":"https:\/\/www.safekom.pl\/blog\/cisco\/lab-ipsec-juniper-srx-cisco-router\/","url_meta":{"origin":465,"position":1},"title":"Lab – IPSEC Juniper SRX – Cisco router","author":"Micha\u0142 Iwa\u0144czuk","date":"21.08.2015","format":false,"excerpt":"Dzi\u015b postanowi\u0142em opisa\u0107 troch\u0119 labowania, temat ostatnio bardzo mocno przerabiany IPSEC. Poni\u017cej opisz\u0119 wariant policy base vpn, kt\u00f3ry jest bardzo elastyczny. Za\u0142o\u017cenia: Faza 1 aes256 sha-1 pfs g2 3600s Faza 2 aes256 sha-1 pfs g2 3600s Cisco Juniper SRX Sieci kt\u00f3re b\u0119d\u0105 podlega\u0142y szyfrowaniu 172.16.10.0\/24 10.10.10.0\/24 Cisco Juniper SRX Interfejs\u2026","rel":"","context":"W \u201eCisco"","block_context":{"text":"Cisco","link":"https:\/\/www.safekom.pl\/blog\/category\/cisco\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/junos_multicolor_burst.png?fit=361%2C393&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":457,"url":"https:\/\/www.safekom.pl\/blog\/cisco\/cisco-asa-ograniczenie-dostepu-do-ssl-vpn\/","url_meta":{"origin":465,"position":2},"title":"Cisco ASA – Ograniczenie dost\u0119pu do SSL VPN oraz IKE","author":"Micha\u0142 Iwa\u0144czuk","date":"30.12.2015","format":false,"excerpt":"Dla szukaj\u0105cych jak ograniczy\u0107 dost\u0119p do us\u0142ug uruchamianych na Cisco ASA, mam na my\u015bli SSL VPN, czy IKE na samy dole jest aktualizacja jak to zrobi\u0107 dla IKE przy podatno\u015bci\u00a0CVE-2016-1287 Poni\u017cej przedstawi\u0119 jak ograniczy\u0107 dost\u0119p do SSL VPN dla okre\u015blonych ip lub sieci. definiujemy Grup\u0119 w kt\u00f3ra b\u0119dzie zawiera\u0107 list\u0119\u2026","rel":"","context":"W \u201eCisco"","block_context":{"text":"Cisco","link":"https:\/\/www.safekom.pl\/blog\/category\/cisco\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/09\/cisco-logo.png?fit=400%2C300&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":292,"url":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/","url_meta":{"origin":465,"position":3},"title":"LAB – IPSEC SRX PALO","author":"Micha\u0142 Iwa\u0144czuk","date":"30.08.2015","format":false,"excerpt":"Dzi\u015b przyszed\u0142 czas na lab z wykorzystaniem urz\u0105dze\u0144 Juniper SRX oraz Palo Alto Networks. Skupi\u0119 si\u0119 w tym wpisie na skonfigurowaniu po\u0142\u0105czenia VPN Ipsec pomi\u0119dzy tymi urz\u0105dzeniami. za\u0142o\u017cenia: Faza 1 aes256 sha-1 pfs g2 3600s Faza 2 aes256 sha-1 pfs g2 3600s Palo SRX Sieci kt\u00f3re b\u0119d\u0105 podlega\u0142y szyfrowaniu 10.20.10.0\/24\u2026","rel":"","context":"W \u201eJuniper"","block_context":{"text":"Juniper","link":"https:\/\/www.safekom.pl\/blog\/category\/juniper\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":647,"url":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/","url_meta":{"origin":465,"position":4},"title":"LAB – IPSec Palo – Cisco ASA","author":"Micha\u0142 Iwa\u0144czuk","date":"23.03.2016","format":false,"excerpt":"Poni\u017cej pokazuj\u0119 jak zestawia\u0107 po\u0142\u0105czenie IPsec pomi\u0119dzy PaloAlto Networks a Cisco ASA. W mym przypadku oba urz\u0105dzenia s\u0105 w wersji wirtualnej ale konfiguracja ich odpowiada tak jak by\u015bmy konfigurowali urz\u0105dzenia fizyczne. Za\u0142o\u017cenia: Faza 1 aes256 sha-1 pfs g2 86400s Faza 2 aes256 sha-1 pfs g2 28800s Palo Cisco ASA Sieci\u2026","rel":"","context":"W \u201eCisco"","block_context":{"text":"Cisco","link":"https:\/\/www.safekom.pl\/blog\/category\/cisco\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":2567,"url":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/","url_meta":{"origin":465,"position":5},"title":"NSX-t IPSec Route base","author":"Micha\u0142 Iwa\u0144czuk","date":"26.03.2020","format":false,"excerpt":"W dzisiejszym wpisie przedstawi\u0119 konfiguracj\u0119 NSX-t IPSec Route base, jest to\u00a0 opis krok po kroku jak skonfigurowa\u0107 IPseca po stronie NSX'a oraz Vyos kt\u00f3ry b\u0119dzie uczestnikiem IPseca.\u00a0 Za\u0142o\u017cenia Poni\u017cej rysunek pogl\u0105dowy jak wygl\u0105da topologia po\u0142\u0105cze\u0144. Pomi\u0119dzy routerem T0 i chmurk\u0105 ju\u017c istnieje po\u0142\u0105czenie oraz jest zestawione s\u0105siedztwo BGP w celu\u2026","rel":"","context":"W \u201eNSX"","block_context":{"text":"NSX","link":"https:\/\/www.safekom.pl\/blog\/category\/vmware\/nsx\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=700%2C400 2x"},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts\/465","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/comments?post=465"}],"version-history":[{"count":0,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts\/465\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/media\/463"}],"wp:attachment":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/media?parent=465"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/categories?post=465"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/tags?post=465"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}