Networking | Orange Kao

2021-04-102021-04-10

EdgeRouter IPsec site-to-site config example – one site static IP, another site dynamic Internet IP and behind NAT

I’ve been using OpenVPN for years and enjoy the convenience that OpenVPN only require one TCP or UDP port, which is fairly easy to set up even when one of the site is behind NAT or having dynamic IP. In comparison, setup IPsec is more complicated in this case.

However, EdgeRouter hardware offloading does not support OpenVPN. In this example, we will set up IPsec site-to-site using EdgeRouter, with one site having static IP, another site is using dynamic Internet IP and behind a NAT device (e.g. ISP-provided router). In my case, the ISP-provided router is an Optus/Sagemcom router, and the example config is available in another article. If your environment is not that complicated, refer to Ubiquiti help articles.

2021-04-102021-04-10

Optus (Sagemcom) router config example for forwarding IPsec VPN traffic

This article illustrates how to set up Optus router to forward UDP 500, UDP 4500, ESP and AH to the VPN gateway. This is required when setting up IPsec VPN gateway (e.g. EdgeRouter) behind NAT device (e.g. Optus router).

2019-01-072019-08-08

Cisco Aironet 2800 installation checklist

In most of the small and medium-sized enterprises (SMEs), we don’t have IT department and sometimes hire third-party for installation and setup. This post provides a checklist for things need to be aware while setting up Cisco Aironet 2800 access points.

2018-12-272019-08-08

Changing Cisco Aironet 2800 SSH password on every AP

While changing the password on Cisco Aironet 2800 controller over web-based management interface, it will update the password for the web interface and SSH login of the controller. However, it will not update the SSH login on every access points. This post provides a solution to change the SSH login for all the access points.

Continue reading “Changing Cisco Aironet 2800 SSH password on every AP”

2018-07-312019-08-08

VLAN config generation with Ruby for Cisco Catalyst 3750

VLAN configuration is very different between HP and Cisco switches. HP is VLAN centred and Cisco is based on physical port. While managing Cisco switches, using a script to generate the config may ease the task. This post proposes a simple script to generate the config.

Continue reading “VLAN config generation with Ruby for Cisco Catalyst 3750”

2018-07-302019-08-08

HP ProCurve Switch 5400zl timezone and daylight saving configuration in Sydney

Only two lines

time timezone 600
time daylight-time-rule user-defined begin-date 10/01 end-date 04/01

Continue reading “HP ProCurve Switch 5400zl timezone and daylight saving configuration in Sydney”

2018-07-302019-08-08

Cisco ASA timezone and daylight saving configuration in Sydney

Only two lines

clock timezone AEST 10
clock summer-time AEDT recurring 1 Sun Oct 2:00 1 Sun Apr 3:00

Continue reading “Cisco ASA timezone and daylight saving configuration in Sydney”