LAN (Local Area Network): Juni 2011

Selasa, 28 Juni 2011

IEEE-488

The IEEE-488 interface bus, also
known as the General Purpose Interface Bus "GPIB" is an 8 bit wide
byte serial, bit parallel interface system which incorporates:
5 control lines
3 handshake lines
8 bi-directional data lines.
The entire bus consists of 24 lines, with the remaining lines occupied by ground
wires. Additional features include: TTL logic levels (negative true logic), the
ability to communicate in a number of different language formats, and no minimum
operational transfer limit. The maximum data transfer rate is determined by a
number of factors, but is assumed to be 1Mb/s.
Devices exist on the bus in any one of 3 general forms:
1. Controller
2. Talker
3. Listener
A single device may incorporate all three options, although only one option may
be active at a time. The Controller makes the determination as to which device
becomes active on the bus. The GPIB can handle only 1 ‘active’
controller on the bus, although it may pass operation to another controller. Any
number of active listeners can exist on the bus with an active talker as long as
no more then 15 devices are connected to the bus.
The controller determines which devices become active by sending interface
messages over the bus to a particular instrument. Each individual device is
associated with a 5 bit BCD code which is unique to that device. By using this
code, the controller can coordinate the activities on the bus and the individual
devices can be made to talk, listen (un-talk, un-listen) as determined by the
controller. A controller can only select a particular function of a device, if
that function is incorporated within the device; for example a ‘listen’
only device can not be made to talk to the controller.
The Talker sends data to other devices.
The Listener receives the information from the Talker.
In addition to the 3 basic functions of the controller, talker, and listener
the system also incorporates a number of operational features, such as; serial
poll, parallel poll, secondary talk and listen addresses, remote/local
capability, and a device clear (trigger).
Device dependent messages are moved over the GPIB in conjunction with the
data byte transfer control lines. These three lines (DAV, NRFD, and NDAC) are
used to form a three wire ‘interlocking’ handshake which controls the
passage of data. The active talker would control the ‘DAV’ line
(Data Valid) and the listener(s) would control the ‘NRFD’ (Not Ready
For Data), and the ‘NDAC’ (Not Data Accepted) line.
In the steady state mode the talker will hold ‘DAV’ high (no data
available) while the listener would hold ‘NRFD’ high (ready for data)
and ‘NDAC’ low (no data accepted. After the talker placed data on the
bus it would then take ‘DAV’ low (data valid). The listener(s) would
then send ‘NRFD’ low and send ‘NDAC’ high (data accepted).
Before the talker lifts the data off the bus, ‘DAV’ will be taken high
signifying that data is no longer valid. If the ‘ATN’ line (attention)
is high while this process occurs the information is considered data ( a device
dependent message), but with the "ATN’ line low the information is
regarded as an interface message; such as listen, talk, un-listen or un-talk.
The other five lines on the bus (‘ATN’ included) are the bus
management lines. These lines enable the controller and other devices on the bus
to enable, interrupt, flag, and halt the operation of the bus.
All lines in the GPIB are tri-state except for ‘SQR’, ‘NRFD’,
and ‘NDAC’ which are open-collector. The standard bus termination is a
3K resistor connected to 5 volts in series with a 6.2K resistor to ground - all
values having a 5% tolerance.
The standard also allows for identification of the devices on the bus. Each
device should have a string of 1 or 2 letters placed some where on the body of
the device (near or on the GPIB connector). These letters signify the
capabilities of the device on the GPIB bus.
C Controller
T Talker
L Listener
AH Acceptor Handshake
SH Source Handshake
DC Device Clear
DT Device Trigger
RL Remote Local
PP Parallel Poll
TE Talker Extended
LE Listener Extended

Devices are connected together on the bus in a daisy chained fashion.
Normally the GPIB connector (after being connected
to the device with the male side) has an female interface so that another
connector may be attached to it. This allows the devices
to be daisy chained. Devices are connected together in either a Linear or Star
fashion.
Most devices operate either via front panel control or HPIB control (REMOTE).
While using the front Panel the device is in the Local state, when receiving
commands via the HPIB, the device is in the Remote state. The device is placed
in the Remote state when ever the System Controller is reset or powered on,; also,
when the system controller sends out an Abort message. In addition, if the
device is addressed, it then enters the Remote state.

DTE

Data terminal equipment (DTE) is a term or concept initially developed by IBM to refer to any device that converts information into signals for transmission purposes, or converts received signals to information. In other word, it is a device that is the source or sink of information. Although the term has been applied to multiple layers in the OSI Reference Model (OSI-RM), it is most commonly associated with the Physical Layer and associated with bit transmission.

Although it is possible for two DTE to be directly connected using a null modem cable, the term DTE is most commonly associated with data circuit-terminating equipment (DCE), and a DTE is typically connected to a DCE. The DCE is typically responsible for providing clocking for synchronization purposes, which introduces another defining characteristic of DTE: they typically are not capable of generating a clock signal.

There are many examples of equipment that would be considered DTE. In the age when communication with a minicomputer or mainframe was accomplished using a dumb terminal, the terminal was the DTE on the circuit connecting it to the computer or a terminal server or cluster controller. A computer with terminal emulation software and using the serial interface built into most computers can also be a DTE. Other examples of DTE include:
A computer connected to a modem that it is using for dial access to a network resource (e.g., the Internet)
A router connected to a DSU through which it is connected to a private line, or packet network service
A router or computer connected to an ISDN NT1 through which it is connected to a network resource (e.g., the Internet)

Sabtu, 18 Juni 2011

Computer networks have become the critical part of every business in the world

Computer networks have become the critical part of every business in the world. Networks use the communication devices such as hubs, switches and routers to better manage the traffic between nodes. Modern network use different kind of switching technology to benefit the network with more capacity, scalability, performance and speed. A switch is a centralized network communication device that is used to connect all the computers with each other. It uses to reduce the congestions in the networks and to increase the performance and capacity of the networks.

It can connect different types of the networks or the networks of the same type. Advanced switches offer the high speed links which are used to connect the different switches with each other. Switches determine the Ethernet and IP address of the computers and maintain the switching table.

Circuit Switching Technology

In the circuit switching, caller establishes the connection before making the call. All the network resources are fully allocated during the transmission. The path between the source and destination is determined by the circuit.

Virtual Circuit Packet Switching Technology

It is the combination of the circuit switching and datagram switching technology to make advantages of both technologies. It uses the traffic engineering features of the circuit switching and resources usage efficiency of the datagram packet switching technology.

Switching technology has always been evolved and a new generation known as optical switches is in place to provide the optimal performance, speed, scalability and efficiency to the networks.

In circuit switching, resources remain allocated during the full length of a communication, after a circuit is established and until the circuit is terminated and the allocated resources are freed. Resources remain allocated even if no data is flowing on a circuit, hereby wasting link capacity when a circuit does not carry as much traffic as the allocation permits. This is a major issue since frequencies (in FDM) or time slots (in TDM) are available in finite quantity on each link, and establishing a circuit consumes one of these frequencies or slots on each link of the circuit. As a result, establishing circuits for communications that carry less traffic than allocation permits can lead to resource exhaustion and network saturation, preventing further connections from being established. If no circuit can be established between a sender and a receiver because of a lack of resources, the connection is blocked.

A second characteristic of circuit switching is the time cost involved when establishing a connection. In a communication network, circuit-switched or not, nodes need to lookup in a forwarding table to determine on which link to send incoming data, and to actually send data from the input link to the output link. Performing a lookup in a forwarding table and sending the data on an incoming link is called forwarding. Building the forwarding tables is called routing. In circuit switching, routing must be performed for each communication, at circuit establishment time. During circuit establishment, the set of switches and links on the path between the sender and the receiver is determined and messages are exchanged on all the links between the two end hosts of the communication in order to make the resource allocation and build the routing tables. In circuit switching, forwarding tables are hardwired or implemented using fast hardware, making data forwarding at each switch almost instantaneous. Therefore, circuit switching is well suited for long-lasting connections where the initial circuit establishment time cost is balanced by the low forwarding time cost.

The circuit identifier (a range of frequencies in FDM or a time slot position in a TDM frame) is changed by each switch at forwarding time so that switches do not need to have a complete knowledge of all circuits established in the network but rather only local knowledge of available identifiers at a link. Using local identifiers instead of global identifiers for circuits also enables networks to handle a larger number of circuits.

Virtual circuit packet switching (VC-switching) is a packet switching technique which merges datagram packet switching and circuit switching to extract both of their advantages. VC-switching is a variation of datagram packet switching where packets flow on so-called logical circuits for which no physical resources like frequencies or time slots are allocated. Each packet carries a circuit identifier which is local to a link and updated by each switch on the path of the packet from its source to its destination. A virtual circuit is defined by the sequence of the mappings between a link taken by packets and the circuit identifier packets carry on this link. This sequence is set up at connection establishment time and identifiers are reclaimed during the circuit termination.

We have seen the trade-off between connection establishment and forwarding time costs that exists in circuit switching and datagram packet switching. In VC-switching, routing is performed at circuit establishment time to keep packet forwarding fast. Other advantages of VC-switching include the traffic engineering capability of circuit switching, and the resources usage efficiency of datagram packet switching. Nevertheless, a main issue of VC-Switched networks is the behavior on a topology change. As opposed to Datagram Packet Switched networks which automatically recompute routing tables on a topology change like a link failure, in VC-switching all virtual circuits that pass through a failed link are interrupted. Hence, rerouting in VC-switching relies on traffic engineering techniques.

In practice, major implementations of VC-switching are X.25 [70], Asynchronous Transfer Mode (ATM [6]) and Multiprotocol Label Switching (MPLS [50]). The Internet, today's most used computer network, is entirely built around the Internet Protocol (IP), which is responsible for routing packets from one host to another. Because of the central role of IP in the Internet, we now discuss how ATM and MPLS interact with IP.

You can use a network switching technology to provide LAN segmentation features. LAN switches can assist in increasing bandwidth availability for workstations because LAN switches support simultaneous switching of packets between the ports in the switch.

Rabu, 08 Juni 2011

types of Virtual LANs

There are the following types of Virtual LANs:
Port-Based VLAN: each physical switch port is configured with an access list specifying membership in a set of VLANs.
MAC-based VLAN: a switch is configured with an access list mapping individual MAC addresses to VLAN membership.
Protocol-based VLAN: a switch is configured with a list of mapping layer 3 protocol types to VLAN membership - thereby filtering IP traffic from nearby end-stations using a particular protocol such as IPX.
ATM VLAN - using LAN Emulation (LANE) protocol to map Ethernet packets into ATM cells and deliver them to their destination by converting an Ethernet MAC address into an ATM address.

The IEEE 802.1Q specification establishes a standard method for tagging Ethernet frames with VLAN membership information. The IEEE 802.1Q standard defines the operation of VLAN Bridges that permit the definition, operation and administration of Virtual LAN topologies within a Bridged LAN infrastructure. The 802.1Q standard is intended to address the problem of how to break large networks into smaller parts so broadcast and multicast traffic would not grab more bandwidth than necessary. The standard also helps provide a higher level of security between segments of internal networks.

The key for the IEEE 802.1Q to perform the above functions is in its tags. 802.1Q-compliant switch ports can be configured to transmit tagged or untagged frames. A tag field containing VLAN (and/or 802.1p priority) information can be inserted into an Ethernet frame. If a port has an 802.1Q-compliant device attached (such as another switch), these tagged frames can carry VLAN membership information between switches, thus letting a VLAN span multiple switches. However, it is important to ensure ports with non-802.1Q-compliant devices attached are configured to transmit untagged frames. Many NICs for PCs and printers are not 802.1Q-compliant. If they receive a tagged frame, they will not understand the VLAN tag and will drop the frame. Also, the maximum legal Ethernet frame size for tagged frames was increased in 802.1Q (and its companion, 802.3ac) from 1,518 to 1,522 bytes. This could cause network interface cards and older switches to drop tagged frames as "oversized."

A virtual area network (VAN)

A virtual area network (VAN) is a network on which users are enabled to share a more visual sense of community through high band-width connections. As conceived by PennWell Media Online, an online

directory for specialized networking products, a virtual area network is something like a metropolitan area network (MAN) or extended local areanetwork (LAN) in which all users can meet over high-bandwidth connections, enabling "face-to-face" online "coffeehouses," remote medical diagnosis and legal consultation, and online corporate or extracorporate workgroups, focus groups, and conferences. A VAN requires multi-megabyte data flow and can be implemented through the use of Asymmetric Digital Subscriber Line but more likely through the installation of cable modem. Since the high-bandwidth connections imply a common infrastructure, the first VANs are likely to be local or regional. However, a VAN can also be national or international in geographic scope, assuming all users share similar capabilities.

NetBIOS (Network Basic Input/Output System)

NetBIOS (Network Basic Input/Output System) is a program that allows applications on different computers to communicate within a local area network (LAN). It was created by IBM for its early PC Network, was adopted by Microsoft, and has since become a de facto industry standard. NetBIOS is used in Ethernet and Token Ring networks and, included as part of NetBIOS Extended User Interface (NetBEUI), in recent Microsoft Windows operating systems. It does
Learn More
Networking Resources
LANs (Local Area Networks)

not in itself support a routing mechanism so applications communicating on a wide area network (WAN) must use another "transport mechanism" (such as Transmission Control Protocol) rather than or in addition to NetBIOS.

NetBIOS frees the application from having to understand the details of the network, including error recovery (in session mode). A NetBIOS request is provided in the form of a Network Control Block (NCB) which, among other things, specifies a message location and the name of a destination.

NetBIOS provides the session and transport services described in the Open Systems Interconnection (OSI) model. However, it does not provide a standard frame or data format for transmission. A standard frame format is provided by NetBUI.

NetBIOS provides two communication modes: session or datagram. Session mode lets two computers establish a connection for a "conversation," allows larger messages to be handled, and provides error detection and recovery. Datagram mode is "connectionless" (each message is sent independently), messages must be smaller, and the application is responsible for error detection and recovery. Datagram mode also supports the broadcast of a message to every computer on the LAN.

10 Steps to a simple to use MikroTik Router Settings

10 Steps to a simple to use MikroTik Router Settings

PC Client -> Switch -> Router -> Internet

IP PUBLIC: x.y.z.pub/29
DNS: x.y.z.dns1 and x.y.z.dns2
Gateway: x.y.z.gw
LOCAL ROUTER IP address: 192.168.100.1/24
Client IP address: 192.168.100.2/24

Note: Adjust Hardware, IP Address, DNS, Gateway with your own

Hardware:
Router: RouterBoard 1000 (mikrotik v3, 19 Stable)

Switch : D-Link DES-3026 Ethernet Switch

PC Client : PowerBook G4

Setting ROUTER
1. Change the default password mikrotik
[Admin@titik.org]> / user set admin password = whatever '

2. Rename ethernet name:
[Admin@titik.org]> / interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU
Ether 1500 0 R ether1
1 ether2 ether 1500
2 ether3 ether 1500
Ether 1500 3 R ether4
[Admin@titik.org]> / interface set ether1 name = IP-LOCAL
[Admin@titik.org]> / interface set ether4 name = IP-PUBLIC
[Admin@titik.org]> / interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU
0 R IP-LOCAL ether 1500
1 ether2 ether 1500
2 ether3 ether 1500
IP 3 R 1500-PUBLIC ether

3. IP Address Setting
[Admin@titik.org]> / ip address add address = xyzpub/29 interface = IP-PUBLIC
[Admin@titik.org]> / ip address add address = 192.168.100.1/24 interface = IP-LOCAL
[Admin@titik.org]> / ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 xyzpub/29 xyz168 xyz175 IP-PUBLIC
1 192 168 100 255 192.168.100.1/24 192.168.100.0 IP-LOCAL

4. Gateway Settings
[Admin@titik.org]> / ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - OSPF, m - MME,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS pref-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE
Xyz168/29 xyzpub 0 0 ADC IP-PUBLIC
1 ADC 192.168.100.0/24 192.168.100.1 0 IP-LOCAL
[Admin@titik.org]> / ip route add dst-address = 0.0.0.0 / 0 gateway = xyzgw
[Admin@titik.org]> / ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - OSPF, m - MME,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS pref-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE
0 AS 0.0.0.0 / 0 reachable xyzgw 1 IP-PUBLIC
Xyz168/29 xyzpub 0 0 ADC IP-PUBLIC
1 ADC 192.168.100.0/24 192.168.100.1 0 IP-LOCAL

5. Gateway Ping Test
[Admin@titik.org]> / ping x.y.z.gw
x.y.z.gw 64 byte ping: ttl = 64 time = 1 ms
x.y.z.gw 64 byte ping: ttl = 64 time = 1 ms
x.y.z.gw 64 byte ping: ttl = 64 time = 1 ms
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min / avg / max = 1/1.0/1 ms

6. Setting DNS
[Admin@titik.org]> / ip dns print
primary-dns: 0.0.0.0
secondary-dns: 0.0.0.0
allow-remote-requests: no
max-udp-packet-size: 512
cache-size: 2048KiB
cache-max-ttl: 1W
cache-Used: 4KiB
[Admin@titik.org]> / ip dns set primary-dns = xyzdns1 secondary-dns = xyzdns2 allow-remote-requests = yes
[Admin@titik.org]> / ip dns print
primary-dns: x.y.z.dns1
secondary-dns: x.y.z.dns2
allow-remote-requests: yes
max-udp-packet-size: 512
cache-size: 2048KiB
cache-max-ttl: 1W
cache-Used: 10KiB

7. Test Connection to the Internet (eg ping yahoo.com)
[Admin@titik.org]> / ping yahoo.com
206.190.60.37 64 byte ping: ttl = 48 time = 300 ms
206.190.60.37 64 byte ping: ttl = 48 time = 299 ms
206.190.60.37 64 byte ping: ttl = 48 time = 316 ms
206.190.60.37 64 byte ping: ttl = 48 time = 316 ms
206.190.60.37 64 byte ping: ttl = 48 time = 311 ms
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min / avg / max = 299/308.4/316 ms

8. Settings for NAT (Network Address Translation)
[Admin@titik.org]> / ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
[Admin@titik.org]> / ip firewall nat add chain = srcnat src-address = 192.168.100.0/24 action = src-nat to-addresses = zyzpub
[Admin@titik.org]> / ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain = srcnat action = src-nat to-addresses = xyzpub src-address = 192.168.100.0/24

Setting PC CLIENT
9. Setting Client IP Address

IP Address: 192.168.100.2
Subnet: 255.255.255.0
Gateway: 192.168.100.1
DNS: 192.168.100.1

10. Test the connection by pinging the Router, Gateway, DNS and yahoo.com
- Ping Router
Perk1z: ~ $ ping 192.168.100.1 herman
PING 192.168.100.1 (192.168.100.1): 56 data bytes
64 bytes from 192.168.100.1: icmp_seq = 0 ttl = 64 time = 0360 ms
64 bytes from 192.168.100.1: icmp_seq = 1 ttl = 64 time = 0257 ms
64 bytes from 192.168.100.1: icmp_seq = 2 ttl = 64 time = 0254 ms
^ C
- 192.168.100.1 ping statistics -
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min / avg / max / stddev = 0.254/0.290/0.360/0.049 ms

- Ping Gateway
perk1z: ~ $ ping x.y.z.gw herman
PING x.y.z.gw (x.y.z.gw): 56 data bytes
64 bytes from xyzgw: icmp_seq = 0 ttl = 63 time = 1813 ms
64 bytes from xyzgw: icmp_seq = 1 ttl = 63 time = 1538 ms
64 bytes from xyzgw: icmp_seq = 2 ttl = 63 time = 1368 ms
^ C
- X.y.z.gw ping statistics -
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min / avg / max / stddev = 1.368/1.573/1.813/0.183 ms

- Ping DNS
perk1z: ~ $ ping x.y.z.dns1 herman
PING x.y.z.dns1 (x.y.z.dns1): 56 data bytes
64 bytes from xyzdns1: icmp_seq = 0 ttl = 62 time = 1437 ms
64 bytes from xyzdns1: icmp_seq = 1 ttl = 62 time = 3945 ms
64 bytes from xyzdns1: icmp_seq = 2 ttl = 62 time = 1576 ms
^ C
- X.y.z.dns1 ping statistics -
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min / avg / max / stddev = 1.437/2.319/3.945/1.151 ms

- Ping Yahoo
perk1z: ~ herman $ ping yahoo.com
PING yahoo.com (206.190.60.37): 56 data bytes
64 bytes from 206.190.60.37: icmp_seq = 0 ttl = 47 time = 303,308 ms
64 bytes from 206.190.60.37: icmp_seq = 1 ttl = 47 time = 309,105 ms
64 bytes from 206.190.60.37: icmp_seq = 2 ttl = 47 time = 306,238 ms
^ C
- Yahoo.com ping statistics -
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min / avg / max / stddev = 303.308/306.217/309.105/2.367 ms

Good luck and I hope useful

Cisco PIX Firewall configuration

This example shows how to interconnect remote offices uses IPSec VPN between Mikrotik RouterOS device and Cisco PIX Firewall or Cisco Router, running Cisco IOS. Also I show you how to provide Internet access for network using masquerade/PAT on Mikrotik RouterOS, Cisco PIX Firewall and Cisco Router, running Cisco IOS. Network topology is shown below. We would like to interconnect networks 172.22.1.1/24 and 172.22.2.1/24 using corresponding public addresses 1.0.0.2 and 2.0.0.2. Assume 1.0.0.1 is default gateway for router, running Mikrotik RouterOS and 2.0.0.1 is default gateway for router running Cisco IOS or Cisco PIX Firewall, running Cisco PIX OS. This configuration tested and works well with Mikrotik RouterOS 3.20, Cisco IOS 12.4(21) and 12.3(26) advanced security features set with encryption and PIX OS 6.3(5).

Cisco PIX Firewall configuration

I think this configuration is quiet clear because of detailed comments.

Cisco PIX Firewall
PIX Version 6.3(5)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
!
!--- Create access list that matches traffic that should be encrypted (traffic to RouterOS device)
access-list myacl permit ip 172.22.2.0 255.255.255.0 172.22.2.0 255.255.255.0
!
!--- Create access list that matches traffic that should not be NATed (traffic to RouterOS device)
access-list nonat permit ip 172.22.2.0 255.255.255.0 172.22.1.0 255.255.255.0
!
!--- Configuring NAT
ip address outside 2.0.0.2 255.255.255.252
ip address inside 172.22.2.1 255.255.255.0
!
global (outside) 1 2.0.0.2
!
!--- Do not make NAT for traffic to RouterOS device
nat (inside) 0 access-list nonat
nat (inside) 1 172.22.2.0 255.255.255.0 0 0
!
route outside 0.0.0.0 0.0.0.0 2.0.0.1 1
!
sysopt connection permit-ipsec
!
!--- Create IPsec transform set - transformations that should be applied to
!--- traffic - ESP encryption with DES and ESP authentication with SHA1
!--- This must match "/ip ipsec proposal"
crypto ipsec transform-set myset esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 1800
!
!--- Create crypto map that will use transform set "myset", use peer 1.0.0.2
!--- to establish SAs and encapsulate traffic and use access-list myacl to
!--- match traffic that should be encrypted
crypto map mymap 21 ipsec-isakmp
crypto map mymap 21 match address myacl
crypto map mymap 21 set peer 1.0.0.2
crypto map mymap 21 set transform-set myset
crypto map mymap interface outside
!
!--- Configure ISAKMP policy (phase1 config, must match configuration
!--- of "/ip ipsec peer" on RouterOS).
isakmp enable outside
!--- Add preshared key to be used when talking to RouterOS
isakmp key gvejimezyfopmekun address 1.0.0.2 netmask 255.255.255.255
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
: end

.::BY JUMBHO MY AT HOME IN THE JEPARA CITY OF BEAUTIFUL::.

LAN (Local Area Network)

Arsip Blog

Pengikut