Best way to configure IPSEC between selected servers and clients

Similar Messages

• Best way to configure a network comprising WLSE and many APs ?

  Hi the Cisco NetPro community,
  I would like to have a discussion with you on the best way to configure a network containing a WLSE and a large amount of Access Points.
  The network I want to configure comprises some subnetnorks, each comprising about 10 access points (with some advanced settings for security). It might be a quite long and boring process to set the configuration for all those, so I am looking for the quickest and easiest solution to do so.
  First of all, the configuration of IP addresses have to be done on each Access Point after unpacking it. The configuration of my network comprises 1 WDS active AP, 1 WDS backup AP and the rest of infrastructure APs, that for each developement site.
  I thought about several solutions :
  - 1st solution could be to apply a configuration file (i.e. load the config.txt file) to each AP manually, changing some values (IP, local radius...).
  But problem is that passwords can't be changed with text editor because of the passwords written in "hash".
  - 2nd solution could be to configure each AP (after IP is set) using its web interface.
  No more problem for hash written passwords, but this method is quite boring when surfing on menu pages of the AP web interface...
  - 3rd solution, which could appear as the best solution, is to create a template on the WLSE, and to apply it to all APs.
  No more boring connection to each AP, but problem are : we need to create as many templates as APs (or change some parameters each time), and we still need to set parameters directly to APs before (SNMP, SSH, WDS configuration...), in order the WLSE to manage the APs.
  So, what do you think could be the best solution in order to deploy such a network with many APs ?
  How is it possible to avoid (so far as we can) the configuration of APs one by one ?
  Thanks a lot in advance for your consideration and your ideas !
  Alexis.

  Well for one of my clients that had over 60 sites, we actually created a couple of templates. We created a basic template and a template for each site. You can have the ap's obtain the configuration from the WLSE, but you need to configure a DHCP option. My client did mac address reservations, but of course you need the mac address first. I guess you can also let the ap get an address and change it later. They tried doing different things, first let the ap obtain a default config and then pushing out the configuration for that site.
  As for the hash, you can set the password in ascii... when you do a show run, then of cours it will be hash'd.
  http://www.cisco.com/en/US/docs/wireless/wlse/2.12/user/guide/deploywz.html#wp1936755

• Best way to warp stabilize between premiere cs6 and AE cs6

  I have a sequence with many clips, some with different speed (warp stabilizer doesn't work with speed in premiere CS6) whats the best way to stabilize these videos that are in different speeds?
  Another question, in CS 5.5 I used the warp stabilizer in 1080P clips on a 720p composition (with fit to composition) this way I warp stabilizer could zoom/crop the video without loosing quality. Now premiere CS6 has warp stabilizer but I can use a 720P sequence with a 1080p video, warp stabilizer won't accept it.So whats the best way to do this in premiere CS6? (to get 1080p video stabilized in 720p sequence) or I can just stabilize in 1080p and export the final video to 720p and I will have the same quality?
  Thanks

  You can make a new sequence from that 1080p file, stabilize it, nest it, then copy and paste it into your 720p project. This way you won't need to export it beforehand.
  I notice this topic is old, but it may help someone.
  Best,
  Bogdan

• Best way to encrypt sockets between two servers

  Yellow, Im developing 2 server, both of them are in different places, they need to talk with each other. What do you recomend to encrypt theyr messages ? SSL ? Is there any way to identify Server A is really server A and he wants to start talking with server B and vice versa, no passwords are required here, is this possible ?

  Hi,
  You can use SSL with client authentication. With this approach, the server that is the current client (even though they are both servers, one will act as a client) can verify the server certificate of the other, it can then send a client certificate to the the server so that it is able to authenticate it.
  Cheers,
  Shane

• Best way to configure wireless network using AE and TC

  I am trying to tweek my wireless network so that it works a lot better/faster. Our house is two stories and is built of concrete so wireless signal does not transmit all that far. I currently possess a 2TB Time Capsule, one Airport Extreme and two Airport Express. I have recently been using the TC as the main base station and have it connected by ethernet cable to the port in the wall. I then expand the network through the 2 Express. I have available bandwidth of 16mbps but when working wirelessly the  best I seem to get is between 2 & 3mbps (download speed).
  I get signal but when looking through my set up manual I see that I should have a modem somewhere in this setup. I had thought that the TC acted as the modem but am I wrong?
  Would I be better to use the Extreme as the base station and boost the signal with the TC and the Express?
  Any suggestions gratefully received!

  Hi Tesserax, well I need help again. Here is my latest problem. I am still trying to sort out the internet connection in the bedroom. I am using an Airport Extreme as the base station, connecting it by ethernet to the wall socket and telling it to create a wireless network and put it in bridge mode.
  Result: I can see the AEBS in airport utilities and have plenty of signal but cannot actually get any connection to the internet. I know the cable works as I have been connecting it directly to the computer and have no problems.
  Also I have looked at my Settings - Network and I am showing that I have the following airport connection
  ThomsonBA55BD is connected to Lucy's Network and has the IP address 10.0.1.6
  I have no idea whose this connection is and thought it was maybe a connection from next door but it seems that I am showing this even when i am wirelessly connected downstairs. Not sure if it has always said this as can't remember when I last looked.
  Anyway, I am very frustrated as the bedroom connection used to work as described above until I started messing with it

• Best way to configure search toplogoy for multiple servers farm??

  Hi,
  My farm environment is 2 WFE and 2 App servers. Right now i am trying to configure Search Topology. what will be the best way to configure the search topology for this farm, so that query and crawling will be working perfectly. one thing i noticed with my
  previous search application Crawl DB had grown 140 GB, i dont know why it happened. please look at the following screen shot, this the current topology but i want to distribute component to different server.
  Any help will be appreciated!!

  The best topology depends on whether you want it to be fault tolerant or not. For a fault tolerant design with this number of servers I normally create two Index Partitions 0 and 1 with each on one of the App servers.  I then create Replicas of each
  partition on the front end servers. I then put the query role on both web fronts ends and the crawl role on both Ap servers.  So I end up with the following:
  FE1 = Index Replica 0 + Query
  FE2 = Index Replica 1 + Query
  Ap1 = Index 0 + Crawl
  Ap2 = Index 1 + Crawl
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• What is the best way to configure password in Cisco IOS?

  I am running IOS 15.2(4) on a 1921 Router
  What is the best way to configure the password for the router?  I have already tried once and managed to lock myself out of another switch.  I would like to use the most secure method which encrypts the password.
  Current Config:
  username admin privilege 15 password 0 cisco123

  Cisco IOS will not let me use a type 5 password.  This is the error message I receive: 
  ERROR: The secret you entered is not a valid encrypted secret.
  To enter an UNENCRYPTED secret, do not specify type 5 encryption.
  When you properly enter an UNENCRYPTED secret, it will be encrypted.
  I tried generating an MD5 hash and inputting that in and that did not work either.  When I do not specify type 5 it will default to using an encrypted type 4 password.
  Also, what is the difference between these two enable secret commands?
  enable secret 5 password
  username admin privilege 15 secret 5 password 

• Best way to configure and connect two 4500 switches

  I have a  core 4507r+e in our production environment. We just acquired a 4500r and I would like to use it a distribution switch. What’s the best way to configure the new 4500r switch to connect to the core 4500 switch?

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  BTW, when you link your core to your distribution, the connecting link can be L2, L3 or both.
  What I wanted to bring to your attention, 4500s can often easily oversubscribe some of their ports.  Much depends on the sup and line cards being used.  When you want to interconnect a core and distribution, you don't want to use a port that's something like 8:1 oversubscribed.  (Further, if you're doing mostly L2, and all traffic L3 has to go to the core, depending on you traffic flows, a single link might have insufficient bandwidth.)
  Also from core to distribution, if possible, it's good to avoid single points of failure.  So if you only have one link between them, that link's transceivers (if used), the ports connected to, the line card connected to, are all single points of failure.  (Of course, with only single sups in each chassis, that too is a single point of failure.  From what you've described, from a performance and redundancy standpoint, you might actually be better off using a 4510R, with your two sups [if same model] and line cards - creating a collapsed core/distribution.)

• What is the "best" way to configure iTunes on an iMac with personal user acounts so each user can access the media library but sync devices on their personal user account?

  I am trying to determine the best way to set up our imac so each user account can access the same media (songs, movies etc.) through itunes and also back up and manage their personal devices under their own personal user account.  There are 4 users on our iMac.  Me, my wife, and our 2 children.  We have built an extensive library of music/media together using the same iTunes store account.  I would like to establish a seperate apple id and iTunes store account for each of us going forward but have the ability for each of us to share our purchases.  What is the best way to configure our system and devices in order to allow shared access to media and at the same time allow for individual management of devices including contacts, apps, photos, etc. Please help, I would like to do this once!
  Thank you in advance! 

  OK, seeing as no-one replied (presumably because a lot of this information is on the forums in bits elsewhere) here's how I've got on so far.
  Applications - just went through them.  About the only one I needed was my media server app.  Just downloaded and re-installed, had a quick look back though my email to find the license key and it all went on fine.  Installation never seemed quite right on my old machine so solved that problem too. 
  Movies - New iMovies just copied across the clips and projects into their respective folders.  Seems to have worked but haven't checked it all that thoroughly.  Some duplicate footage here but I can trim this out at some point when I get a chance to go through here. 
  Documents - Just copied these across. 
  Photos - used an app called iPhoto Library Manager.  You can download for free but have to pay to use the part that consolidates your libraries.  Possibly if I was willing to spend a bit more time I could have got away without using this but given I didn't know the state of my different libraries and just how many duplicates I had this was too much of a convenience to ignore.  Also got my library into a state where I can now spend a few hours organising it a bit better with Faces / Events etc. 
  Not attempted Music or iPhone sync yet as been stuck trying to solve a problem with my power adapter. 

• Best way to transfer video between iphone and mac wirelessly?

  Please suggest me the best way to transfer files between mac and iphone wirelessly.Mainly for videos.

  If you want to transfer photos and videos from the Mac to the iPhone (but not in the other direction) you can use iTunes and sync via wi-fi: http://support.apple.com/kb/HT1386
  If you want to wirelessly tranfer videos in the other direction you may want to look into a 3rd party app such as http://www.photosync-app.com Note that I have not used that app so be sure to investigate others as well.

• Best Way to Configure Multi-boot System With GRUB/GRUB2

  Hello again,
  Sorry for posting so much, but I'm really enjoying Arch so far! I had been reading a lot about Cinnamon so I wanted to try it (without installing the dependencies on my Arch installation), so I decided to install Mint, that went fine, and then I was hoping to add the entry to GRUB. I couldn't figure out how to do this, so I decided to try and install GRUB2 because it can autodetect other OS'. Well it didn't work and then I found myself without a bootloader. I couldn't figure out how to reinstall grub to the MBR (I tried the solution in the wiki and a couple of other places). I decided to reinstall Mint, and now I am booting into Arch through Mint's GRUB2. Two questions:
  1) How can I fix grub through Arch to have that as my bootloader again? Nothing seems to work that I've tried.
  2) What is the best way to configure grub or grub2 from Arch to allow myself options to multiboot other OS's in the future? I want to learn as much about UNIX as possible so I was planning on installing some other Linux distros and some other non-Linux UNIX OS's. I know this is a really newbie question, but I'm at a loss, I thought it was easier than it turned out.
  PS. I didn't really like Cinnamon that much. I've been using Xfce and Openbox since I started using Linux (about a month ago), and it just seems too complicated! I don't like how little options you are given for customization. But that's just my opinion, everyone is different, I can see how it would be an improvement over GNOME3.
  Thank You!

  I have Arch Linux and Debian Testing installed side by side on my laptop.
  Arch uses Grub (legacy) and Debian uses Grub2. The way I have set it up is to have Arch's Grub on the MBR and then chainload Debian's Grub2 from there.
  Debian's Grub2 is installed on its own partition rather than on the MBR
  This is the line I use to chainload Grub2 from Grub (legacy)
  # (4) Debian chainload
  title Debian chainload
  root (hdX,X)
  chainloader +1
  Additionally just for kicks, I also have an entry in Grub2 to get back to Grub.
  menuentry "Arch Linux chainload" {
  insmod part_msdos
  insmod ext2
  set root='(hd0)'
  chainloader +1
  boot
  Note that the (hd0) above always points to the MBR.
  I do not have to bother with one bootloader interfering with the other and the OS entries on each are handled separately on their own.
  This setup has worked well for me for quite a while now. Before I started with Arch, I used a similar setup when I tried out various distros (Fedora,opensuse,etc.) alongside Ubuntu
  Hope it helps !

• Best way to transfer data between loops?

  Hi, whats the best way to transfer data between loops(state machines, regular while loop etc) in labview. For so many years ive been using local variables but these can cause race conditions. Anyone advise?
  Stu

  It depends one the structure of the loops and how they need to exchange data (unidirectional, bidirectional, broadcasting).
  The simple case of one loop passing data to the other loop: producer/consumer design pattern using a queue
  If the structure already contains an event structure: User Events
  The way I code is documented in my community nugget on events
  I often mix this with producer/consumer.
  Felix
  www.aescusoft.de
  My latest community nugget on producer/consumer design
  My current blog: A journey through uml

• Best way to transfer data between iMac early 2006 and iMac late 2012

  What is the best way to transfer data between iMac early 2006 and iMac late 2012?

  HI, is this for Migrating all data ove, or just File Sharing?
  What OSX version is in he older one?
  Do you have any backup external drive for the older one?

• What is the best way to configure storage device for rac?

  Hi
  On my disk array i have 7mirors and two conroler, what is the best way to configure environment?
  My application is OLTP, it runs 6-20 o clocj, so i can do backup when nobady work
  Database 10g r2, Windows 2003 enterpise
  for examlep
  First controler
  disks 1-5 DATA
  second cotnroler
  disks 6-7 FLASH
  or meyby share one disk on DATA and FLASH?
  Thanks in advice

  The best is you use ASM (maybe you do it already) and put one failure group on the first disk array and the second failure group on the second array. Then you can ASM let do the work.
  Werner

• Best way to configure "announcement only" mailbox

  We have a client with 2951 router with Cisco CME v8.x.  They need to have their receptionist be able to call in and change the school information message from an external number.  They told me that they used to be able to dial in on the main number and then push 1 to dial by extension. When they called into that extension they could push * and get into the mailbox and then access the prompt customization part of the AvT.  That isn't working and doesn't really make sense to me.  I have tried to dial by extension and dial the AvT extension and it says invalid number.  If I make the voicemail box for the extension in question an "announcement only" they cannot push * and change the greeting.  Is there a best way to configure this senario to make it easy for the receptionist to change the school information announcement from an external number?  Any help would be greatly appreciated!

  Its been a while I did this but if I remember correctly, need dial the pilot number to access the mailbox. So when your client dials the main number, after that dial the voicemail pilot number, then enter the user ID as mailbox of announcement only, it should then give you the options to record the greeting.
  I have dismantled my lab temporarily due to some renovation otherwise I would have quickly confirmed for you from there...but do try above and let us know how you go...
  -Terry