{"id":565,"date":"2016-07-10T00:00:09","date_gmt":"2016-07-09T23:00:09","guid":{"rendered":"http:\/\/www.balajibandi.com\/?p=565"},"modified":"2017-10-12T07:18:50","modified_gmt":"2017-10-12T06:18:50","slug":"cisco-ios-router-as-a-ca-dns","status":"publish","type":"post","link":"https:\/\/www.balajibandi.com\/?p=565","title":{"rendered":"CISCO IOS Router as a CA \/ DNS"},"content":{"rendered":"

CISCO IOS Router as a CA \/DNS\u00a0<\/span><\/strong><\/span><\/h1>\n

 <\/p>\n

\"\"<\/p>\n

 <\/p>\n

Setting IOS router as DNS Server.<\/p>\n

First step is to enable the DNS service and domain lookup on the router:<\/p>\n

CA(config)#ip dns server<\/strong><\/p>\n

CA(config)#ip\u00a0\u00a0domain-lookup<\/strong><\/p>\n

CA(config)#ip domain name bbhome.local<\/strong><\/p>\n

CA(config)# ip name-server 192.168.1.254 ( my Local DSL Router GW IP)<\/strong><\/p>\n

CA(config)# ip name-server 8.8.8.8 ( google DNS if above server fails)<\/strong><\/p>\n

Testing :<\/p>\n

CA#ping yahoo.com
\nType escape sequence to abort.
\nSending 5, 100-byte ICMP Echos to 98.139.180.149, timeout is 2 seconds:
\n!!!!!
\nSuccess rate is 100 percent (5\/5), round-trip min\/avg\/max = 91\/104\/131 ms
\nCA#ping google.com
\nTranslating “google.com”…domain server (192.168.1.254) [OK]<\/p>\n

Type escape sequence to abort.
\nSending 5, 100-byte ICMP Echos to 216.58.206.78, timeout is 2 seconds:
\n!!!!!
\nSuccess rate is 100 percent (5\/5), round-trip min\/avg\/max = 11\/12\/14 ms<\/p>\n

Testing Local Hostname :<\/p>\n

I have setup a host ASAV11 with IP 192.168.1.249<\/p>\n

#ip host ASAV11..bbhome.local \u00a0192.168.1.249<\/strong><\/p>\n

testing<\/p>\n

CA#ping ASAv11.bbhome.local
\nType escape sequence to abort.
\nSending 5, 100-byte ICMP Echos to 192.168.1.249, timeout is 2 seconds:
\n!!!!!
\nSuccess rate is 100 percent (5\/5), round-trip min\/avg\/max = 10\/25\/54 ms<\/p>\n

Some of DNS Show commnads :<\/p>\n

CA#show ip dns primary<\/strong>
\nPrimary for zone bbhome.local:
\nSOA information:
\nZone primary (MNAME): ns1.bbhome.local
\nZone contact (RNAME): ns2.bbhome.local
\nRefresh (seconds): 21600
\nRetry (seconds): 900
\nExpire (seconds): 7776000
\nMinimum (seconds): 86400<\/p>\n

CA#show ip dns view<\/strong>
\nDNS View default parameters:
\nLogging is off
\nDNS Resolver settings:
\nDomain lookup is enabled
\nDefault domain name: bbhome.local
\nDomain search list: bbhome.local
\nLookup timeout: 3 seconds
\nLookup retries: 2
\nDomain name-servers:<\/strong>
\n 192.168.1.254<\/strong>
\n 8.8.8.8<\/strong>
\nResolver source interface: GigabitEthernet0\/0
\nDNS Server settings:
\nForwarding of queries is enabled
\nForwarder timeout: 3 seconds
\nForwarder retries: 2
\nForwarder addresses:<\/p>\n

CA#show ip dns statistics<\/strong>
\nDNS requests received = 12 ( 12 + 0 ) \u00a0 \u00a0<– you can see 12 requests<\/strong>
\nDNS requests dropped = 0 ( 0 + 0 )
\nDNS responses replied = 0 ( 0 + 0 )<\/p>\n

Forwarder queue statistics:
\nCurrent size = 0
\nMaximum size = 0
\nDrops = 0<\/p>\n

Configuring myPC with new DNS Server ( IOS router)<\/p>\n

\"\"<\/p>\n

Nslookup for yahoo.com, works<\/strong><\/p>\n

\"\"<\/p>\n

checking local hostname query for ASAv11.bbhome.local<\/strong><\/p>\n

\"\"<\/p>\n

 <\/p>\n

 <\/p>\n

Router check DNS Queries :<\/p>\n

 <\/p>\n

\"\"<\/p>\n

 <\/p>\n

Looks good, Next Setup CA Server for Local Certificate authority.<\/p>\n

Requirements<\/strong><\/h3>\n

Plan Your PKI Before You Configure the Certificate Server<\/b><\/p>\n

Before you configure a Cisco IOS certificate server, it is important that you have planned for and chosen appropriate values for the settings you intend to use within your PKI (such as certificate lifetimes and certificate revocation list (CRL) lifetimes). After the settings are configured in the certificate server and certificates are granted, settings cannot be changed without having to reconfigure the certificate server and re-enrolling the peers.<\/p>\n

Enable the HTTP Server<\/b><\/p>\n

\"\"<\/p>\n

Configuring CA Server :<\/p>\n

\"\"<\/p>\n

You can verify the certificate stored in NVRAM<\/p>\n

 <\/p>\n

\"\"<\/p>\n

Check CA Server running<\/strong><\/p>\n

\"\"<\/p>\n

Check Certification Validation :<\/strong><\/p>\n

\"\"<\/p>\n

As of now the Certificate Server Grant mode manual, iam going to set that as Auto, so certificates can be enrolled automatically.<\/p>\n

\"\"<\/p>\n

Now CA Server up and running. We use CA Server as PKI for device authentication in the coming LABS.<\/p>\n

Happy Labinggggggg !<\/p>\n","protected":false},"excerpt":{"rendered":"

CISCO IOS Router as a CA \/DNS\u00a0     Setting IOS router as DNS Server. First step is to enable the DNS service and domain lookup on the router: CA(config)#ip dns server CA(config)#ip\u00a0\u00a0domain-lookup CA(config)#ip domain name bbhome.local CA(config)# ip name-server 192.168.1.254 ( my Local DSL Router GW IP) CA(config)# ip name-server 8.8.8.8 ( google DNS […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,2,6],"tags":[],"class_list":["post-565","post","type-post","status-publish","format-standard","hentry","category-ccie-sec","category-cisco","category-security"],"_links":{"self":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/565","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=565"}],"version-history":[{"count":6,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/565\/revisions"}],"predecessor-version":[{"id":600,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/565\/revisions\/600"}],"wp:attachment":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=565"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=565"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=565"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}