VMware, 5.5

Install VMware ESXi 5.5

The Subject that i should write about long time ago
i show in my earlier blog How to Debloy CUCM in ESXI Now i will show you how to install that VMWare ESXi from the scratch
so first you need to have a CD of the ESXi which can be downloaded from their web site
https://my.vmware.com/web/vmware/details?productId=352&downloadGroup=ESXI550

Then Burn that ESXi image to CD and inseart in the Machine and it will start loading1

2
Then it will appear a welcome message Just Press (Enter) Continue3
it will Ask you to Accept the End User License Agreement (EULA)4
it will start to Scan the Devices in your system5
Then Press (Enter) Continue to choose the Desk you need to install the ESXi on6
Then Choose the Language and Press (Enter) Continue7
it will prompt  you for Password
type your password and confirm it8
now Just press (F11) Install to start the installation
10
And it will start 11
Now your CD Room will eject and will ask you to Reboot the System so
Press (Enter) Reboot12
The System will reboot and will come up Again13

14
and finally your machine is up and you can see the http://0.0.0.0
so you need to configure your IP Address15
Press (F2) to configure your Machine16
it will ask you for the password that you earlier configured17
now go to (Configure Management Network) 18
then go to IP Configuration19
Select to Set Static IP Address
and fill the Filed
i Choose 192.168.208.209 as my ESXi IP Address
and press OK to confirm
1
now when you go back it will ask you to restart the Management Network
just press (Y) Yes
21
just to make sure an extra step try to test the reachability
go to Test management Network22
fill the Address that you want to ping
im trying to ping 192.168.208.1 which is my Gateway
and Press (Enter)OK
2
and it ping went smoothly
3
now let me go to VMware vSphere Client and put the IP Address of my ESXi and the name and Password of my ESXi and press Login
4
Click Ignore for the Certificate5
And here is my Lovely Machine 6.PNG

And here to a new road of technology

;D

Standard
Conference

Conference Now

CUCM 11 New Feature
replacing the present Meet-Me feature
well let me tell you, finally i got the approval from Management to upgrade our CUCM and since then i have to read alot to see which new feature i have and one of the newest is Conference Now
i show you earlier how to configure Meet-Me Conference so today i will show how to configure the Replacement for that feature, and You can now set a PIN to the Meet-Me feature, making it more secure Similar to Webex
So i Download CUCM 11 ISO File and i will configure this in the 60 Days Demo License
and as you can see the home page look different
a
Login with my Username and passwordb
and here show the System is operation on demo license
don’t worry about it
the feature will work on it
1
First go to Call Routing Tab – Conference Now2
Enter the Conference Now Number3
Then go to Media Resource – Interactive Voice Responses4
Make Sure the IVR is registered to the CUCM5
i will Change the Device Pool and Location to my Site (Jamjoom)6
Now go to Media Resource – Announcement 7
Here i can check the All the Default Announcement and as you see the First couple of Announcement is belong to Conference Now Feature and i could change it too for a custom recording 8
Now go to User Management – User/Phone Add – Feature Group Template9in the Default Group Template select the Box – Enable End User to host Conference Now10
now go to Configure End User under User Management Tab11
Configure the Self-Service User ID for the End User12
Select the Primary Extension13
The Last Most Important Step is to Enable the Box under Conference Now and make sure the Meeting Number is the same as the Self-Service user ID
and to make sure your Conference is Secure configure the Attendees Access Code14
like that your configuration is Complete
to check the number allowed for Conference is the same like Meet-me feature
go to Service parameter – Choose the server and Call Manager service15
and As you see you can Adjust everything here16

Now lets Check the Video for testing the Conference Now Feature

 

Standard
Conference

Video Conference

This is the Cisco IP Phone Biggest Feature of all

Video Conference is one of the Major thing in Business were Some Employee reside in another City and you can save time and Money with Video Conference and for Some Business an MCU is not an Option.

The Best thing for it to work You don’t need TelePresence or Meeting Server, All what you need is a PVDM3 Modules weather it  PVDM 3-128 or PVDM 3-265 in your Router and Configure the Conference in the IOS Similar like you do the Normal Conference i already Explain it in an Earlier Blog

I will be configuring Video Conferencing for Cisco 8941 IP Phone and 2 of 9971 IP Phones.

So Let Start Configure the IOS

first i Set the DSP reservation for voice related services Integer is a percentage which is 60 in this Example, That Leave me with 40% to video resources

1

Then Configure the Video Conference Profile

Its Important to  Define the conference-participants parameters and Maximum Sessions so I Define how Many Parties Per Conference and I define Also the maximum sessions

3

Now the SCCP Configuration Part

i Define my Call Manager

2

and here i Associate the Video Conference Profile to the SCCP Group

4

Now the CUCM Part

Go to the Media Resource – Conference Bridge – Add New

5

Then  Go to Media Resource – Media Resource Group – Add new and Select the Video Conference Resource that you Just Configure

6

Then  Go to Media Resource – Media Resource Group List – Add New and Select the Media Resource group

11

Finally Assign the Media Resources Group List to the Device Pool

12

Now make a Call to from Phone A (7156) to Phone B (4119) then i Add by Using the Conference Button https://i2.wp.com/www.cisco.com/c/dam/en/us/td/i/200001-300000/250001-260000/255001-256000/255303.eps/_jcr_content/renditions/255303.jpg and Add Phone C (2131) and Press the Softkey Conference and Just Like that you have a Video Conference

you can watch the Video in this Link
or you can see it in the video below

Note. Cisco release a Feature Deprecation Announcement for Video Conferencing and Transcoding Using PVDM3 on ISR G2 Product Bulletin Feature Deprecation Announcement for Video Conferencing and Transcoding Using PVDM3 on ISR G2 Product Bulletin were saying “This feature will be disabled with Cisco IOS Software Release 15.5(3)M” so in case you want to use it Youre going to have to roll back to an older release.

Standard
Conference

Ad Hoc Conferencing

Conference Cant get Any Easier  ;D

I already explain in earlier blog the other Conference Feature Meet-me and in my Believe Ad-Hoc is the Advanced feature of Conferencing

in Ad-Hoc the Initiator of the Conference which is the Controller would have the  ability to view the List of the Other Parties, to Remove Some of the Parties. Also you can provide this  Feature to the other parties to have same capabilities of the controller

First just like Meet-Me you need to have conference resources available on you router before you can use any conference features i already explain how to configure a Conference Bridge in earlier Blog Media Resource Group

no other configuration needed

so to start conference first i will go to My Cisco 8941 phone and Make call for the First Parties which in my example is extension 7188

Untitled

After the first parties answer then I Press the Conference Button

Conference Button.png

on the 8941 and Call Second Parties extension number 9059

IMG_6697

IMG_6702

After 9059 answer then press Conference Softkeys to Add him to  the Conference

IMG_6705

And it’s now everyone join the  Conference and you can add as many user that your Conference Resource can support

You can view the List of Parties by press View Detail Softkey

IMG_6707

Detail

Also you can select a user and remove him from the Conference

IMG_6709.JPG

its a really great feature and user will not have to go through System Administrator to ask for a Number to call like Meet-me Conference were you need it

to adjust your conference to protect your self from toll fraud you can configure the call to be terminated once the controller drop the call

Go to System – Service Parameter – Select the Server and Choose the service (Cisco CallManager ) then go to Clusterwide Parameters (Feature – Conference)

Drop Ad Hoc Conference : When Conference Controller Leaves

10

Also if i want to other Parties non-Controller to View List of Conference parties and Remove other Parties i will go to System – Service Parameter – Select the Server and Choose the service (Cisco CallManager ) then go to Clusterwide Parameters (Feature – Conference)

Advanced Ad Hoc Conference Enabled : True

20

Also you can increase number of Parties to join conference, the default value for this Clusterwide Service Parameter is 4.

;D

Standard
Conference

Meet-Me Conference

So i got request from one of the Top Manager in Jaguar Land Rover to have a way to make a conference in his phone for Daily basis

will conferencing one of the most important things in any Enterprise this days,  it save traveling and timing and get to the point ASAP.
Cisco made the implementation of conference easier with Meet-Me Conference so let me guide what you will do when a user Ask you to get to a meeting

So lets go to the Configuration part

First requirement is to have conference resources available on you router before you can use any conference features i already explain how to configure a Conference Bridge in earlier Blog Media Resource group

so after that go a head to Call Routing – Meet-Me Number/Pattern – Add New
Choose a unique Number Ex.: 9876 and partition

1
in case you have a custom Softkey template Then Add the Meet-Me Softkey to the Off-Hook state
(another option is to configure the Meet-me as a button)
Go to Device – Device Settings – Softkey Template – Add new
i named it (Meet-Me)
2
Then Go to on the right corner to Configure Softkey Layout
then select the state Off-Hook from drop down
and Move the Meet-me to the Selected Softkeys and Save
3
Now go to the phone were  you need to initiate the Meeting and Assign the New Softkey template to it which we configure
4So to Procedure
go to the Phone to initiate the Meeting
while the phone in  off hook state press softkey meet-me and press the Number which we configure earlier 9876 which is Meet-me Directory number
IMG_6689
After that put the Meet Me unique number 9876IMG_6690
and Like that you enter the Conference RoomIMG_6691
now go the other Parties and Let them just call 9876 simply like they dial any directory number
2.JPG
and Walla they Enter to the Conference Room3.JPG

and that’s a wrap

**the meet me can hold as many Parties as your resource can support**

Standard
Palo Alto

Palo Alto Site-to-Site VPN

OMG one of the best last moment for me in 2018 was last October when me and the Crew attend GITEX the world of technology in Dubai (United Arab of Emirate)

1

IT’S THE BIGGEST & BOLDEST TECH SHOW IN MENA & SOUTH ASIA

attendees from 120+ countries and global media outlets in unpacking the big conversations and latest solutions around AI, blockchain, robotics, cloud and other mega trends, as GITEX takes you on a multi-sensory experience of Future Urbanism across 21 halls with 4,000 exhibitors across 24 sectors.

and here im going to tell you my new article

So Let me tell you, in my years in network i have never implemented a Site-to-Site VPN and i mean never ever in any product wither Cisco, Juniper or Palo Alto

so i spend reading the Last Couple of days reading and study about it and Thanks to My Mentor Mr.Keith barker from CBT Nugget https://www.cbtnuggets.com/trainers/keith-barker he Got His own way to Make the most Difficult thing Easier than you can imagine.

you can find his Palo Alto video in this Link https://www.cbtnuggets.com/it-training/palo-alto-networks-firewall

So Let’s Start, i have 2 Site

One with Palo Alto VM Machine and the Second Site i have Cisco Router 2811

I put Simple IKE Phase 1 and Phase 2

IKE 1

DH Group: group1

Encryption: aes128

Authentication: sha1

Lifetime: 5 Minute (300 seconds)

IKE 2

IPSEC Protocol: ESP

DH Group: group1

Encryption: aes128

Authentication: sha1

Lifetime: 5 Minute (300 seconds)

So First Create a VPN Zone Like i Show you in the First Blog

go to Network – Zones – Add new

999.png

Then create the tunnel interface

Go to Network – Interface – Select the Tunnel tab – Add new

I Choose number 1 and i have one virtual Router and Select the Zone (VPN)

1

Give the Tunnel an IP Address under the IPV4 tab (10.1.1.40)2

Now Lets Create the Phase 1

go to Network – Network profile – IKE Crypto – Add new

i Configure it as my scenario

DH Group: group1

Encryption: aes128

Authentication: sha1

Lifetime: 5 Minute (300 seconds)

3

After that i create the IKE Gateway

Go to Network – Network profile – IKE Gateways – Add new

Select the WAN interface and Choose static for my Peer since  i know the IP Address and Put the Pre-shared Key (ccieroot)

4

go to Advanced tab to Select th IKE Crypto profile and Choose the IKE Crypto for IKE1 i Created Earlier5

Now to IKE2 Configuration

Go to Network –  Network profile – IPSec Crypto – Add new

and Same like IKE1 we will follow out Scenario

IPSEC Protocol: ESP

DH Group: group1

Encryption: aes128

Authentication: sha1

Lifetime: 5 Minute (300 seconds)

6

After that i will Configure the IPSec Tunnel

Go to Network – IPSec tunnel – Add new

Select the Tunnel interface, IKE Gateway and IPSec Crypto profile7

Now i Create a Static Route to Site 2 LAN

Go to Network – Virtual Router – Select Our Router – Edit – Static Route Tab – Add new

type the Destination of Site2 LAN and Select your Tunnel 1 and Type Site2 Tunnel Interface IP Address as My Next hop

8

Last Part of Palo Alto is to Configure Security Policy Rule

Go to Policies – Security – Add new Choose a name and Rule type Universal also Interzone could work8a

Choose Source as the Tunnel Interface Zone which was (VPN) Zone8b

Select my Destination As (LAN) so Ping from Site2 to me Work Perfectly8c

and Choose Action as Allow

22

Again do the Same to My Palo Alto user in Site1 to Allow their Ping to Reach Site2

19

Source as LAN

20

Destination As VPN21

Now if you go to Network Tab – IPSec tunnel you will See the Status is (RED)9

So Lets Start now in Cisco Side To Turn that light Off

First i Configure my Public Interface which Happen to be My FastEthernet  0/0 and My Loopback which my Internal Network

10

Next i Configure my IKE Phase 1 which Same Configuration to IKE1 in Palo Alto

Dont get scare if  you show Run and you Don’t See group1 in the Configuration ;D

11

and Configure the Key Password and my Peer Address12

After that i Configure my IKE Phase 213

and Configure my IPSec Profile14

Then i Configure my Tunnel Interface15

and Last but not Least i Configure my Route to Site 1 LAN16

and now when i get back to my Palo Alto i see the Status turn Green17

Also you can check the status on the Router

900

Now i ping from my Router to Palo Alto LAN Interface and it’s Work Perfectly

18

i Also Login by my PC and i Ping the loopback and ti work perfectly23

;D

Standard
Palo Alto

Palo Alto Captive Portal

Well let me tell you what happen this week
I saw one of our work mate login in his private Laptop to internet and download is so high and his user don’t show in the monitor page.

So there is a feature available in hotel and Internet Cafe and its a great feature to control who is going and coming and sometimes to which website
This Feature Called Captive portal

let me guide you in the configuration
the requirement 1, 2 & 3 available in earlier blog you can click in each component and it direct you to the page
1-LDAP
2-Authentication Profile
3-Certificate
4-Certificate Profile
5-Enable Captive Portal
6-Captive portal policies

So start from Step 4 to create a certificate profile
Go to Device – Certificate Management – Certificate profile – +
Choose Name and Select the User Domain
then under the CA Certificate Add your Cert that Created in Earlier Blog
50

60

1
Then Go to Device – User Identification – Captive Portal Settings – Edit
Make Sure to check Enable Captive Portal
Choose the Authentication Profile That we Created in the Earlier Blog
and Choose Mode Redirect
and in the Filed of Redirect Host put our LAN IP 192.168.250.250 so all traffic forward to that IP2
Now Lets Create a Captive Rule
Go to Policies – Captive Portal – +
Choose a Name
3
Then Select the Source as Inside4
Select your Destination as the Outside WAN5
After that select Your Service as HTTP and HTTPS also you can add a URL Category if you want to strict the Captive Portal to specific web sites
6
Choose the Action web-form 7
Last thing go to the Management Profile and make Sure you check the Response Pages so the user would be able to receive it
Got o Network – Network Profiles – Interface Mgmt – edit my Profile which i created in an Earlier Blog
8
Now lets go to the user PC and Open a browser to google Web Site
as you can see it direct me to 192.168.250.250 in URL
Click on Continue to this website (not recommended)
10
It will ask you for your Username and Password
I will put my LDAP Authentication Username and password20
Now it Login me30
and Walla im there40

 

Note: in the newer version of Palo Alto Captive Portal Policy is Called: Authentication Policy and Web-form is changed to : default-web-form

;D

Standard