IT Banana power in 3D

Wednesday, September 16, 2015

So after a few years break, I have decided to update my blog with some useful articles. After visiting ciscolive 2015 in San Diego, I have began learning Python. So next few blog entries will be code examples, how python help me to get rid of annoying operational stuff. I am not a professional developer, so my codes definitely not written in a best way. So, programmers do not judge me.

In this article I will try to explain how to send SMS via Python using SMPP protocol.
Below you can see the code part that I use:

import smpplib

mobilephone = '12024561111'
msg = 'Hi, Mr. President'
def SENDSMS(mobilephone, msg):
       client = smpplib.client.Client('10.10.10.1', '2775')
       client.connect()
       client.bind_transceiver(system_id='username',password='password')

       pud = client.send_message(
             source_addr_ton = 5,
             source_addr_npi = 0,
             source_addr = 'Putin',
         dest_addr_ton = 1,
             dest_addr_npi = 1,
             destination_addr = mobilephone,
             short_message =msg)
       client.disconnect()

SENDSMS(mobilephone, msg)

Firstly you need to install smpplib. Try to install via 'pip install smpplib' . It worked for me.
Then I have assigned receiver's phone number to (mobilephone) variable and message to (msg) variable. Afterwards I have defined function call SENDSMS. Function takes to parameters - mobilephone and msg. Within function you can see that I have assigned ip address and smpp port number, username and password that I have got from SMPP provider. Under the client.send_message I have indicated sms parameters. You can get source_addr/destination_addr ton and npi values from your smpp provider. For more information about ton and npi please refer to: http://www.nowsms.com/ton-and-npi-settings-for-smpp-and-ucpemi.
Finally I have passed mobilephone and msg values to function.
Keep in mind that copy pasting of above code might not work as there will be indentation errors. Also if you try to send concatenated messages there might be some errors. I have tested above code only to send short messages.
For more information please refer to:
https://github.com/podshumok/python-smpplib

Thanks,
Nuran Afrasiyabov.

Wednesday, May 23, 2012

How to set up Certificate Based Remote VPN connection on Cisco ASA(firewall).

Hi Folks.
To make your network more secure and avoid unauthorized remote vpn connection we are going to set up Certificate Based Remote VPN on cisco ASA. For this scenario you need Cisco ASA firewall and Certificate Authority server. In my example I am using asa 5520 and Microsoft CA server. Also I will not be able to demonstrate Microsoft CA configuration, only ASA 5520 via command line. So lets begin..
Here is a brief list what we are going to do:

Configure Trustpoint on ASA
Install Root CA certificate ( In our case Microsoft CA)
Enroll certificate for ASA
Import certificate to ASA
Request and Install a User certificate on user machine.

1. Configure Trustpoint:

   crypto key generate rsa label vpn.key modulus 1024 ## Generate an rsa key
     !
     crypto ca trustpoint RootCA                                    ## go to trustpoing configuration mode
     subject-name CN=local.domain OU=XXX              ## specify attributes
     keypair vpn.ca.key                                                 ## associate generated key with trustpoint
     fqdn fw.domain             ## configure FQDN name(optional)
     enrollment terminal                                                ## indicates manual enrollment
     exit

2. Install Root CA certificate:

    Open browser and type the address of CA server ip address, for example:

http://10.10.10.10/certsrv

The CA web page will open

Select "Download a CA certificate, certificate chain, or CRL"

Choose Base64 and download CA certificate. After download completed open the file with notepad. Copy content of the file. Go to firewall configuration, input next command:

crypto ca authenticate RootCA

And paste copied data into terminal.

So now you have installed Root certificate into firewall, you need to enroll and install certificate for ASA itself.

crypto ca enroll RootCA ## initiates certificate signing request

You will get an enrollment output to your terminal. Copy that output. Open Root CA web interface again.

This time select "Request a certificate" . Below window will open:

Go to "advanced certificate request"

From above window select "Submit a certificate request by ..."

Paste earlier copied certificate signing request here. Then select Certificate template and Submit request. After download and open certificate via notepad. Copy file content to clipboard. Go to firewall terminal window and put :

crypto ca import RootCA1 certificate

Paste copied certificate to the terminal then quit. So you have successfully imported asa5520 certificate.

Now we need create VPN connection or convert existing pre-shared key based VPN configuration to Certificate based configuration. Go to firewall configuration terminal

crypto ipsec transform-set 3des esp-3des esp-sha-hmac
crypto ipsec transform-set des esp-des esp-md5-hmac

    crypto isakmp enable outside
    crypto isakmp policy 65535
    authentication rsa-sig
    encryption 3des
    hash sha1
    group 2
    lifetime 86400
    exit
    crypto isakmp identity auto

    crypto dynamic-map dynmap 10 set transform-set 3des
    crypto map mymap 10 ipsec-isakmp dynamic dynmap
    crypto map mymap interface outside

    access-list bananapower3d_split line 1 standard permit "local network"

    group-policy Bananapower3d internal
    group-policy Bananapower3d attributes
   dns-server value x.x.x.x
   vpn-tunnel-protocol IPSec
   ipsec-udp enable
   split-tunnel-policy tunnelspecified
     split-tunnel-network-list value bananapower3d_split

    ip local pool Bananapower3d_pool x.x.x.1-x.x.x.254

    tunnel-group Bananapower3d type remote-access
    tunnel-group Bananapower3d general-attributes
     address-pool Bananapower3d_pool
   authentication-server-group ACS
   accounting-server-group ACS
     default-group-policy Bananapower3d
    tunnel-group Bananapower3d ipsec-attributes
     peer-id-validate cert
   trust-point RootCA

    crypto ca certificate map Bananapower3d 10
     subject-name attr dc co bananapower3d

    tunnel-group-map enable rules
    tunnel-group-map Bananapower3d 10 Bananapower3d

Now we need to get a User certificate for remote user notebook. Go to Root CA web page, again. From there go to advance certificate request-->create and submit a request to this CA. After choose template as you did before. Submit request and install certificate.

Now when certificate has been installed successfully you will be able to create a new VPN connection to your corporate network. Open Cisco VPN client. Select "New" to create new connection. Fill up the vpn parameters. Instead of Group Authentication select Certificate Authentication and choose user certificate. After you save configuration you will be able to see newly created vpn connection in your vpn connection list.

Thanks,

Nuran Afrasiyabov (CCIEV#29273)

Thursday, May 17, 2012

How to resolve FXO disconnect/busy tone detection problem?!

Today I am going to show you how to get rid of above issue with FXO ports on Cisco routers.
The problem arises when you get connected to PSTN line, after the PSTN phone goes on-hook you hear a busy tone on your phone.
Of course, you can use standard cptones, but what to do if those will not work?
We need to detect what is the frequency and cadence of the busy tones which come from PSTN line.
To begin with we need to install an audio program which is capable to analyze audio files(I am using Cool Edit pro for this purpose).
Next what we are going to do is record those busy tones which come from PSTN. But it is not always possible to record over standard microphones. The best way to record busy tones is -

Call IP phone from PSTN.
Go off-hook with IP phone.
After call gets connected go on-hook with IP phone.
You will hear a busy tone on PSTN phone which you should record via a quality microphone( I have used an Iphone of my friend)
Download the audio file to your computer where you also installed audio program(e.g. Cool Edit pro.)
Open audio file with Cool Edit pro. You should see something like this:

7. Zoom in and select part of the audio as below.

8. The cadence will be the length of the marked part of file(red marked on above pic.)
9. Then Navigate to bottom panel and choose Analyze --> Show Frequency Analyze

10. Put your cursor to the bottom part of line and note the frequency. In my case 460 Hz.

So we have cadence = 360 and frequency = 460. Go to configuration mode of your router and put following lines:

voice class custom-cptone busytone
dualtone busy
frequency 460 460
cadence 360 360

Then just put voice class busytone under your voice port. Make necessary test call and be sure that FXO ports go on-hook when the PSTN phone hangs-up.

Thanks,
Nuran Afrasiyabov (CCIEV#29273)

Wednesday, May 16, 2012

Cisco Fax-to-mail configuration

Hi people!

Today I am going to show you how to configure Cisco ISR routers ( Callmanager Express or Voice Gateway) as a Fax-to-Mail Server. Below you can see the basic diagram of the Fax call flow.

Fax-to-mail / Mail-to-Fax flow

The procedure for sending Fax is as below:

User sends an email via email client to "FAX address"
Mail server forwards email to Cisco3825 via SMTP
Cisco3825 extracts the remote fax machine phone number from the email's "To" field
Cisco3825 calls the remote fax machine via PSTN
After remote fax machine answers the call Cisco3825 converts and sends the content of email.

"Fax address" should be "fax=8xxxx@fax.domain" format. In our case "8" is a Fax access code which could be any digit you want."fax.domain" is an address of the Cisco3825.

The procedure for accepting Fax is as below:

Remote Fax machine calls the Fax number of Cisco3825
Cisco3825 answers the call.
Remote Fax machine sends file via PSTN
After call disconnect Cisco3825 converts the fax file to .Tif extension and sends via email to certain email box as an attachment.

To begin configuration you need two TCL scripts which are available at cisco.com -> downloads -> callmanager express -> tcl scripts

fax-to-mail - app-faxmail-onramp.2.0.1.3.zip
mail-to-fax - app-faxmail-offramp.2.0.1.1.zip

extract and copy tcl files to flash:

From the configuration mode enter next commands:
------------------------------------------------------------------------------------------------------
fax interface-type fax-mail ( reload your router after this command )

application
service onramp flash:app_faxmail_onramp.2.0.1.3.tcl

application
service offramp flash:app_faxmail_offramp.2.0.1.1.tcl

mta send server (ip address of your mail server) port 25
mta send subject RedJohn
mta send with-subject both
mta send mail-from hostname fax.domain
mta send mail-from username FAX
mta receive aliases fax.domain
mta receive maximum-recipients 10
mta receive generate permanent-error

dial-peer voice 123456 pots               ## Fax number 123456, incoming dp
service onramp
incoming called-number 123456
direct-inward-dial
port 0/2/0:15
!
dial-peer voice 741 mmoip                ## outgoing dp
service fax_on_vfc_onramp_app out-bound
destination-pattern 123456
information-type fax
session target mailto:faxinbox@domain    ## mailbox which is created on your companies mail server
!
dial-peer voice 742 mmoip               ## incoming dp . "8" is a fax access code
service offramp
information-type fax
incoming called-number 8T
dsn delayed
dsn success
dsn failure
!
dial-peer voice 5590 pots                 ## outgoing dp to PSTN.
destination-pattern 8T
port 0/2/0:15

----------------------------------------------------------------------------------------------------------

Useful debug commands :

debug isdn q921
debug isdn q931

debug fax mta all
debug fax mspi all
debug voip dialpeer inout
-----------------------------------------------------------------------------------------------------------

That's all you need. Do not hesitate to leave comments or ask questions.

Thanks,
Nuran Afrasiyabov(CCIEV#29273)