Reconfigure Cisco ASA 5506-X Firewall to Add Support for AnyConnect (MACOS)

Subject: Reconfigure Cisco ASA 5506-X Firewall to Add Support for AnyConnect (MACOS)

Author: Mr. Turritopsis Dohrnii Teo En Ming

Country: Singapore

Date: 12 Oct 2020 Monday Singapore Time

Type of Publication: Plain Text

Document Version: 20201012.01

Cisco ASA 5506-X Firewall CLI commands:

copy ftp://anonymous@<IP address of FTP Server>/ anyconnect-macos-4.9.02028-webdeploy-k9.pkg

show flash

config t

webvpn

no anyconnect image flash:/anyconnect-win-4.9.00086-webdeploy-k9.pkg

anyconnect image disk0:/anyconnect-win-4.9.00086-webdeploy-k9.pkg 1

anyconnect image disk0:/anyconnect-macos-4.9.02028-webdeploy-k9.pkg 2

copy run start

REFERENCES

==========

[1] https://lkml.org/lkml/2020/10/12/126

[2] http://lkml.iu.edu/hypermail/linux/kernel/2010.1/03125.html

[3] https://marc.info/?l=linux-kernel&m=160248734717215&w=2

[4] https://lwn.net/ml/linux-kernel/e48476d68aafde65c634c3105e5131b7%40teo-en-ming.com/

[5] http://lists.linuxfromscratch.org/pipermail/lfs-chat/2020-October/029158.html

Renew 90-day free Let’s Encrypt SSL Certificate for SSL VPN on Cisco ASA 5506-X Firewall

Subject: Renew 90-day free Let’s Encrypt SSL Certificate for SSL VPN on Cisco ASA 5506-X Firewall

SSL Certificate Renewal Completed By: Mr. Turritopsis Dohrnii Teo En Ming

Date of Renewal: 9 Oct 2020 Friday Singapore Time

Date of Expiry: 8 Jan 2021 Singapore Time

Country: Singapore

Simply follow the renewal instructions at the following link.

[ARTICLE] ASA 8.x: Renew and Install the SSL Certificate with ASDM

Link: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/107956-renew-ssl.html

Get your ***FREE*** 90-day SSL certificates at

https://zerossl.com/

REFERENCES

==========

[1] https://lkml.org/lkml/2020/10/11/72

[2] http://lkml.iu.edu/hypermail/linux/kernel/2010.1/02698.html

[3] https://marc.info/?l=linux-kernel&m=160241891203300&w=2

[4] https://lwn.net/ml/linux-kernel/e74b898d82cea7f4007729ba3b8c32a0%40teo-en-ming.com/

[5] http://lists.linuxfromscratch.org/pipermail/lfs-chat/2020-October/029157.html

Configure Cisco ASA 5506-X Firewall for M1 Leased Line

Subject: Configure Cisco ASA 5506-X Firewall for M1 Leased Line

Author: Mr. Turritopsis Dohrnii Teo En Ming

Country: Singapore

Date: 11 October 2020 Sunday Singapore Time

Type of Publication: Plain Text

Document Version: 20201011.01

Cisco ASA Firewall CLI commands:

enable

conf t

interface GigabitEthernet1/8 (M1 Leased Line connected to Port 8)

no shut

ip address aaa.bbb.108.212 255.255.255.248

nameif M1-Leased-Line

security-level 50

route outside 0.0.0.0 0.0.0.0 aaa.bbb.ccc.121 5 track 1

route M1-Leased-Line aaa.bbb.108.0 255.255.255.0 aaa.bbb.108.209 1

object network Quantum

subnet aaa.bbb.108.0 255.255.255.0

same-security-traffic permit intra-interface

access-list nat_inside_quantum extended permit ip aaa.bbb.23.0 255.255.255.0 aaa.bbb.108.0 255.255.255.0

access-list nat_inside_quantum extended permit ip aaa.bbb.108.0 255.255.255.0 aaa.bbb.23.0 255.255.255.0

Teo En Ming’s Original NAT rule (partially correct only):

nat (inside,M1-Leased-Line) source static NETWORK_OBJ_aaa.bbb.23.0_24 NETWORK_OBJ_aaa.bbb.23.0_24 destination static Quantum Quantum no-proxy-arp route-lookup

NAT rule corrected/fixed by boss (FINAL VERSION):

nat (inside,M1-Leased-Line) source static NETWORK_OBJ_aaa.bbb.23.0_24 interface destination static Quantum Quantum

Useful Troubleshooting Commands

===============================

show interface ip brief

show route | begin Gateway

show nat (Very Important Command to use)

packet-tracer input inside tcp aaa.bbb.23.10 12345 aaa.bbb.108.180 22

Quantum Linux Servers

=====================

aaa.bbb.108.180 (Primary Linux Server)

aaa.bbb.108.181 (Backup Linux Server)

aaa.bbb.108.182 (UAT Linux Virtual Machine)

aaa.bbb.108.183 (IDRAC of Primary Linux Server)

aaa.bbb.108.184 (IDRAC of Backup Linux Server)

Useful Reading Resources

========================

[1] Cisco ASA 5506-X | Leased Line w/DSL Failover | Default Route Preference

[2] ASA Dual ISP using IP SLA

https://integratingit.wordpress.com/2019/11/24/asa-dual-isp-using-ip-sla/

[3] Static route on inside interface of ASA does’nt work

https://community.cisco.com/t5/network-security/static-route-on-inside-interface-of-asa-does-nt-work/td-p/914826

[4] Cisco ASA 8.3 – No NAT / NAT Exemption

https://www.fir3net.com/Firewalls/Cisco/cisco-asa-83-no-nat-nat-exemption.html

[5] NAT: Untranslate_hits

https://community.cisco.com/t5/switching/nat-untranslate-hits/td-p/1056571

[6] Cisco ASA Firewall Packet Tracer

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115904-asa-config-dmz-00.html

[7] Cisco ASA NAT – Configuration Guide

Cisco ASA NAT – Configuration Guide

REFERENCES

==========

[1] https://lkml.org/lkml/2020/10/11/67

[2] http://lkml.iu.edu/hypermail/linux/kernel/2010.1/02693.html

[3] https://marc.info/?l=linux-kernel&m=160241756503067&w=2

[4] https://lwn.net/ml/linux-kernel/3878b845eb3792db19856be9a51d0711%40teo-en-ming.com/

[5] http://lists.linuxfromscratch.org/pipermail/lfs-chat/2020-October/029156.html

Configure Cisco ASA 5506-X Firewall to Send Syslog Messages to Kiwi Free Syslog Server 9.7.0

Subject: Configure Cisco ASA 5506-X Firewall to Send Syslog Messages to Kiwi Free Syslog Server 9.7.0

Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL)

Country: Singapore

Date: 20 September 2020 Sunday Singapore Time

Type of Publication: Plain Text

Document Version: 20200920.01

STEPS

=====

1. Launch Kiwi Free Syslog Server 9.7.0 Installer (by Solar Winds) on the Active Directory Domain Controller (Windows Server 2016 Standard).

2. Click “I Agree” on the License Agreement window.

3. Choose “Install Kiwi Syslog Server as a Service”. Click Next.

4. Install the Service using: The LocalSystem Account. Click Next.

5. Select the type of install: Normal. Click Next.

6. Click Install on the Choose Install Location window.

7. Check “Run Kiwi Syslog Server 9.7.0”. Click Finish.

8. On the dialog showing “Kiwi Syslog free version supports up to 5 message sources. Please define them under Inputs in Setup.”, click OK.

9. Click Setup.

10. Inputs > UDP

Check “Listen for UDP Syslog messages”.

UDP Port (1-65535): 514

Bind to address: Leave empty

Data encoding: System: Leave empty

Click OK.

11. Login to Cisco ASDM.

12. Configuration > Device Management > Logging > Logging Setup

Check “Enable logging”.

Click Apply.

13. Configuration > Device Management > Logging > Syslog Servers

Click Add.

Interface: inside

IP address: <IP address of Kiwi Syslog Server>

Protocol: UDP

Port: 514

Click OK.

14. Execute the following Windows command to check if Kiwi Syslog Server is listening.

netstat -nab | findstr 514

15. Go to Kiwi Syslog Server again. Click Setup.

Inputs Menu:

Enter IP address of Cisco ASA 5506-X Firewall.

Click Add.

Click OK.

16. Login to Symantec Endpoint Protection Manager on the Active Directory Domain Controller.

Go to Firewall Policy.

Under Windows Settings, Click Rules.

Click Add Rule.

Rule name: Open UDP Port 514 to allow syslog messages from Cisco ASA firewall

Click Next.

17. Click Allow Connections. Click Next.

18. Click All Applications. Click Next.

19. Select “Only the computers and sites listed below:”

Host: <IP address of Cisco ASA 5506-X Firewall>

Click Add.

Click Next.

20. Protocol: UDP

Select “Local/Remote”

Local Port: 514

Remote Port: Leave empty

Direction: Incoming

Click OK.

21. Choose “Only the communications listed below:”

Select “UDP [Local=514; Stateful Incoming]

Click Next.

22. Do you want to create a log entry when this rule is matched? No

Click Finish.

23. Check the list of Firewall Rules.

Click OK.

24. Login to Cisco ASDM again.

25. Configuration > Device Management > Logging > Logging Filters

Click Logging Destination: Syslog Servers

Click Edit.

Syslogs from All Event Classes

Filter on severity: Debugging

Click OK.

26. Syslog messages from Cisco ASA 5506-X Firewall will start appearing on the Kiwi Free Syslog Server.

REFERENCES

==========

[1] http://lists.linuxfromscratch.org/pipermail/lfs-chat/2020-September/029155.html

Basic System Setup of Teo En Ming’s Sophos SG 115 rev 2 Firewall

Subject: Basic System Setup of Teo En Ming’s Sophos SG 115 rev 2 Firewall

Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL)
Country: Singapore
Date: 13 September 2020 Sunday Singapore Time

Type of Publication: PDF Manual
Document Version: 20200913.01

INTRODUCTION
============

I bought this refurbished Sophos SG 115 rev 2 firewall for SGD$120 at Farrer Park MRT Station (Singapore) on 13 September 2020 Sunday at 1.30 PM Singapore Time.

Sophos firewall appliances are based on the Linux kernel and open source software.

Mr. Turritopsis Dohrnii Teo En Ming is a Linux and open source software enthusiast.

The following screenshots and photos will be shown:

1. Photos of the front, back and bottom of the Sophos SG 115 rev 2 firewall
2. Initial login of the Sophos SG 115 rev 2 firewall
3. Factory reset of the Sophos SG 115 rev 2 firewall
4. Basic System Setup of the Sophos SG 115 rev 2 firewall

I will be publishing manuals for advanced configuration of the Sophos SG 115 rev 2 firewall in the future. Stay tuned and look out for my future blog posts.

Links to my redundant RAID 1 mirroring blogs:

https://tdtemcerts.blogspot.sg
https://tdtemcerts.wordpress.com

Redundant Google Drive download links for Teo En Ming’s PDF manual:

[1] https://drive.google.com/file/d/1BAHeQ0JNxllginxjEWOVgYQfDAkwGHPT/view?usp=sharing

[2] https://drive.google.com/file/d/1iONIdUn6ZJQLdxSaUzGBWHPR8l1Jo15A/view?usp=sharing

[3] https://drive.google.com/file/d/1ZDqtdPpQipqMXPqlbC1tlVq3M6hH_TND/view?usp=sharing

[4] https://drive.google.com/file/d/19Z3D_LNykk562UUSd9AaYX7ozBtBYLzX/view?usp=sharing

[5] https://drive.google.com/file/d/1Hayby33tflkSpYlKNhVgZhwqmxXLaeFW/view?usp=sharing

[6] https://drive.google.com/file/d/1PjkiELka2tbUa-oAe5xGxvPPTm_Wicoz/view?usp=sharing

REFERENCES
==========

[1] https://lkml.org/lkml/2020/9/13/123

[2] http://lkml.iu.edu/hypermail/linux/kernel/2009.1/06512.html

[3] https://marc.info/?l=linux-kernel&m=160001166809010&w=2

[4] https://lwn.net/ml/linux-kernel/d9f1b7f06fd625b91c0edb4bff1b9b6e%40teo-en-ming.com/

[5] http://lists.linuxfromscratch.org/pipermail/lfs-chat/2020-September/029154.html

Can I manually setup a Syslog server?

Subject: Can I manually setup a Syslog server?

Good day from Singapore,

I have just implemented and setup the following for an investment company (company name is confidential) in Singapore on 12 Sep 2020 Saturday Singapore Time.

(1) Installed and configured Kiwi Free Syslog Server 9.7.0 (by Solarwinds) on the Active Directory Domain Controller (Windows Server 2016 Standard).

(2) Configured Cisco ASA 5506-X Firewall’s Logging to send and transmit syslog messages to Kiwi Free Syslog Server 9.7.0 on the Windows Server.

(3) Added a firewall rule to open UDP port 514 on the Symantec Endpoint Protection Manager (SEPM) on Windows Server 2016.

So the question I have is, can I manually setup and configure a Syslog Server with GUI using open source syslog daemon, open source tools and any Linux distro?

Thank you very much.

REFERENCES
==========

[1] https://lists.balabit.hu/pipermail/syslog-ng/2020-September/026049.html

[2] https://marc.info/?l=syslog-ng&m=159996432901893&w=2

Basic Configuration of Teo En Ming’s Cisco 1941 Router

This message generated a parse failure. Raw output follows here. Please use ‘back’ to navigate.

From devnull@lkml.org Fri Sep 11 13:53:15 2020
>From mailfetcher  Fri Sep 11 13:48:39 2020
Envelope-to: lkml@grols.ch
Delivery-date: Fri, 11 Sep 2020 13:48:39 +0200
Received: from stout.grols.ch [195.201.141.146] by 72459556e3a9 with IMAP (fetchmail-6.3.26) for <mailfetcher@localhost> (single-drop); Fri, 11 Sep 2020 13:48:39 +0200 (CEST)
Received: from vger.kernel.org ([23.128.96.18]) by stout.grols.ch with esmtp (Exim 4.89) (envelope-from <linux-kernel-owner@vger.kernel.org>) id 1kGhXi-0008Rz-Db for lkml@grols.ch; Fri, 11 Sep 2020 13:48:39 +0200
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand        id S1725792AbgIKLs1 (ORCPT <rfc822;lkml@grols.ch>);        Fri, 11 Sep 2020 07:48:27 -0400
Received: from ec2-3-21-30-127.us-east-2.compute.amazonaws.com ([3.21.30.127]:51702        “EHLO http://www.teo-en-ming.com&#8221; rhost-flags-OK-OK-OK-OK) by vger.kernel.org        with ESMTP id S1725846AbgIKLrQ (ORCPT        <rfc822;linux-kernel@vger.kernel.org>);        Fri
Received: from localhost (localhost [IPv6:::1])        by http://www.teo-en-ming.com (Postfix) with ESMTPA id 8CBEE44DD73;        Fri, 11 Sep 2020 19:21:59 +0800 (+08)
Mime-Version: 1.0
Date:   Fri, 11 Sep 2020 19:21:59 +0800
From:   Turritopsis Dohrnii Teo En Ming <ceo@teo-en-ming.com>
To:     linux-kernel@vger.kernel.org
Cc:     ceo@teo-en-ming-corp.com
Subject: Basic Configuration of Teo En Ming’s Cisco 1941 Router
Message-Id: <f91ed52e3343333e35854a2c975ed857@teo-en-ming.com>
X-Sender: ceo@teo-en-ming.com
User-Agent: Roundcube Webmail/1.2.3
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-Id: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Received-SPF: pass client-ip=23.128.96.18; envelope-from=linux-kernel-owner@vger.kernel.org; helo=vger.kernel.org
X-Spam-Score: 1.2
X-Spam-Score-Bar: +
X-Spam-Action: no action
X-Spam-Report: Action: no action Symbol: ARC_NA(0.00) Symbol: RCVD_VIA_SMTP_AUTH(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: BAYES_HAM(-0.97) Symbol: FROM_HAS_DN(0.00) Symbol: R_SPF_ALLOW(-0.20) Symbol: PRECEDENCE_BULK(0.00) Symbol: MIME_GOOD(-0.10) Symbol: TO_DN

Subject: Basic Configuration of Teo En Ming’s Cisco 1941 Router

Author of this Guide: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED
INDIVIDUAL)
Country: Singapore
Date: 11 September 2020 Friday Singapore Time

Type of Publication: Plain Text

Document Version: 20200911.01

There will be more security enhancements to my Cisco 1941 router
configuration in the future. As for now, it is a very basic
configuration.

Mr. Turritopsis Dohrnii Teo En Ming’s SGD$130 refurbished Cisco 1941
Router was bought at Toa Payoh MRT Station (Singapore) on 10 September
2020 Thursday at 7:41 PM Singapore Time.

Reference Guide: Basic Cisco Router Configuration Step-By-Step Commands
Link:

Basic Cisco Router Configuration Step-By-Step Commands

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.09.10 13:01:13
=~=~=~=~=~=~=~=~=~=~=~=
en
Router#erase startup-config
Erasing the nvram filesystem will remove all configuration files!
Continue? [confirm]
[OK]
Erase of nvram: complete
Router#
*Sep 10 12:13:25.675: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of
nvram
Router#reload
Proceed with reload? [confirm]

*Sep 10 12:14:02.159: %SYS-5-RELOAD: Reload requested by console. Reload
Reason: Reload Command.
System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2012 by cisco Systems, Inc.

Total memory size = 512 MB – On-board = 512 MB, DIMM0 = 0 MB

CISCO1941/K9 platform with 524288 Kbytes of main memory

Main memory is configured to 64/-1(On-board/DIMM0) bit mode with ECC
disabled

Readonly ROMMON initialized

program load complete, entry point: 0x80803000, size: 0x1b340

program load complete, entry point: 0x80803000, size: 0x1b340

IOS Image Load Test

___________________

Digitally Signed Release Software

program load complete, entry point: 0x81000000, size: 0x511ade0

Self decompressing the image :
##################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
[OK]

Smart Init is enabled

smart init is sizing iomem

TYPE      MEMORY_REQ

Onboard devices &

buffer pools      0x01E8F000

———————————————–

TOTAL:      0x01E8F000

Rounded IOMEM up to: 32MB.

Using 6 percent iomem. [32MB/512MB]
Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version
15.7(3)M6, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Fri 06-Mar-20 04:06 by prod_rel_team

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be
found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO1941/K9 (revision 1.0) with 491520K/32768K bytes of memory.
Processor board ID FGL185226J6
2 Gigabit Ethernet interfaces
1 terminal line
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
255488K bytes of ATA System CompactFlash 0 (Read/Write)

— System Configuration Dialog —

Would you like to enter the initial configuration dialog? [yes/no]: no

Press RETURN to get started!

*Jan  2 00:00:02.079: %SMART_LIC-6-AGENT_READY: Smart Agent for
Licensing is initialized
*Jan  2 00:00:02.415: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL:
Module name = c1900 Next reboot level = ipbasek9 and License = ipbasek9
*Sep 10 12:16:00.659: c3600_scp_set_dstaddr2_idb(185)add = 80 name is
Embedded-Service-Engine0/0
*Sep 10 12:16:13.655: %LINK-3-UPDOWN: Interface GigabitEthernet0/0,
changed state to down
*Sep 10 12:16:13.655: %LINK-3-UPDOWN: Interface GigabitEthernet0/1,
changed state to down
*Sep 10 12:16:14.803: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/0, changed state to down
*Sep 10 12:16:14.803: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/1, changed state to down
*Sep 10 12:18:00.423: %LINK-5-CHANGED: Interface
Embedded-Service-Engine0/0, changed state to administratively down
*Sep 10 12:18:00.423: %LINK-5-CHANGED: Interface GigabitEthernet0/0,
changed state to administratively down
*Sep 10 12:18:00.423: %LINK-5-CHANGED: Interface GigabitEthernet0/1,
changed state to administratively down
*Sep 10 12:18:00.543: %IP-5-WEBINST_KILL: Terminating DNS process
*Sep 10 12:18:01.423: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Embedded-Service-Engine0/0, changed state to down
*Sep 10 12:18:02.119: %SYS-5-RESTART: System restarted —
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version
15.7(3)M6, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Fri 06-Mar-20 04:06 by prod_rel_team
*Sep 10 12:18:02.735: %SYS-6-BOOTTIME: Time taken to reboot after reload
=  242 seconds
*Sep 10 12:18:12.595: %PNP-6-PNP_SAVING_TECH_SUMMARY: Saving PnP tech
summary (pnp-tech-discovery-summary)… Please wait. Do not interrupt.
*Sep 10 12:18:24.859: %PNP-6-PNP_TECH_SUMMARY_SAVED_OK: PnP tech summary
(pnp-tech-discovery-summary) saved successfully.
*Sep 10 12:18:24.859: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery
stopped (Config Wizard)
Router>enable
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#enable secret teo-en-ming-corp
Router(config)#line vty 0 4
Router(config-line)#password teo-en-ming-corp
Router(config-line)#login
Router(config-line)#hostname cisco-1941-router
cisco-1941-router(config)#interface GigabitEthernet 0/0
cisco-1941-router(config-if)#ip address aaa.bbb.ccc.ddd 255.255.248.0
cisco-1941-router(config-if)#no shutdown
cisco-1941-router(config-if)#exit
cisco-1941-router(config)#
*Sep 10 12:25:30.123: %LINK-3-UPDOWN: Interface GigabitEthernet0/0,
changed state to down
cisco-1941-router(config)#interface GigabitEthernet 0/1
cisco-1941-router(config-if)#ip address 192.168.20.1 255.255.255.0
cisco-1941-router(config-if)#no shutdown
cisco-1941-router(config-if)#exit
cisco-1941-router(config)#
*Sep 10 12:26:51.903: %LINK-3-UPDOWN: Interface GigabitEthernet0/1,
changed state to down
cisco-1941-router(config)#ip route 0.0.0.0 0.0.0.0 118.189.208.1
cisco-1941-router(config)#interface GigabitEthernet 0/0
cisco-1941-router(config-if)#ip nat outside
cisco-1941-router(config-if)#exit
cisco-1941-router(config)#
*Sep 10 12:30:16.479: %LINEPROTO-5-UPDOWN: Line protocol on Interface
NVI0, changed state to up
cisco-1941-router(config)#interface GigabitEthernet 0/1
cisco-1941-router(config-if)#ip nat inside
cisco-1941-router(config-if)#exit
cisco-1941-router(config)#access-list 1 permit 192.168.20.0 0.0.0.255
cisco-1941-router(config)#ip nat inside source list 1 interface
GigabitEthernet 0/0 overload
cisco-1941-router(config)#ip dhcp pool lan-pool
cisco-1941-router(dhcp-config)#network 192.168.20.0 255.255.255.0
cisco-1941-router(dhcp-config)#default-router 192.168.20.1
cisco-1941-router(dhcp-config)#dns-server 8.8.8.8
cisco-1941-router(dhcp-config)#ip dhcp excluded-address 192.168.20.1
192.168.20.1
cisco-1941-router(config)#exit
cisco-1941-router#co
*Sep 10 12:36:13.447: %SYS-5-CONFIG_I: Configured from console by
consolep
% Incomplete command.

cisco-1941-router#copy run start
Destination filename [startup-config]?
Building configuration…
[OK]
cisco-1941-router#copy run start
Destination filename [startup-config]?
Building configuration…
[OK]
cisco-1941-router#
*Sep 10 12:38:13.663: %LINK-3-UPDOWN: Interface GigabitEthernet0/0,
changed state to up
*Sep 10 12:38:14.663: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/0, changed state to up
cisco-1941-router#
*Sep 10 12:40:05.663: %LINK-3-UPDOWN: Interface GigabitEthernet0/1,
changed state to up
*Sep 10 12:40:06.663: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/1, changed state to up
cisco-1941-router#ping 118.189.208.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 118.189.208.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
cisco-1941-router#ping 118.189.208.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 118.189.208.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
cisco-1941-router#

Called Internet Service Provider (ISP) to inform that there is a change
of router to Cisco 1941. ISP instructed to reboot Cisco 1941 router.

System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2012 by cisco Systems, Inc.

Total memory size = 512 MB – On-board = 512 MB, DIMM0 = 0 MB

CISCO1941/K9 platform with 524288 Kbytes of main memory

Main memory is configured to 64/-1(On-board/DIMM0) bit mode with ECC
disabled

Readonly ROMMON initialized

program load complete, entry point: 0x80803000, size: 0x1b340

program load complete, entry point: 0x80803000, size: 0x1b340

IOS Image Load Test

___________________

Digitally Signed Release Software

program load complete, entry point: 0x81000000, size: 0x511ade0

Self decompressing the image :
##################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
[OK]

Smart Init is enabled

smart init is sizing iomem

TYPE      MEMORY_REQ

Onboard devices &

buffer pools      0x01E8F000

———————————————–

TOTAL:      0x01E8F000

Rounded IOMEM up to: 32MB.

Using 6 percent iomem. [32MB/512MB]
Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version
15.7(3)M6, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Fri 06-Mar-20 04:06 by prod_rel_team

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be
found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO1941/K9 (revision 1.0) with 491520K/32768K bytes of memory.
Processor board ID FGL185226J6
2 Gigabit Ethernet interfaces
1 terminal line
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
255488K bytes of ATA System CompactFlash 0 (Read/Write)

Press RETURN to get started!

*Jan  2 00:00:02.083: %SMART_LIC-6-AGENT_READY: Smart Agent for
Licensing is initialized
*Jan  2 00:00:02.423: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL:
Module name = c1900 Next reboot level = ipbasek9 and License = ipbasek9
*Sep 10 12:50:53.659: c3600_scp_set_dstaddr2_idb(185)add = 80 name is
Embedded-Service-Engine0/0
*Sep 10 12:51:06.667: %LINK-3-UPDOWN: Interface GigabitEthernet0/0,
changed state to up
*Sep 10 12:51:06.667: %LINK-3-UPDOWN: Interface GigabitEthernet0/1,
changed state to up
*Sep 10 12:51:07.799: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/0, changed state to up
*Sep 10 12:51:07.799: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/1, changed state to up
*Sep 10 12:51:09.231: %SYS-5-CONFIG_I: Configured from memory by console
*Sep 10 12:51:09.931: %LINEPROTO-5-UPDOWN: Line protocol on Interface
NVI0, changed state to up
*Sep 10 12:51:10.955: %LINK-5-CHANGED: Interface
Embedded-Service-Engine0/0, changed state to administratively down
*Sep 10 12:51:11.899: %SYS-5-RESTART: System restarted —
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version
15.7(3)M6, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Fri 06-Mar-20 04:06 by prod_rel_team
*Sep 10 12:51:12.539: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Embedded-Service-Engine0/0, changed state to down
*Sep 10 12:51:17.751: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery
stopped (Startup Config Present)
cisco-1941-router>ping 118.189.208.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 118.189.208.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
cisco-1941-router>ping 118.189.208.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 118.189.208.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
cisco-1941-router>ping 118.189.208.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 118.189.208.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
cisco-1941-router>en
Password:
cisco-1941-router#config t
Enter configuration commands, one per line.  End with CNTL/Z.
cisco-1941-router(config)#interface GigabitEthernet 0/0
cisco-1941-router(config-if)#ip address dhcp
cisco-1941-router(config-if)#end
cisco-1941-router#
*Sep 10 12:56:36.399: %SYS-5-CONFIG_I: Configured from console by
console
cisco-1941-router#copy run start
Destination filename [startup-config]?
Building configuration…
[OK]
cisco-1941-router#copy run start
Destination filename [startup-config]?
Building configuration…
[OK]
cisco-1941-router#ping 118.189.208.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 118.189.208.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
cisco-1941-router#
*Sep 10 12:57:13.591: %DHCP-6-ADDRESS_ASSIGN: Interface
GigabitEthernet0/0 assigned DHCP address aaa.bbb.ccc.ddd, mask
255.255.248.0, hostname cisco-1941-router

cisco-1941-router#ping 118.189.208.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 118.189.208.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/16 ms
cisco-1941-router#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
cisco-1941-router#ter len 0
cisco-1941-router#show run
Building configuration…

Current configuration : 1458 bytes
!
! Last configuration change at 12:56:36 UTC Thu Sep 10 2020
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco-1941-router
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$xY1A$qxo.vEvmODc/HLeIjdMkz1
!
no aaa new-model
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.20.1
!
ip dhcp pool lan-pool
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 8.8.8.8
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941/K9 sn FGL185226J6
!
!
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 118.189.208.1
!
!
!
access-list 1 permit 192.168.20.0 0.0.0.255
!
control-plane
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password teo-en-ming-corp
login
transport input none
!
scheduler allocate 20000 1000
!
end

cisco-1941-router#copy run start
Destination filename [startup-config]?
Building configuration…
[OK]
cisco-1941-router#show run
Building configuration…

Current configuration : 1458 bytes
!
! Last configuration change at 12:56:36 UTC Thu Sep 10 2020
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco-1941-router
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$xY1A$qxo.vEvmODc/HLeIjdMkz1
!
no aaa new-model
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.20.1
!
ip dhcp pool lan-pool
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 8.8.8.8
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941/K9 sn FGL185226J6
!
!
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 118.189.208.1
!
!
!
access-list 1 permit 192.168.20.0 0.0.0.255
!
control-plane
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password teo-en-ming-corp
login
transport input none
!
scheduler allocate 20000 1000
!
end

cisco-1941-router#copy run start
Destination filename [startup-config]?
Building configuration…
[OK]
cisco-1941-router#copy run start
Destination filename [startup-config]?
Building configuration…
[OK]
cisco-1941-router#exit

cisco-1941-router con0 is now available

Press RETURN to get started.

cisco-1941-router>exit

cisco-1941-router con0 is now available

Press RETURN to get started.

cisco-1941-router>

REFERENCES
==========

[1] https://lkml.org/lkml/2020/9/11/401

[2] http://lkml.iu.edu/hypermail/linux/kernel/2009.1/05128.html

[3] https://marc.info/?l=linux-kernel&m=159982497607139&w=2

[4] https://lwn.net/ml/linux-kernel/f91ed52e3343333e35854a2c975ed857%40teo-en-ming.com/

[5] http://lists.linuxfromscratch.org/pipermail/lfs-chat/2020-September/029153.html