Ma kēia ʻatikala, makemake wau e hāʻawi i nā ʻōlelo aʻoaʻo i kēlā me kēia ʻanuʻu pehea e hiki ai iā ʻoe ke hoʻonohonoho wikiwiki i ka hoʻolālā hiki ke hoʻonui ʻia i kēia manawa. Loaʻa mamao VPN e pili ana i ke komo ʻO AnyConnect a me Cisco ASA - ʻO ka hui pū ʻana o ka hoʻouka ʻana VPN.
Hoʻolauna: Nui nā ʻoihana a puni ka honua, i ka nānā ʻana i ke kūlana o kēia manawa me COVID-19, ke hana nei i nā hana e hoʻoneʻe i kā lākou limahana i ka hana mamao. Ma muli o ka hoʻololi nui ʻana i ka hana mamao, ke piʻi nui nei ka ukana ma nā ʻīpuka VPN o nā ʻoihana i kēia manawa a koi ʻia ka wikiwiki wikiwiki e hoʻonui iā lākou. Ma ka ʻaoʻao ʻē aʻe, koi ʻia nā ʻoihana he nui e haku wikiwiki i ka manaʻo o ka hana mamao mai ka wā ʻōpio.
No ke kōkua ʻana i nā ʻoihana e loaʻa kahi VPN kūpono, palekana, a hiki ke hoʻonui ʻia no nā limahana i ka manawa pōkole loa, ke laikini nei ʻo Cisco i ka mea kūʻai aku SSL-VPN waiwai nui ʻo AnyConnect a hiki i 13 pule. .
.
Ua hoʻomākaukau wau i kahi alakaʻi i kēlā me kēia ʻanuʻu no kahi hoʻonohonoho maʻalahi o VPN Load-Balancing Cluster e like me ka ʻenehana VPN hiki ke hoʻonui ʻia.
ʻO ka laʻana ma lalo nei e maʻalahi loa e pili ana i ka hōʻoia a me ka ʻae ʻana i nā algorithms i hoʻohana ʻia, akā he koho maikaʻi ia no ka hoʻomaka wikiwiki (ʻaʻole lawa i kēia manawa no nā mea he nui) me ka hiki ke hoʻololi hohonu i kāu mau pono i ka wā o ka hoʻolaha. kaʻina hana.
ʻIke pōkole: ʻO ka ʻenehana VPN Load Balancing Cluster ʻaʻole ia he failover a ʻaʻole ia he hana clustering i kona ʻano maoli, hiki i kēia ʻenehana ke hoʻohui i nā hiʻohiʻona ASA ʻokoʻa loa (me kekahi mau palena) i mea e hoʻouka ai i nā pilina Remote-Access VPN. ʻAʻohe hoʻonohonoho ʻana o nā kau a me nā hoʻonohonoho ʻana ma waena o nā node o ia pūʻulu, akā hiki ke hoʻouka ʻokoʻa i ke kaulike VPN pili a hōʻoia i ka hoʻomanawanui hewa ʻana o nā pilina VPN a hiki i ka liʻiliʻi o hoʻokahi node ikaika e noho i loko o ka pūʻulu. Hoʻohālikelike ʻia ka ukana i loko o ka puʻupuʻu ma muli o ka hana o nā nodes e ka helu o nā kau VPN.
No ka hemahema o nā node kiko'ī o ka pūʻulu (inā makemake ʻia), hiki ke hoʻohana ʻia kahi faila, no laila e mālama ʻia ka pilina ikaika e ka node Primary o ka faila. ʻAʻole pono ka fileover no ka hōʻoia ʻana i ka ʻae ʻana i ka hewa i loko o ka puʻupuʻu Load-Balancing, ʻo ka pūʻulu ponoʻī, i ka wā o ka hemahema o ka node, e hoʻoneʻe i ka mea hoʻohana i kahi node ola ʻē aʻe, akā me ka mālama ʻole ʻana i ke kūlana pili, ʻo ia ka pololei. hāʻawi ʻia e ka mea faila. No laila, hiki, inā pono, e hoʻohui i kēia mau ʻenehana ʻelua.
Hiki i kahi hui VPN Load-Balancing ke loaʻa ma mua o ʻelua mau node.
Kākoʻo ʻia ʻo VPN Load-Balancing Cluster ma ASA 5512-X a ma luna.
No ka mea, ʻo kēlā me kēia ASA i loko o ka hui VPN Load-Balancing kahi ʻāpana kūʻokoʻa e pili ana i nā hoʻonohonoho, hana mākou i nā pae hoʻonohonoho āpau i kēlā me kēia mea.
ʻO ka topology logical o ka laʻana i hāʻawi ʻia:
Hoʻohana mua:
-
Hoʻolālā mākou i nā manawa ASAv o nā mamana e pono ai mākou (ASAv5/10/30/50) mai ke kiʻi.
-
Hāʻawi mākou i nā kikowaena INSIDE / OUTSIDE i nā VLAN like (Ma waho o kāna VLAN ponoʻī, INSIDE i kāna iho, akā ma ka maʻamau i loko o ka pūʻulu, e ʻike i ka topology), he mea nui ka pilina o nā ʻano like i ka māhele L2 like.
-
Nā laikini:
- I kēia manawa ʻaʻohe laikini o ka hoʻokomo ʻana o ASAv a e kaupalena ʻia i 100kbps.
- No ka hoʻokomo ʻana i kahi laikini, pono ʻoe e hana i kahi hōʻailona ma kāu Smart-Account: -> Laikini lako polokalamu akamai
- Ma ka puka aniani e wehe ai, kaomi i ke pihi Hōʻailona Hou
- E hōʻoia i loko o ka puka makani e wehe ana he kahua hana a nānā ʻia kahi māka E ʻae i ka hana hoʻokele i waho… Me ka ʻole o kēia kahua, ʻaʻole hiki iā ʻoe ke hoʻohana i nā hana o ka hoʻopunipuni ikaika a, no laila, VPN. Inā ʻaʻole ikaika kēia kahua, e ʻoluʻolu e kelepona i kāu hui moʻokāki me kahi noi hoʻāla.
- Ma hope o ke kaomi ʻana i ke pihi Hana i ka hōʻailona, e hana ʻia kahi hōʻailona e hoʻohana ai mākou no ka loaʻa ʻana o kahi laikini no ASAv, kope iā ia:
- E hana hou i nā ʻanuʻu C, D, E no kēlā me kēia ASAv i kau ʻia.
- I mea e maʻalahi ai ke kope ʻana i ka hōʻailona, e ʻae kākou i ka telnet no kekahi manawa. E hoʻonohonoho i kēlā me kēia ASA (e hōʻike ana ka laʻana ma lalo nei i nā hoʻonohonoho ma ASA-1). ʻAʻole hana ʻo telnet me waho, inā pono ʻoe, e hoʻololi i ka pae palekana i 100 i waho, a laila e hoʻihoʻi.
! ciscoasa(config)# int gi0/0 ciscoasa(config)# nameif outside ciscoasa(config)# ip address 192.168.31.30 255.255.255.0 ciscoasa(config)# no shut ! ciscoasa(config)# int gi0/1 ciscoasa(config)# nameif inside ciscoasa(config)# ip address 192.168.255.2 255.255.255.0 ciscoasa(config)# no shut ! ciscoasa(config)# telnet 0 0 inside ciscoasa(config)# username admin password cisco priv 15 ciscoasa(config)# ena password cisco ciscoasa(config)# aaa authentication telnet console LOCAL ! ciscoasa(config)# route outside 0 0 192.168.31.1 ! ciscoasa(config)# wr !- No ka hoʻopaʻa inoa ʻana i kahi hōʻailona ma ke ao Smart-Account, pono ʻoe e hāʻawi i ka ʻike pūnaewele no ASA, .
I ka pōkole, pono ʻo ASA:
- komo ma o HTTPS i ka Pūnaewele;
- ka hoʻonohonoho manawa (ʻoi aku ka pololei, ma o NTP);
- hoʻopaʻa inoa DNS server;
- Telnet mākou i kā mākou ASA a hana i nā hoʻonohonoho e hoʻāla i ka laikini ma o Smart-Account.
! ciscoasa(config)# clock set 19:21:00 Mar 18 2020 ciscoasa(config)# clock timezone MSK 3 ciscoasa(config)# ntp server 192.168.99.136 ! ciscoasa(config)# dns domain-lookup outside ciscoasa(config)# DNS server-group DefaultDNS ciscoasa(config-dns-server-group)# name-server 192.168.99.132 ! ! Проверим работу DNS: ! ciscoasa(config-dns-server-group)# ping ya.ru Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 87.250.250.242, timeout is 2 seconds: !!!!! ! ! Проверим синхронизацию NTP: ! ciscoasa(config)# show ntp associations address ref clock st when poll reach delay offset disp *~192.168.99.136 91.189.94.4 3 63 64 1 36.7 1.85 17.5 * master (synced), # master (unsynced), + selected, - candidate, ~ configured ! ! Установим конфигурацию нашей ASAv для Smart-Licensing (в соответствии с Вашим профилем, в моем случае 100М для примера) ! ciscoasa(config)# license smart ciscoasa(config-smart-lic)# feature tier standard ciscoasa(config-smart-lic)# throughput level 100M ! ! В случае необходимости можно настроить доступ в Интернет через прокси используйте следующий блок команд: !call-home ! http-proxy ip_address port port ! ! Далее мы вставляем скопированный из портала Smart-Account токен (<token>) и регистрируем лицензию ! ciscoasa(config)# end ciscoasa# license smart register idtoken <token>- Nānā mākou ua hoʻopaʻa inoa ʻia ka hāmeʻa i kahi laikini a loaʻa nā koho hoʻopunipuni:
-
E hoʻonohonoho i kahi SSL-VPN kumu ma kēlā me kēia puka
- A laila, hoʻonohonoho i ke komo ma o SSH a me ASDM:
ciscoasa(config)# ssh ver 2 ciscoasa(config)# aaa authentication ssh console LOCAL ciscoasa(config)# aaa authentication http console LOCAL ciscoasa(config)# hostname vpn-demo-1 vpn-demo-1(config)# domain-name ashes.cc vpn-demo-1(config)# cry key gen rsa general-keys modulus 4096 vpn-demo-1(config)# ssh 0 0 inside vpn-demo-1(config)# http 0 0 inside ! ! Поднимем сервер HTTPS для ASDM на порту 445 чтобы не пересекаться с SSL-VPN порталом ! vpn-demo-1(config)# http server enable 445 !- No ka hana ʻana o ASDM, pono ʻoe e hoʻoiho iā ia mai ka pūnaewele cisco.com, i koʻu hihia, ʻo ia ka faila penei:
- No ka hana ʻana o ka mea kūʻai aku ʻo AnyConnect, pono ʻoe e hoʻouka i kahi kiʻi i kēlā me kēia ASA no kēlā me kēia desktop client OS i hoʻohana ʻia (i hoʻolālā ʻia e hoʻohana i Linux / Windows / MAC), pono ʻoe i kahi faila me Poʻo Hoʻolaha Pāke Ma ke poʻo inoa:
- Hiki ke hoʻouka ʻia nā faila i hoʻoiho ʻia, no ka laʻana, i kahi kikowaena FTP a hoʻouka ʻia i kēlā me kēia ASA:
- Hoʻonohonoho mākou i ka palapala hōʻoia ASDM a me Self-Signed no SSL-VPN (pono ʻia e hoʻohana i kahi palapala hilinaʻi i ka hana ʻana). ʻO ka FQDN hoʻonohonoho o ka Virtual Cluster Address (vpn-demo.ashes.cc), a me kēlā me kēia FQDN e pili ana me ka helu waho o kēlā me kēia puʻupuʻu puʻupuʻu, pono e hoʻoholo i ka wahi DNS waho i ka IP address o ka interface OUTSIDE (a i ʻole. i ka helu kuhi henua inā hoʻohana ʻia ka port forwarding udp/443 (DTLS) a me tcp/443(TLS)). Hōʻike ʻia ka ʻike kikoʻī e pili ana i nā koi no ka palapala hōʻoia ma ka ʻāpana Hōʻoia hōʻoia palapala palapala.
! vpn-demo-1(config)# crypto ca trustpoint SELF vpn-demo-1(config-ca-trustpoint)# enrollment self vpn-demo-1(config-ca-trustpoint)# fqdn vpn-demo.ashes.cc vpn-demo-1(config-ca-trustpoint)# subject-name cn=*.ashes.cc, ou=ashes-lab, o=ashes, c=ru vpn-demo-1(config-ca-trustpoint)# serial-number vpn-demo-1(config-ca-trustpoint)# crl configure vpn-demo-1(config-ca-crl)# cry ca enroll SELF % The fully-qualified domain name in the certificate will be: vpn-demo.ashes.cc Generate Self-Signed Certificate? [yes/no]: yes vpn-demo-1(config)# ! vpn-demo-1(config)# sh cry ca certificates Certificate Status: Available Certificate Serial Number: 4d43725e Certificate Usage: General Purpose Public Key Type: RSA (4096 bits) Signature Algorithm: SHA256 with RSA Encryption Issuer Name: serialNumber=9A439T02F95 hostname=vpn-demo.ashes.cc cn=*.ashes.cc ou=ashes-lab o=ashes c=ru Subject Name: serialNumber=9A439T02F95 hostname=vpn-demo.ashes.cc cn=*.ashes.cc ou=ashes-lab o=ashes c=ru Validity Date: start date: 00:16:17 MSK Mar 19 2020 end date: 00:16:17 MSK Mar 17 2030 Storage: config Associated Trustpoints: SELF CA Certificate Status: Available Certificate Serial Number: 0509 Certificate Usage: General Purpose Public Key Type: RSA (4096 bits) Signature Algorithm: SHA1 with RSA Encryption Issuer Name: cn=QuoVadis Root CA 2 o=QuoVadis Limited c=BM Subject Name: cn=QuoVadis Root CA 2 o=QuoVadis Limited c=BM Validity Date: start date: 21:27:00 MSK Nov 24 2006 end date: 21:23:33 MSK Nov 24 2031 Storage: config Associated Trustpoints: _SmartCallHome_ServerCA- Mai poina e kuhikuhi i ke awa e nānā i ka hana ʻana o ASDM, no ka laʻana:
- E hoʻokō kākou i nā hoʻonohonoho kumu o ka tunnel:
- E hoʻolako i ka ʻoihana pūnaewele ma o ka tunnel, a e hoʻokuʻu pololei i ka Pūnaewele (ʻaʻole ke ala palekana inā ʻaʻohe pale o ka mea hoʻopili hoʻopili, hiki ke komo i loko o kahi host maʻi a hōʻike i ka ʻikepili hui, koho. split-tunnel-policy tunnelall e hoʻokuʻu i nā kaʻa hoʻokipa a pau i loko o ka tunnel. Eia naʻe ʻāwīwī hiki iā ia ke hoʻokuʻu i ka ʻīpuka VPN a ʻaʻole e hana i ka hoʻokele pūnaewele hoʻokipa)
- E hoʻopuka i nā ʻōlelo mai ka subnet 192.168.20.0/24 i nā mea hoʻokipa ma ka tunnel (wai mai 10 a 30 mau helu (no ka node #1)). Pono e loaʻa i kēlā me kēia node o ka puʻupuʻu VPN kona loko ponoʻī.
- E hoʻokō mākou i ka hōʻoia kumu me kahi mea hoʻohana i hana ʻia ma ka ASA (ʻAʻole ʻōlelo ʻia kēia, ʻo ia ke ala maʻalahi), ʻoi aku ka maikaʻi o ka hana ʻana i ka hōʻoia ma o LDAP/RADIUS, a ʻoi aku ka maikaʻi, nakinaki Hōʻoiaʻiʻo Nui-Factor (MFA)e laʻana Cisco DUO.
! vpn-demo-1(config)# ip local pool vpn-pool 192.168.20.10-192.168.20.30 mask 255.255.255.0 ! vpn-demo-1(config)# access-list split-tunnel standard permit 192.168.0.0 255.255.0.0 ! vpn-demo-1(config)# group-policy SSL-VPN-GROUP-POLICY internal vpn-demo-1(config)# group-policy SSL-VPN-GROUP-POLICY attributes vpn-demo-1(config-group-policy)# vpn-tunnel-protocol ssl-client vpn-demo-1(config-group-policy)# split-tunnel-policy tunnelspecified vpn-demo-1(config-group-policy)# split-tunnel-network-list value split-tunnel vpn-demo-1(config-group-policy)# dns-server value 192.168.99.132 vpn-demo-1(config-group-policy)# default-domain value ashes.cc vpn-demo-1(config)# tunnel-group DefaultWEBVPNGroup general-attributes vpn-demo-1(config-tunnel-general)# default-group-policy SSL-VPN-GROUP-POLICY vpn-demo-1(config-tunnel-general)# address-pool vpn-pool ! vpn-demo-1(config)# username dkazakov password cisco vpn-demo-1(config)# username dkazakov attributes vpn-demo-1(config-username)# service-type remote-access ! vpn-demo-1(config)# ssl trust-point SELF vpn-demo-1(config)# webvpn vpn-demo-1(config-webvpn)# enable outside vpn-demo-1(config-webvpn)# anyconnect image disk0:/anyconnect-win-4.8.03036-webdeploy-k9.pkg vpn-demo-1(config-webvpn)# anyconnect enable !- (KOHO): Ma ka laʻana ma luna, ua hoʻohana mākou i kahi mea hoʻohana kūloko ma ka ITU e hōʻoia i nā mea hoʻohana mamao, ʻoiaʻiʻo, koe wale nō i loko o ka hale hana, ʻaʻole kūpono. E hāʻawi wau i kahi laʻana o ka hoʻololi wikiwiki ʻana i ka hoʻonohonoho no ka hōʻoia ʻana i RADIUS server, hoʻohana ʻia ma ke ʻano he laʻana ʻEnekini lawelawe ʻike ʻike Cisco:
vpn-demo-1(config-aaa-server-group)# dynamic-authorization vpn-demo-1(config-aaa-server-group)# interim-accounting-update vpn-demo-1(config-aaa-server-group)# aaa-server RADIUS (outside) host 192.168.99.134 vpn-demo-1(config-aaa-server-host)# key cisco vpn-demo-1(config-aaa-server-host)# exit vpn-demo-1(config)# tunnel-group DefaultWEBVPNGroup general-attributes vpn-demo-1(config-tunnel-general)# authentication-server-group RADIUS !ʻAʻole hiki i kēia hoʻohui ke hoʻohui koke i ke kaʻina hana hōʻoia me ka lawelawe papa kuhikuhi AD, akā no ka ʻike ʻana inā no AD ka kamepiula pili, e hoʻomaopopo inā he hui a pilikino paha kēia mea, a e loiloi i ke kūlana o ka mea pili. .
- E hoʻonohonoho mākou i ka Transparent NAT i ʻole e kākau ʻia ka huakaʻi ma waena o ka mea kūʻai aku a me nā kumuwaiwai o ka ʻoihana pūnaewele:
vpn-demo-1(config-network-object)# subnet 192.168.20.0 255.255.255.0 ! vpn-demo-1(config)# nat (inside,outside) source static any any destination static vpn-users vpn-users no-proxy-arp- (KOLOHE): I mea e hōʻike aku ai i kā mākou mea kūʻai aku i ka Pūnaewele ma o ka ASA (ke hoʻohana nei tunnelall nā koho) me ka hoʻohana ʻana i ka PAT, a me ka puka ʻana ma o ka mea like OUTSIDE kahi i hoʻopili ʻia ai lākou, pono ʻoe e hana i kēia mau hoʻonohonoho.
vpn-demo-1(config-network-object)# nat (outside,outside) source dynamic vpn-users interface vpn-demo-1(config)# nat (inside,outside) source dynamic any interface vpn-demo-1(config)# same-security-traffic permit intra-interface !- I ka hoʻohana ʻana i kahi puʻupuʻu, he mea koʻikoʻi loa ia e hiki ai i ka ʻenehana kūloko ke hoʻomaopopo i ka ASA e hoʻihoʻi ai i nā kaʻa i nā mea hoʻohana, no kēia pono ʻoe e hoʻohele i nā ala / 32 mau ʻōlelo i hāʻawi ʻia i nā mea kūʻai aku.
I kēia manawa, ʻaʻole mākou i hoʻonohonoho i ka pūʻulu, akā ua hana mākou i nā ʻīpuka VPN hiki ke hoʻopili ʻia ma o FQDN a i ʻole IP.
ʻIke mākou i ka mea kūʻai aku i pili i ka papa kuhikuhi o ka ASA mua:
I mea e ʻike ai kā mākou hui VPN holoʻokoʻa a me ka ʻoihana hui holoʻokoʻa i ke ala i kā mākou mea kūʻai aku, e hāʻawi hou mākou i ka prefix o ka mea kūʻai aku i kahi protocol routing dynamic, no ka laʻana OSPF:
! vpn-demo-1(config)# route-map RMAP-VPN-REDISTRIBUTE permit 1 vpn-demo-1(config-route-map)# match ip address VPN-REDISTRIBUTE ! vpn-demo-1(config)# router ospf 1 vpn-demo-1(config-router)# network 192.168.255.0 255.255.255.0 area 0 vpn-demo-1(config-router)# log-adj-changes vpn-demo-1(config-router)# redistribute static metric 5000 subnets route-map RMAP-VPN-REDISTRIBUTEI kēia manawa, loaʻa iā mākou kahi ala i ka mea kūʻai mai ka lua o ka ʻīpuka ASA-2 a me nā mea hoʻohana e pili ana i nā ʻīpuka VPN ʻokoʻa i loko o ka puʻupuʻu, no ka laʻana, e kamaʻilio pololei ma o ka softphone hui, a me ka hoʻihoʻi ʻana mai nā kumuwaiwai i noi ʻia e ka mea hoʻohana. hele mai i ka ʻīpuka VPN makemake ʻia:
-
E neʻe kākou i ka hoʻonohonoho ʻana i ka pūʻulu Load-Balancing.
E hoʻohana ʻia ka helu helu 192.168.31.40 ma ke ʻano he IP Virtual (VIP - e hoʻopili mua nā mea kūʻai VPN āpau iā ia), mai kēia helu wahi e hana ka pūʻulu Master i REDIRECT i kahi puʻupuʻu puʻupuʻu liʻiliʻi. Mai poina e kākau i mua a hoʻohuli i ka moʻolelo DNS ʻelua no kēlā me kēia helu waho / FQDN o kēlā me kēia node o ka hui, a no VIP.
vpn-demo-1(config)# vpn load-balancing vpn-demo-1(config-load-balancing)# interface lbpublic outside vpn-demo-1(config-load-balancing)# interface lbprivate inside vpn-demo-1(config-load-balancing)# priority 10 vpn-demo-1(config-load-balancing)# cluster ip address 192.168.31.40 vpn-demo-1(config-load-balancing)# cluster port 4000 vpn-demo-1(config-load-balancing)# redirect-fqdn enable vpn-demo-1(config-load-balancing)# cluster key cisco vpn-demo-1(config-load-balancing)# cluster encryption vpn-demo-1(config-load-balancing)# cluster port 9023 vpn-demo-1(config-load-balancing)# participate vpn-demo-1(config-load-balancing)#- Nānā mākou i ka hana o ka pūʻulu me ʻelua mau mea hoʻohana pili:
- E hoʻonui i ka ʻike o ka mea kūʻai aku me ka hoʻouka ʻana i ka profile AnyConnect ma o ASDM.
Kapa mākou i ka ʻaoʻao ma kahi ala kūpono a hoʻopili i kā mākou kulekele hui me ia:
Ma hope o ka pili ʻana o ka mea kūʻai aku, e hoʻoiho koke ʻia kēia ʻaoʻao a hoʻokomo ʻia i ka mea kūʻai aku ʻo AnyConnect, no laila inā pono ʻoe e hoʻopili, koho wale iā ia mai ka papa inoa:
No ka mea ua hana mākou i kēia ʻaoʻao ma hoʻokahi ASA me ka hoʻohana ʻana i ka ASDM, mai poina e hana hou i nā ʻanuʻu ma nā ASA ʻē aʻe i ka hui.
Panina: No laila, ua hoʻonohonoho koke mākou i kahi pūʻulu o nā ʻīpuka VPN me ka hoʻohālikelike ʻana i ka ukana. He mea maʻalahi ka hoʻohui ʻana i nā nodes hou i ka hui, me ka hoʻonui ʻana i ka pae ākea ma o ka hoʻohana ʻana i nā mīkini virtual ASAv hou a i ʻole ka hoʻohana ʻana i nā ASA lako. Hiki i ka mea kūʻai aku ʻo AnyConnect waiwai nui ke hoʻonui i ka pilina mamao paʻa me ka hoʻohana ʻana i ka Kūlana (manaʻo mokuʻāina), hoʻohana maikaʻi loa i ka hui pū me ka ʻōnaehana o ka mana kikowaena a me ka loaʻa kālā ʻEnekini lawelawe ʻike.
Source: www.habr.com