Clouds are not a cure-all

Make sure that you understand what you are paying for in the cloud. The ability to scale on demand is nice. Having your apps run on random hardware that is failing, or overloaded is not so nice.   Excerpted from: http://www.reddit.com/r/blog/comments/g66f0/why_reddit_was_down_for_6_of...

Daisy Chained Switches - spanning tree problems lurking

Ran into a situation where a customer had 8 cisco 2950 switches patched randomly into each other. Cleaned the configuration up where 1 master switch will feed all the other switches. Ideally this will be replaced with a 3560 gig switch. Here is what happens to layer2 networks that keep growing as users add new switches. Normally routers would be used to break up large layer2 domains but sometimes companies forget to do this and a mess can result. http://www.cio.com.au/article/65115/all_systems_down/    

When an unfriendly gateway makes IPSEC hard: OpenVPN Site to Site Tunnel to the rescue

OpenVPN tunnel had good site to site throughput - better than IPSEC in fact. This example also shows how to handle multiple separate openvpn instances on the same box. http://www.richweb.com/openbsd_openvpn_on_static_natted_ip

OpenBSD Policy Routing Example Posted; Working Linux Racoon to Cisco IOS IPSEC example

OpenBSD SGW and ASA useful tid bits:   Policy routing and OpenBSD: http://richweb.com/openbsd_reply_to_pf_example   IPSEC interop between Cisco ASA and linux: http://richweb.com/ipsec_between_cisco_asa_and_racoon_linux   Use the ASA as a dmz switch and postfix for smart hosting: http://www.richweb.com/asa5505_switch_port_vlan_postfix_smarthost

Is that unsubscribe link safe to click?

The short answer is if you are not sure, then dont. This link should help with the understanding of the different classes of spam and how they work, and what you can safely do to help reduce if not eliminate spam: http://www.richweb.com/unsubscribe_links

Cisco ASA 8.2 WebVPN + IPSEC RoadWarrior VPN config

1. Interface setup: interface Vlan2 ip address a.b.97.190 255.255.255.192 nameif outside security-level 0 interface Vlan1 nameif inside security-level 100 ip address 192.168.100.1 255.255.255.0 2. VPN IP Pool setup This is the pool of ip addresses that the ssl and vpn clients will share: ip local pool vpnpool 192.168.101.10-192.168.101.250 mask 255.255.255.0 3. NAT / No-Nat setup This cmd is needed to pass vpn client traffic thru to the inside servers: same-security-traffic permit intra-interface
Syndicate content