richweb's blog

Clouds are not a cure-all

Make sure that you understand what you are paying for in the cloud. The ability to scale on demand is nice. Having your apps run on random hardware that is failing, or overloaded is not so nice.   Excerpted from:

Daisy Chained Switches - spanning tree problems lurking

Ran into a situation where a customer had 8 cisco 2950 switches patched randomly into each other. Cleaned the configuration up where 1 master switch will feed all the other switches. Ideally this will be replaced with a 3560 gig switch. Here is what happens to layer2 networks that keep growing as users add new switches. Normally routers would be used to break up large layer2 domains but sometimes companies forget to do this and a mess can result.    

DNS Recipies for AD+IPSEC VPNs   And here is a write-up of how our content filter systems work at a semi-technical level:  

When an unfriendly gateway makes IPSEC hard: OpenVPN Site to Site Tunnel to the rescue

OpenVPN tunnel had good site to site throughput - better than IPSEC in fact. This example also shows how to handle multiple separate openvpn instances on the same box.

OpenBSD Policy Routing Example Posted; Working Linux Racoon to Cisco IOS IPSEC example

OpenBSD SGW and ASA useful tid bits:   Policy routing and OpenBSD:   IPSEC interop between Cisco ASA and linux:   Use the ASA as a dmz switch and postfix for smart hosting:

Is that unsubscribe link safe to click?

The short answer is if you are not sure, then dont. This link should help with the understanding of the different classes of spam and how they work, and what you can safely do to help reduce if not eliminate spam:

Cisco ASA 8.2 WebVPN + IPSEC RoadWarrior VPN config

1. Interface setup: interface Vlan2 ip address a.b.97.190 nameif outside security-level 0 interface Vlan1 nameif inside security-level 100 ip address 2. VPN IP Pool setup This is the pool of ip addresses that the ssl and vpn clients will share: ip local pool vpnpool mask 3. NAT / No-Nat setup This cmd is needed to pass vpn client traffic thru to the inside servers: same-security-traffic permit intra-interface
Syndicate content