StaticNAT

This is my current big project.

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

So for the past two years I have been a Mac guy.  I have fallen in love with the clean easy to use interface of OSX coupled with the power of the base os for when I need to get down and dirty on a network.  Along with this love affair I had come the the conclusion that the days of portable computers bristling with ports and expansion slots like guns from battleships of old were gone.  Then I switched jobs and was issued my Dell Lattitude D630.  So far it is a nice laptop.  Aside from the OS options I have ( I chose Ubuntu) I was surprised to see all my hardware options including a serial port (woohooo no need to care my keyspan USB adapter!!!!), a docking port slot ont he bottom, the ability to remove my DVD drive for a few extra hours of battery, 4 USB slots, VGA out on board, an a PCMCIA slot.

Lets just say out of all of those mentioned my PCMCIA (PC CARD) slot was my least favorite.  Many computers are moving to the PC Express Cards that have much more bandwidth for options just out audio and video interfaces.  So I just left my PC Card slot alone with the blank that had come in it.  Some of the guys I work with are carrying super thin laser mice in that slot and my wife’s HP has a cool little remove that hides in that bay but all in all it seems pretty useless.  That was till I found an old CF to PCMCIA apter that I had picked up to try to use CF cards in my older Cisco routers (That did not work!).
Continue Reading »

If you follow staticnat then you will know that I recently started a new job.  They issued me a new Dell Latitude D630 including the upgraded video card.  This was  bit a of a change since I have been using a Macbook exclusively for the past two years.  What I learned to love about the the Macbook was the strength of the underling OS and its elegant GUI for day to day use.  Knowing my OS opt out of the Win32 world and take the dive into Linux as my primary work environment.  This was easy enough considering my laptop came installed with WinXP and the Ubuntu 7.10 installer CD does a great job creating a dual boot system with minimal hassle to the end user.
Continue Reading »

Not that everyone knows where I work but I am moving from a mixed VAR and BISCI shop tommarow to my new profesional home at Netech I expect to be posting more in the near future considering I will be living out of a hotel for a few months. That and exposure to my new life as a dedicated Cisco Engineer should give me lots of fodder for my humble little site. So add me to RSS and look for new content soon.

I would like to welcome a cool new resource to out party. openpacket is a cool site that takes traffic capture files of a set type of traffic ranging from Normal, Suspicious to Malicious. Being able to reference these captures could be very beneficial when it comes to diagnosing network issues. So surf on over and register with these guys. Just make sure you don’t get any packet headers on you when you dive in.

Over the last two years I have become quite the Mac/OSX fan.  For years I was down on apple and to this day think I had every right to be.  But with OS 10.4 and now 10.5 they have created a powerful and flexible unix distribution for the general user and the power users.  However I have from time to time notices funky issues with software such as the Cisco IpSec VPN client.

Most recently in 10.5.1 I kept getting the VPN subsystem could not be contacted.  Well here is the fix from nate,

“If you are running Cisco’s VPNClient on Mac OSX, you might be familiar with (or tormented by) “Error 51: Unable to communicate with the VPN subsystem”. The simple fix is to quit VPNClient, open a Terminal window, (Applications -> Utilities -> Terminal) and type the following:

sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

and give your password when it asks. This will stop and start the “VPN Subsystem”, or in other words restart the CiscoVPN.kext extension.”

Thanks Nate and I hope this help everyone else out there keep their WARP core under control….later!

I have been doing alot of reading lately about network monitoring, IDS, network problem diagnosis and other such topics. Out of that reading I have been picking up on something that was totally left out of my education in the finer arts of networking. That something is the necessary use of network TAPS for full visibility of of traffic in a structured switched Ethernet network. I plan on discussing that issue more in the near future. But on the front end I have discovered the need to use the existing SPAN and port mirroring options to get a better view on a highly VLAN’d environment. This article from NetworkIntrusion was just what the doctor ordered. So until I can get my hands on some TAPS and get some articles out about how they have revolutionized my troubleshooting methodology I hope this use of tried and true tools for monitoring switches helps.

I was on a client site about a month ago finishing an ASA install running PIX IOS 7.2.3. We were moving the client from flat ACLs to Object Group based ACLs, Object groups and named hosts. But for whatever reason we were having problems with the ACL. So from the command line I planned on using the tried and true no access-list “ACL NAME” to get rid of the offending ACL and start over. I was confused when the ACL did not go away. Well in reading 6200networks yesterday I came accross the the answer. From global config mode use clear configure access-list “id” and is should take care of that troublesome ACL. Thanks to Joe at 6200networks for the info.

Here is how you find it on Cisco Chassis running IOS

Show idprom backplane

Enjoy