One of my clients has had their web server exposed to the wild world of the internet now for several years. Up till about a year and a half ago many systems on their network actually had IP ANY ANY statements cut through from the Outside of their Firewall to the Inside. However it has been one of my many jobs since I started with them to eradicate these problems and start securing their infrastructure. The firewall changes have been easy for the most part and any problems that remain are policy issues that we are working to eliminate. However their web server sitting outside of the firewall has been an ongoing issue and due to some anomaly’s on the server they are deploying the recommended DMZ and migrating their web server there. [Read more...]
Upon us all a little rain must fall.
Led Zeppelin said it best I guess. This past week Ohio along with lots of other states got hit with the remains of hurricane Dean. So far it has been the most damaging storm for my clients in my short consulting career. The first call came on Tuesday morning August 21st. That call was from one of our account managers who indicated a client had sustained catastrophic damage to their 6509 when water rushed into their core network closet. My first two thoughts were how quickly can we get replacement hardware and how long should it take for me to get them back up and going? [Read more...]
ASA LDAP Auth the nice and easy way.
Ok so I have been beating my head on ASA to LDAP auth (temporary fix till my client spins up RADIUS) but thanks to the great LDAP group at Cisco TAC I”m up and working. The piont of this post is to take what we tend to know about LDAP client configs and adjust it for what Cisco has setup in PIX IOS 8. [Read more...]
The King has left the building…err…the web. (Final Update)
Thats right kiddies. Cisco.com is off line. I have a pending case with TAC in which I was supposed to download files with special access. Stay tuned for that story later. However as I tried to get the files all my attempts to contact anything off of the Cisco main page game up dead. I confirmed this from an iPhone on AT&T m XV6700 on Verizon as well as a network off of the State of Ohio Backbone. With my homework done I contacted an engineer at Cisco who confirmed…” Yep we are down…not one of our best days. We should be back online sometime later tonight. My engineer is in the eastern time zone with me and it was 3pm when he told me this so sounds like the are on the mat for a few more hours. Not sure what the problem is or how wide spread, but I’ll wager that this costs someone their job and Cisco allot of money. [Read more...]
Bridge Building Geek Style
One of the Cisco Sales reps I work for called me a few months back and said hey why don’t we use a Cisco Wireless setup and client X to save them a bunch of money? My reply was…crap why didn’t I think of that followed by sure let me get to working on it. In the end we provided a solution that used Cisco 1240 A/G radios, two 5Ghz Point to Point panel antennas. We also got to use the 2.4 Radios for WiFi access on the insides of the buildings that the 5Ghz bridge was serving. Currently I am completing the config but once I have it all done I am going to post the juicy bits (sanitized to protect the client of course) as well as a few pics if the client will permit me to do so.
My company has done quite a few of these in the past. However this was my first go at a Wireless bridge setup. As usual with new projects I was a bit nervous but in the end I have been amazed at how smooth the whole thing went. Wireless connectivity has really jumped a level in my mind now. It was interesting though when I called one of our designers and then one of our engineers and asked “so now that my link is up how do I test the link quality and speed?” The answer was I’m really not sure they just work. For the moment I accepted the answer but in the end I have been troubleshooting a few things and I added my question to the list of things I wanted to solve by the time I handed it off to the client. [Read more...]
