Digital Demons, lets cast them out of our digital homes.   May 9th, 2007

Back on March 19th of this year I posted, “Three weeks in two, bah who needs sleep.”, I must have lied because between those two weeks and the subsequent crazy weeks following I pretty much fell off the map. During the aforementioned two weeks though I visited Ottawa, Canada for Sales and Engineering training for CryptoCard. For me trips like this are exciting not for the trip but for the time I get to spend with other professionals learning, hanging out and passing on our tricks to each other. During a break on the training routine our instructor Patrick posed a question something to the affect of; if we don’t like spam and attacks and we know that 20 to 30% of all spam and attacks come from North Korea and China then why don’t we block them at the edge? Read the rest of this entry »

  • del.icio.us
  • NewsVine
  • Reddit
  • Digg
  • Slashdot
  • StumbleUpon
  • Technorati
  • email
  • Facebook
  • Google Bookmarks
  • LinkedIn
  • Live
  • TwitThis
Posted in Cisco, Errata, PIX/ASA, Security | No Comments »

ASA VPN Commands to Remember   February 9th, 2007

From time to time I’ll just post these quick little snippets of code. Honestly, this is so I have a reference for them in the future. This set comes from troubleshooting why my VPN would connect but not allow me to see the networks I had allowed in my VPN GROUP ACE.

This command allows the ASA to detect VPN clients behind NAT device’s and encapsulates the traffic into UDP on port 4500. Click on the command to see the detailed description and usage of this command.

crypto isakmp nat-traversal 20

sysopt connection permit-vpn

  • del.icio.us
  • NewsVine
  • Reddit
  • Digg
  • Slashdot
  • StumbleUpon
  • Technorati
  • email
  • Facebook
  • Google Bookmarks
  • LinkedIn
  • Live
  • TwitThis
Posted in Cisco, PIX/ASA | No Comments »

Cisco PIX to ASA not what it seems.   February 1st, 2007

We I am still behind in getting configs published. But please know that they are coming. This is a hobby for me and like most hobbies it is lower in my priority queue than work and family. One of the items that took priority this week was a conversion from a pair of PIX 515sto ASA-5540s with AIP-20s.

I learned a lot about traffic, hardware limitations and marketing with this project. This whole project started shortly after an upgrade from a DSL to their upstream provider to a 100 Mbit Circuit. Along with the circuit upgrade they customer also started using a WebApp provided by their upstream provider that generated alot of connections but not allot of bandwidth. To make a long story short we ended up having sudden outages that would come and go with no explanation…that is until I checked the connections on thier PIX 515. During outages they were running between 148,000 to 160,000 connections and their pic was designed to handle 120,000. We could have performed connection tuning on the PIX but the client was ready to move on to an ASA. Read the rest of this entry »

  • del.icio.us
  • NewsVine
  • Reddit
  • Digg
  • Slashdot
  • StumbleUpon
  • Technorati
  • email
  • Facebook
  • Google Bookmarks
  • LinkedIn
  • Live
  • TwitThis
Posted in Cisco, PIX/ASA | No Comments »
Newer Entries »