StaticNAT

One of my clients has had their web server exposed to the wild world of the internet now for several years. Up till about a year and a half ago many systems on their network actually had IP ANY ANY statements cut through from the Outside of their Firewall to the Inside. However it has been one of my many jobs since I started with them to eradicate these problems and start securing their infrastructure. The firewall changes have been easy for the most part and any problems that remain are policy issues that we are working to eliminate. However their web server sitting outside of the firewall has been an ongoing issue and due to some anomaly’s on the server they are deploying the recommended DMZ and migrating their web server there.
Continue Reading »

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Led Zeppelin said it best I guess.  This past week Ohio along with lots of other states got hit with the remains of hurricane Dean.  So far it has been the most damaging storm for my clients in my short consulting career.  The first call came on Tuesday morning August 21st.  That call was from one of our account managers who indicated a client had sustained catastrophic damage to their 6509 when water rushed into their core network closet.  My first two thoughts were how quickly can we get replacement hardware and how long should it take for me to get them back up and going?
Continue Reading »

I am sure that at this point most of you have had some sort of experience with VOIP. My personal experiences are very mixed. On the Enterprise side I have worked on a multi-million dollar install of Cisco VOIP on a new all Cisco Network and it was less than spectacular. As a consultant I have worked with Cisco’s Call Manager Express in it’s home waters of the small/mid sized business and again I felt that it was lacking. However on the personal side I have been an off and on user of Skype for quite awhile as well as other come and go lightweight VOIP apps over the past seven or eight years.
Continue Reading »

Ok so I have been beating my head on ASA to LDAP auth (temporary fix till my client spins up RADIUS) but thanks to the great LDAP group at Cisco TAC I”m up and working. The piont of this post is to take what we tend to know about LDAP client configs and adjust it for what Cisco has setup in PIX IOS 8.
Continue Reading »

I haven’t posted in awhile due to a crazy work schedule. But I have set myself up with some tools to help me blog better. So this post is two fold.

1. A test of the ScribeFire plugin for Firefox.
2. Test new a new type of content for www.staticnat.com.

Up to this point I have not said a lot about my home network. I will be posting more because I think its relevant to the overall purpose of my site. Any of you who are into this fun little world of networking in the mid to large scale understand the value of test enviroments. Being a consultant most of that either happens on customer site if we are building a new site or in my basement if we are making changes in productions.
Continue Reading »

From a Network Engineer’s point of view this is exactly what is wrong with todays home networking methodology. Every night when I get home from work I follow the same rough routine. I plop down on the couch power on my laptop and connect to my home network via wireless. After doing so I check my connection logs for the day to my AP, my overall bandwidth usage via PRTG and my syslog server messages from my firewall. I do this to ensure that all is well on my little spoke of the internet. But I know for a fact that those of us who perform this little daily dance are in the minority. Instead what you get is scores of people purchasing wireless routers and just throwing them on their cable or DSL modem and going on with life, like they didn’t just leave their front door open with a big neon WELCOME HACKERS sign over it.
Continue Reading »