Make sure that you understand what you are paying for in the cloud. The ability to scale on demand is nice. Having your apps run on random hardware that is failing, or overloaded is not so nice.

Excerpted from:

http://www.reddit.com/r/blog/comments/g66f0/why_reddit_was_down_for_6_of...

Ran into a situation where a customer had 8 cisco 2950 switches patched randomly into each other. Cleaned the configuration up where 1 master switch will feed all the other switches. Ideally this will be replaced with a 3560 gig switch.

Here is what happens to layer2 networks that keep growing as users add new switches. Normally routers would be used to break up large layer2 domains but sometimes companies forget to do this and a mess can result.

http://www.cio.com.au/article/65115/all_systems_down/

These examples can make Active Directory and vpns / WANs easier to use:

http://www.richweb.com/openbsd_remote_vpn_site_dns_active_directory_configs

http://richweb.com/openbsd_remote_vpn_site_dns_active_directory_configs

And here is a write-up of how our content filter systems work at a semi-technical level:

http://richweb.com/content_filter_overview

OpenVPN tunnel had good site to site throughput - better than IPSEC in fact. This example also shows how to handle multiple separate openvpn instances on the same box.

http://www.richweb.com/openbsd_openvpn_on_static_natted_ip

OpenBSD SGW and ASA useful tid bits:

Policy routing and OpenBSD:

http://richweb.com/openbsd_reply_to_pf_example

IPSEC interop between Cisco ASA and linux:

http://richweb.com/ipsec_between_cisco_asa_and_racoon_linux

Use the ASA as a dmz switch and postfix for smart hosting:

http://www.richweb.com/asa5505_switch_port_vlan_postfix_smarthost

Working config with both SSL VPN and IPSEC VPN with Group AUTH PSK:
http://www.richweb.com/cisco_asa_vpan_vpn_clients_to_vlan_dmz

The short answer is if you are not sure, then dont. This link should help with the understanding of the different classes of spam and how they work, and what you can safely do to help reduce if not eliminate spam:

http://www.richweb.com/unsubscribe_links

Here is a config guide that is lab-tested:
http://www.richweb.com/ipsec_between_openbsd_cisco_asa

1. Interface setup:

interface Vlan2
ip address a.b.97.190 255.255.255.192
nameif outside
security-level 0

interface Vlan1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0

2. VPN IP Pool setup

This is the pool of ip addresses that the ssl and vpn clients will share:
ip local pool vpnpool 192.168.101.10-192.168.101.250 mask 255.255.255.0

3. NAT / No-Nat setup

This cmd is needed to pass vpn client traffic thru to the inside servers:
same-security-traffic permit intra-interface