Clouds are not a cure-all

Make sure that you understand what you are paying for in the cloud. The ability to scale on demand is nice. Having your apps run on random hardware that is failing, or overloaded is not so nice.

 

Excerpted from:

http://www.reddit.com/r/blog/comments/g66f0/why_reddit_was_down_for_6_of...

Daisy Chained Switches - spanning tree problems lurking

Ran into a situation where a customer had 8 cisco 2950 switches patched randomly into each other. Cleaned the configuration up where 1 master switch will feed all the other switches. Ideally this will be replaced with a 3560 gig switch.

Here is what happens to layer2 networks that keep growing as users add new switches. Normally routers would be used to break up large layer2 domains but sometimes companies forget to do this and a mess can result.

http://www.cio.com.au/article/65115/all_systems_down/

 

 

When an unfriendly gateway makes IPSEC hard: OpenVPN Site to Site Tunnel to the rescue

OpenVPN tunnel had good site to site throughput - better than IPSEC in fact. This example also shows how to handle multiple separate openvpn instances on the same box.

http://www.richweb.com/openbsd_openvpn_on_static_natted_ip

Is that unsubscribe link safe to click?

The short answer is if you are not sure, then dont. This link should help with the understanding of the different classes of spam and how they work, and what you can safely do to help reduce if not eliminate spam:

http://www.richweb.com/unsubscribe_links

Cisco ASA 8.2 WebVPN + IPSEC RoadWarrior VPN config

1. Interface setup:

interface Vlan2
ip address a.b.97.190 255.255.255.192
nameif outside
security-level 0

interface Vlan1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0

2. VPN IP Pool setup

This is the pool of ip addresses that the ssl and vpn clients will share:
ip local pool vpnpool 192.168.101.10-192.168.101.250 mask 255.255.255.0

3. NAT / No-Nat setup

This cmd is needed to pass vpn client traffic thru to the inside servers:
same-security-traffic permit intra-interface

Syndicate content