Saturday, October 31, 2015
Friday, October 30, 2015
Cisco ASA: VPN Lifetime Count
Did you know that VPNs resend their information after a certain amount of time? Yep, its true. After the lifetime expires, they resend their SA info. You can see the remaining times when you do a show crypto isakmp sa detail on the Cisco ASA.
asa# sh cryp isa sa det
Active SA: 2
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 2
1 IKE Peer: 4.4.4.164
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
Encrypt : 3des Hash : SHA
Auth : preshared Lifetime: 86400
Lifetime Remaining: 42302
2 IKE Peer: 5.5.5.104
Type : user Role : responder
Rekey : no State : AM_ACTIVE
Encrypt : aes Hash : SHA
Auth : preshared Lifetime: 86400
Lifetime Remaining: 28616
asa# sh cryp isa sa det
Active SA: 2
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 2
1 IKE Peer: 4.4.4.164
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
Encrypt : 3des Hash : SHA
Auth : preshared Lifetime: 86400
Lifetime Remaining: 42302
2 IKE Peer: 5.5.5.104
Type : user Role : responder
Rekey : no State : AM_ACTIVE
Encrypt : aes Hash : SHA
Auth : preshared Lifetime: 86400
Lifetime Remaining: 28616
Thursday, October 29, 2015
Home Projects: Stablizing Old Floors
It never fails, I always come out bleeding when I go under my house. Since we were having a lot of people over, I needed to make sure my floors were stable and supported well. I've been underneath the house and done this before, but over time, things just settle in. So now I'm back underneath the house again to make sure all is sturdy again.
Now I don't like confined spaces, but someone had to do this. Might as well be me.
Now I don't like confined spaces, but someone had to do this. Might as well be me.
And, it never fails:
Wednesday, October 28, 2015
Switch Banners
I get on a lot of switches during a weeks time. Although rare, I do, occasionally, see a creative banner. Most of the time people want you to know they are monitoring your session and are going to prosecute you to the fullest extent when they catch you. Below is the latest one that was a little different than the norm. I found it on a Cisco switch.
**********************************************
Speak friend and enter
else leave
**********************************************
**********************************************
Speak friend and enter
else leave
**********************************************
Tuesday, October 27, 2015
Palo Alto: 7.X and ACC
Update on this 11/13/15: Palo got in touch with me about this and walked me through the new way of doing things. It's not as bad as I thought. You can still see what you want to see, you just have to create your own search for it via filters. I'm ok with this. However for people who don't know or understand the Palo, this might be a little more difficult for some. I, however, am ok with this now that I understand what Palo is trying to do.
So most people know I'm a fan of Palo Alto firewalls. But, I came across something today that I didn't like. ACC used to have a great console for finding out info fast. That is, in 6.X and below. Now, in 7.X, its harder to dig down without having to go through the logs. Why would Palo do this? I have no idea. But I'm not happy about this change. I doubt it will change, but I made it a point to talk to TAC about this when I called about a support issue.
So most people know I'm a fan of Palo Alto firewalls. But, I came across something today that I didn't like. ACC used to have a great console for finding out info fast. That is, in 6.X and below. Now, in 7.X, its harder to dig down without having to go through the logs. Why would Palo do this? I have no idea. But I'm not happy about this change. I doubt it will change, but I made it a point to talk to TAC about this when I called about a support issue.
Monday, October 26, 2015
Home Projects: Stairs
I like home projects, especially if they are outside. I had a few things I needed to do before my daughter's wedding, and I thought I would post a few of them in the next few days. One of these was fixing some steps on the side of my house. I didn't get a good before pic, but did of the process.
Finished product:
Sunday, October 25, 2015
Sunday Thought: Two Wolves
I watched a movie last night called Tomorrowland. Nothing special about it really, but they did make mention of something interesting. They mention the two wolves story. One filled with darkness and the other filled with light. Both of them always fighting each other. The question was asked, "Which wolf wins the fighting?" The answer: "The one you feed."
It seems to me that we who are Christians are the same. We have an "old self" and a "new self". I think our old self is the sinful nature that we were born into. The new self being what God would have us be, turning away from our sinful desires. The new self being the transformation into what God would have us to be. So which one do we feed? The sinful nature or our new self?
It seems to me that we who are Christians are the same. We have an "old self" and a "new self". I think our old self is the sinful nature that we were born into. The new self being what God would have us be, turning away from our sinful desires. The new self being the transformation into what God would have us to be. So which one do we feed? The sinful nature or our new self?
Saturday, October 24, 2015
Thursday, October 22, 2015
The Hunt For The Rogue DHCP Server
Man, I hate these things. You know, when someone plugs in a device that gives out DHCP by default, just so they can have more than one port to plug into for their devices? I had this happen on a network, where the 10.254.236.X address was being given out to some clients. This turned a little ugly, since the whole network (including remotes) reside on a single vlan with L2 across to the remote sites. I was able to track it down though. I had to ping the default gateway (which was the rogue dhcp server) to get an mac address entry on the PC. Once I had that (by doing arp -a on the PC on the command prompt), then I was able to find the mac address on the switching gear. I tracked it down through several switches (across the MPLS network) and shut down the port. When I went onsite to find it, it lead me to the place below. Where it goes, no one knows.
Wednesday, October 21, 2015
Whats Under The Hood: Your Network Gear
(Be patient in this post, its really about network switches.)
You know, when you are looking for a car to buy, what are some of the things you look for? I suppose the answers are different for each person.
Here is what I don't do though. I don't say to myself for criteria:
1. Will this car do 80 mph?
2. How much does this car cost?
I tend to ask more questions than that:
1. Is the engine a V8, V6?
2. How any mpg does it get?
3. What are the safty ratings?
4. Yes, how much does it cost?
5. Has this car been taken care of? (oil changes, gaskets, etc)
6. Is the body in good shape?
7. Does the engine feel good when driving?
Etc, etc.
I go through a lengthy check of what I know to check on the car as well. I check everything I can on the engine. I look at the gaskets, boots, fluid leaks, check for stains, hose condition, wear on critical parts, etc, etc. I take a good look at the vehicle.
The reality is that on cars, most calls, if not all, will do 80 mph. Now, lets compare for a minute. My Dodge 1500 will do 80 without issue. RPMs are low during that time as well. My engine doesnt even think about it. However, I had a Honda Civic at one point in life where it would do 80 mph, but the engine was obviously struggling. Which one would I prefer? Obviously my truck.
Now, on to the switch conversation. Whats under the hood? I hear so often IT Directors, when deciding what switch gear to buy, say things like this: "Its a gig speed to the desktop". "Its cheaper than the other brand". "This brand is what we know how to manage".
It amazes me that people who are making device decisions are actually uneducated on how to make good decisions. I mean, you take your next five year investment and you base your decision on price? Or, you make an uninformed decision based on what the sales guy told you? Its time to get informed folks.
So, what do you look for? I always say three things are what you look for:
1. Yes, price is something to look at. But not the most important.
2. Performance of the equipment. Most companies need performance in the network. Switching backplane, forwarding rate, stacking bandwidth, number of switches allowed in a stack, memory, SDN capable. These are important in the decision making comparisons.
3. Features of the equipment. Most companies now a days just need QoS, routing and number of 10gig ports, switching, and maybe PoE. However, you also need SDN capability for the future. Other than that and other common to all vendor features, thats mostly it.
4. I'm going to add this in, although I don't normally tell people this. But product support is important also. How good is the vendor support when you call in?
I always compare switch vendors in performance. If you think that all you need is gig speed to the desktop, you are setting yourself up for potential planning failure for your network needs for not only now, but for the next five years. Even though my old Civic would do 80 mph, it wouldn't be the best option for performance, comfort or other options I needed for daily use of a vehicle. Same thing with switches. You have to know what you are looking at when you make decisions that affect your company.
Now, with that said, the next statements are for the IT consultant. Its YOUR responsibility to educate your customers. Its YOUR responsibility to let them know how to make good decisions.
You know, when you are looking for a car to buy, what are some of the things you look for? I suppose the answers are different for each person.
Here is what I don't do though. I don't say to myself for criteria:
1. Will this car do 80 mph?
2. How much does this car cost?
I tend to ask more questions than that:
1. Is the engine a V8, V6?
2. How any mpg does it get?
3. What are the safty ratings?
4. Yes, how much does it cost?
5. Has this car been taken care of? (oil changes, gaskets, etc)
6. Is the body in good shape?
7. Does the engine feel good when driving?
Etc, etc.
I go through a lengthy check of what I know to check on the car as well. I check everything I can on the engine. I look at the gaskets, boots, fluid leaks, check for stains, hose condition, wear on critical parts, etc, etc. I take a good look at the vehicle.
The reality is that on cars, most calls, if not all, will do 80 mph. Now, lets compare for a minute. My Dodge 1500 will do 80 without issue. RPMs are low during that time as well. My engine doesnt even think about it. However, I had a Honda Civic at one point in life where it would do 80 mph, but the engine was obviously struggling. Which one would I prefer? Obviously my truck.
Now, on to the switch conversation. Whats under the hood? I hear so often IT Directors, when deciding what switch gear to buy, say things like this: "Its a gig speed to the desktop". "Its cheaper than the other brand". "This brand is what we know how to manage".
It amazes me that people who are making device decisions are actually uneducated on how to make good decisions. I mean, you take your next five year investment and you base your decision on price? Or, you make an uninformed decision based on what the sales guy told you? Its time to get informed folks.
So, what do you look for? I always say three things are what you look for:
1. Yes, price is something to look at. But not the most important.
2. Performance of the equipment. Most companies need performance in the network. Switching backplane, forwarding rate, stacking bandwidth, number of switches allowed in a stack, memory, SDN capable. These are important in the decision making comparisons.
3. Features of the equipment. Most companies now a days just need QoS, routing and number of 10gig ports, switching, and maybe PoE. However, you also need SDN capability for the future. Other than that and other common to all vendor features, thats mostly it.
4. I'm going to add this in, although I don't normally tell people this. But product support is important also. How good is the vendor support when you call in?
I always compare switch vendors in performance. If you think that all you need is gig speed to the desktop, you are setting yourself up for potential planning failure for your network needs for not only now, but for the next five years. Even though my old Civic would do 80 mph, it wouldn't be the best option for performance, comfort or other options I needed for daily use of a vehicle. Same thing with switches. You have to know what you are looking at when you make decisions that affect your company.
Now, with that said, the next statements are for the IT consultant. Its YOUR responsibility to educate your customers. Its YOUR responsibility to let them know how to make good decisions.
Tuesday, October 20, 2015
Unfortunate Experience
The day after my daughter's wedding, my wife and I thought we would go to the beach for a couple of days. About an hour and a half into the drive, we didn't make it. We threw a rod, which leads us to the below pic. And, if you want a good laugh at my expense, the video below the pic is sure to make you laugh, at least a little.
Monday, October 19, 2015
Brocade Fiber SFP Connected To Cisco Fiber SFP: No Link
I ran into this the other day. My customer had a Brocade ICX6450 acting as the core (I know, don't say it) and was trying to connect a Cisco 2960 via fiber to it. Well, the fiber link just wouldn't come up.
But, I knew there was something special that you did have to do when connecting a Cisco and Brocade together (sometimes) when you have issues like this. Turns out that I had to run this command on the Cisco port: "speed nonegotiate"
That resolved my problem and the link came right up.
But, I knew there was something special that you did have to do when connecting a Cisco and Brocade together (sometimes) when you have issues like this. Turns out that I had to run this command on the Cisco port: "speed nonegotiate"
That resolved my problem and the link came right up.
Sunday, October 18, 2015
Saturday, October 17, 2015
Friday, October 16, 2015
SonicWall: Dual-ISP Configuration
All firewalls I know have dual-ISP backup configuration availability. SonicWall is no different. If you have dual-ISPs, then certainly set it up. Its on the Failover and LB (Load Balancing) page. Its easy and works well.
Wednesday, October 14, 2015
Packet Capture: More Proving Whats There
More packet captures on the ASA. Sometimes you just have to know how far the packet is getting. This time its across a VPN. I need to see what the packets actually are getting across, and not just look at the counters. Im trying to see if one DNS server is sending traffic back. Yep, the 192.168.1.100 DNS server is sending traffic back. I see this on the inside interface of the ASA. Looks good.
ASA# sh capture
capture capin type raw-data access-list 191 interface inside [Capturing - 28987 bytes]
ASA# sh capture capin
143 packets captured
1: 14:03:29.546663 192.168.1.100.53 > 192.168.5.64.54137: udp 373
2: 14:24:47.714761 192.168.5.64.61552 > 192.168.1.100.53: udp 55
3: 14:24:47.717064 192.168.1.100.53 > 192.168.5.64.61552: udp 55
4: 14:24:47.931943 192.168.5.64.53348 > 192.168.1.100.53: udp 35
5: 14:24:47.932340 192.168.1.100.53 > 192.168.5.64.53348: udp 90
6: 14:24:47.970271 192.168.5.64.50397 > 192.168.1.100.53: udp 32
7: 14:24:47.970683 192.168.1.100.53 > 192.168.5.64.50397: udp 79
8: 14:24:48.015196 192.168.5.64.63238 > 192.168.1.100.53: udp 45
9: 14:24:48.015853 192.168.1.100.53 > 192.168.5.64.63238: udp 98
10: 14:24:48.059841 192.168.5.64.64395 > 192.168.1.100.53: udp 39
11: 14:24:48.090159 192.168.1.100.53 > 192.168.5.64.64395: udp 39
12: 14:24:48.135307 192.168.5.64.62142 > 192.168.1.100.53: udp 42
13: 14:24:48.136025 192.168.1.100.53 > 192.168.5.64.62142: udp 111
14: 14:24:48.172140 192.168.5.64.52743 > 192.168.1.100.53: udp 35
15: 14:24:48.174566 192.168.1.100.53 > 192.168.5.64.52743: udp 110
...
143 packets shown
ASA#
ASA# sh capture
capture capin type raw-data access-list 191 interface inside [Capturing - 28987 bytes]
ASA# sh capture capin
143 packets captured
1: 14:03:29.546663 192.168.1.100.53 > 192.168.5.64.54137: udp 373
2: 14:24:47.714761 192.168.5.64.61552 > 192.168.1.100.53: udp 55
3: 14:24:47.717064 192.168.1.100.53 > 192.168.5.64.61552: udp 55
4: 14:24:47.931943 192.168.5.64.53348 > 192.168.1.100.53: udp 35
5: 14:24:47.932340 192.168.1.100.53 > 192.168.5.64.53348: udp 90
6: 14:24:47.970271 192.168.5.64.50397 > 192.168.1.100.53: udp 32
7: 14:24:47.970683 192.168.1.100.53 > 192.168.5.64.50397: udp 79
8: 14:24:48.015196 192.168.5.64.63238 > 192.168.1.100.53: udp 45
9: 14:24:48.015853 192.168.1.100.53 > 192.168.5.64.63238: udp 98
10: 14:24:48.059841 192.168.5.64.64395 > 192.168.1.100.53: udp 39
11: 14:24:48.090159 192.168.1.100.53 > 192.168.5.64.64395: udp 39
12: 14:24:48.135307 192.168.5.64.62142 > 192.168.1.100.53: udp 42
13: 14:24:48.136025 192.168.1.100.53 > 192.168.5.64.62142: udp 111
14: 14:24:48.172140 192.168.5.64.52743 > 192.168.1.100.53: udp 35
15: 14:24:48.174566 192.168.1.100.53 > 192.168.5.64.52743: udp 110
...
143 packets shown
ASA#
Tuesday, October 13, 2015
Cisco ASA: Troubleshooting With Logs
I was having to troubleshoot a VPN between a Check Point and an ASA the other day. I came up with this message in the ASA logs:
%ASA-7-713222: Group = 5.8.15.51, IP = 5.8.15.51, Static Crypto Map check, map = BHM, seq = 30, ACL does not match proxy IDs src:5.8.15.51 dst:192.168.2.10
%ASA-7-713221: Group = 5.8.15.51, IP = 5.8.15.51, Static Crypto Map check, checking map = BHM, seq = 40...
It appears that the Check Point is trying to use the public address instead of the non-NAT'ed address. My point here is that the ASA logs are very important for troubleshooting issues. Maybe you can look at the config and just find the solution. Maybe you need the logs. Either way, setting the appropriate log levels in troubleshooting is important. It helped me determine that the ASA was fine and that the Check Point needed some work.
%ASA-7-713222: Group = 5.8.15.51, IP = 5.8.15.51, Static Crypto Map check, map = BHM, seq = 30, ACL does not match proxy IDs src:5.8.15.51 dst:192.168.2.10
%ASA-7-713221: Group = 5.8.15.51, IP = 5.8.15.51, Static Crypto Map check, checking map = BHM, seq = 40...
It appears that the Check Point is trying to use the public address instead of the non-NAT'ed address. My point here is that the ASA logs are very important for troubleshooting issues. Maybe you can look at the config and just find the solution. Maybe you need the logs. Either way, setting the appropriate log levels in troubleshooting is important. It helped me determine that the ASA was fine and that the Check Point needed some work.
Monday, October 12, 2015
Brocade Switch: Brief Interface Status
Sometimes I just need to see if a port is up or not. I dont need all the statistics. So when I do a show interface eth 1/2/2 on the switch, I dont want to wait for the console to scroll down. I just want a short answer, is the port up or not. Here is the commmand to do just that.
ICX6450#sh int bri eth 1/2/2
Port Link State Dupl Speed Trunk Tag Pvid Pri MAC Name
1/2/2 Down None None None None Yes N/A 0 cc4e.2463.xxxx
ICX6450#
ICX6450#
ICX6450#sh int bri eth 1/2/2
Port Link State Dupl Speed Trunk Tag Pvid Pri MAC Name
1/2/2 Down None None None None Yes N/A 0 cc4e.2463.xxxx
ICX6450#
ICX6450#
Saturday, October 10, 2015
Friday, October 9, 2015
Targus Backpack 2
A few years ago, I wrote a post about my Targus backpack vs a Swiss backpack I had. It's been 10 years now, and the zipper finally broke on that old Targus. Man, that was a great backpack.
Link to that post
So now I had to buy a new one. I chose Targus again, and I'm glad I did. Very comfortable and lightweight, I chose the Targus Legend. I'm looking forward to using this thing. Below, I already have all my gear inside it.
Link to that post
So now I had to buy a new one. I chose Targus again, and I'm glad I did. Very comfortable and lightweight, I chose the Targus Legend. I'm looking forward to using this thing. Below, I already have all my gear inside it.
Thursday, October 8, 2015
Colasoft Freeware Tools
Colasoft has some pretty neat freeware tools that might come in handy for you (http://www.colasoft.com/download). But, what is most interesting to me is that they have a free version of one of my favorite network analysis tools: Capsa I have not looked at this freeware yet, but from reading the details of it, I think this freeware will be worth looking at. Check it out here.
Wednesday, October 7, 2015
Check Point Packet Captures In CLI
I think most of you know Im a fan of packet captures when you need to do prove the packet is making it. I needed to do this again on a Check Point firewall and they do make it easy if you know the commands. Below, I need to know if a packet is making it to 192.168.2.59 with a destination port of 25. Looks like its making it.
CP1> fw monitor -e "host (192.168.2.59) and port (25), accept;"
monitor: getting filter (from command line)
monitor: compiling
monitorfilter:
Compiled OK.
monitor: loading
monitor: monitoring (control-C to stop)
[vs_0][fw_1] eth1:o[60]: 192.168.1.10 -> 192.168.2.59 (TCP) len=60 id=17090
TCP: 55906 -> 25 .S.... seq=fa7cc851 ack=00000000
[vs_0][fw_1] eth1:O[60]: 192.168.1.10 -> 192.168.2.59 (TCP) len=60 id=17090
TCP: 55906 -> 25 .S.... seq=fa7cc851 ack=00000000
[vs_0][fw_1] eth1:i[60]: 192.168.2.59 -> 192.168.1.10 (TCP) len=60 id=0
TCP: 25 -> 55906 .S..A. seq=8bc062bf ack=fa7cc852
[vs_0][fw_1] eth1:I[60]: 192.168.2.59 -> 192.168.1.10 (TCP) len=60 id=0
TCP: 25 -> 55906 .S..A. seq=8bc062bf ack=fa7cc852
[vs_0][fw_1] eth1:o[52]: 192.168.1.10 -> 192.168.2.59 (TCP) len=52 id=17091
TCP: 55906 -> 25 ....A. seq=fa7cc852 ack=8bc062c0
[vs_0][fw_1] eth1:O[52]: 192.168.1.10 -> 192.168.2.59 (TCP) len=52 id=17091
TCP: 55906 -> 25 ....A. seq=fa7cc852 ack=8bc062c0
[vs_0][fw_1] eth1:i[89]: 192.168.2.59 -> 192.168.1.10 (TCP) len=89 id=16339
TCP: 25 -> 55906 ...PA. seq=8bc062c0 ack=fa7cc852
[vs_0][fw_1] eth1:I[89]: 192.168.2.59 -> 192.168.1.10 (TCP) len=89 id=16339
TCP: 25 -> 55906 ...PA. seq=8bc062c0 ack=fa7cc852
[vs_0][fw_1] eth1:o[52]: 192.168.1.10 -> 192.168.2.59 (TCP) len=52 id=17092
TCP: 55906 -> 25 ....A. seq=fa7cc852 ack=8bc062e5
[vs_0][fw_1] eth1:O[52]: 192.168.1.10 -> 192.168.2.59 (TCP) len=52 id=17092
TCP: 55906 -> 25 ....A. seq=fa7cc852 ack=8bc062e5
[vs_0][fw_1] eth1:o[77]: 192.168.1.10 -> 192.168.2.59 (TCP) len=77 id=17093
TCP: 55906 -> 25 ...PA. seq=fa7cc852 ack=8bc062e5
monitor: caught sig 2
monitor: unloading
CP1>
Monday, October 5, 2015
Cisco Voice: Image Boot For New Install
VMWare is pretty cool, I must admit. There have been times when I needed to do a fresh install to be able to accomplish some of the goals I needed to accomplish in the voice world. Especially when I dont want to do an install from scratch and input all the info that I could just do a backup and restore on a new install with. Below is where you go to tell VMWare where the image is to boot up to.
Sunday, October 4, 2015
Sunday Thought: Fame
I'm not a big fan of fame. Have you seen people change with fame? Only to get ripped apart later? This song is about Britney Spears, but you can fill in the blank with many names. Listen to this song, and I'm sure you will think of others besides Britney. You know grace is extended to us all through Jesus.
Britney
Britney
Saturday, October 3, 2015
Friday, October 2, 2015
New Personal Read: The Character Of A Man By Bruce Marchiano
I bought this book the other day for a personal read. I'm thinking its going to be a good.
The Character Of A Man - Bruce Marchiano
The Character Of A Man - Bruce Marchiano
Thursday, October 1, 2015
Cisco Switch: Fiber Transceiver Signal
This is a good command for determining if your signal in your fiber is good or not. There are limits to everything, and fiber signal is no different. There is a command "show interface gig 1/1 trans detail" that I use to help determine this. Plug in what interface you want to monitor to check this.
Notice below, my actual reading is on the left. -24.9dBm. The range for warnings are between 0 and -23, so Im obviously out of the range of the warning level. But, Im still above the low reading of -26.0dBm.
Notice below, my actual reading is on the left. -24.9dBm. The range for warnings are between 0 and -23, so Im obviously out of the range of the warning level. But, Im still above the low reading of -26.0dBm.
Subscribe to:
Posts (Atom)