NAT OVERLOAD - - Page 13

Security October 15, 2009

Demystifying ASA/PIX Nat 0 vs Static

Firstly, Nat 0 and static can be used to achieve the same result of bypassing NAT, at least logically 🙂 However both are fundamentally different. Take a look at the following example: nat (inside) 0 192.168.1.1 255.255.255.255 and static (inside,dmz)…

Security May 29, 2009

Cisco ASA allowing management-access from VPN

The inside interface of the PIX (also applies to ASA) cannot be accessed from the outside or from the other side of the VPN tunnel unless the management-access is configured. Once management-access is enabled, Telnet, SSH, or HTTP access must…

Security May 20, 2009

Cisco ASA Failover Tips and misc.

When setting up a Cisco ASA failover pair, try to follow the following rules & tips: Do not use a crossover Ethernet cable or a fiber-optic patch cable to directly connect the two failover LAN interfaces if the firewalls are…

VMWare April 2, 2009

VMWare ESXi 3.x secret console and enable SSH access

VMWare ESXi 3.x is a free version and lightweight version of the VMWares ESX platform. It supports most of the key features that ESX has but comes in appliance like package which doesn’t let you configure anything more than just…

Cisco, Security February 17, 2009

Cisco ASA/PIX Firewall inside interface routing problem

If you are having issues routing your traffic within the inside interface, or hair-pining your traffic, chances are you need to enable the “same-security-traffic permit intra-interface” command. Take a look at the picture below which explains this problem: Basically when…

Technology December 28, 2008

Datacenter Capacity Planning

A lot needs to be considered when planning for a datacenter. Power, cooling, UPS, generators, rack space, cost. All these come into play. Here are a few links to some vendor calculators I came across that has helped me. DELL…

Linux December 22, 2008

How to display rpm version and architecture installed on a Linux system

Have you ever wondered how to query the architecture (32bit or 64bit) or rpm version that is installed on your Linux system? Has a DBA ever come to you and asked the following: “Why is my Oracle Linux server missing…

Linux, Windows December 6, 2008

iSCSI @ Home

iSCSI or internet SCSI is a standard for running SCSI over an ip based network. For people familiar with this technology it basically enables you to mount remote disks over your existing IP infrastructure. Today I setup a simple iSCSI…

Linux November 4, 2008

Vsftp chroot – Unable to follow symlinks!!

Today I setup vsftp for local user ftp access. I turned on ‘chroot_local_user=YES’ which essentially puts the ftp user into a vsftp chroot jail. But what happens when you want to access something outside of user’s home directory? What? Symlinks…

Technology October 30, 2008

Upgrading an Entrepreneur ASP infrastructure – PART III

VMware – The leading industry Virtualization Provider. It comes in two flavors VMWare ESX and VMWare Server (formerly GSX). The former comes at a cost and the latter FREE! In a low cost setup Vmware server (Free version) is the…