Using Microsoft Active Directory as the Authentication server for an SSL VPN on a Cisco ASA.

Background We wanted to be able to run an SSL VPN for a second team (Team B) on one of our ASA pairs. It was important to give each team a different VPN pool for security reasons. The first team … Continue reading

Posted in Cisco Networks, VPN | Tagged | Leave a comment

ASA 5505 Transparent Mode DHCP and Memory fun

We have a customer who uses a Cisco ASA 5505 in transparent mode to protect a small LAN. They did the right thing and took out SmartNet cover, but the reseller botched something and the TAC wouldn’t play with them … Continue reading

Posted in Best Practices, Cisco Networks, DHCP, Firewall, General Maintenance | Leave a comment

VPN NAT Changes

What is this post about? We are planning to make a minor change to the way our VPNs NAT clients. For those who are interested, this blog post explains why and how we are doing this. Please note that these … Continue reading

Posted in Cisco Networks, Documentation, General Maintenance, VPN | Leave a comment

OUCS Backbone Network Naming and Numbering Conventions

Introduction This blog post is intended to help ITSS in Oxford to better understand how the centrally provided network fits together with their own local networks. It is also hoped it will assist them in assessing the impact of any … Continue reading

Posted in Backbone Network, Cisco Networks, Documentation, General Maintenance | 1 Comment

Budget High Availability ASA testing

The problem We’re looking at setting up a management network behind a couple of ASAs. My requirements and prerequisites are: No L2 end to end VLANs through the core. That is bad and wrong. A total site failure at one … Continue reading

Posted in Cisco Networks, Firewall | Leave a comment

MAC Flaps – why are they bad?

What is a MAC Flap? A MAC Flap is caused when a switch receives packets from two different interfaces with the same source MAC address. If this makes no sense, perhaps a  quick summary of how switching at layer 2 … Continue reading

Posted in Backbone Network, Best Practices, Cisco Networks | Tagged | 3 Comments

IPv6 Stateful Active/Standby Failover with Cisco ASAs

There was some debate on the Cisco ASA failover situation with regard to IPv6. Since we’re potentially about to make a interim firewall purchase for the main university IPv6 traffic (we route IPv6 separately to IPv4 to avoid a limitation … Continue reading

Posted in Cisco Networks, Firewall, IPv6 | 1 Comment

Changes in the core

On Tuesday 2nd March we made two significant changes in the Core. Both are inline with current Cisco best practice are have been implemented as part of our Backbone ‘feature update’ project. VTP We have moved to using VLAN Trunking … Continue reading

Posted in Backbone Network, Best Practices, Cisco Networks, Services | Leave a comment

Wireless – what could possibly go wrong?!

I love this slide from a Troubleshooting Wireless Networks talk I attended last week. It says a lot about how difficult it is to tackle trouble tickets of the “client can’t connect to network” variety.

Posted in Cisco Networks, Wireless | Leave a comment

Cisco firewall SMTP “fixup” considered harmful

This issue is old and familiar to us, and crops up about once every six months or so. I thought it might help to document the situation more publicly. On Cisco firewalls (PIX or the newer ASA), various protocol inspection … Continue reading

Posted in Cisco Networks, Firewall, Mail Relay, Message Submission | 3 Comments