Linux and eduroam: Building for speed and scalability

When upgrading the eduroam infrastructure, there was one goal in mind: increase the bandwidth over the previous one. The old infrastructure made use of a Linux box to perform NAT, netflow and firewalling duties. This can all be achieved with … Continue reading

Posted in eduroam, Firewall, Linux | Tagged , | 3 Comments

ASA 5505 Transparent Mode DHCP and Memory fun

We have a customer who uses a Cisco ASA 5505 in transparent mode to protect a small LAN. They did the right thing and took out SmartNet cover, but the reseller botched something and the TAC wouldn’t play with them … Continue reading

Posted in Best Practices, Cisco Networks, DHCP, Firewall, General Maintenance | Comments Off on ASA 5505 Transparent Mode DHCP and Memory fun

Firewall firefighting

The intention of this post is to explain what’s been happening with the University Firewall, what we’ve been doing about it and what we intend to do. The University Firewall Service is provided by a pair of Cisco FWSMs running … Continue reading

Posted in Firewall | Comments Off on Firewall firefighting

Budget High Availability ASA testing

The problem We’re looking at setting up a management network behind a couple of ASAs. My requirements and prerequisites are: No L2 end to end VLANs through the core. That is bad and wrong. A total site failure at one … Continue reading

Posted in Cisco Networks, Firewall | Comments Off on Budget High Availability ASA testing

IPv6 Stateful Active/Standby Failover with Cisco ASAs

There was some debate on the Cisco ASA failover situation with regard to IPv6. Since we’re potentially about to make a interim firewall purchase for the main university IPv6 traffic (we route IPv6 separately to IPv4 to avoid a limitation … Continue reading

Posted in Cisco Networks, Firewall, IPv6 | 1 Comment

Logging from iptables

We recently had a problem to troubleshoot on the wireless network, which was quickly resolved through simply having effective logging from iptables. In case you didn’t know, iptables has a LOG target which can direct messages to the local syslog … Continue reading

Posted in Best Practices, Firewall, Wireless | Comments Off on Logging from iptables

Cisco firewall SMTP “fixup” considered harmful

This issue is old and familiar to us, and crops up about once every six months or so. I thought it might help to document the situation more publicly. On Cisco firewalls (PIX or the newer ASA), various protocol inspection … Continue reading

Posted in Cisco Networks, Firewall, Mail Relay, Message Submission | 9 Comments