Network Administrator

We recently came accross and issue while creating a new site to site vpn with a Cisco Pix 515 IOS 6.3(4) and a new ASA 5505 IOS 7.2(4) We were able to resolve the issue by removing peer-id-validate nocheck by issuing simple  peer-id-validate nocheck

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpngrp.html

Specify whether to validate the identity of the peer using the peer’s certificate:

hostname(config-ipsec)# peer-id-validate option
The available options are req (required), cert (if supported by certificate), and nocheck (do not check). The default is req. For example, the following command sets the peer-id-validate option to nocheck:

hostname(config-ipsec)# peer-id-validate nocheck

The other day I needed a tool to show me what port an application was  using….Instead of going out in search of another tool I simply opened a command windows, and typed in  netstat -ano

I was able to see the  the local ip of the server with all the ports listed and to the right I was able to see the process id. I could then go to my task manager, select view, select columns,  make sure  process id is checked. Within the task manager select processes and you will be able to see the process ids

I have seen this in Windows Vista and Windows 7 even with the lastest 5.6.0 VPN Client. I have read suggestions about disabling the windows firewall, etc.

This seems to have fixed the problem for now:

In the Start menu, right-click on the Command Prompt, and select “Run as Administrator.”

1. Enter the following line:reg add HKLM\System\CurrentControlSet\Services\Tcpip\Parameters /v ArpRetryCount /t REG_DWORD /d 0 /f

After building my new 64bit 2008 web server I never got around to enable the the nic teaming. The steps for implenting this might be different depending on  the manufacture of the network interface cards I have intel nics. The first thing to do is  to make sure that you have the correct driver for your nic to support the advanced functions such as teaming. Then go into the properties of one of the nics and select configure, select teaming, select new team and choose the nics that would want in the team. Now you can go to your network connections and you will see three interfaces for the Team. I like to rename the two nics that make up the virtual nic as a and b and then call the virtual nic public. You can then select the properties of public and set the correct settings such as ip, dns, gateway, etc.

The last thing to do is configure the port aggregation for each interface on the switch that the nics are connected. I have my server connected to a Cisco catalyst 2924. I will be using Fast ethernet ports 21 and 22.  This command needs to be issued on both fast ethernet interfaces  “port group 1 distribution destination” without the quotes. For better performance I have also disabled spanning tree on each port 21 and 22, this is done by issuing the no spanning-tree command on each interface.

http://posters.msug.vn.ua/default.aspx

Running PDM v.3.02 or earlier, simply upgrade PDM to at least v.3.03 and simply install JDK version 6 upadate 2, http://java.sun.com/products/archive/j2se/6u2/index.html and you should be all set.

http://www.just-traceroute.com/

Setting up syslog server for Cisco PIX

http://www.sans.org/reading_room/whitepapers/logging/cisco_pix_log_analysis_in_a_university_setting_32849

http://krow.net/dict/subnet.html