104 Results Found
I recently was presented with the challenge of logging ALL of the pertinent connection, disconnection, and termination messages associated with the Cisco SSL AnyConnect client without overwhelming the syslog capture display with extraneous messages. This blog will br...
As is sometimes the case, the idea for this article originated with a student question I received during one of the Securing Networks with ASA Fundamentals classes I have taught this summer. The course material mentions a simple scenario whereby IP Telephony traffic...
As is frequently the case these days, I get a brainstorm for an article during a Cisco Security training class I conduct. This summer I taught the Securing Networks with ASA Fundamentals class, which concentrates heavily on the Adaptive Security Device Manager (ASDM)...
RIP is a protocol that is used for routing IP networks. It was designed in the early 1980’s for communication between gateways (computers with two NIC’s). It is the oldest routing protocol used by the network industry and is considered by many to be inefficient or bo...
In this post I’ll focus on a topic that’s mentioned in the Cisco FIREWALL training class but isn’t emphasized there or in the online Cisco ASA documentation. When configuring failover on a pair of ASA security appliances, a situation can arise in which network disruption occurs due to the secondary ASA in a failover pair becoming active first and then the primary comes online second. Both the documentation and the courseware point out that this causes the secondary (and active ASA) to swap its interface MAC addresses with those of the primary. Being naturally skeptical about this behavior, I decided to investigate. The rest of this post illustrates my confirmation of this phenomenon.
For smaller companies, configuring a dial plan to account for variations in dialed numbers is often not a problem. However, companies that are larger and more global in nature encounter a number of issues when designing their dial plan approach.
As I’ve stated before, I like Border Gateway Protocol (BGP). I think it’s an interesting protocol, and yes — it’s complicated, but I guess that part of why I like it. There are a lot of knobs to tweak in BGP, maybe too many, but that’s another post. Anyway, we are now running BGP version 4 and it has had extensions written that support more than just IPv4 unicast routing. We now have IPv4 multicast, IPv6 unicast and multicast, VPNv4, VPNv6, and a few others.
When integrating a Voice over IP (VoIP) system into an existing network it is very important to have a good understanding of how much bandwidth is utilized for each call on the network. For most people, just starting out the bandwidth calculations can be a very daunt...
Call Admission Control (CAC) is often times included as part of the same topic as Quality of Service (QoS), when in actuality CAC is a separate and complete topic itself. QoS is defined as traffic engineering on a packet switched network. This definition means movin...
Early one morning, an engineer end user discovered that the Engineer servers were unreachable, and he didn’t know if he could reach the Internet. The administrator investigated the user’s PC with the IPCONFIG /ALL command and verified that the PC was a DHCP client, but it had received an address from the Accounting DHCP server, not the Engineering DHCP server.