Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
-
Dynamic routing protocols for catalyst 3850 switches
We have a WAN with about 15 locations, soon to expand to 30. There's an old Metro Ethernet cloud connecting 11 of them, with routers running EIGRP with each other. We want to replace that with two VPLS/Metro Ethernet clouds. This means each location needs two WAN interfaces--kind of tough since... -
The most mind-bogglingly stupid behavior I've ever seen in an OS (and I started with CP/M)
Thanks to all for your comments. I guess you can tell I read MS-DOS documentation as little as I possibly can. It still irks me that in a GUI that's 20 years old, if I want to compare two files I still have to pop to a shell (or download an add-on utility). Of course I'm not sure my pet Linux...- jmkelly
- Post #10
- Forum: Microsoft: Windows
-
The most mind-bogglingly stupid behavior I've ever seen in an OS (and I started with CP/M)
Turns out when you tell Windows 7 something like: foo this* that* the first * and the second * have different meanings. The first * means "any character(s)"; the second means "the string that matched the previous regex." Two questions: [ol 1] Is there a way around this stupidity (other than...- jmkelly
- Thread
- Replies: 19
- Forum: Microsoft: Windows
-
Best Linux distro for ESXi5.0?
I want to build a small Linux server on one of our ESXi hosts, primarily to run a RADIUS server. Simple enough, but our VMware plant is mostly ESXi 5.0, and the first distro I tried--Debian 8--doesn't run on it. The most recent version of Debian that runs on ESXi 5.0 is version 6, which is hard...- jmkelly
- Thread
- Replies: 2
- Forum: EMC: VMware
-
Interesting port-scanning attack--anyone seen this?
iggsterman, These log entries come from one of our firewalls. They look like HTTP return traffic because that's what they're supposed to look like. Odds are against them fooling the firewall: most of the time, the destination IPaddress:port combination will not correspond to one actually in use...- jmkelly
- Post #4
- Forum: Information Security Group
-
Interesting port-scanning attack--anyone seen this?
Don't know how common this is, but my guess is pretty darn common: A sysadmin reported an intrusion on a fairly well-protected server--it has a private IP address, and no static NAT, so theoretically it would be very difficult for anyone to access it from outside our network. But there was a...- jmkelly
- Thread
- Replies: 4
- Forum: Information Security Group
-
Partly-dynamic / partly-static NAT
Brianinms, thanks for the reply. Cisco Tech Support concurs. An interesting difference between the Cisco ASA and its IOS routers: the ASA had no trouble with this, the router.... As to your bigger question, the answer may be that we're passing through an MPLS cloud and the provider is willing to... -
Partly-dynamic / partly-static NAT
For historical reasons, we have to NAT just one of our networks on its way to a colo. Our network is 10.0.0.0/9, the colo's is 10.240.0.0/22, and most of our networks can go through untranslated--but another customer is using 10.1.0.0/22, so we have to translate that one: our 10.1.x.y <=>... -
Curious 403 errors
Thanks for your help. The actual cause seems to have been that the owner of the website was behind in his payments to his hosting company or perhaps his webmaster. I got an email from him the other day saying the bills had been paid and the site ought to work now--which it did. It occurs to me...- jmkelly
- Post #4
- Forum: Linux (server)
-
Curious 403 errors
When I try to connect to http://www.pace-med-apps.com/, or any page under that domain name, I get a "Forbidden" (403) error. I thought the site administrator had just forgotten to set the permissions right, but then I found that at least one of our users accesses the site with no problem. So far...- jmkelly
- Thread
- Replies: 3
- Forum: Linux (server)
-
Downloads from Microsoft licensing site fail on ASA5510
Interesting. Thanks, I think you're putting me on the right track. You mean the one under Configuration>Firewall>Service Policy rules? There's not much in there, but I do see a couple of timeouts that could cause failures under high loads, especially if a download process was shifting from...- jmkelly
- Post #3
- Forum: Security, hacker detection & forensics
-
Downloads from Microsoft licensing site fail on ASA5510
This is a strange problem that seems peculiar to our ASA5510: When we try to download ISO images from https://www.microsoft.com/Licensing/servicecenter, we either get nothing or we get a download that fails halfway through. If we use the Java-based Download Manager, we never even connect; if we...- jmkelly
- Thread
- Replies: 4
- Forum: Security, hacker detection & forensics
-
NAT between two private IP networks with some namespace conflicts
My boss said, "Don't worry about it, we're going to renumber them anyway." Which is nice, because it was starting to look nasty. For the curious, here's how it was going to look, approximately (addresses have been mangled to protect the innocent): NetA (inside)...............NAT... -
NAT between two private IP networks with some namespace conflicts
I'm trying to link two networks that grew separately. One is addressed 10.[1-9].x.x, the other 10.[0,1,4].x.x. There's overlap in two networks (10.1.0.0 and 10.4.0.0). I haven't done much with NATting, and here it seems like it has to be quasi-symmetrical: e.g., if a host on NetA's 10.1.0.0 is... -
Cisco router configuration help.
How many interfaces has your provider given you? If they're giving one interface per IP network, it's pretty straightforward. If both IP networks are riding in one interface, that's OK, because you can put two IP addresses on one interface. -
Internal IP interface goes missing, everything else works (except VPN, of course)
This turned out to be a a memory leak bug that WG knows about but doesn't know when it'll get fixed. WG Support told me to do two things: downgrade the OS from 11.6.1 to 11.4.2 (vintage July 2011--and this was after the first-tier support told me to upgrade it to 11.6.1!) and re-do the VPN...- jmkelly
- Post #2
- Forum: Virtual Private Networks (VPN)
-
Internal IP interface goes missing, everything else works (except VPN, of course)
This is one of the strangest things I've ever seen. We have a WatchGuard XTM505 firewall providing VPN access through IPSEC tunnels to XTM2x firewalls at about a dozen remote sites. At one site, the XTM22 firewall comes up fine, then stops providing VPN services after 20-40 minutes. Everything...- jmkelly
- Thread
- Replies: 1
- Forum: Virtual Private Networks (VPN)
-
strange periodic delays through WG -- BGP makes it worse
The answer is simple for the 1/100 pattern: the WG has a DDOS policy that gets triggered by flood pings. It deliberately drops every 101th ping from a given source. That doesn't explain to 20- to 30-second stalls we saw when BGP was running through (not on) the WG.- jmkelly
- Post #2
- Forum: Security, hacker detection & forensics
-
strange periodic delays through WG -- BGP makes it worse
We tried to run BGP through our WG, with our provider's peer on the external side and our peer on the Trusted port. The BGP session came right up, but traffic did not flow smoothly; there would be a 20- to 30-second stall, then it would flow, then another stall, etc. This was visible with ping...- jmkelly
- Thread
- Replies: 2
- Forum: Security, hacker detection & forensics
-
VPN across Watchgaurd network
If I understand you right, you're trying to make a "V" with one device in the middle passing traffic between VPN tunnels connected to the other two, like this: Box1 <==> Box2 <==> Box3 I'm struggling with something similar myself and haven't succeeded yet, but I can tell you three things WG...- jmkelly
- Post #2
- Forum: Security, hacker detection & forensics
