Start a cmd prompt as administrator
DISKPART
CREATE VDISK FILE=”c:\myvhd.vhd” MAXIMUM=20000
Maximum is the size in MB
SELECT VDISK FILE=”c:\myvhd.vhd”
ATTACH VDISK
CREATE PARTITION PRIMARY
ASSIGN LETTER=X
FORMAT QUICK LABEL=MYVHD
EXIT
Now you can copy stuff onto it in my computer. Then detach the vhd and attach it to your VM in hyper-v. This can be useful for moving files on and off a VM. Or just creating an OS VHD.
Thursday, 20 June 2013
Monday, 17 June 2013
reset a single VPN and check the VPN uptime on a Cisco ASA
Reset this site to site VPN
clear ipsec sa peer 200.200.200.100
Show the uptime on the VPN, look for duration
show vpn-sessiondb detail l2l | b 200.200.200.100
Unfortunately on the older PIX firewalls you can't do this you have to reset all VPNs :(
Installing Cisco ASA firewalls in the rack
Attend site with all the equipment required
Laptop and charger
Console cable
Socket board with male connection
network cables
Cable testing tools
Screwdrivers
Cage nuts
Firewall power cables
Mounts etc
Reusable cable ties / velcro
Labeler
Identify the cold / warm side of the rack
Mount firewalls so hot air is blown into the warm side of the rack.
You should make sure you have the latest software image installed. Also the correct security K9 etc. The correct license should also be applied.
Run a "wr erase" to wipe out the config.
Configure interfaces.
Laptop and charger
Console cable
Socket board with male connection
network cables
Cable testing tools
Screwdrivers
Cage nuts
Firewall power cables
Mounts etc
Reusable cable ties / velcro
Labeler
Identify the cold / warm side of the rack
Mount firewalls so hot air is blown into the warm side of the rack.
You should make sure you have the latest software image installed. Also the correct security K9 etc. The correct license should also be applied.
Run a "wr erase" to wipe out the config.
Configure interfaces.
Cisco PIX firewall not responding to arps
I was moving some app servers to new public IP addresses. After the move the websites were not available. Everything looked correct on the firewall. When I ran a capture on the firewall I saw that packets were not making it to the firewall. The provider put in some static routes as a temp fix. Later we removed the temp fix and reloaded the firewall. It didn't resolve the issue.
I found the setting "sysopt noproxyarp outside" in the config on the firewall.
I ran "no sysopt noproxyarp outside" and I was able to access the websites.
From Cisco documentation
"Proxy ARP allows the security appliance to reply to an ARP request on behalf of hosts behind it. It does this by replying to ARP requests for the static mapped addresses of those hosts. The security appliance responds to the request with its own MAC address and then forwards the IP packets on to the appropriate inside host."
I idea who put this setting in and why it wasn't causing an issue before. Anyway issue is resolved now.
I found the setting "sysopt noproxyarp outside" in the config on the firewall.
I ran "no sysopt noproxyarp outside" and I was able to access the websites.
From Cisco documentation
"Proxy ARP allows the security appliance to reply to an ARP request on behalf of hosts behind it. It does this by replying to ARP requests for the static mapped addresses of those hosts. The security appliance responds to the request with its own MAC address and then forwards the IP packets on to the appropriate inside host."
I idea who put this setting in and why it wasn't causing an issue before. Anyway issue is resolved now.
Subscribe to:
Posts (Atom)