Rick Donato

Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.

Cisco ASA – Slow Memory Leak (CSCuh48577)

Issue You may experience a slow memory leak within your crypto based processes when running SNMP on your Cisco ASA device. Solution The bug has been resolved within 8.2(5)46 under caveat CSCuh48577.

F5 LTM – What is Auto Last Hop

The auto last hop feature ensures that traffic is sent back via the same hop from which it was sent. This is done by the F5 forwarding traffic to the MAC address of the last hop. The last hop MAC address is recorded within the connection table along with the source and destination addresses.

UNIX – What is a sticky bit ?

History The sticky bit was first introduced in 1974 within the UNIX operating system. Its purpose was to instruct the operating system to place the process into swap once completed. Thus reducing the startup time of the process during further executions. However nowdays this usage is obsolete. Usage Instead, the sticky bit is now set … Read more

Cisco ASA ERROR: Capture doesn’t support access-list containing mixed policies

Issue When trying to run a capture you experience the following error, asa-skyn3t(config)# access-list cap-acl permit ip any any asa-skyn3t(config)# capture inside interface inside access-list cap-acl ERROR: Capture doesn’t support access-list <cap> containing mixed policies Solution Within ASA 9.0 the ‘any’ keyword now represents all IPv4 and IPv6 traffic. And the new keywords ‘any4’ and … Read more

ADX – What is the order of priority for healthchecks ?

Background The Brocade ADX offers 3 main types of layer 7 healthchecks. These are, Server Healthcheck – Server healthchecks are configured on the real server itself. Once configured it issues a healtcheck to the real server based on the port/protocol configured. Port-Policy – A port-policy is a policy that contains all of your parameters for … Read more

F5 LTM – How do you restrict management access to the GUI ?

After finding this funky little command the other day I thought the readers of Fir3net may find it useful. Its especially handy when your LTM/GTM is placed directly onto the public network i.e not behind a firewall. Command To restrict access to the Web UI the following command is used, root@f5ltm1(Active)(tmos)# modify sys httpd allow … Read more

Cisco – How to configure an IKEv2 Site to Site IPSEC VPN ?

Within this article we will show you the steps required to build an IKEv2 IPSEC Site to Site VPN on a Cisco ASA firewall. IKEv2 provides a number of benefits of its predecessor IKEv1, such as ability for asymmetric authentication methods, greater protection over IKE DoS attacks, interoperability between vendors for DPD/NAT-T, and less overhead and … Read more

F5 LTM – iRule Variables

The F5 offers a number of different ways to you can represent your data via iRules such as variables, tables, datagroups and arrays. Within this article we will look at the variables. There are 2 main types of variables, local and global. Local Local variables represent data within your local namespace, and are assigned the … Read more

ASA – VPN Traffic is not being encrypted (CSCsd48512)

Issue Traffic is sent out from the ASA unencrypted. Cause This can be caused by a duplicate (stale) ASP crypto table entry, this prevents the ASA encrypting any traffic destined for the remote host. There are 2 commands which shows this behaviour. They are, Interface outside:!out id=0xd616fff0, priority=70, domain=encrypt, deny=false        hits=855899, user_data=0x473ccf4, cs_id=0xd5deba08, reverse, flags=0x0, … Read more