Rick Donato IEEE 802.3ad (LACP) is a technology that provides a method of aggregating multiple Ethernet links into a single logical channel. Configuration To configure LACP the following commands are used. This example aggregates the interfaces fe-0/0/3 and fe-0/0/4 into a logical interface named ‘ae1’. This logical interface is then configured as an access port and assigned … Read more
Within this article we will be showing the various steps required in configuring a Cisco ASA IPSEC VPN using digital certificates. These certificates will be signed by a CA (Cisco Router) and downloaded by the Client/ASA using SCEP (Simple Certificate Enrollment Protocol). Time/Date On the client, router and firewall ensure that NTP is configured and … Read more
Within this article we will look into the ‘keepalive’ command. As this command isn’t greatly documented I thought this would be a good opportunity to explain in a little more detail how it works. Keepalive vs Keep-alive First of all it is worth noting that the ‘keepalive’ command (which is configured under the real server) … Read more
Error When trying to connect using the Cisco VPN Client with certificate based authentication you receive the following error from you debug logs. CRYPTO_PKI: Certificate validation: Failed, status: 1873. Attempting to retrieve revocation status if necessary ERROR: Certificate validation failed. Peer certificate key usage is invalid, serial number: 210F2EDE0000000009AF, subject name: cn=xxxxx,ou=xxxx,o=xxxxx,c=xx CRYPTO_PKI: Certificate not … Read more
Within this article we will show you how to purge a file from Rackspace`s Cloud File CDN Caches. Get Auth Token First all you will need to obtain the Auth Token. This token will be used to perform further actions via the API. For this you will need to obtain your API Key which can … Read more
Introduction ASA 8.3 onwards brought a number of changes in how NAT is processed. First of all NAT is built around objects, this allows for IP`s to be changed and objects to be renamed much easier than previously. Also when configuring ACL`s the Real IP/Port address(s) are now used. Pre 8.3 access-list acl-outside extended permit … Read more
Within this article we look at how to rate-limit traffic via the use of an iRule. iRule The Table Command So that we can rate-limit traffic the iRule command ‘table’ is used. The table command (as the name suggests) provides the ability to create, delete, and append tables, along with being able to define timeouts … Read more
Within this tutorial we will show you the nessecary steps in configuring your ASA as a CA server. Time/Date First of all we set the time and date. asa-skyn3t(config)# show clock08:05:40.249 UTC Sun Sep 30 2012 Enable CA Next we enable the ASA as a CA server. asa-skyn3t(config)# crypto ca serverasa-skyn3t(config-ca-server)# subject-name-default cn=skyn3tca, o=skyn3t, c=UKasa-skyn3t(config-ca-server)# … Read more
Within this article we will show you how to configure Apache to serve your content over a SSL based connection using a self signed certificate. Generate Certificate/Key First of all we generate a self signed certificate using openssl. This will create 2 files, a public certificate and a private key. mkdir -p /opt/ssl/crt/cd /opt/ssl/crt/openssl req … Read more
Symptoms You may find that when enabling SSL (termination) and a CSW policy your SSL session fails due to the ADX issuing a RST back to the client. When running a url debug via rcon you see the following : URL: process client packet return error CSW_PARSE_ERROR_MAX_MEMORY[80] ??? Free multiple stored packets. HTTP Split State: … Read more