I had a task to build a site-to-site VPN tunnel with another vendor over which a large amount of data was planned to be transacted on regular basis. On my end, the end-point was a Cisco ASA 5585-X firewall running 9.8 code. To protect the internet circuit from being over-saturated, I decided to use MQC […]
For a remote-access VPN service – to identify whether a genuine authorized corporate asset is connecting, we must check certain parameters to identify the end user machine. Best way would be to utilize digital certificates. Which is better – computer or user certificate? Machine Certificates User Certificates Uniquely identify a machine on the domain Uniquely […]
To increase hardware resources for our learning lab deployed in previous post, we would stop the instance and modify the type. For my learning lab, suppose I’d need 2 vCPU, ~12GB RAM and about 20 or 30GB HDD. So let’s compare costs for various combinations available to us. Read [link] for more on various machine […]
I need to prepare for a big datacenter build project that’s coming up based on newer networking technologies. As I don’t have access to my home lab presently due to COVID-19 lock-down so I’ve decided to build one on GCP. I posted a related post few years ago – read [here]. Cost Looking at cloud […]
This checks source IP and destination URL, based on it send it via proxy or allows it direct. Use case For users connected over RA-VPN, I don’t want them to ride the tunnel for bandwidth heavy internet based applications. E.g. youtube.com or something such as an e-learning, video streaming services. Solution for such a situation […]
A note to self on how to check current sessions on a Cisco router that has Zone Based Firewall configured (ZBF)
Deployed a new Cisco ASA Anyconnect gateway. End-users reported constant disconnect/reconnect problems. It was fixed by setting anyconnect mtu to 1200 (in this case). When connection is first established, it builds a SSL tunnel (tcp-443) with a negotiated SSL MTU, after a minute, it tries to switch over to DTLS (udp-443). If the MTU is […]
A scenario came up when a colleague was working on a project where his router was peering with a 3rd party router over eBGP. The router was performing aggregation for 10.x.x.x subnets, summary-only as 10.x/16. We know that BGP will generate a null0 anchor route automatically for the summary address. Now a situation occurred where […]
Been going through IPv6 ATC videos by INE, wondering if an individual can register or apply for a personal IPv6 provider independent (PI) space? You know, since there is so much of it. I’d imagine everyone could pay a small fee and register them, much like we do with domain names. APNIC application form seems […]
This topic is about BGP’s ability to prefer another router (kinda de-prefer, actually). The following diagram will make it clear. In this situation, it may be a better choice to traverse from R1 to R2 via the point-to-point link instead of going over the ISP Cloud. Here R1 and R2 are eBGP peers only. The […]