http://jklogic.net logical reality Tue, 07 Oct 2008 19:43:58 +0000 http://backend.userland.com/rss092 en I recently purchased a shiny new iPhone 3G and wanted to be able to connect back to my house where I have a Cisco ASA 5505.  I have noticed a lot of questions about how to get this to work, so here it is...   First, make sure you are running ASA ... http://jklogic.net/cisco-asa-iphone-vpn-config/ After installing a new ASA 5520, I noticed that a few websites were loading very slowly or not at all. The problem seemed to be very intermittent, but reproducible by revisiting the websites at any time of the day. Browsing to the site from outside of the firewall ... http://jklogic.net/mss-exceeded-workaround/ If you have recently tried to setup SSH access on a new ASA, it might not have worked the way you wanted. That is because the RSA keys need to be generated first. To do that: crypto key generate rsa asa(config)# crypto key generate rsa INFO: The name for the keys ... http://jklogic.net/configure-ssh-access-on-an-asa/ I was working on an ASA config and ran into an interesting error. I needed to not perform NAT on the traffic from the inside LAN to the DMZ. I configured an access-list: access-list InsideNoNAT_ACL extended permit ip 10.10.10.0 255.255.255.0 10.10.48.0 255.255.255.0 access-list InsideNoNAT_ACL extended permit ip 10.10.10.0 255.255.255.0 10.10.49.0 ... http://jklogic.net/unable-to-download-nat-policy-for-ace/ As I am sure many of you who have ever worked with a Cisco firewall know, ICMP is not allowed through the firewall by default. If you are just configuring the device, this can make it very difficult to troubleshoot connectivity issues. Thankfully, there are several ways to ... http://jklogic.net/cisco-asa-and-icmp-configurations/ Here are the relevant parts of the configuration to setup an etherchannel between an IOS device and a CatOS device. First lets start with the CatOS device, in this case a 6509. We will be using ports 3/9 and 3/10. We first need to set the ports we want ... http://jklogic.net/cisco-ios-to-catos-etherchannel-configuration/ Adding a switch to a VTP domain is fairly easy to do, but done incorrectly, can bring down a whole network. Fortunatly I have not had this happen to me, but I have heard horror stories. There are a few simple steps to take to make sure everything ... http://jklogic.net/adding-a-cisco-switch-to-a-vtp-domain/ VTP domains allow you to manage all of your vlans from a central switch. This can be a great tool if you are dealing with a large number of vlans spread out over multiple switches. There are a couple of issues that you must be careful of when ... http://jklogic.net/configuring-a-vtp-domain-on-cisco-switches/ While trying to setup Vista to connect to new client’s network using a VPN, I kept running into problems and could not get it to connect. I was attempting to connect to a PPTP VPN on a Pix 500 series firewall. The error I kept getting was “Failed ... http://jklogic.net/vista-vpn-to-cisco-pix-devices/ I have been configuring a basic monitoring solution for a client and stumbled upon this little gem on Cisco's website. You can find nearly all MIBs for Cisco devices here. I really wish I had found this a couple weeks ago!  http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml  http://jklogic.net/cisco-snmp-mib-source/