IT LABS

Cisco recently has made a small step to improve ASA  and has implemented logical tunnels, what means we got route based VPN! Really? Did we?  Not so fast. Yes, we got route based VPN but still we have to add  routes manually.

First Hop Redundancy Protocols have been invented for one main reason, providing redundancy for a getaway, but by the occassion they provide load balancing as well. There are 3 FHRP: HSRP, VRRP and GLBP, 2 of them belong to Cisco, VRRP is an opened standard.

Generic Route Encapsulation enables us bulding point to point tunnels. There are 2 kinds of tunnels GRE over IPSEC and IPSEC over GRE. They both work in tunnel mode by default but as we see in a while, work in completely different way.

Logical volume manager is a storage virtualization that allows us easily manage the disk space. Without any problems we can expand, shrink, add disks to the virtual Volume and for the sake of redundancy apply RAID if required.

The one of the biggest issue that we may encounter on during redistribution is routing loop. If suboptimal routing causes latencies and network inefficiency , routing loops causes the loops until TTL value gets decrease to 0, what influence not only on network efficiency but also causes that some part of the network will be…

The ‘BGP community’ is an additional information (attribute) added to prefixes, that is being advertised to the BGP neighbors. Based on this information a BGP neighbor can make a decision what else to do with received prefix. For example we may mainpulate attributes, filter routes, etc.

Linux provides 3 levels regarding filesystem security: standard permissions, ACL and SELinux. SELinux handles not only with files permissions but with applications, resources and network ports as well. SELinux may put a ban on an application access to the spicified system files or may not allowed a user changing file permission. What is, how work and how to…

Firewalld alike iptables relies on Netfilter service that is responsible for packets filtering.The difference is that iptables works based on “chain of filter” rules, alike ACLs on the router, firewalld based on “zones” similar to ASA. The idea that stands behind the firewalld is that interfaces and networks are grouped into zones. Each zone has different…

If you use VRFs, sometimes you may want to use something what is being called “route leaking”. Route leaking consists in importing and exporting prefixes between VRFs or between VRF and global routing table. In this article I’ll show you how to implement route leaking in 5 different ways.

NAT and ACL are one the first things that are being configured right after deployment of the new ASA or Router on the edge. They behave differently in both cases and knowing which feature is proceed first over the other in particular direction can save us a lot of time and nerves.    

Dual Cloud DMVPN failover solution is the most reliable way to achieve reachability in any case of failure. If one of the routers get fail we still have another one, if one of the ISPs links has died we have the second one. In the scenario I assumed there are only 2 Hubs and 2 Spokes but…

NAT on ASA differs to NAT on IOS routers regarding configuration.At first glance may seems to be very confusing, but as we see in a while the crucial is understanding where particular types of NAT takes place, then configuration is easy.

Regarding Fault Tolerance ASA provides 2 solutions: Active/Standby and Active/Active. Whereas Active/Standby is simple in use Active/Active provides not only redundancy but load sharing as well. On the other hand, requires more expansive license. Anyway, in this article we will compare them and see how to configure. 

Multiple Context on ASA provides the highest level of virtualization, within one single chassis we get 2 virtual firewalls. Each with separate Data and Control Plane. Idea similar to VRF but in Multiple Context we may share one interface between 2 contexts what makes its more sophisticated.

Dealing with freshly added hard drives to the system is not difficult, but as every system manipulation in Linux requires a CLI knowledge. This article allows you adding seamlessly hard drive to the system, partitioning and mounting its permanently thanks to fstab file.

Menu