NAT and ACL are one the first things that are being configured right after deployment of the new ASA or Router on the edge. They behave differently in both cases and knowing which feature is proceed first over the other in particular direction can save us a lot of time and nerves.
Dual Cloud DMVPN failover solution is the most reliable way to achieve reachability in any case of failure. If one of the routers get fail we still have another one, if one of the ISPs links has died we have the second one. In the scenario I assumed there are only 2 Hubs and 2 Spokes but this solution is very well scalable.
NAT on ASA differs to NAT on IOS routers regarding configuration.At first glance may seems to be very confusing, but as we see in a while the crucial is understanding where particular types of NAT takes place, then configuration is easy.
Regarding Fault Tolerance ASA provides 2 solutions: Active/Standby and Active/Active. Whereas Active/Standby is simple in use Active/Active provides not only redundancy but load sharing as well. On the other hand, requires more expansive license. Anyway, in this article we will compare them and see how to configure.
GRUB – GRand Unified Bootloader plays crucial role in proper and stable work of a Linux system. Thanks to its the Linux is able to load the system in different modes but also enables us to recover the OS if something went wrong or the system got crashed.
Multiple Context on ASA provides the highest level of virtualization, within one single chassis we get 2 virtual firewalls. Each with separate Data and Control Plane. Idea similar to VRF but in Multiple Context we may share one interface between 2 contexts what makes its more sophisticated.
Dealing with freshly added hard drives to the system is not difficult, but as every system manipulation in Linux requires a CLI knowledge. This article allows you adding seamlessly hard drive to the system, partitioning and mounting its permanently thanks to fstab file.
ACLs can filter traffic at layer 3 and 4. Usually it will be enough, but sometime we need to subject the trafic to more granular inspection before we reject any host ? Then filtering on access lists will not work and Modular Policy Framework has to be used. But as you see for yourself MPF can do for us much much more.
Nothing happens in Linux without udev knowledge when you connect any device. When you plug USB stick to the computer with Linux OS the really interesting things happen behind the scene where udev and dbus comes to play to provide recognizing and loading appropriate modules to the kernel.
Conversion between particular systems seems to be not necessary nowadays, what may be pernicious. Besides, for any IT guy it’s a shame don’t know how to make simple math that sometimes may be really helpful.
Rsyslog and journald daemons gives you an opportunity to control what happens in the system. You may trace users and their interaction with other daemons. They increase security, cause based on the logs you can make decisions regarding users that unusuall behaviour you’ve noticed. Also, if there is a problem with system stability or system is not running…
Even very well designed operating system as Red Hat without software is worth not too much. In Red Hat and CentOS we use the same tools to get the programs and keep them up to date. Let’s have a look on RPM and YUM package manager.
Spanning Tree Protocol is not a good idea especially if we take into consideration data center. Wasting of bandwith by blocking links in environement which demands the highest throughput, is not desirable. Virtual Port Channel feature sorts it out in simple and clever way.
There are 3 ways regarding authentication within IKEv1 and IKEv2. So we have, pre shared keys, rsa-enc and rsa-sign. Each of them provides different level of security. In this article we will focus on RSA based methods and we lab them out.
Nowadays, when access layer switches have 1GB ports, increasing the number of an upstream links to the distribution layer is necessary. Let’s have a look on etherchannel feature, the way that we may achieve that and how to configure its on layer 2 and 3.