Powered by Squarespace
Popular Categories
Blog Posts
Discussion Activity
Cisco Live 365

Blog (Broadcast)

Home > Blog

Broadcasting news, tips, and troubleshooting on networking technologies.



Entries in troubleshooting (3)


Cisco CSS 11500 L5 Rules via SSL Acceleration (proxy)

An interesting issue arose when trying to configure two L5 rules behind a SSL proxy on a Cisco CSS 11500.

When doing SSL termination on the CSS load-balancer, a ssl-proxy-list is configured to add a virtual server that ties the SSL VIP to the plain-text HTTP VIP used by the proxy.

Read up on configuring SSL termination on the CSS 11500 if you’re not familiar.

Normally, a SSL rule VIP is proxied to a single, matching plain-text HTTP VIP when you need to ensure the site is protected by SSL.  This is done with two L4 rules, one matching [port] :443 and the other on :80.  It’s not a requirement that the two VIPs match, but doing so will make your config easier to understand and conserve IP space.  See the post on *todo* for CSS HTTP to HTTPS redirection.

Click to read more ...


Restricted Active Directory Accounts with Cisco VPN 3000 Concentrator 

Let’s pretend the couple of hours spent troubleshooting why an otherwise valid Microsoft Windows Active Directory (2003) account wouldn’t authenticate to a Cisco VPN 3000 Concentrator never happened.   The VPN 3000 Concentrator log showed the IKE/167 event below which only hints to a username or password issue, and it definitely didn’t seem like there should be any issue with the username (triple-checked) nor the password (quadruple-checked).

Click to read more ...


The gloomy side of Clouds

With all the infatuation (and mostly well-deserved I will add) to Cloud computing, a gloomy side of Clouds — no pun is safe here — is on the horizon.  When troubleshooting networking issues, source IP addresses often need to be tracked down to their rightful (and/or abusive) owner. 

Enter the Cloud, and now you’re chasing source IPs that come and go as quickly as a cloud dissipates on a hot day.  Forget DNS reverse lookups, as you’ll gain no additional knowledge that what you already had from a whois with

Click to read more ...