tag:blogger.com,1999:blog-11428745.comments2024-03-05T18:37:53.734-08:00Howfunky.comHowfunkyhttp://www.blogger.com/profile/06910843690691777096noreply@blogger.comBlogger232125tag:blogger.com,1999:blog-11428745.post-15990094519539032212023-08-09T09:29:18.480-07:002023-08-09T09:29:18.480-07:00Hey Ed, thanks for the detailed review and feedbac...Hey Ed, thanks for the detailed review and feedback. Your article highlights many reasons why we want to engage the community and learn along the way - it will improve how we do what we do. Looking forward to staying in touch. Ozer Dondurmaciogluhttp://nilesecure.comnoreply@blogger.comtag:blogger.com,1999:blog-11428745.post-88700090637102658842022-05-26T13:18:38.388-07:002022-05-26T13:18:38.388-07:00This has bitten us too. Not only stopping any new ...This has bitten us too. Not only stopping any new connections but in our case, we were able to login to the firewall but couldn't run any commands due to TACACS authorization requests not being forwarded to ISE. Great feature (not). Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-11428745.post-4645342470390858712022-05-02T20:43:39.958-07:002022-05-02T20:43:39.958-07:00I am using a ULA on 2 devices on my lan. 1 for the...I am using a ULA on 2 devices on my lan. 1 for the router to forward packets over the lan, and 2 for a local lan service (dns among others). The reason is that my prefix is changed by my isp which involves updating config files to match the new prefix You might argue that is should not be dynamic, but it is and power outages or hardware changes trigger it.The local dns server also has a public ipv6 as well, thus it is only used for reference by the lan to compensate for the ever changing ipv6 prefix.Darrennoreply@blogger.comtag:blogger.com,1999:blog-11428745.post-36347960150939004852020-01-15T10:06:27.703-08:002020-01-15T10:06:27.703-08:00so looking for the power shell commands to set ipv...so looking for the power shell commands to set ipv4 as prefered over ipv6 and to disable ipv6 tunneling. any help on that would be great.Joehttps://www.blogger.com/profile/08236232962972381790noreply@blogger.comtag:blogger.com,1999:blog-11428745.post-32032346975051266062019-07-13T11:08:36.989-07:002019-07-13T11:08:36.989-07:00If you don't have the ability to NAT a private...If you don't have the ability to NAT a private address, then you exclude the possibility of mesh routing for a network inside of a large building or complex when multiple gateways to the Internet are considered.<br /><br />Assuming you have multiple gateways, you would have to have BGP enabled with your uplink provider or next tier provider in order for nodes to roam on the mesh network. This becomes even more troublesome with multiple backbone/uplink providers because of the need to effectively publish where each node is on the network.<br /><br />If you don't have the possibility of nat6, you end up with a horrible roaming situation and it should not be that way.<br /><br />If setup correctly with nat6, you can easily use a mesh network with IPv6 and roaming.<br /><br />Also, nat6 is in the linux kernel with ip6tables.Andrew Hodelhttps://www.blogger.com/profile/04228421867608770948noreply@blogger.comtag:blogger.com,1999:blog-11428745.post-68302618551951691392019-02-23T00:26:01.414-08:002019-02-23T00:26:01.414-08:00Excellent info, I really appreciate your work. Con...Excellent info, I really appreciate your work. Continue sharing more with latest updates.<br /><a href="https://www.fita.in/data-science-course-in-chennai/" rel="nofollow"> Data Science Course in Chennai </a><br /><a href="https://www.fita.in/data-science-course-in-chennai/" rel="nofollow"> Data Science Certification in Chennai </a><br /><a href="https://www.fita.in/data-science-course-in-chennai/" rel="nofollow"> Data Science Training in Tambaram </a><br /><a href="https://www.fita.in/machine-learning-course-in-chennai/" rel="nofollow"> Machine Learning Training in Chennai </a><br /><a href="https://www.fita.in/machine-learning-course-in-chennai/" rel="nofollow"> Machine Learning Training in Velachery </a><br /><a href="https://www.fita.in/r-training-chennai/" rel="nofollow"> R Programming Training in Chennai </a><br /><a href="https://www.fitaacademy.com/courses/data-science-training-in-chennai/" rel="nofollow"> Data Science Course in Chennai </a><br /><a href="https://www.fitaacademy.com/courses/data-science-training-in-chennai/" rel="nofollow"> Data Science Training in Chennai </a>priya rajeshhttps://www.blogger.com/profile/05891311085896269550noreply@blogger.comtag:blogger.com,1999:blog-11428745.post-41792904003501346722018-08-12T07:25:33.071-07:002018-08-12T07:25:33.071-07:00Awesome! Wishing you the best in this chapter and ...Awesome! Wishing you the best in this chapter and all that follow.bckcntryskrhttps://www.blogger.com/profile/09371752657634748964noreply@blogger.comtag:blogger.com,1999:blog-11428745.post-73433529368717801682018-06-19T21:59:42.883-07:002018-06-19T21:59:42.883-07:00Can I remove them with some commands??Can I remove them with some commands??Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-11428745.post-49756032088917043332018-04-09T02:27:30.196-07:002018-04-09T02:27:30.196-07:00hi,
I know this post is quite old but it would be...hi,<br /><br />I know this post is quite old but it would be really great if you could help me with this one...<br /><br />I like your post and I want to deploy Global IPv6 Unicast addresses. Having said this, the problem is that on Domain Controllers / Win DNS Server static IPs are required pointing to themselves. My ISP seems to change the IPv6 Prefix every couple of days. So I cannot use SLAAC with DHCPv6 (to provide the internal DNS Server address) when the Prefix changes...<br /><br />Do you have any suggestion how this is usually solved?<br /><br />ThanksChrisnoreply@blogger.comtag:blogger.com,1999:blog-11428745.post-36711759270169120222018-01-16T02:15:04.354-08:002018-01-16T02:15:04.354-08:00 They have Always sent udp towards a Syslog server... They have Always sent udp towards a Syslog server.<br />But, after a failover, the active one has stopped to send syslog message to the server.<br />The issue is resolved by add an access list...but It seems very strange, because syslog traffic did always work (also without this new access-list).<br /><br />Have some idea?Anonymoushttps://www.blogger.com/profile/07960579935264772877noreply@blogger.comtag:blogger.com,1999:blog-11428745.post-39563799826300511592018-01-16T02:14:19.815-08:002018-01-16T02:14:19.815-08:00Hi,
I have just noticed a strange issue.
I have a...Hi,<br /><br />I have just noticed a strange issue.<br />I have a couple of ASA5505. They have Always sent udp towards a Syslog server.<br />But, after a failover, the active one has stopped to send syslog message to the server.<br />The issue is resolved by add an access list...but It seems very strange, because syslog traffic did Always work (also without this new access-list).<br /><br />Have some idea?<br /><br />Thank you!Anonymoushttps://www.blogger.com/profile/07960579935264772877noreply@blogger.comtag:blogger.com,1999:blog-11428745.post-7385173061535199132016-12-29T14:22:41.597-08:002016-12-29T14:22:41.597-08:00@comdog - What about Prefix Delegation, where you ...@comdog - What about Prefix Delegation, where you assign only the static bits of your prefix?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-11428745.post-48048257514845761172016-11-18T05:00:03.116-08:002016-11-18T05:00:03.116-08:00> NPT does indeed break protocols that embed IP...> NPT does indeed break protocols that embed IP addresses.<br />> I would argue that such protocols are broken by design, despite the fact that they are so pervasive.<br /><br />Aren't ICMPv6 Packet Too Big et al packets with IP addresses in their payload (namely the IP header of the packet that triggered the error)? RFC 6296 doesn't mention these.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-11428745.post-67483491847469353652016-11-01T14:13:28.977-07:002016-11-01T14:13:28.977-07:00Will the firewall show the same behavior if there ...Will the firewall show the same behavior if there are more than one syslog server configured and only one goes unreachable? Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-11428745.post-70554099550047404772016-10-09T17:28:19.237-07:002016-10-09T17:28:19.237-07:00In addition to ULA there is another type of IPv6 a...In addition to ULA there is another type of IPv6 address called the Link-local. How would I use ULA and link-local?<br /><br />From my understanding link-local traffic is confined to the link it is attached to, traffic does not exit this interface.<br /><br />Does this mean I would use ULA if I had two interfaces on router (different subnets) and I needed traffic to be routed between these two subnetworks?Anonymoushttps://www.blogger.com/profile/13265936041060584477noreply@blogger.comtag:blogger.com,1999:blog-11428745.post-90541267130887024502016-09-29T07:43:53.165-07:002016-09-29T07:43:53.165-07:00What kinds of "complex IPv6 scenarios" a...What kinds of "complex IPv6 scenarios" are you looking to try out?Fredhttps://www.blogger.com/profile/01866082210666202815noreply@blogger.comtag:blogger.com,1999:blog-11428745.post-67698009670647009072016-07-27T23:25:51.022-07:002016-07-27T23:25:51.022-07:00Amazing post i was struggling to get a clear under...Amazing post i was struggling to get a clear understanding from whatever documentation cisco has. thanks for the post it clears a lot of my doubts.Anonymoushttps://www.blogger.com/profile/00831972910368069540noreply@blogger.comtag:blogger.com,1999:blog-11428745.post-9789206781873454152016-07-27T23:24:04.195-07:002016-07-27T23:24:04.195-07:00This comment has been removed by the author.Anonymoushttps://www.blogger.com/profile/00831972910368069540noreply@blogger.comtag:blogger.com,1999:blog-11428745.post-22036339170721332822016-07-13T13:41:34.658-07:002016-07-13T13:41:34.658-07:00thank you its simple to anderstand with this expla...thank you its simple to anderstand with this explanationAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-11428745.post-52213239743831284382016-04-15T11:48:08.623-07:002016-04-15T11:48:08.623-07:00@corndog - I understand your frustration. IPv6 doe...@corndog - I understand your frustration. IPv6 does have some tools to make renumbering easier however there isn't a lot of operational information out there to help with doing that well. I typically recommend that companies obtain IPv6 provider independent space to reduce the issues with renumbering. A bit of advise with ULA. Remember, for RFC 6724 compliant OS and devices IPv4 is preferred over ULA. This means that all your hosts will prefer IPv4 for any transport internally which might cause some odd combination of behaviors you might not want. I would like to hear more on if you have seen any impact from an operations basis due to the potential mix of RFC 3484 devices compared to RFC 6724. - EdEd Horleyhttps://www.blogger.com/profile/11493982547680410823noreply@blogger.comtag:blogger.com,1999:blog-11428745.post-82226189479221427802016-04-07T02:00:11.105-07:002016-04-07T02:00:11.105-07:00You will also get bit by this if you try to use TL...<br />You will also get bit by this if you try to use TLS/SSL based logging and the firewall can't validate the certificate of the receiving syslog server. (i.e. If you try to use a self-signed certificate on the syslog server.)<br /><br /><br /><br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-11428745.post-33478377421468144702016-04-02T20:49:34.146-07:002016-04-02T20:49:34.146-07:00All sounds great, but I have had to re-address my ...All sounds great, but I have had to re-address my entire network three times due to ISP changes. I've had enough. I registered a ULA block with Sixxs and I'm using it side-by-side with public addresses. Any known services that I need to provide over ipv6 on the internal network, I configure static addresses in the ULA space. All systems have a ULA address and also a dynamic public address. No NAT is done, for linking to the outside, but I FINALLY have some sort of reliable addressing inside. ULA is great.corndoghttps://www.blogger.com/profile/07993737472104817880noreply@blogger.comtag:blogger.com,1999:blog-11428745.post-73776933595168976602016-02-25T07:57:13.901-08:002016-02-25T07:57:13.901-08:00What a lot of people miss when they discuss RFC 62...What a lot of people miss when they discuss RFC 6296 is that it is marked as experimental, and not on the standards track.<br /><br />"This document is not an Internet Standards Track specification; it is published for examination, experimental implementation, and evaluation."<br /><br />It would be a mistake to depend on this particular RFC. If NAT66 ever does become a standard, it will be in a different RFC.<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-11428745.post-77786598665482092242016-01-29T14:44:00.813-08:002016-01-29T14:44:00.813-08:00This bit us pretty hard. I have an active CCNA-Se...This bit us pretty hard. I have an active CCNA-Security, and I'm sure it was not covered.Unknownhttps://www.blogger.com/profile/03827485564663803392noreply@blogger.comtag:blogger.com,1999:blog-11428745.post-59249945267215233262016-01-14T11:17:00.151-08:002016-01-14T11:17:00.151-08:00Thank you Ed Horley for your quick response.Thank you Ed Horley for your quick response.Anonymousnoreply@blogger.com