Wednesday, November 12, 2008
Cisco ASDM update - v61551
Cisco has posted an ASDM update 6.1(5)51 that is compatible with Java 1.6.0_10 (6u10). This takes care of the problem of running the newest Java but having to keep old versions around to support the older ASDM releases that required 6u7.
- Ed
- Ed
Wednesday, October 29, 2008
Cisco UC 7 update
OK, it is very clear now that the UC plan for Cisco is to move all services to Web 2.0 and give customers the choice of either running the solution in house, in the cloud or a combo.
That being said, I don't think it is all baked out yet (they have purchased Jabber but where that is going to fit in with WebEx ? MeetingPlace I am unclear) but I did get the message loud and clear on one thing... the Apple iPhone will be THE platform of future development. I think the iPhone and Windows Mobile will get a lot of attention. I am not very clear how much attention BlackBerry will get, which is odd given its install base. I don't know if Cisco thinks there isn't enough Web 2.0 support on the RIM side or what but I sure didn't get the impression that they were going to make the next "wow" application on the RIM handhelds.
As soon as I hear a clearer roadmap I will post it up. Heck, if anyone knows for sure and has links to back it up please tell me! - Ed
That being said, I don't think it is all baked out yet (they have purchased Jabber but where that is going to fit in with WebEx ? MeetingPlace I am unclear) but I did get the message loud and clear on one thing... the Apple iPhone will be THE platform of future development. I think the iPhone and Windows Mobile will get a lot of attention. I am not very clear how much attention BlackBerry will get, which is odd given its install base. I don't know if Cisco thinks there isn't enough Web 2.0 support on the RIM side or what but I sure didn't get the impression that they were going to make the next "wow" application on the RIM handhelds.
As soon as I hear a clearer roadmap I will post it up. Heck, if anyone knows for sure and has links to back it up please tell me! - Ed
Labels: Cisco
Friday, October 17, 2008
Cisco UC changes - Web 2.0, Apple iPhone
Cisco just finished up their UC Partner VT in San Jose and Web 2.0 services are a huge part of what they are up to with the UC product family. It also seems that Cisco is turning into an everything but Microsoft sort of play. All the product families are on Linux, heavy development on Apple integration and support within the whole Cisco product families plus moving to more "open" standards in regards to directory structures. Its been in the works for awhile but it pretty much officially here now. Cisco is head to head with Microsoft in the UC space and wants to build a large ecosystem around their product families without any MS products in the picture. Never mind the partner part of the "partner / compete" motto.
It also seems with the Web 2.0 push that development on the iPhone as the mobile platform of choice is Cisco's game plan. With the release of the Cisco VPN client on the iPhone plus the fact Apple licensed ActiveSync from Microsoft it really does seem that you will see Cisco use it as the mobile interface to their product family. They are having Cisco employees switching over from the Nokia dual mode handsets to the 3G iPhone... that should tell you something. I wonder what will happen to Blackberry in all this. I might have to move to the iPhone just to start showing off some of the new offering that Cisco will have in the UC space.
- Ed
It also seems with the Web 2.0 push that development on the iPhone as the mobile platform of choice is Cisco's game plan. With the release of the Cisco VPN client on the iPhone plus the fact Apple licensed ActiveSync from Microsoft it really does seem that you will see Cisco use it as the mobile interface to their product family. They are having Cisco employees switching over from the Nokia dual mode handsets to the 3G iPhone... that should tell you something. I wonder what will happen to Blackberry in all this. I might have to move to the iPhone just to start showing off some of the new offering that Cisco will have in the UC space.
- Ed
Thursday, May 29, 2008
Cisco ASA and DAP
OK, for those of you who play with the Cisco ASA product you might have heard of DAP (Dynamic Access Policies). DAP is used to build policy rules on the fly to provide a customer user experience for VPN sessions (SSLVPN and Clientless or webportal VPN in particular) and is something that has been needed for awhile to compete with the Juniper Neoteris product. DAP has some issues with configuration and setup that can be a challenge, the primary challenge being the Microsoft AD integration.
It turns out that trying to figure out the Login DN parameters can be difficult and also the format for the LDAP attributes. I recommend using LDP to help you figure out the LDAP attributes you can match on and also as a useful tool to walk the LDAP structure of AD. The other missing information is that the testing tool does NOT test against the LDAP authentication server to see if the parameters you are providing actually exist. All it does is TRUST what you are providing as the if that was supplied back from the LDAP server and uses that to test your DAP policy. So you can happily test away thinking your DAP policy will work when it will fail because you are using the wrong LDAP attribut to match in the first place! Very frustrating.
Key commands to know:
debug dap trace
debug ldap 255
Also, for some reason the ASDM DAP testing tool puts commands in the ASA that are cumilative and you have to remove them via the command line. So if you do use the DAP testing tool remember to go in and remove the old parameters you gave it. Otherwise you will have a list a mile long and all of them will be getting checked even though you might only have one or two in the ASDM GUI window.
Oh, and make sure you are running 8.0.3.12, that fixes a SSH issue on the platform that is pretty important.
- Ed
It turns out that trying to figure out the Login DN parameters can be difficult and also the format for the LDAP attributes. I recommend using LDP to help you figure out the LDAP attributes you can match on and also as a useful tool to walk the LDAP structure of AD. The other missing information is that the testing tool does NOT test against the LDAP authentication server to see if the parameters you are providing actually exist. All it does is TRUST what you are providing as the if that was supplied back from the LDAP server and uses that to test your DAP policy. So you can happily test away thinking your DAP policy will work when it will fail because you are using the wrong LDAP attribut to match in the first place! Very frustrating.
Key commands to know:
debug dap trace
debug ldap 255
Also, for some reason the ASDM DAP testing tool puts commands in the ASA that are cumilative and you have to remove them via the command line. So if you do use the DAP testing tool remember to go in and remove the old parameters you gave it. Otherwise you will have a list a mile long and all of them will be getting checked even though you might only have one or two in the ASDM GUI window.
Oh, and make sure you are running 8.0.3.12, that fixes a SSH issue on the platform that is pretty important.
- Ed
Labels: Cisco
Unless otherwise expressly stated, all original material of whatever nature created by Ed Horley and included in this weblog and any related pages, including the weblog's archives, is licensed under a Creative Commons License.
