Sunday, December 21, 2008

ASA code update - mobile AnyConnect

For those that are keeping track there was an interim release on Dec 5th for asa804-16-k8.bin plus as I noted before there is now an ASDM release of or asdm-61551.bin which is compatible with Jave 6.10 or 6.11. There is one issue I have found with the newer ASA code, it does not appear to honor the global translation timeout settings. So if you have long flow sessions (big single tcp backup sessions that stay open forever for instance) then you can have some serious issues.

Also, is anyone else completely baffled as to why the ASA is requiring a separate mobile AnyConnect license, even if you already paid for SSLVPN licenses for the standard AnyConnect on the ASA? Seems like double dipping to me. At a minimum a free license extension should be offered to clients to get some mobile licenses based on the number of existing AnyConnect licenses you already own. Perhaps 2 mobile for every 10 SSLVPN? Cisco, you are just getting greedy on that one.

Happy New Year everyone.
- Ed

Wednesday, November 12, 2008

Ubuntu 8.10 - everything seems to work fine

Well, I took the plunge and did a clean install of Ubuntu 8.10. I was running 7.10 and it was very stable, I passed on 8.04 since I heard about a lot of problems. I have to admit I am happy so far. Sound, video, external video, bluetooth are all working. The new NetworkManager is excellent and works as expected. VMware workstation 6.5 is working too. I just have to get Cisco VPN working and I will be back up and working completely as before.
I would definately have folks give it a go, its been stable and has performed pretty well so far. Keeping my fingers crossed.
- Ed

Cisco ASDM update - v61551

Cisco has posted an ASDM update 6.1(5)51 that is compatible with Java 1.6.0_10 (6u10). This takes care of the problem of running the newest Java but having to keep old versions around to support the older ASDM releases that required 6u7.
- Ed

Wednesday, October 29, 2008

Cisco UC 7 update

OK, it is very clear now that the UC plan for Cisco is to move all services to Web 2.0 and give customers the choice of either running the solution in house, in the cloud or a combo.
That being said, I don't think it is all baked out yet (they have purchased Jabber but where that is going to fit in with WebEx ? MeetingPlace I am unclear) but I did get the message loud and clear on one thing... the Apple iPhone will be THE platform of future development. I think the iPhone and Windows Mobile will get a lot of attention. I am not very clear how much attention BlackBerry will get, which is odd given its install base. I don't know if Cisco thinks there isn't enough Web 2.0 support on the RIM side or what but I sure didn't get the impression that they were going to make the next "wow" application on the RIM handhelds.
As soon as I hear a clearer roadmap I will post it up. Heck, if anyone knows for sure and has links to back it up please tell me! - Ed

Friday, October 17, 2008

Cisco UC changes - Web 2.0, Apple iPhone

Cisco just finished up their UC Partner VT in San Jose and Web 2.0 services are a huge part of what they are up to with the UC product family. It also seems that Cisco is turning into an everything but Microsoft sort of play. All the product families are on Linux, heavy development on Apple integration and support within the whole Cisco product families plus moving to more "open" standards in regards to directory structures. Its been in the works for awhile but it pretty much officially here now. Cisco is head to head with Microsoft in the UC space and wants to build a large ecosystem around their product families without any MS products in the picture. Never mind the partner part of the "partner / compete" motto.
It also seems with the Web 2.0 push that development on the iPhone as the mobile platform of choice is Cisco's game plan. With the release of the Cisco VPN client on the iPhone plus the fact Apple licensed ActiveSync from Microsoft it really does seem that you will see Cisco use it as the mobile interface to their product family. They are having Cisco employees switching over from the Nokia dual mode handsets to the 3G iPhone... that should tell you something. I wonder what will happen to Blackberry in all this. I might have to move to the iPhone just to start showing off some of the new offering that Cisco will have in the UC space.
- Ed

Tuesday, September 16, 2008

DRJ Fall World Conference in San Diego

I am attending the Disaster Recovery Journal semi-annual conference in San Diego this week. It is definitely a different sort of conference then what I am typically used to attending from the tech side of the fence. There seems to be a high number of folks who are much more concerned about business process but know very little about how IT functions and works and even fewer who really grasp how technology is being utilized in IT shops today.
Granted, there are a lot of folks USING technology in their planning and such but the granular understanding of what is happening under the hood seems to be a bit light. Perhaps my opinion will change over the week but that is my initial impression so far.
That being said, these folks know and worry about way more things then ever typically make it onto the books for IT folks. I think IT shops could learn a lot more about what drives a businesses needs for this sort of planning and then incorporate that into their design architectures. Also, they could do better in outreach and educations as there seems to be a lot of frustration on the part of folks building these plan of not understanding what IT Pros are saying or referencing.
More later.
- Ed

Tuesday, July 01, 2008

MVP status

I got the official word this morning and I have been renewed for another year. To be honest, I was very surprised about this since my original MVP category of Windows Server - Networking was eliminated and I was moved to Identity and Access - Enterprise Security. I haven't changed my focus at all even though I have been put in a new category and felt it hurt my chances of becoming an MVP again. Apparently Microsoft felt differently, which I am grateful for. Looking forward to another year of MVP news and happenings. - Ed

Tuesday, June 24, 2008

Cisco Networkers this week

Even though it technically started on June 22 things don't really start until today if you look at the schedule. I've attended Networkers in the past and it is a good conference but I am going to hold out until next year when it is here in the San Francisco Bay Area.
For those that follow conferences it looks like Microsoft's TechEd will be in Los Angeles next year. Both conferences were in Florida this year which is a real long flight from the Northwest or even California. I guess all the west coast folks get to be lazy next year if they want to attend. - Ed

Thursday, May 29, 2008

Cisco ASA and DAP

OK, for those of you who play with the Cisco ASA product you might have heard of DAP (Dynamic Access Policies). DAP is used to build policy rules on the fly to provide a customer user experience for VPN sessions (SSLVPN and Clientless or webportal VPN in particular) and is something that has been needed for awhile to compete with the Juniper Neoteris product. DAP has some issues with configuration and setup that can be a challenge, the primary challenge being the Microsoft AD integration.
It turns out that trying to figure out the Login DN parameters can be difficult and also the format for the LDAP attributes. I recommend using LDP to help you figure out the LDAP attributes you can match on and also as a useful tool to walk the LDAP structure of AD. The other missing information is that the testing tool does NOT test against the LDAP authentication server to see if the parameters you are providing actually exist. All it does is TRUST what you are providing as the if that was supplied back from the LDAP server and uses that to test your DAP policy. So you can happily test away thinking your DAP policy will work when it will fail because you are using the wrong LDAP attribut to match in the first place! Very frustrating.
Key commands to know:
debug dap trace
debug ldap 255

Also, for some reason the ASDM DAP testing tool puts commands in the ASA that are cumilative and you have to remove them via the command line. So if you do use the DAP testing tool remember to go in and remove the old parameters you gave it. Otherwise you will have a list a mile long and all of them will be getting checked even though you might only have one or two in the ASDM GUI window.
Oh, and make sure you are running, that fixes a SSH issue on the platform that is pretty important.
- Ed

Tuesday, May 27, 2008

EUROPEAN IPv6 DAY - 30 May 2008

Well, it seems our European counterparts are starting to take IPv6 seriously. They are planning an advancement meeting in Belgium to get things moving along.
The IPv6 task force website has good information if you are getting started in the IPv6 arena.
I am sure everyone saw that 6 of the 13 root level servers are running IPv6 AAAA records now - you don't even need IPv4 to do name services for IPv6 anymore, you can go completely native IPv6 for everything.
It is moving slowing but it is definitely moving along.
- Ed

Sunday, April 27, 2008

IPv6 - folks seem to be paying more attention?

Well, one of my observations for the Microsoft MVP Summit was that the network team at Microsoft is still very interested in hearing about what is happening with IPv6 and if anyone has done anything with IPv6. I am not sure that Microsoft has a good road map of what needs to happen to make IPv6 a reality in North America but they are paying attention.
Microsoft has several reasons for getting IPv6 out to the consumer space as quickly as possible. IPv6 will allow Microsoft devices to do peer to peer easily and allow them to get back to the model of all hosts being available and accessible which is a desirable thing when you build an OS platform for PC's.
In addition to all this, there appears to be in the works some cool applications that will be IPv6 only that will leverage that peer to peer openness that IPv6 allows. I think the next generation of Groove would be a great starting point myself.
With Server 2008 having the same network stack as Vista and both being IPv6/IPv4 I think there is an opportunity for IPv6 services to leapfrog some of the IPv4 technologies and potentially allow IPv6 to grow more quickly then originally anticipated. Only time will tell.
- Ed

Sunday, April 13, 2008

Microsoft MVP Summit

It is that time again, the Microsoft MVP Summit is next week and I am flying up tomorrow to catch up with it (late as usual) and then hopefully hear and learn about all the new and interesting stuff that Microsoft is up to. As is typical for all MVP's, seems that most of the content is covered under NDA but anything that isn't I will try and make a comment about. Seems that Server 2008, Security (Forefront), and System Center will be talked a lot about.
I got very mixed feedback on the new Hyper-V product at the Server 2008 launch event. Most folks who are working with other hypervisors really felt that Hyper-V was behind the curve and it isn't really officially out yet. I don't know how much market share Microsoft can gain in that market but I guess they should have something to reduce the de-coupling of the OS to the hardware, something Microsoft considers pretty important. They definitely want a piece of Microsoft software controlling the hardware and any other OS that wants to use the hardware should have to go through that MS software. I really believe that is for licensing reasons as technically I can't see that it would make that much of a difference.
- Ed

Monday, March 10, 2008

Cisco's new ASR series

Cisco seems to be on a product roll out marathon. The announced the new ASR product line and it is using a new processor and looks to be a powerful platform. That being said - I don't think it is the best looking product line that Cisco has released. Especially when it is compared to the Nexus 7000. I don't know why Cisco doesn't have a uniform look and feel to their product lines, you would think that spending five years and $250 million developing it they could hire a decent industrial designer to hammer out something that looks cool.
Other then the superficial the specs on the stuff look great. I can't wait to get my hands on one to play with.
- Ed

Sunday, March 09, 2008

Microsoft Server 2008 Launch event is San Francisco

I am signed up for the Microsoft Server 2008 Launch event in San Francisco on March 13 at the Moscone Center and I hope it is a cool event for everyone involved. I know a lot of folks from the Pacific IT Professionals Users Group will be at the event and I am sure I will run into some fellow Microsoft MVP's at the event also. I am excited about the work and changes Microsoft has done with Server 2008. I believe I will be helping out in some capacity at the event but I am not sure how yet. I will post how shortly so in case you are at the event you can look me up.
- Ed

Fun new toy #2 - Mini Cooper

Well, the second toy cost a lot more and neither are really technical in nature but I have to say the new Mini Cooper that we picked up last Thursday after waiting since Dec is very cool. The obvious advantages of better gas mileage and such are great but the car is just fun to drive and very cool looking. I definitely won't be hauling around as much Cisco hardware as in the past but that is ok, seems we get most of the gear drop shipped to clients now directly from the distributor.
- Ed

Ok, here are some photos. They are fat big ones that I am to lazy to shrink down to be web friendly.

What my wife gave me for xmas.


Good enough? - Ed

Fun new toy #1 - Skullcandy Proletariat

I will be traveling to Ireland at the end of this month and will be wanting to avoid hours of airplane engine noise plus actually listen to some music here and there. I did some looking around for new headphones for the trip and wanted some that did noise canceling but didn't cost a fortune like the Bose seem to. I finally ended up picking up some Skullcandy Proletariat headphones. They seem to work pretty well, work off of two AAA batteries and are only $100.
- Ed

Wednesday, January 30, 2008

Cisco releases the Nexus 7000

I sat through some pretty good presentations yesterday at the Cisco Partner Data Center VT in San Jose and one of the cool new items that was covered is the new Nexus 7000 Switch platform. I think this switch is going to have some serious impact on where things are going. The platform has the ability to do both IP, Ethernet, Fiber Channel over Ethernet and other SAN based services and to perform at a 10Gbps scaling to 40Gbps and 100Gbps when the appropriate standards releases come out. It really is an remarkable piece of hardware. I imagine it is going to take awhile for adoption but I can't wait to get my hands on one to deploy! It really is going to be the next generation for large scale data center especially with virtual machine growth and blade and cluster configurations. The video on the site does a pretty good job explaining what it can do.
- Ed