ASA VPN Troubleshooting Yesterday, I assisted with troubleshooting ASA VPN issues. A local ASA needed to build a site-to-site (aka L2L) IPSec VPN tunnel to a non-ASA third-party. The tunnel…
I needed to build a VPN tunnel from Threat Defence to AWS, which seemed to work fine. Until the VPN had been up for an hour that is…
After an hour, I was getting reports of tunnel traffic dropping out. This happened regularly every hour.
After a few hours of watching debugs and discussions with TAC, the answer presented itself.
As IPv6 gets more popular, it becomes more important to know how to migrate to it. This includes getting addresses, getting an ASN, and planning a strategy.
I use Firepower Management Center quite a bit. Recently, I started getting health monitoring alerts telling me that CPU was at a critically high level.
These alerts were spamming me every 5 minutes for a few hours. One of our ASA’s running Firepower Services was having a bad time.
So you want to peer with a service provider. Never done it before? Overwhelmed? Don’t know where to start? If this sounds familiar, then this article is for you!
We’re going to have a look at the process of peering with an ISP. We’re not going to look too deeply into the technical details. Rather, we’ll focus more on the process.
A new Nexus release brings two new features, called vPC Fast Convergence and LACP Convergence.
There wasn’t a lot of information readily available, so I’m going to share what I’ve learned here. I’d like to take a moment to thank Amith Ronad from Cisco for helping me to understand these features.
There has always been a primary and secondary role in a vPC relationship. But, they’ve always been non-preemptive. That means that a secondary will not automatically become primary unless there’s a failure of some sort.
If you’ve never worked in a third-party data centre before, the first time can be a bit of a shock. There are a lot of rules and procedures to follow, and each data centre is a bit different from the last one.
A few weeks ago I was working on a customer’s network when I found an OSPF problem. For some reason, an ASA wouldn’t peer with a Nexus switch. To make it a bit weirder, the problem only happened on the default VRF, and only with OSPFv3. On the Nexus side, I could see the ASA neighbour, but it was stuck in INIT. On the ASA side, I couldn’t see the neighbour at all.
We all want to be better at what we do. You wouldn’t be reading this if you didn’t. In the IT industry, we go to vendor events, where we get to broaden our horizons, and network woth potential colleagues.
I was one fortunate man in a crowd of many who just attended day 1 of Cisco Live in Melbourne.