Networking

AP’s not registering on Cisco Wireless controller 4400 series

I experienced this issue recently where I had a Cisco Wireless 4400 series Controller and some brand new 1140 series AP’s. The problem was this, the access points would connect to the controller, they would get IP addresses, and you would see them listed under the wireless section of the web GUI but the indicator light on them would never turn a solid green and they would not broadcast the SSID’s.

The issue as it turned out was firmware on the controller. This is a known issue with version 4 and below. We upgraded to version 6 and this resolved the issue.

Cisco adopting strategies to compete in the small business line

Cisco is almost synonymous with big business in the network infrastructure market but recently they have really been working to make themselves more friendly to the SMB market.

Here is a good article about that:

 http://www.channelregister.co.uk/2009/09…

Working at a consulting company that is a Cisco partner and has a large focus on small business I find that there are a lot of great Cisco products in the price range my client’s look for.

The ASA 5505 for example is a great little firewall with a lot of good features and price was is right on the mark and  often cheaper then equivalent Watchguard and Sonicwall products. As well  the UC500 Integrated services voip router is a great solution for a small business who wants a voice solution with a reasonable cost, particularly if they need a primary router/firewall and/or small wireless solution in any case.

Upgrading to Watchguard Fireware 11

In reviewing the release notes on the site and speakign to a watchguard rep the best upgrade path to the new fireware XTM version 11 is by first upgrading your existing firebox to version 10.2.9 and then upgrading to 11.

Upgrading directly from any version below 10.2.9 is not recommended and could cause the upgrade to cause the fireware image to become corrupted

WPA-TKIP is completely broken

Check it out:

http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf

This is serious stuff . If you are currently using this you should definitely switch to something more secure ASAP.

Fireware 11 has been released!

So in the past I have criticized Watchguard a tad when they constantly give me the answer that my issue is a known bug and will be fixed in the next version …

Well the next version is here! Fireware 11 has been released to the general public. I will get trying it out in the coming days and reporting back here but a quick look in my IT crystal ball tells me that Watchguard will have indeed fixed all those little bugs which plagued my existence for so many months. Before Watchguard draws too much succor from my words I should also point out that my IT crystal ball tells me that I will be soon plagued with a ton of new bugs which won’t be fixed till version 12 comes out.

Cisco ASA - Remote access VPN user’s can’t connect to internal resources on the same network

So I was working with a Cisco ASA 5510. The inside network was 10.0.0.0/24. I had created a  remote access vpn policy for users and set them up to receive address’s on their inside network (10.0.0.0/24).

While the users we able to connect fine to the vpn they were not able to ping or access any resources on the internal network. The reason I found for this is that even though they are receiving address’s on the same network as the internal LAN, the ASA still considers them part of a separate network and will try to NAT the traffic using your dynamic NAT rule.

The way to resolve this is to create a NAT exemption rule from your inside network to your inside network. Sounds funny, but it works.

Hope this helps

Wireless not working after HyperV install

I am running server 2008 on my laptop and decided to install HyperV so that I could have an XP VM.

As soon as I installed HyperV my wireless connection stopped working. Though the wireless connection is there in manage network connections it is missing when doing an IPconfig and won’t locate any networks.

I have since uninstalled hyperV, reinstalled both the wireless card driver and the wlan service and nothing has resolved this. I will likely have to reinstall my OS.

If you have 2008 on a laptop and decide to install hyperv fair thee warned.

Watchguard MUVPN not working due to Mcafee firewall

I hate personal firewall products but none so much as I hate mcafee. I was testing a MUVPN and the tunnell just wouldn’t established. I turned that thing into swiss cheese, it shouldn’t have been blocking anything but the VPN tunnel STILL wouldn’t come up until I actually turned off the service. Gah it’s frustrating.

Unable to join domain “The network location cannot be reached”

I got this error when joining a windows XP to the domain. I ensured that DNS resolution was working fine.  After some testing I determined that the issue was NetBIOS resolution.

An Ipconfig /all showed that there was no WINS server address (even though DHCP should be giving one out) and NetBIOS over TCP was showing as disabled. I manually enabled this and added a WINS server address but another Ipconfig /all showed no change. Ok so the TCP/IP stack got corrupted, no biggie, easy to fix by removing the NIC drivers and re-adding them forcing Windows to create another stack but this leads into the rant.

Why do I need NetBIOS resolution to join an XP machine to the domain when I have DNS resolution? Why do I need NetBIOS resolution at all? NetBIOS resolution  was crap 10 years ago and it’s even crappier and less necessary now. NetBIOS resolution is the tonsils of the network world. The worst part is that when NetBIOS resolution breaks you don’t even get a week off of school and all the ice cream you can eat.

Cisco ASA - Remote Access VPN not getting reserved address from DHCP

I have configured a Cisco ASA 5520 in an environment where the remote users need to get statically assigned IP addresses. In the past this was done by using MAC address reservations on the DHCP server. In replacing their old firewall and putting in the ASA what I have found is that even though Remote Access VPN is configured to assign IP address’s via the DHCP server and even though that works (You can see the lease on the DHCP server), it does not give them the address that has been reserved by their MAC address. Does anyone know a solution to this? I would love to hear it.