The Cruft Of My Brain

Wow, it’s been a while. I scored some of the Nortel IP 1535′s thanks to NerdVittles and this gives me a good opportunity to try to upgrade my Asterisk system to the latest and greatest version. Naturally I want to go with PIAF and they just patched to Asterisk 1.8. I’ve considered using the Incredible PBX build but I don’t think I need all that stuff so I’m going to try straight PIAF first and see if I can get the Google Voice parts working at least.

First up, I’ve installed it in VirtualBox. Now, I’m concerned that there might be a stuttering problem because it’s virtualized. No way to know until I get a phone online. I’m hoping this will help but I installed the VB additions. It was relatively painless following the steps at if (!1) 0 with the exception of changing the kernel version to match. Rebooted and it looks ok so far.

More to come as I get phones online.

Related Reading:

Cisco SPA 504G 4-Line IP Phone

That’s a mouthful. I’ve been having a hard time figuring out how to successfully transfer images to the Standby ASA’s flash from the Active’s CLI. Finally figured it out. Here’s the syntax:

failover exec standby copy /noconfirm tftp://{ip address}/{file name} disk0:/{file name}

Without the /noconfirm it’ll fail. You also need a standby ip address on the interface facing the tftp server and I haven’t confirmed this but I think it might also need to be on the same subnet. I’m still having some trouble with a situation where the standby ASA would have to reach another subnet.

Related Reading:

Cisco-Linksys E4200 Dual-Band Wireless-N Router

It’s now a month or so after the release of iOS4 and the Cisco Anyconnect Secure Mobile Client for iPhone is nowhere to be found. What’s up Cisco??? I want my Anyconnect!

And anyone believes they’ll actually ship the Cius? HA!

Related Reading:

Cisco RV220W Wireless Network Security Firewall Wired and Wireless Connectivity for Small Office

I previously posted about some luck I had getting IPSEC VPN to work from my iPhone to my IOS router/firewall. That post is now kind of useless because the source blog disappeared about a year ago. So, in order to make this useful again I’m posting my full IOS code (obfuscated for obvious reasons). Change the IP addresses and the group name and password and you should be good to go. This uses the new(ish) method in IOS of zone based firewall. It’s overly complex and really hard to parse for anything remotely complicated but it’s what I’m working with. You’ll notice I used the SDM for most of the config. Yep, I’m lame and I’m not afraid to admit it. All of that zone config typing would have been a pain in the butt! Also, be sure to use a pool that is different from your “inside” subnet. Won’t work otherwise. Also, it should be obvious but this config uses local users so you need to add at least one of those.

Keep in mind this will all change when iPhone OS4 comes out as it’s supposed to support SSL VPN’s. Finally. The IPSEC works perfectly fine for now though. I’ve not tested this on my iPad yet since I haven’t had it out of the house…and it’s not a 3G model. Don’t see why it wouldn’t work though.

And now the code:

aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization network sdm_vpn_group_ml_2 local

ip access-list extended SDM_AH
remark SDM_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark SDM_ACL Category=1
permit esp any any

Related Reading:

Firewall (Full Screen Edition)

Yup…did it. In fact I’m typing this on the new iPad specific wordpress app and I love it!!! The keyboard in landscape mode is very nice and I can type very quickly. I think it might drive some bad habits with all of the autocorrection and not capitalizing first letters but I can get over that.

My first impression after unboxing was “this is a big iPhone”. After putting on some iPad specific apps, that made all the difference. The bigger format really is something special.

Now, anyone know if it would be possible to write a driver to allow a Bluetooth connection to the iogear bluetooth serial adapter? This would be great for data center work!!!

Related Reading:

Linksys E1200 Wireless-N Router

Seems my original post about the AnyConnect Essentials license is still quite popular. So why not capitalize on that!

The license does work as advertised. It’s a replacement for the IPSEC based client that Cisco seems to have stopped development on. I’ve been using it in numerous situations and it works great!

I just have a funny situation though where my client was exploring alternatives to Cisco. We got pricing for a couple of competitors including Sonicwall and Juniper and let me tell you…whoo-boy! I guess the others haven’t felt compelled to follow Cisco’s lead and they are still charging ridiculous sums for the SSL VPN clients. Of course there were howls of protest about how their clients did so much more and that if you wanted the same level of functionality you had to pay for Cisco’s full SSL VPN solution. All true, but who cares????

I want a simple client based SSL VPN to replace the IPSEC clients of old. I don’t need all the fancy clientless stuff. I suspect that’s true for a lot of customers. Cisco’s pricing strategy for the AnyConnect Essentials is smart not just because they don’t want to continue to develop the IPSEC client but because it drives business away from their competitors.

Cisco, your choice in focus these days mostly pisses me off but this is a real winner. A small bright spot in an otherwise dreary path you’ve taken. Now, if you could find a way to ship ASA’s before the summer I’d be happy.

Related Reading:

Linksys E1200 Wireless-N Router

So, here’ my coming out for the other project I’ve been working on lately. Learning about Arduino’s. More later about why I’m doing this but for now…

I got a regular Duemilanove from Adafruit a couple of weeks ago. These things are so nice that they include all of the basic necessary components like the USB to RS232, the automatic voltage input switching, pin headers etc. I’ve been fiddling with that and learning some of how it works. I wanted to get a second for the purposes of having the two Arduino’s talk to each other. Naturally I decided to do this the harder way and assemble one on a breadboard.

This is actually pretty simple. The components you need are the Arduino flashed Atmega328p, a voltage regulator for getting your power source to a steady 5v, a clock source and a programming method. A couple of LED’s are good for power and the pin13 status. Based on several resources around the web including:

http://www.flickr.com/photos/34908673@N00/4042185019/sizes/l/
http://arduinofun.com/blog/2009/10/15/breadboard-arduino/

I’ve managed to get my Boarduino up and running without the use of a reset button and hopefully with a few extra rows available on my breadboard. I’m using an FTDI cable from Adafruit since I had to pick one up for the XBee modules I got. Yes, more to come on that as well. The FTDI cable includes the chip for USB to RS232 conversion but it does not pull out the DTS pin. Thankfully Arduino supports auto-reset using the RTS pin. I had to struggle a bit to figure out why it wasnt’ working but the fix was pretty simple. You need to enable “Set RTS on Close” on the serial port that’s tied to the cable. Check out the LadyAda article for more details:

http://www.ladyada.net/make/boarduino/use.html

From Arduino projects

From Arduino projects

From Arduino projects

Related Reading:

30 Arduino Projects for the Evil Genius

Say whaaaatttt???????? Ok, so you have a Checkpoint firewall with a whole lotta NATed addresses. The router won’t find these NATed addresses though unless you go through a painful procedure to enable proxy-arp on the Checkpoint or you have to add static host entries to the router pointing to the interface IP on the Checkpoint.

What year is this because I seem be in the 90′s.

I know some people really love Checkpoint but every exposure I’ve had has left me scratching my head wondering if they could have done things any more atypically.

So yes, Checkpoint administrators, have no fear. The router jockeys will fix your broken crap again.

Related Reading:

D-Link DIR-601 Wireless-N 150 Home Router

I’ve had a TC1100 for a while now. I just decided to get a new battery since the old one wouldn’t hold any charge. So as I sit here using it with Win7 it occurs to we that this is pretty much the exact same size as the iPad. Sure its a little thicker but the screen is the same. Even down to the bezel. So whats different? For one thing this requires a pen. This is a good thing and bad. The handwriting recognition isn’t too bad but I do have to fix things sometimes. Plus everything requires the pen. Sometimes it would be nice to just flick something with my finger. So, despite being a really cool form factor I can see how the iPad would be alot easier to use.The lack of camera really annoys me but maybe I can live without that after all. maybe…

Related Reading:

Cisco SPA 504G 4-Line IP Phone

Ran across this tonight. Someone had entered a prefix-list with the name “at&amp ;t” instead of “at&t” (wordpress didn’t like it either so I added the space between the p and the ; but they should really be together.

Oddly enough, IOS wouldn’t allow the bad line to simply be deleted. The “;” had to be removed so that the no command included “at&ampt”

Probably some sort of a regex problem or an ascii escape character but it’s still kind of strange.

Related Reading:

D-Link DIR-655 Extreme-N Gigabit Wireless Router