The Cruft Of My Brain

I recently discovered this new Cisco AnyConnect Essentials license being touted for the 8.2 code for ASAs. It took me a little while to parse through the cryptic description on Cisco’s site but it seems that you can now get client based SSL for a couple hundres $$’s depending on the ASA model. That’s up to the platform supported max!

If you want the web portal “clientless” SSL VPN you have to pay the previous crazy pricing for the “Premium” license. For most people this won’t matter and what it means is essentially a cheap SSL client solution now. Woohoo!

This guy seemed to confirm my thoughts.

Dude stole my theme too!

I didn’t see much in the way of review info on the
NORCO RPC-450 4U Rackmount Server Case
.  On top of that, the pics almost always showed a microATX motherboard installed, which was nice for having lots of room left.  However, I had an Extended ATX or EEB motherboard that I wanted to get into this thing so it was  little bit of a gamble when I ordered it.  I’m pretty happy with the results  although there are caveats and some tight areas.  Without further ado, the review:

Newegg shipped this thing double boxed and it arrived in fine condition.  I don’t live very far from the New Jersey distribution warehouse and I’m lucky enough to get stuff from them within a day or two.

From NorcoTek RPC-450

The RPC-450 comes with 2 big 120mm fans up front. Once you remove those you can slide out the drive cages. What’s cool about this is that the drive cages are kind of like 5in3′s. As you can see in this pic the space could support 3 5.25″ drives vertically but with the cages installed there are slots for 5 3.5″ drives. The 2 cages slide in and out using the same locking tabs you’d use for drives.

From NorcoTek RPC-450

On to the motherboard installation. The EEB size motherboard really does fill the space. Making matters worse, the fans and heatsinks for the dual xeons are located way up at the front of the motherboard. Here you can see how close one of the fans is to the frame:

From NorcoTek RPC-450

In this pic you can see my thumb and also how close the installed optical drive is. If the fans are any taller you aren’t getting the optical drive in.

From NorcoTek RPC-450

You can see here that this fan problem also means you can’t put more than 2 hard drives in the middle cage. Anything below that and the plugs would interfere with the fans:

From NorcoTek RPC-450

Just an overhead shot. The power supply fit easily and didn’t get in the way. I didn’t get my hands all hacked up either like is common when I’m working in some cases. Most of the edges really are rolled.

From NorcoTek RPC-450

So, in the end, it works. If you have a smaller motherboard you’ll have almost no problems. I got a second case for my Unraid setup and that used a MicroATX motherboard. Lots of space and the cooling has been excellent. The same setup in a Coolermaster CM690 had the 1TB Hitachi drives hitting 40C+. In this case with the 120mm fans blowing right across them I’m usually in the high 20′s on the Hitachi and only occasionally does it hit 30C. That’s a lot of piece of mind for the life of my drives.

All pics are here http://picasaweb.google.com/mdgeek/NorcoTekRPC450# although the rest are fairly blurry.

I might have mentioned that before.  In case I didn’t…I hate java.  Now, today’s issue didn’t come directly because of java but it was the result, and an obscure one at that.

I’ve been struggling with a client issue that basically boiled down to slow or non-responsive websites that were passing through IOS firewalls.  Most websites would work fine and if we re-routed the traffic to another outbound connection that had an ASA it would work perfectly.  Also, if we connected a laptop directly to these remote site internet connections it would be smooth sailing.  So obviously something was unhappy on the IOS firewall.  I tried changing MTU, MSS, disabling the websense (urlfilter) connection.  All kinds of different things!  Nothing made a bit of difference.

I decided to run the Tweak Test over at dslreports.com to see what the MTU and MSS results would be, thinking that’s still what I needed to fix.  Tweak test is a java applet.  I had someone onsite run it and I happened to be watching the console at the same time.  All of a sudden I start seeing “FW-3-HTTP_JAVA_BLOCK” messages popping up.  WTH!  So, I figure out that java is blocked by default on IOS firewall.  Here’s the fix:

access-list 3 permit any
ip inspect name inspect http java-list 3

Yep, basically add the acl for any and then add java-list to the end of the http inspect.  I also have a urlfilter on the end to maintain the websense checks.  ARGH!  I decided to try my problematic website, of which enterprise.com happens to be one, and it popped right up.  I never got an error message about java before trying to run this app on dslreports.com.  I never saw reference to a Java problem in any of my debugs.

I know this wasn’t java’s fault directly, but if java wasn’t such a piece of garbage it might not have to be blocked by default.

I had quite a bit of trouble getting this to work the other day.  After some googling I came across this thread over on 6200networks.com.  I had matched up the config he had listed just by chance because I was also enabling an L2L VPN.  However, I still couldn’t get it to work.  The trick was to change the IPSEC transform set to AES-256.  After that it was smooth sailing.  I posted a comment over there but he hasn’t approved it yet.

I’ve discovered ISAKMP profiles too.  Very cool!