I’ve been trying to figure out why a pair of Cisco IPS (AIP-SSM in this case) wouldn’t auto-update signature files or connect to the new Global Correlation feature. The management interfaces were located on a subnet that was between the firewall and the internal L3 switch. The internal LAN’s are on the other side of the switch.
I’ve known for a long time that Cisco ASA’s don’t support sending ICMP redirects. Because of this the IPS’s default gateway couldn’t be set to the FW interface. If I did that they would never be redirected to reach the internal networks. I’ve never had a problem with IOS doing ICMP redirects though, so the IPS’s have been using the switch VLAN interface as the default gateway. The switch sends ICMP redirects when the IPS needs to get out to the internet and the traffic goes direct to the firewall.
Except it doesn’t. I could swear it did at one time in the past. Either my memory is faulty or an image update on the IPS broke it. Now, it seems the IPS tosses ICMP redirects. My guess is it worries about man in the middle attacks and and ICMP redirect is a possible sign of that. So even though the switch is doing the correct thing the IPS disregards it.
Moved the IPS management interface to one of the internal LAN’s and all is happy now.
December 19th, 2009
scott
Seems they don’t play well together. Sure, basic mouse functions work, including the scroll wheel. All of the extra buttons don’t seem to work at all though. I’ve been keeping an eye out for drivers and nothing yet. Also, I have yet to find anyone else crying about this. It seems strange to me that I’d be the only one with a nice Microsoft gaming mouse on OS X.
November 30th, 2009
scott
Well, I guess I better get a post in for the month of November. Ugh, it’s been a long month. Anyway, fiddling with free podcasting tools and methods and I discovered some updates in Snow Leopard that are pretty cool.
I little while ago on Leopard I found out that with iLife 09 you could use GarageBand to record a voice chat using Bonjour in iChat. That’s cool but kind of limited. I’m not certain but I think this was not extended to non-Bonjour voice chat’s. That’s not the case with Snow Leopard. Not only can you record your Jabber and GTalk sessions but it’s smart enough to create the right number of tracks if you have a group chat going on with multiple users. And yes, it’ll adjust the title picture track based on the users avatar from GTalk for whoever’s talking.
I’m a little shocked that it works as well as it does.
One thing I haven’t been able to figure out is how to start recording a voice chat and then add in additional local mic’s. It doesn’t seem to be possible so all recording must be done with the group voice chat participants. And I haven’t tried this but I’m guessing that adding users to the group voice chat will not start new tracks in GarageBand. That would be slick if it did.
As a fan of flavorful beer I often find myself facing stares of revulsion when I’m enjoying a nice glass of Guinness. What few people realize is that “dark” isn’t supposed to mean harsh, bitter or high in alcohol content. Found this great article:
http://www.nytimes.com/2009/10/28/dining/reviews/28wine.html
All you doubters should read it! You know who you are!
I’ve gotten a look at a powerpoint with the technical details now. Nothing too earth shattering. More of a natural progression of capabilities and performance.
I’m such a geek. The one cool new feature is that they have finally put in a USB console port. Actually mini USB. I’m not sure of the wisdom of using that over the already present regular USB ports, but that’s ok. I can’t find anything about how that’s going to work. I expect you’ll have to install a driver for USB to COM on windows just like you do with the USB to Serial dongles but this should be Cisco provided.
How cool would it be if there’s a hidden driver for that in Windows 7 already.
Now all we need is a wireless USB KVM and you could manage a whole data center of routers without running more cables. Better have some good security on that!
Just stumbled across this post describing why Wave is such a big deal. I think he does an excellent job of describing it, including his follow up post. The idea behind the protocol really is liberating and solves a number of problems. Read it!
September 30th, 2009
scott
Reading about Google Wave today as I wait impatiently for my invite. It better come.
I was reading the latest (I think) developer blog update and near the end is this gem:
“We’re also working on larger changes like providing anonymous read-only access to embedded waves — so anyone in the world will be able to see content of published waves.”
I know this was a “want” for me…but wow…
Once this gets enabled you’ll have a forum software killer.
Build a widget that shows “followers” and Twitter is dead. After all, that’s a large part of Twitter’s success. Showing how big your….follower group is is very important.
Facebook features are just a hop skip and a jump away. You can be sure there will be many developers working on that.
Pretty exciting stuff!
September 30th, 2009
scott
Hoping for a Google Wave invite today. The possibilities for Wave look intriguing, not because of what it’s launching with but rather because of what it’s built on. The core is essentially XMPP from what I’ve been reading, with a healthy dose of HTML5 on top and some other magic happening. Google is framing this as an all in one communications platform. The “modern email”. It needs to get voice support in a hurry. Whether they roll in GTalk or just straight up XMPP voice and video doesn’t really matter. But it needs to be in there.
Desktop sharing needs to be in there. If that happens, GoToMeeting and LogMeIn should really start sweating.
Picasa web albums need to be fully integrated. I’ve seen some references to Picasa being connected but it looks like it might just be the app. That’s a good start but not the whole thing.
I’m also very curious about public vs private waves. Is it possible to have a wave that anyone can have read access to but only some have write? Put that in and you go a long way towards killing forums and maybe even Twitter.
Possibilities…
September 28th, 2009
scott
There’s been a lot of noise lately about AT&T and Apple and Google not playing nice together. The latest is AT&T carrying on about Google Voice blocking rural numbers because their costs are so much higher. Ok, that’s kind of crappy, but it’s just a red herring. AT&T is making a fuss over this because they also see the real potential. What happens when Google Voice links up with the Google Talk service. I’ve been thinking about this for a while and wondering why GTalk wasn’t a supported endpoint for GVoice yet. I thought it might be technical but now I have my doubts.
At this point GVoice still relies on the telco’s to provide the actual phone service. If GTalk becomes an endpoint then there’s a much stronger argument for Google being a “carrier” instead of just an “internet service”. That brings all of the issues of access, fees and taxes along with it. Would Google have to start collecting a USF and other similar fees for every GTalk user, even pure IM users, on the basis they “could” use the voice component? Pricey! As far as I know, every other bridge to the PSTN (SIP gateways mostly) has to pay the fees and support universal access.
I think that’s the shot across the bow from AT&T and it’s something Google’s been aware of for a while. And it upsets me greatly.
The world is headed in the direction of more XMPP and SIP, not less. AT&T sees this and probably sees Google as the biggest target to slow this adoption down. AT&T is using the admittedly noble idea of universal communication access to beat down it’s competitor. The FCC should instead be looking at how to address issues like the USF in a world of online focused communications. The trend for land line terminations is only going to increase to the point where only poor people have landlines, subsidized by the USF. Where will those fees come from when everyone is online focused? This isn’t a new thing and it’s obviously been one of the top issues for the FCC.
Perhaps the USF should be added to (more) data lines. Or the Fed Gov can just take it from us with other taxes. They seem to be pretty good at that already.
Most of all, it’s shameful that AT&T is using USF and universal access as a hammer to beat on it’s competitor. Hey AT&T, how about being more competitive and innovative instead? I won’t hold my breath.
