It’s a fairly common requirement – setting up a guest WiFi network that is secure from the rest of your LAN. You need a secure WLAN access for the domain laptops which has full access to the Server and Client VLANs, but you also need a guest WLAN for visitors to the office which only allows internet access. Since the budget is limited, this must all be accomplished via a single Access Point – for this article, the access point is a Cisco WAP4410N.
SSTP or SSL VPN connections are great for people working on client sites or behind very restrictive firewalls – they only require HTTPS (port 443) to be open to be able to connect. Unfortunately, you need to be running Windows 7 or Server 2008 (or newer) in order to make use of them. Threat Management Gateway 2010 is one option for an SSL VPN endpoint. SSTP VPN Requirements Clients must be Windows 7/Server 2008 or newer Certificate – either commercial or an internal Certificate Authority Published CRL – SSTP clients check for the Certificate Revocation List of the CA If you already have an SSL listener (e.
In-depth: Installing and Configuring Threat Management Gateway 2010 in a Network Load Balanced Array
In this post I will be installing a TMG Array as a “back firewall” behind a hardware firewall. The Array will consist of two virtual servers, TMG01 and TMG02 which each have 3 NICs. One NIC will be dedicated to the LAN network, accessible internally. One NIC will be dedicated to the DMZ network, accessible to the outside world on a static mapped IP. The third NIC will be a dedicated intra-array communications NIC as per Microsoft’s recommendation.
vMA is available as a Virtual Appliance (OVF) from VMware. To install it on VMware Workstation 7, open Workstation and select Import or Export to import a new OVF, the URL for the latest OVF for vMA is on the vMA download page As per this article on virtualkenneth.com, you need to edit the VMX file to change the SCSI card and OS type, otherwise you’ll have a kernel panic on boot.
So, you’ve installed a new server with Server 2008 R2 Core – what next? Logging on, you’re presented with a shiny command prompt, you can run notepad or regedit…but aside from that, where do you go from there? In the next few series of posts I’ll hopefully point out the basics, and some not so basics! Using the Server Configuration Tool The server configuration tool (sconfig.cmd) is provided in R2 for some of the basic setup tasks, so you can run that by issuing the “sconfig” command.
Here’s the setup. We have a core switch of 2 Cisco 3750s, connected together for fault tolerance as a single logical switch; we also have several ESX 3.5 hosts with 4 Gigabit Ethernet NICs installed each. The Virtual Machines will all be on VLAN 8 (reserved for internal servers) and the VMKernel will be on VLAN 107 (reserved for VMKernel traffic like VMotion). I want to create a load balanced, fault tolerant aggregate of these four NICs over the Core Switch.
I recently resolved an ongoing DNS issue where the Active Directory Integrated DNS was loaded in both the Domain and the DomainDNSZones partition of AD - this is a separate issue and should be resolved differently. My problem when I tried to verify that the fixed DNS setup had propogated around my domain controllers, DC01 and DC02. DC01 kept failing “DCDIAG /TEST:DNS” with errors regarding the root hint servers. Googling about it was clear that a lot of people were suffering the same issue, but no article I read had correctly identified the solution.
Having recently installed an ESXi server, I am getting to grips with the management and administration of it, one of the things that I wanted to be able to do was connect to the remote terminal through SSH. I downloaded my SSH client of choice, PuTTY, and set about connecting, however the server refused the connection. It seems that SSH is not enabled out of the box for ESXi and you need to go through some steps to get there - I found some helpful hints here.
I was configuring our new Cisco ASA 5510 firewall today, as part of a major infrastructure upgrade. I’m pretty comfortable with the Cisco IOS, but I still prefer the GUI for the basic set up, using command line to tweak the finer or more complex configurations. However, straight out of the box, I had a very hard time getting the ASDM to load. Being familiar with the PDM from the PIX range of firewalls, I should have guessed the problem straight away.