One of my customers has a cyberguard firewall that was working perfectly when I configured it in the office. However on shipping it to the customer, it was placed behind a horrible Verizon modem that broke most of the configuration parameters I had put in place. Most of them were fixable straight away, but I've never been able to get it to vpn back to the head office. I was getting the error message "Peer is not authorized to use remote address" in the log files.
Various responses in google mentioned I had to add noauth to the /etc/ppp file but this file doesn't exist on the cyberguard unit. However, using the Advanced section and editing the "pptp.connect to office" file, adding "noauth" (without quotes) to the end of the file, the vpn connection worked.
This isn't documented anywhere in google that I've seen so hopefully this will help someone else.
Recently in Networking Category
This helpful webpage tells you the manufacturer of a mac address which is great for giving you a clue when trying to work out what device is using an ip address on the network. Ping the ip address then do an arp -a to display the arp cache and then enter the data into this website to get the manufacturer (and then update the network documentation!)
There is a great tool for integrating Microsoft Baseline Security Analyzer (MBSA) into Visio network diagrams but this is almost useless for the consulting side of things. MBSA requires that it is run as a user with credentials on the domain which is not possible to do on a consultants laptop as it is unlikely that it is going to be a member of the customers domain. Therefore MBSA will not scan the machines and the benefit is lost. It would work if the customer had a copy of visio, but this is unlikely for most of my customers.
I don't have admin rights on the network back in the office so I can't even try it out on my office network either :-(
However, if you are not a consultant and have visio, then this tool is well worth checking out as it will give you colour coded status for each server on the network within visio. From first impressions it does look like you need to have your servers in visio as a server object - you can't use one of your own objects like a dell rack mount object.
I'm not sure why, but a couple of times this week I've been unable to ftp files to any of my remote hosts from a command prompt (or within leechftp - my client of choice). When it failed, I would just get a connection refused error message before the username/password handshake takes place. As I'm running service pack2 and have the windows firewall enabled, I looked in the c:\windows\pfirewall.log file (something that I learnt about whilst doing the MCSDT exam - I didn't know it did a log or that is where it put it!) and I was getting some dropped packets but no reason why. After a bit of digging on google I came across the How Windows Firewall Works document and it mentions that the Application Layer Gateway Service is required if you enable Windows Firewall on a computer that is an FTP client that does not use PASV ftp. The ALG service was running on the computer but a quick restart of the service and I could start ftp'ing again. I don't see any obvious errors in the event logs as to why this service was not working properly but restarting the service is a lot more convenient than having to reboot the entire machine.
There is now a dnsstuff toolbar for firefox for easily looking up stuff from dnsstuff the site which I frequently use to troubleshoot dns,networking and the registration of domain names.Thanks Mike
Project details for OpenNMS has details on a network management application that runs under linux. Might be useful but first I have to have a running linux box to use it on (and an snmp capable router. My router at home doesn't have snmp capabilities which is a shame but as it was free I can't complain)
Had an interesting hour this morning trying to fiddle our dns on the lan here. I wanted to force a lookup via ip to go to the internal network address rather than the external network address. Here's how I did it (as I know I'm going to need it again one day)
There was a patch released earlier for BITS (Background Intelligent Transfer Service) earlier this week - this is the software that allows things like sp2 to be downloaded without affecting the use of the internet as it uses "spare" bandwidth. Anywhere, there is a really useful article on using BITS to download other files, for example iso images. A very useful resource as you can just set it to download and not have to worry about it affecting anything else you are trying to do (like streaming audio radio :-)
I tried to download the UltimateBootCD today and use (for the first time) a BitTorrent client like they asked me to. I was getting 4k/s download. In the end I stopped and went to the Alternative mirror and ended up downloading at 50k/s and bittorrent is meant to be oh so wonderful!
DNS Stuff has a lot of useful tools for performing various dns lookups.
I guess the day I receive a netgear adsl router is a bad day to read that Flawed Netgear Routers Flood University of Wisconsin Internet Time Server! It will be interesting to see what version of the firmware the product is running (before connecting it up)
What sort of ISP blocks pings and traceroutes on their routers (allegedly to cut down on virus traffic) so you have no chance of troubleshooting connectivity problems?
