Archive for the ‘Networking’ Category

Windows Server 2012 reset networking TCP/IP when NIC team is “Host Unmanageable”

December 4th, 2015 No comments

After some scheduled maintenance (Windows Updates, software updates/installation etc) on an older HP DL370 G6 server running Windows Server 2012, a colleague noticed an issue with the networking configuration. Post maintenance, I was told that the server was not accessible on the network, and with it being weekend maintenance my colleague simply added it's IP address back to one of the 4 physical network card ports so that the server was at least accessible again. It later transpired that for some reason, the networking configuration on the server had broken in a way that NIC Teaming was no longer working. This server was also a standalone Hyper-V host, the Hyper-V virtual networking was also broken.


Cisco ASA Implicit Rule “Permit all traffic to less secure networks” ACL

October 27th, 2015 No comments

When adding a new network interface to a Cisco ASA, you must specify it's security level. Based on this security level, the default Cisco ASA ACL allows you to access "less secure" networks (with a lower security level), and denies access to "more secure" networks (with a higher security level). The default rule works well, until you need to allow this security zone access to a "more secure" security zone. For example, a DMZ could have a security level of say 25, allowing access to an outside interface with a security level of 0, but it would be implicitly denied access to an inside interface with a security level of 100. When we need to add an ACL to permit certain access to the inside interface, the implicit "Permit all traffic to less secure networks" rule is automatically removed by the Cisco ASA. We can manually add a form of this ACL back in to retain security between zones.


Categories: Networking Tags: , , , ,