@Dashrender said in Cisco ASA: @Jimmy9008 said in Cisco ASA: A and B can also RDP/ping devices sitting on C. If this is true, it's just a matter of rules/route allowing C back to A/B or a route specifically for C -> A/B. 172.16.0.0 vlan… switch IP = 172.16.0.1, ASA = N/A, gateway on the vlan is 172.16.0.1 (the switch) this is legacy. What appears to happen is that the switch has 0.0.0.0 set to 192.168.50.10 (the ASA) on a vlan2. So, traffic from 172.16.0.0 hits the switch IP at 172.16.0.1, then hope out 0.0.0.0 ^ I think its this that's causing the issue. This should be fine, this is what allows the C network to get to the internet so, when on the 172.16.0.0 network, the request goes to the switch's IP (172.16.0.1) which forwards it to 192.168.50.10 (the ASA), The ASA then doesn't have a rule allowing traffic from 172.16.0.0 to talk to 10.x, so it just dumps the traffic. At least that's what it looks like to me at this time. “C” network really?

@gjacobse said in Designing for tech startup: Network, AD, Backup etc: @DustinB3403 said in Designing for tech startup: Network, AD, Backup etc: I suppose you could use Storage Spaces Direct (all windows across the entire thing) but I wouldn't consider SSD at all mature nor production ready, especially at this scale. Thanks, had not heard of this. DataOn solutions fully support this and vice versa. They are experienced with this kind of scale and much larger.

@scottalanmiller said in ISP Failover with Cisco ASA: That's mostly true. But Cisco considers it real Cisco and it shows their view of themselves. And that, I always think, is important. Cisco doesn't seem themselves as an enterprise player. And I've been in sales meetings with Cisco and that definitely comes through when talking to them. That's not what I got from my sales conversations with them. They were very explicit about real Cisco and the lesser sub-brands. Having been at two huge banks that were burned by being willing to use UCS, Cisco and enterprise are two words I never put together. From networking to phones to servers, Cisco is consistently overpriced and underperforming. I absolutely loved UCS, even wrote the original oVirt/RHV plugin for the VMFEX cards. They were ahead of their time with those boxes, but the cloud pretty much killed everything really cool and advanced about HW

Missed a couple this week, I've been busy! First is a number of webex and Small Business routers. https://www.us-cert.gov/ncas/current-activity/2020/06/18/cisco-releases-multiple-security-updates Next up is IOS XE devices with a telenet RCE. https://www.us-cert.gov/ncas/current-activity/2020/06/25/cisco-releases-security-advisory-telnet-vulnerability-ios-xe

@jaredbusch said in Small Restaurant Network Redesign: @scottalanmiller said in Small Restaurant Network Redesign: Also worth noting, there are some problematic switches at each site. Again, because the VAR was clearly trying to add complexity to up the support bill, and I'm having them put in simple, low cost, unmanaged Netgears to make this really simple and reliable. I detest NetGear switches. They generally work, but everytime I try to use one for something even half specific, they puke. Sites this small can use the EdgeSwitch 8 https://www.ubnt.com/edgemax/edgeswitch-8-150w/ And it will report into UNMS along with the routers. Plus it's actually a switch, hardware- and software-wise. Not a breadbox which jumps over the table because you "accidentally" attached a cable to it. (yeah, I know, some NetGears also feature a metal case but it's not the same).

@scottalanmiller said in Cisco: we're not competent.: https://arstechnica.com/information-technology/2018/02/that-mega-vulnerability-cisco-dropped-is-now-under-exploit/ They can own all the ASAs!

@travisdh1 mmmmmmmmm....... piiiiiiiiie switches......

Done

For the Dell X Series look at it below: https://www.dell.com/support/article/us/en/19/how10377/how-to-enable-rapid-spanning-tree--rstp--on-d...

Someone on Spiceworks who had recently downloaded the firmware was able to send it to me (wipes sweaty brow) just so folks who read this will know. I appreciate the help. And yes, @scottalanmiller , this kind of thing is all too common these days. I don't like it, but it doesn't change the situation at hand I'm afraid.

I remember sitting with a Broadcloud rep 18 months ago and they were worried about how SFB on Office 365 would affect their business. Still find it amusing that we took it as a serious threat. I still have a lot of hope for FusionPBX and some other open source products as well.

@scottalanmiller said in Anyone with Cisco download access (firmware) can help me ?: I replaced a Cisco a few weeks ago because we could get a Ubiquiti that was new faster, delivered to the site, than we could get a cable to hook into the Cisco. Saved both time and money and got them better quality gear. Pure win. Cisco's "deal with our BS" overhead is very high and a huge factor on their TCO. Their optics division makes 2 Billion a year I hear. 3rd party optics are made by the same people so I never blinked at using them and duck taping some spares to the side of the chassis.

The esp-group encryption also, but it at least still does MD5 hash. [email protected]# set vpn ipsec esp-group Test proposal 1 encryption 3des aes128 aes128gcm128 aes256 aes256gcm128 [edit] [email protected]# set vpn ipsec esp-group Test proposal 1 hash md5 sha1 sha256 sha384 sha512 [edit]

@jaredbusch said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost: @nashbrydges said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost: @jaredbusch said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost: @nashbrydges said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost: @brandon220 said in Comparing Ubiquiti EdgeRouter and Cisco ASA PPS Performance and Cost: I've been using an ERL at home for a while and have them deployed at several business. Zero complaints and I recommend them all the time. I wish I could use it at home. I'm on Bell Canada ftth and they use a different vlan for iptv and internet. All of the online guides I've seen haven't been able to get me to use my ERL and Bell won't give up which VLANs they use. No one hasd figured this information out yet? Sadly not yet, at least not that my Google-fu has allowed me to find. I am a bit amazed because it should only take a mirrored switch port and wireshark to find VLAN tags. This was my thinking as I was reading the posts. This is /should be pretty easy to figure out.

@dustinb3403 said in Hardware differences - what makes one less than enterprise: @scottalanmiller said in Hardware differences - what makes one less than enterprise: @dustinb3403 said in Hardware differences - what makes one less than enterprise: @scottalanmiller said in Hardware differences - what makes one less than enterprise: @jaredbusch said in Hardware differences - what makes one less than enterprise: @scottalanmiller said in Hardware differences - what makes one less than enterprise: @jaredbusch said in Hardware differences - what makes one less than enterprise: @scottalanmiller said in [Hardware differences - what makes one less than enterprise] The software. The hardware is about equal, sort of. But a $95 Ubiquiti is faster than a $3,000 CIsco. So the hardware still matters. Cisco at $3,000 is "Maybe able to handle your house." Prove this. Don't bullshit or theorize. Prove it. Get a unit and run tests or stopping stating it like a fact and predicate these statements with "in my opinion" and such. Granted I'll never buy Cisco in the SMB when Ubiquiti exists for the cost and performance that it currently exists with. But none of that invalidates the quality or functionality of Cisco hardware and software. Cost has nothing to do with that. I'm not the one making the claim, it's based off of measured PPS between the two. You are the one always making the claim and have never linked to source material to back up your claims. I've never made the claim. I've repeated Ubiquiti's performance measurements. It's nothing to do with me. I just remember the number and repeat it as it is a critical guideline for understanding where Ubiquiti falls within the Cisco product range. When people are talking $10K Ciscos, we can't talk Ubiquiti, it just doesn't make sense. But at $3K and below, I've never had anyone come up with any value proposition to Cisco gear considering that Ubiquiti is measured at better throughput until that price point. Granted, Ubiquiti did the study, but Cisco has not disputed it or claimed any other performance of which I am aware. If you're repeating it, find the source and post a link, FFS. I want to believe a lot of what you say, but I agree with @jaredbusch here. It comes out like another scott-ism. It only sounds that way because you think I don't have sources for all of my stuff. You can always go look up Cisco performance, too, and see what it is. But you're the person spouting something off as a fact, so provide the source! This is correct, it is not our job to do research when you are the one claiming a fact. It is the reader's job to verify, but the reader cannot do that without the initial facts. Yes, I know you already answered. Just closing my part of the conversation.

@whoolly said in Switchvox phone issues: Vendor insisted he has never had any VOIP issues with Sonicwall and didn't want to budge on that. Even while it doesn't work. So you know that he'll say this to other customers now, even after this one. Chances are, he's had problems at all customers. SonicWall is culprit #1 for VoIP issues. I mean that literally. I get a call that someone has VoIP audio issues, my first question is always "Do you have a SonicWall?" Nine times out of ten, the answer is yes and nine times out of those ten, the SW was the issue. It's nearly a sure bet with audio issues. Had you led this question purely with "I have these audio issues..." we'd have said "I bet you have a SonicWall."

Just for reference... To get StarWind VSAN you need to get here: StarWind VSAN https://www.starwindsoftware.com/starwind-virtual-san

@msff-amman-Itofficer said in Cisco Aironet 1830 Issue with HTTPS Interface: So much for Cisco Over Engineering products Um.... do people actually think that?

Yes NTG can do that. We have a Cicso guy on staff.

@scottalanmiller said in Meraki MX400 NAT Question: @dafyre said in Meraki MX400 NAT Question: The team that is there now are the ones that have to convince the bean counters of the need to change. It's a tiny cost though, right? We are only talking about a minuscule investment, I think. If it saves a few hours of effort, doesn't that cover the cost? No you are not. You are neglecting to add in the labor costs and only calculating on the hardware costs. Physically changing everything will add labor cost. Ordering, configuration, staging, installation. Yes, something else is cheaper. But not as cheap as you try to make it sound. The existing solution is in place and already paid for. A simple support call resolved the configuration issue. There is no reason to spend additional capital to change a working solution until you have to plan for new spend on the solution. If the existing solution was actually not functional, or some other factors were in play to offset things, then it would certainly be worth switching solutions.

@art_of_shred said in Thoughts on a Ubiquiti/Cisco comparo?: This is just a project. What's the line? "Not my circus, not my monkeys"? I think it goes "not my circus, not my Sonicwall".

@Dashrender said in Time to gut the network - thoughts?: @JaredBusch said in Time to gut the network - thoughts?: Correct you do have QoS. It is on the VLAN, that contains the voice devices. So the following is an incorrect assumption. @scottalanmiller said in Time to gut the network - thoughts?: You might want to LEAD with.... since we discovered that QoS was not set up properly and has never been a problem we can assume that QoS and ensuring call quality cannot be the reason. Let them come up with a reason if you head that off at the pass. No, it's correct. They didn't do their jobs properly. They neither did the sensible, cost effective thing for the business, which would have been to not have a VLAN at all. Nor did they properly do QoS for your VoIP traffic. So no matter what, they didn't set up QoS correctly for you.

@Kelly said in OpenDNS, Now Part of Cisco: Actually, given the comma placement it means that OpenDNS is now part of both Cisco and an entity called Forrester on Ransomware. This is a very confusing line. Great catch, I knew that something further was wrong. So wrong.

@scottalanmiller said in NSA tools leaked, Cisco patches exploits found inside the leaked tools: Read: CIsco confirms that the US was NSA's targetted enemy Surprise, surprise...