Thursday, June 20, 2013

Troubleshooting IPSec Phase2 issues

Problem - '#sh crypto ipsec sa' shows packets are being encrypted outbound but no packets are being decrypted inbound.

  Check the following: 

  •     Crypto ACL at either end is a mirror of each other. Use host to host /32 addresses don't use subnets
  •     Check routing at remote end is in place with correct exit interface
  •     If traffic passes through a Firewall towards the VPN terminating peer check that NAT Traversal is in place - apply:

             policy-map global_policy
                 class inspection_default
                      inspect ipsec-pass-thru

  •     Check that port 500/4500/ah/esp are permitted on outbound acls to the remote end. Look at ACL's.
  •     Check that 'sysopt connection permit-vpn' is applied to permit IPSEC protocols to by pass ACLs that are applied to the tunnel interface

Thursday, June 13, 2013

Off Topic - Spark's Laws

I decided I'd write down some of my musings. Nothing structured just observations from family life, work life and life in general.

Here you go:

Spark's Laws

#1 - Always tell the truth, that way you never have to remember anything
#2 - The smaller the child the bigger the splash they can make in the pool
#3 - The smaller the child the bigger the poo you have to clean up
#4 - If everyone did their job right first time, every time we could all have Fridays off.
#5 - You have to pay tax. Get over it.
#6 - The public can't handle the truth. - The truth is war is not nice but at times necessary to stand up for freedom. Taxes are not nice but pay for everything around you.
#7 - The media can't handle the truth. - They expect politicians to be honest but when one is honest and says 'Yes, I made a mistake' they hound them until they are forced to resign, instead of allowing them to learn, improve and move on. Is it any wonder Politicians lie? (and sports personalities for that matter)
#8 - Nature is cruel. Civilization, technology, and education does not change that.
#9 - Project deadlines are simply the date at which the project gets signed off, renamed, restarted and the PM gets their bonus regardless of what is achieved
#10 - If you want a project to run smoothly. Show the PM where the coffee machine is, close the door, and continue as normal.
#11 - The earlier in a project life cycle you implement your build the higher the certainty you'll have to back it out and rebuild it with 'new, unexpected' requirements that should have been captured right at the start.
#12 - The job's not done until you've finished the documentation.
#13 - In business, once you start copying the competition you've lost.

I'll add more as I think of them.

Cheers.