Global Config Technology Solutions, Inc.

Technology Insights, Tutorials and Course Development

  • Home
  • My Video Courses
  • About Me
    • Disclaimers
  • Contact Me
  • Subscribe Options
You are here: Home / 2015 / Archives for May 2015

Archives for May 2015

ASA Upgrade Tip: What’s in a Name?

May 28, 2015 by bcarroll 2 Comments

Although the ASA is already in 9.x code, I’ve recently come across multiple clients that are chugging away on 8.2.x code. I’ve seen quite a few upgrades lately, but one that stands out was not as smooth as some might think. Here’s why.

The ASA upgrade path is well documented. Still, following the instructions don’t always yield the same result. What should you look for if you end up with a boot loop? Names. That’s right, names.

In ASA 8.2 code it’s possible to create a name to IP resolution using the name command.

name 10.1.1.1 SuperServer1

This name can be used in static nat statements, ACL’s and so on. However the new ASA code, 8.3 and later, use network objects instead. This is all well and good, and you’d expect the migration to convert these names to objects, however I’ve seen and ASA with numerous name statements go into a boot loop upon upgrade from 8.2(5) to 8.4(6). How do you remedy this? It’s easier than you think.

To remedy the boot loop scenario try to remove the names. It doesn’t have an adverse effect on the configuration as it simply converts every use of the name to the IP address in the configuration.

clear configure name

-or-

no name X.X.X.X {name}

After removing the names try your upgrade again and the boot loop should resolve itself.

Enjoy!

Filed Under: Labs, Tutorials Tagged With: asa, asa 8.2(5), asa 8.4(7), asa 9 upgrade, asa upgrade

Cisco ISE 1.4 Update: A Few New Features but Nothing Exciting

May 11, 2015 by bcarroll Leave a Comment

Cisco ISE 1.4 was released about a week ago. There are a few new features but overall the release is not as exciting as the 1.3 release. In this release Cisco has added SAML Single Sign On (SSO) for the Guest portal (sponsored and self-registered), Sponsor portal, and My Devices portal.

Cisco also added automatic failover for the Administration persona. The release notes state you need at least two nodes in your distributed setup to assume the Administration persona and one node to assume the non-Administration persona. If the Primary Administration Node (PAN) goes down, an automatic promotion of the Secondary Administration Node is initiated. This is possible because the non-administrative node acts as a health check node for the admin pair. So upon failure the non-administrative node must initiate the failover. So basically it’s HSRP, but not as good. I mean its ASA failover, but not as good. I mean… well…you have to have a third node. Don’t we know how to do this with two nodes now? At any rate, it’s a feature that some will want.

All the gory details can be found at http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/release_notes/ise14_rn.html#pgfId-484485.

Filed Under: News & Opinion Tagged With: Cisco ISE, ISE 1.4

Find Me Online

  • Facebook
  • Twitter
  • YouTube

Archives

Copyright © 2017 · Global Config Technology Solutions, Inc. · Log in