Cisco ASA 8.4 Static PAT- Can't access your external website interally?

Ah the ASA, nothing like a good headache for a Saturday night. I just setup my ASA5515-x and got my external port fordwarding setup (guide) and my interanlly hosted webserver live. It would resolve on my phone or a remote computer just fine. Locally, it would just time out. In 8.4 they removed the DNS rewriting found previously. Here is the solution.

External IP: 50.50.50.50
Internal Webserver IP: 192.168.2.30

object network Public_Server

host 50.50.50.50

 

object network Internal_Server

host 192.168.2.30

 

nat (inside,inside) source dynamic any interface destination static Public_Server Internal_Server

 

same-security-traffic permit intra-interface

Works great now!

https://supportforums.cisco.com/thread/2157443

ESXi Colo part 2: The All-In-One storage and VM host

I had to delay this post due to some projects at work- Enjoy!

After a few weeks of waiting on various parts, I finally have everything together for my ESXi colo box. I finished assembling it after the holidays and got it burnt it in. I left the major config for some downtime around the office. Of course the day I got it racked an immediate work related need for a lab environment came up. The last few days I have spent my spare time configuring the storage passthrough and setting up the All-in-One.

If you are not familiar with the concept of a All-in-One ESXi host, I suggest you check out www.napp-it.org. Gea, the creator of Napp-IT has inspired a new line of high performance, compact, All-in-One storage/VM hosts. From his background in education and small budgets, he decided to ditch the traditional SAN "network" and build redundant All-in-One Hypervisor and storage hosts.

The basic requirements/recommendations of a All-in-One are as follows:

Supermicro X8/X9 motherboard supporting VT-D
Fast processors (Think Dual Quad 2.5 min or an e5-26xx hex core)
As much ram as you can afford (32gb+)
LSI (or rebadged IBM) HBA's
(2) SSD's for SAN OS
X of disks for the shared Pool
SSD's for Cache drives if possible
USB Key for Hypervisor

My system fits the bill perfectly.
X8DTE Motherboard
(2)Intel x5650 processors
192GB DDR3 10600 ECC REG
(2) LSI 9211-8i HBA
2 160gb Intel SSD for Open Indiana
4 Crucial M4 256gb SSD cache/log/ect
4 Crucial M4 512gb SSD VM OS drives
2 3TB Seagate 7200rpm Spindle archival drives
16GB HP Thumbdrive for the Hypervisor

The initial setup via Gea's guide is very simple:
1) Load ESXi onto your thumb drive
2) Install OpenIndiana on to a 40gb Datastore on OS SSD1
3) Pass the LSI HBA through to the OI VM
4) Install Napp-It and mirror the OS drives
5) Create a storage pool with the disks passed through the HBA and enable NFS (In my case, RaidZ10)
6) Create a Vswitch in ESXi with a second dedicated NIC for SAN traffic using the vmnet driver
7) Assign static IP's to the new SAN nic in OpenIndiana
8) Add the datastore in ESXi
9) Install vmware tools on OpenIndiana
10) Start benchmarking!

So far I have seen 1100Mb/s Read and 325Mb/s Write. It has been up solid for a month now hosting ~5 test VM's and I can't wait to start loading it down. Next up I will attach a large pool of spindle disks for some Raid Z testing.

Designing a network for a Small-Medium Business

Last year I started on the redesign of my works network. I wish I had read this article first! It condenses all the individual knowledge I gathered online in to a single, easy to understand article.

http://arstechnica.com/business/2010/02/designing-a-highly-reliable-small-medium-business-network/

Installing VMware Tools in OpenIndiana151a fails

I came across this issue today where I could not get VMware tools to install. Thankfully I found this very helpful post: HERE

Make sure to run when you are done.

# /etc/init.d/vmware-tools status
The output is similar to:
vmtoolsd is running

Here is the VM KB article:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1023956

A ESXi colo lab build. Part 1: Hardware

Happy Holidays! It's always a busy time of year around home, but thankfully I got to take 10 days off work! I figured it was time to update the blog, with work related things.... wait a second I'm supposed to be relaxing! :)

Moving on.

Since starting my new job nearly a year ago my home lab has been kept busy running several test environments for work. I watched my powerbill go up $30/m, despite using fairly power conservative hardware. Not to mention the $50/m second DSL line for firewall evals (nothing like the real world to proof something out.) Ok ok, maybe I could have skipped the 2nd internet connection, but still! At work, the warehouse data center has finally started to shape up. Our power work was just completed last month and everything seems to be running smoothly. No better time then now to colo a new lab box :).

Plus who wants this in their living room?

(Old home lab, testing HP switch gear and FreePBX phone system.)

Like 90% of everything else I build, I started by gathering recycled parts. After months a few months of cleaning and saving random bits from recycled systems before they headed to the e-waste bin, I finally came up with a random assortment of project leftovers, e-waste, and some "new" parts. The chassis was one I bought for a previous ESXi + OI all in one build that ended up shelved. The motherboard was a open box special off newegg, and the ASA/HP switch were left overs from a early switching lab. Now I realize to most people this is not what you would find headed for recycling and I would not let it. I try to keep a small stock of parts like this for in house use. You never know when you will need that 32GB of DDR3 or LSI HBA's.

System specs:

Supermicro SC826E1-R900 with hotswap powersupplies

(2) Intel Xeon x5650 2.66/12mg 6 core processors

Supermicro X8DT3-O with IPMI 

(12) 16GB DDR3 ECC REG

(2) LSI 9211-8i HBA

(1) LSI 9211-8e HBA

(2) Intel 160gb x25

(5) Crucial M4 256gb

(5) Crucial M4 512gb

(2) HP 16GB Thumbnail flash drives for ESXi install

Storage:

Supermicro SC846A-R900B 24 bay JBOD

24x Seagate 1TB 7200rpm drives

Networking:

HP 1910-24G

Cisco ASA5505-SECPLUS

Backup:

Synology DS219j

2x3TB drives

I recently upgraded out licensing from vSphere Essentials to Essentials plus, but kept the old licensing for two test servers and this lab box. Once all setup, I should be able to VPN in and setup how ever many test boxes, maybe a game server or four, haha. 

(Early picture with 48GB)

I can't wait to get this racked. Not only will it vastly increase the number of VM's I can run, but it will not longer cost me ~$80/m to run at home. I can not stress this enough- having a lab environment to test out routing issues, build server environments, and even built images in that is not directly associated with your production environment is critical! I got away with a Quad Core/32gb ram and a small HP n40l SAN for 15 machines, but it was painful.

Next up: Racking and storage configuration. I plan on building that ESXi + OpenIndiana + ZFS/NAPP-IT pass through All-In-One system and using it. Once everything is setup, it is time to play!

Lexmark scanning to email with Gmail

I recently replaced several of our printers with Lexmark X548 multi-function units. I finally got a chance to setup scan to email and hit an all to common bug. We use Google Apps for Business and no

matter what settings I tried, I could not for the life of me get authentication to work. I kept getting 530 errors. Finally I found a post on a unrelated printer suggesting I try a Google SMTP server I had never heard of: aspmx.I.google.com.

Using the following settings, it works perfect.

Primary SMTP Gateway: aspmx.I.google.com

Primary SMTP Gateway Port: 25

Use SSL/TLS: Disabled

SMTP Server Authentication: No Authentication Required

Device UserID: username@yourdomain.com

Device Password: password

Hope this helps someone!

The HP Microserver N40l- Your next ZFS based home NAS!

I know I am posting this late in the scheme of things, but a colleague at work asked me this week what I use at home for my NAS. At first, I recommended a Synology DS1512j, but not everyone has that kind of money. He wanted something cheap and expandable. We use Solaris/ZFS on a daily basis to store petabytes of data and I adopted Openindiana 151a as my home fileserver days after its release. Shortly after, HP released the 2nd revision of its Microserver, the n40l. What a great combo! A low powered server that natively supports 4 hot swap disks for $249 on sale? Why not?

Here is the quick run down:

Hp N40l
Amd Turion II Dual Core 1.5ghz
8gb 2x4gb Unregistered DDR-3 ECC ram max
1000G-baseT ethernet
USB/ESata
4x 3.5 Internal hard drive bays
1x 5.25 ODD bay

My personal config adds:
6x 3tb 3.5" Hitachi drives, 2 in the ODD bay
1x LSI 1068e HBA
2x 160gb Intel x25 SSD's in the ODD bay
1x 80gb Intel x25 SSD in the space between the ODD bay and lower case
1x Intel 1000G-baseT PCI-E 1x nic

Running:
OpenIndiana 151a
Napp-It (www.napp-it.org)

This gives me 12TB of storage with Zil and Write cache drives at 30watts! I was so happy with it, I bought a second when they came on sale for $199. It is currently my ESXi NFS datastore configured below:

N40l
8gb Unregistered DDR3 ECC
LSI 1068e
Intel Pro1000 Nic
4x 1.5tb Seagate 7200rpm in RAIDZ
4x 160gb Intel x25 in Raid10
Icydock 4x 2.5 in one 5.25 bay

This serves up 220mbps Write and 680mbps Read! Considering these are older Sata 2 drives and controllers, I am perfectly happy, considering I am limited to a single 1gb link to my ESXi host.

Anyways,
If you are looking for a great home NAS, look no further then a N40l running either Solaris/FreeNas.