Profile

Cover photo
Pete Long
Works at Coniston IT
Lived in Middlesbrough
155 followers|61,638 views
AboutPostsPhotosVideos

Stream

Pete Long

Shared publicly  - 
 
 I've been configuring a client's Juniper SRX chassis cluster, for a while now. Their ACS was deployed last week so my task was to configure it to use the TACACS+ from the Cisco ACS server.
JunOS - Using TACACS+ With Cisco ACS. KB ID 0001040 Dtd 01/03/15. Problem. I've been configuring a client's Juniper SRX chassis cluster, for a while now. Their ACS was deployed last week so my task was to configure it to use the TACACS+ from the Cisco ACS server. The client's setup required them ...
1
1
Arsen Zhanatayev's profile photoAref Nader's profile photo
2 comments
 
Hi Pete, I've question. Can you show configuration of Command Sets for JunOS in your ACS? Also, it is correct when you select PermitAccess for authorization If no rules defined or no enabled rule matches?
Add a comment...

Pete Long

Shared publicly  - 
 
I've been posting domain time articles for a long time, and on more than one occasion I've really needed to take my Windows time from a Cisco Device and failed miserably. I've even used third party NTP software to solve this problem on my own test network.

On a client network, my colleague deployed ACS5 this week, I secured the ASA5585-X for AAA it failed, logging revealed a clock skew error, so we manually set the time on the domain PDC. Within half an hour it was failing. The network topology prevented me from simply syncing to a public NTP server from the domain PDC.

We did however have all the network devices syncing from a public time source, if only we could use one of those?
1
Add a comment...
 
One of my goals is to become better with PowerShell. I came across PowerShell Web Access and thought I'd have a play with it, it runs on a 2012 IIS web server, and It lets you connect to that host (via https) then launch a PowerShell secure connection to machines in your network
1
Add a comment...

Pete Long

Shared publicly  - 
 
04/02/15 - I've done a lot of AnyConnect deployments, and I've even done them with certificates in the past. I've seen plenty of articles and blogs that say 'It would be better to use a PKI deployment like Microsoft Certificate Services', but there's very little info out there on how to set it up.
1
Add a comment...

Pete Long

Shared publicly  - 
 
Apart from the fact that's an appalling spelling of recognise, I got bitten by this last weekend. I don't use the ADSM as a rule so it would not normally be a problem, the only thing I do use the ASDM for is certificates, (it's just easier)
1
Add a comment...
 
I've had the Windows 10 technical preview for a while now, but other that run it up in VMware workstation I've not done much with it. Today I wanted to check something, and found out my build was too old. "I wonder if I can update it 'in place'"
1
Add a comment...
Have him in circles
155 people
SONYA's profile photo
YP Singh's profile photo
Brian James's profile photo
Edgar Collins's profile photo
Léon Boers's profile photo
Даулет Бейсенбиев's profile photo
arunava sen's profile photo
PEG Micro Informatique's profile photo
Ernie Ayres's profile photo

Pete Long

Shared publicly  - 
 
Updated - In the last couple of weeks, I've been doing more JunOS work, so I ran up a virtual SRX Firefly device in VMware ESXi to do some testing and documentation with. But while setting up, I needed to test connectivity with ping, and didn't have the GUI. So heres how to do it from CLI.
Juniper SRX Firewall - Allow 'Ping' to the outside 'untrusted' interface
1
Add a comment...

Pete Long

Shared publicly  - 
1
Add a comment...

Pete Long

Shared publicly  - 
 
Seen on a Microsoft Certificate Services server running NDES. I got this error every time a network device tried to enroll with the NDES server. You are seeing this error because the NDES server is expecting the password that generated by visiting the mscep URL.
1
Add a comment...

Pete Long

Shared publicly  - 
 
I was setting auto-enrollment this morning, and the computer certificates were getting issued but not the user ones. The policies were correct, the registry keys on the clients were correct, even RSOP told me the users 'should' be getting certificates.
1
Add a comment...

Pete Long

Shared publicly  - 
 
I had an ASA Active/Standby problem last week, each time I tried to make the primary firewall active, it would fail straight straight back. A look on the ASA told me the problem was one of the clients DMZ connections, (it was stuck in a 'waiting' state). A no monitor-interface DMZ command let me bring the primary ASA up active, but I had to visit the site to investigate the problem.
1
Add a comment...

Pete Long

Shared publicly  - 
 
Last time I had to do one the process was very straight forward, one command and the ASA got its new image from FTP, extracted it, and then installed it. I had a CX module fail last week, and Cisco shipped me out a replacement. After installing it and running the setup, I needed to upgrade it.
1
Add a comment...
People
Have him in circles
155 people
SONYA's profile photo
YP Singh's profile photo
Brian James's profile photo
Edgar Collins's profile photo
Léon Boers's profile photo
Даулет Бейсенбиев's profile photo
arunava sen's profile photo
PEG Micro Informatique's profile photo
Ernie Ayres's profile photo
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Previously
Middlesbrough - Antrim - Tidworth - Chatham - Osnabruck - Dover
Story
Tagline
Author of http://www.petenetlive.com
Work
Employment
  • Coniston IT
    Networked Systems Engineer, present
Basic Information
Gender
Male