A few problems...

Recently I decided to go ahead and upgrade Drupal as I had been lagging behind on some security updates. I performed all the necessary backups and such but, unfortunately, ran into issues with the restoring of the database.

And you might have seen the result. Packetbin was down. I could access the administration console but couldn't actually correct the errors that were causing the issues. I had been considering moving away from Drupal anyway and this sort of forced my hand.

So why move away from Drupal? While it's quite powerful with many extensions, it's a bit on the complicated side for what I'm doing here with packetbin. As such, something a bit simpler like Grav CMS makes a bit more sense. It's a lot simpler, using flat files and seems to run well.

It's worth noting the old links you may have may be broken and there's an issue with styling with some of the project pages. I'll be working to solve all these issues eventually.

Anyway... Let's hope we don't see this sort of issue again in the future.

-- Ryan Reed

[ # ]

interface redundant <1-8>
  member-interface <active interface>
  member-interface <standby interface>
  no shutdown
  exit
show interface redundant<1-8>        !! View active/standby interface information
redundant-interface redundant<1-8> active-member <desired-active-interface>        !! Change the active interface

Notes:

  • By default, the first interface added to the redundant interface will be the active interface
  • This is Cisco's recommendation for a failover configuration

Documentation

[ # ]

  1. Launch ASDM from a privilege 15 account
  2. Go to Configuration > Device Managment > Users/AAA > AAA Access > Authorization
  3. Click the button "Set ASDM Defined Roles"
  4. Select "Yes" to have ASDM configure the necessary Priv 3 and Priv 5 permissions
  5. Select "Apply" to set the configuration on the firewall

[ # ]

icmp permit host <ping from IP> <interface>
icmp permit <network ip> <netmask> <interface>

[ # ]

arp permit-nonconnected

Notes:

  • This is not recommended by Cisco due to security concerns
  • This was disabled by default in version 8.4(5). Prior to this, the firewall may ARP for non-directly-connected NAT IPs.

Documentation

[ # ]

route <interface> <ip to route> <subnet mask> <gateway IP>

[ # ]

!! On Primary Firewall
interface <int>        !! configure each interface with standby ip
ip address <ip> <netmask> standby <standby-ip>

interface <failover-int>
description LAN Failover Interface
no shutdown
exit
failover
failover lan unit primary
failover lan interface failover <failover-int>
failover interface ip failover <failover-int-ip> 255.255.255.0 standby <failover-int-standby-ip>

!! On Secondary Firewall
failover
failover lan unit secondary
failover lan interface failover <failover-int>
failover interface ip failover <failover-int-ip> 255.255.255.0 standby <failover-int-standby-ip>

[ # ]

fw tab -s -t userc_users    !! Number of currently connected VPN users
fw tab -f -t userc_users    !! List of currently connected VPN users
fw tab -t vpn_enc_domain_valid -f -u    !! View encryption domains (may be very large)

!! The following are for clearing peers if 'vpn tu' cannot be accessed
vpn shell /show/tunnels/IKE/all
vpn shell /show/tunnels/ipsec/all
vpn shell /show/tunnels/ike/peer/<peer-ip>
vpn shell /show/tunnels/ipsec/peer/<peer-ip>

vpn shell /tunnels/delete/all
vpn shell /tunnels/delete/IKE/all
vpn shell /tunnels/delete/IKE/peer/<peer-ip>
vpn shell /tunnels/delete/IPsec/all
vpn shell /tunnels/delete/IPsec/peer/<peer-ip>

[ # ]

cpca_client lscert -stat <Pending|Valid|Revoked|Expired|Renewed> -kind <SIC|IKE|User|LDAP>

!! Example to view valid SIC certs:
cpca_client lscert -stat Valid -kind SIC

Documentation

[ # ]

fw ctl arp

[ # ]