Archive for September 27th, 2006
Wednesday, September 27th, 2006
Things to remember
Two new technical tips for those reading that don’t want to seem like total douchebag idiots at an IT job:
1) when creating an Active Directory domain controller, remember to go into Administrative tools -> Active Directory Sites and Services -> plus out to the server name you added as a domain controller using the server wizard, and right click on NTDS settings -> go to properties and select ‘Global Catalog’ to index the server into replication between all servers. This makes sure that the other servers in the site will replicate all necessary information needed to fully host the domain on that box.
2) when creating a Cisco Site to Site vpn, remember to add the access rules to both firewalls. Example:
isakmp identity address <-- this is needed
isakmp nat-traversal 20 <-- this is also needed
Change the no-nat ACl to be -
access-list inside_outbound_nat0_acl permit ip ‘xxx.xxx.xxx.xxx’ 255.255.255.0 ‘yyy.yyy.yyy.yyy’ 255.255.255.0
Change the crypto map ACL to be the same -
access-list outside_cryptomap_20 permit ip ‘xxx.xxx.xxx.xxx’ 255.255.255.0 ‘yyy.yyy.yyy.yyy’ 255.255.255.0
substitute xxx.xxx.xxx.xxx for your sites internal class c address and yyy.yyy.yyy.yyy for the opposite site’s internal class c range