Abi Rendon – Sysadmin

This morning I was awoken by my alarm clock powered by electricity generated by the public power monopoly regulated by the US department of energy. I then took a shower in the clean water provided by the municipal water utility. After that, I turned on the TV to one of the FCC regulated channels to see what the national weather service of the national oceanographic and atmospheric administration determined the weather was going to be like using satellites designed, built, and launched by the national aeronautics and space administration. I watched this while eating my breakfast of US department of agriculture inspected food and taking the drugs which have been determined as safe by the food and drug administration.

At the appropriate time as regulated by the US congress and kept accurate by the national institute of standards and technology and the US naval observatory, I get into my national highway traffic safety administration approved automobile and set out to work on the roads build by the local, state, and federal departments of transportation, possibly stopping to purchase additional fuel of a quality level determined by the environmental protection agency, using legal tender issed by the federal reserve bank. On the way out the door I deposit any mail I have to be sent out via the US postal service and drop the kids off at the public school.

After spending another day not being maimed or killed at work thanks to the workplace regulations imposed by the department of labor and the occupational safety and health administration, enjoying another two meals which again do not kill me because of the USDA, I drive my NHTSA car back home on the DOT roads, to ny house which has not burned down in my absence because of the state and local building codes and fire marshal’s inspection, and which has not been plundered of all it’s valuables thanks to the local police department.

I then log on to the internet which was developed by the defense advanced research projects administration and post on freerepublic.com and fox news forums about how SOCIALISM in medicine is BAD because the government can’t do anything right.

(not mine)

Personal politics

Recently at work I was tasked with configuring a VPN tunnel between Cisco ASA 5505 to a Juniper SSG 320M. After hearing that it wasn’t compatible from many sources including our partners I just could not believe that this was the case, ipsec tunnels are a standard protocol and both Juniper and Cisco should be compatible with ipsec.

After a day of google searches and troubleshooting I couldn’t find a proper solution that was easy and explained properly for my type of standard setup. Here is how I configured an ipsec VPN tunnel between the SSG and ASA.

Cisco ASA 5505

• IP: 1.1.1.1
• Network: 192.168.1.0/24

Juniper SSG 320M

• IP: 2.2.2.2
• Network: 192.168.2.0/24

192.168.1.0/24 < -> 1.1.1.1 < --VPN Tunnel--> 2.2.2.2 < -> 192.168.2.0/24

Here is the actual configuration including all the access list to allow all traffic through, you will probably want to lock this down as it will allow all traffic through.

Cisco ASA 5505 Configuration

object-group network local_cisco_network
network-object 192.168.1.0 255.255.255.0
object-group network remote_juniper_network
network-object 192.168.2.0 255.255.255.0

access-list ciscovpn_nat_junipervpn extended permit ip object-group local_cisco_network object-group remote_juniper_network
access-list ciscovpn_nat_junipervpn extended permit ip object-group remote_juniper_network object-group local_cisco_network

access-list ciscotojuniper_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

crypto map outside_map 1 match address ciscotojuniper_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 2.2.2.2
crypto map outside_map 1 set transform-set ESP-3DES-SHA

tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
pre-shared-key

Juniper SSG 320M Configuration

set address “Trust” “192.168.2.0/24″ 10.248.1.0 255.255.255.0
set address “Untrust” “192.168.1.0/24″ 10.0.10.0 255.255.255.0

set ike gateway “1.1.1.1″ address 1.1.1.1 Main outgoing-interface “ethernet0/1″ preshare “” proposal “pre-g2-3des-sha”

set vpn “1.1.1.1″ gateway “1.1.1.1″ no-replay tunnel idletime 0 proposal “g2-esp-3des-sha”
set policy id 2 name “1.1.1.1″ from “Trust” to “Untrust” “192.168.2.0/24″ “192.168.1.0/24″ “ANY” tunnel vpn “1.1.1.1″ id 0xa pair-policy 1
set policy id 2
exit
set policy id 1 name “1.1.1.1″ from “Untrust” to “Trust” “192.168.1.0/24″ “192.168.2.0/24″ “ANY” tunnel vpn “1.1.1.1″ id 0xa pair-policy 2
set policy id 1
exit

This configuration will allow traffic from 192.168.1.0/24 to 192.168.2.0/24 and vice versa. On the Juniper side the name of the vpn and gateway I think are important otherwise the Phase 1 negotiation will not work. If I’ve missed something or if you don’t understand something please let me know.

I will probably need to configure this against a Cisco router in the near future so stay tuned for an update for the cisco side.

Labor, Sysadmin, Technology cisco, juniper, work

The conflict between religion and science astounds me. The philosophical basis of nearly all popular religions stress the importance of humility. Is there a more humble institution than science? Its foundation stands on the idea that you must give up your preconceptions in the face of evidence to the contrary, no matter how much you may be comfortable in your ways. This idea doesn’t only apply to things like the elemental composition of the corona of distant stars, it goes for anything a thinking creature observes in its environment if it wants to do anything more than eat and fuck and swing from trees.

The power to collectively observe and document our world is an incredible gift, and is responsible for everything humanity has created, from the worldwide computer network with which you read this, to the actual written word language in which this opinion is expressed.

To deny science is to deny that which makes you human.

Quote from forum user the_ruiner of somethingawful.com

Personal religion, science

With help from MyDellMini.com I’ve installed OS X on my new Dell Mini 9 netbook.

Here’s a few pics from the install.

Home

Just testing out a logo for my craphost.com design, this will essentially be a clustered fault tolerant scalable hosting system that I’ve been working on for quite some time. Starting out with craphost.com for beta testing and trying out pricing models and will start up professional services with more features and uptime guarantees as I work out the kinks.

Projects design, photoshop

Now that The Adam Carolla Show is off the air he’s moved over to a podcast format, listen to him now!

http://carollaradio.com/2009/02/23/acp-20090223/

Check him out, uncensored and unedited.

Home carolla, radio

I’m just testing the wordpress plugin for the iPhone. So far it looks like it’s pretty good. I’m still looking for new iPhone apps too.

Technology phone

As some might have noticed, I’ve recently updated my domain to abirendon.com and I’ve also applied a new wordpress theme, just made a few tweaks but it all seems to be working splendidly and it looks good.

I’ll be posting some guides on setting up and configuring VMWare ESXi, converting VMWare Server VMs to ESXi format, configuring a raid 5 array on an MSA20 via linux command line and hopefully some more interesting pictures.

I’ve also just bought an iphone so I’ll probably be messing around with doing updates on the go.

Home, Personal, Sysadmin, Technology design, domain, hp, vmware

After many warnings and fears there was in fact many a snow fall in the greater Seattle area… I’ve documented my neighborhood and what has come to pass…

Read more…

Personal pictures, snow

Today was a busy day, at Airbiquity we went live with the Ford Sync Project, but before that I did some work for my own project.

We installed some new hardware, this includes 2 new VM servers and a storage array as well as networking equipment.

Read more…

Projects hp, pictures, servers, wtfserve