Posts

Showing posts from April, 2011

Na to Roop hai, Na toh rang hai (Lyrics)

One of the most beautiful bhajan I encountered . This Bhajan is written by Shri Bindu Goswami. It elucidates that we are full of deficiencies, yet given a chance for salvation. 


न तो रूप है न तो रंग है , न गुणों की कोई भी खान है |
 मेरे श्याम कैसे शरण में लें, इसी सोच में मेरे प्राण हैं | न तो रूप है , न तो रंग है ||

नफ़रत है जिनसे उन्हें सदा, उन्ही अवगुणों में मैं हूँ बंधा | कभी कुटिलता है कपट भी है, मद भी  है और अभिमान है |मेरे श्याम कैसे शरण में लें इसी सोच में मेरे प्राण है |न तो रूप है न रंग है |
मन क्रम वचन से विचार से लगी लौह इस संसार से, पर स्वप्न में भी तो भूल कर कभी उनका कुछ भी न ध्यान है|मेरे श्याम कैसे शरान में लें , इसी सोच में मेरे प्राण हैं ||न तो रूप है, न रंग है |
सुख शान्ति की तो तलाश है , साधान न एक भी पास है | न तो योग जप तप कर्म है न तो धर्म पुण्य ही दान है |मेरे श्याम कैसे शरण में लें इसी सोच में मेरे प्राण है ||न तो रूप है, न रंग है |
एक आसरा है तो है येही, क्यों करेंगे मुझपे कृपा नहीं | एक दीनता का हूँ बिंदु मैं , वोह दयालाता के निधान है |मेरे श्याम कैसे शरण में लें,…

Checkpoint R65 and Cisco ASA IPSec VPN Drop

Image
I ran into this issue where the Checkpoint R65 IPSec tunnel kept on dropping with Cisco ASA. I actually had faced an issue in the past like this and I thought it will be a good idea to document the solution. I had tough time digging up the solution which I used some time back. Fortunately I had a badly written OneNote document which came to my rescue. To troubleshoot the issue and to make sure you need the below solution here is what you need to do. Kernel Debug IKE Debug Both the above need to be done on the Checkpoint end (Honestly, debugging Cisco will give no results. Kernel DebugThe Kernel debug is simple to execute. Make sure you execute this when the tunnel is down. Log into the enforcement module (The security gateway) and execute the below command
fw ctl zdebug
You may also choose to use other commands like
fw ctl debug –buf 12288
Once you execute, it will start spitting out errors like


vpn_ipsec_decrypt Reason: decryption failure: Could not get SAs from packet

This will prove …

Design Strategies in F5 LTM–Part 1

Image
A key to an effective, resilient and robust network is a good design. Big IP design is a key for faster and more effective failover leading to greater availability and lesser convergence time. This blog is written with the deployment considerations that are done. A Big IP works like a switch, having VLAN’s and Spanning Tree Protocol. This enables the Big IP to fit right into your LAN design. You are offered with choices of Active/Standby (Failover) pair or Active/Active or as I like to call it, the “load balance your load balancer” pair, which doubles up on covering for each other. All this is feasible with the concept of “Floating IP”, “Gratuitous ARP” or “Mac Masquerading”. When the initial configuration of Big IP is done, these are things you need to consider, What business purpose will this need to serve?How many businesses are going to be using it?Where is the load balancer going to be located physically?Where are the Servers that need to be load balanced going to be located?Well…

Configure MLFR (Multilink Frame Relay) on Juniper SRX Firewalls

Image
I came across one of the Integrated Services type firewall, and was asked to configure a MLFR bundle on it. The firewall was Juniper SRX (I admit, I love these boxes). But MLFR on a firewall … who has heard of those. I had prepared for doing a MLPPP but on the turn up call, the service provider wanted us to use MLFR as that’s what they supported for that particular site. For the non techy gurus who are wondering what the MLFR is, it’s a simple Multilink Frame Relay Bundle, meaning you have more than one T1/E1 Link and you bundle them on frame relay (Yes … some of us still use Frame Relay )More often you would have done MPPP bundling, but the exciting part was to do a MLFR between Juniper and Cisco and on the Juniper end it was a firewall. Here is a simple diagram
As you can see the connectivity from customer perspective is pretty simple. There are 2 Physical links going on the Service Provider network (T1 Links) and we need to create a bundle logical connectivity (The Solid red line …

Trip to Portland, OR

Image
I have been recently travelling for work and I got to travel to the West Coast for work. I was travelling to Portland in Oregon to work for a Client and redesign their network. The work was fun !!! (I know what you are thinking … Yeah right ) Well, Honestly, the work was not bad. I actually enjoyed working there, there is one more thing that I really enjoyed….. Natural Beauty !!! Portland (and Nearby places) was one of the most beautiful destinations I had seen in US from a Natural Beauty standpoint. Over the weekends, I could just pick a direction and drive and I was sure to come across some awe inspiring natural beauty (Which did inspire me to go learn HDR photography). I did visit a lot of places over weekends out of which a few were Crater Lake Mount RainierMt. Hood Washington Park – Rose GardenCannon Beach So On and so forth…. Every place had its own charm (Though it got boring after a while… it was really beautiful) My first visit was to Crater Lake. I drove down to Crater Lake…

Upgrade currently unlocked 3G[s] iPhone (Using Black Rain) from 3.1.2 to 4.1

Image
Not long ago, there was a time when the iPhone 3G[s] was very famous and people used to buy it and Jailbreak and unlock it for the use with other carriers. One of the famous tools for jailbreaking at that point in time was blackrain. Almost every one I know used the black rain on the iPhone version 3.1.2 and used the blacksnow for the unlock. 
This works great but there is one issue. Most people on the New boot rom got a tethered Jailbreak, which means they have to use blackrain every time ( http://bit.ly/grYDye ). After that a lot of untethered jailbreaks were released and they want to go there. 
I had the same experience, so I thought I would document it here, 
DISCLAMER: Please use this guide on your own risk. I am not responsible for anything that happens to your phone due to this. I have used the same procedures and it worked for me.If you have any questions, put those on the comments and I will try to answer them. 
All the software is also available from the internet. I clai…