Friday, April 24, 2009

Ghost Network Cards after a P2V migration

I have learned many invaluable things in the past few days about P2Ving live production systems... but none so important as the following little gem. It seems that with most systems, when you P2V them you end up with Ghost network cards for each of your original physical NICs... that is, they do not show up in the device manager, yet they still use the static IP addresses you had assigned, do funny things to network communication and name resolution, etc. Here is how to get rid of them:

1) Open a command prompt and type in "SET DEVMGR_SHOW_NONPRESENT_DEVICES=1". You will not get a confirmation back, it will just drop back to the prompt. Now, in the SAME CMD window, without closing it...

2) Type in "DEVMGMT.MSC" to open the device manager from the command prompt. This is critical, if you dont open it from the same CMD window you typed the first step in, it wont work.

3) In device manager, go to View > Show hidden devices

4) Expand nic cards and right click on each fadded network card to remove it.

I tried following similar instructions over and over, and it was not until I launched the DEVMGMT.MSC from the command prompt that I set that first variable in that it worked.

Once I removed the ghost nic cards, set my static IP back to what it was supposed to be (as VMware converter gives the new vNIC a DHCP address) then rebooted, all was well.
Posted by at No comments:
Labels: , , ,

Monday, April 6, 2009

The Six Simple Steps to a working ASA

Working with a Cisco ASA series can be daunting up front, especially when trying to configure it from the command line... but when you distill out all the fancy frills and extra features, there are really only six core components that need to be configured for a working firewall. Here they are:

Step1: Configure the internal interface vlan
------------------------------------------------------
ASA5505(config)# interface Vlan 1
ASA5505(config-if)# nameif inside
ASA5505(config-if)# security-level 100
ASA5505(config-if)# ip address 192.168.1.1 255.255.255.0
ASA5505(config-if)# no shut

Step 2: Configure the external interface vlan (connected to Internet)
-------------------------------------------------------------------------------------
ASA5505(config)# interface Vlan 2
ASA5505(config-if)# nameif outside
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address 200.200.200.1 255.255.255.0
ASA5505(config-if)# no shut

Step 3: Assign Ethernet 0/0 to Vlan 2
-------------------------------------------------
ASA5505(config)# interface Ethernet0/0
ASA5505(config-if)# switchport access vlan 2
ASA5505(config-if)# no shut

Step 4: Enable the rest interfaces with no shut
--------------------------------------------------
ASA5505(config)# interface Ethernet0/1
ASA5505(config-if)# no shut
Do the same for Ethernet0/1 to 0/7.

Step 5: Configure PAT on the outside interface
-----------------------------------------------------
ASA5505(config)# global (outside) 1 interface
ASA5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0

Step 6: Configure default route towards the ISP (assume default gateway is 200.200.200.2)
-----------------------------------------------------------------------------
ASA5505(config)# route outside 0.0.0.0 0.0.0.0 200.200.200.2 1
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)