Periodically, when amnesia strikes and I can't recall how I made this work the last 20 or so times I did it before, I get baffled, and start all over from the beginning.
I could be talking about anything, I suppose, but in this case I'm installing Java or the JDK as it's fondly called, and Tomcat and twelve billion dependencies it has on a server, in this case Linux.
Do yourself a favor here that I forgot when I was writing this blog ... see if java is already installed. If it's some antiquated version before 1.5, remove it, unless you know you need it. rpm -qa | grep on java and on jdk to make sure you're not missing anything.
In the past I've used the works and packages of the fine jpackage.org folks. This time is no exception.
First, dig deep in Sun's website until I find a 1.5.0 binary for Linux. I downloaded the Linux RPM in self-extracting file: jdk-1_5_0_14-linux-i586-rpm.bin.
For the uninitiated, it's easiest to use wget to get the binary right onto the server without any intermediate file saving, scp-ing, and the like, but since Sun's URLs are about 5 miles long, they fail wonderfully with the error: blahblahblah "File name too long."
So to make this work, use:
wget -O jdk-1_5_0_14-linux-i586-rpm.bin http://reallylongurlfromsuncopiedandpastedfromtheRPMinselfextractingfilelinkthatendsin/jdk-1_5_0_14-linux-i586-rpm.bin
and then, to our wonder and amazement, it will work. I also often forget this and the reminder is really for me, but if it helps you, all the better.
then, extract the .bin file:
./jdk-1_5_0_14-linux-i586-rpm.bin
which dumps a rpm in your pwd.
then install the RPM, do I need to say how to do this, well okay then:
rpm -i jdk-1_5_0_14-linux-i586.rpm
but then the fun begins, like finding out an older 1.4.2 version was installed already and I didn't delete it before I began this process so installing the rpm gave the message:
[root@server jdk]# rpm -i jdk-1_5_0_14-linux-i586.rpm
package jdk-1.5.0_14-fcs is already installed
and look, rpm -qa | grep jpp gives a whole big list of pkgs, do I need to remove them all? (yes, is the answer you'll see later)
[root@server yum.repos.d]# rpm -qa | grep jpp
bsh-manual-1.3.0-9jpp.1
bsh-javadoc-1.3.0-9jpp.1
tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5
xalan-j2-2.7.0-6jpp.1
jakarta-commons-logging-1.0.4-6jpp.1
java-1.4.2-gcj-compat-javadoc-1.4.2.0-40jpp.112
jpackage-utils-1.7.3-1jpp.2.el5
xmlrpc-javadoc-2.0.1-3jpp.1
java-1.4.2-gcj-compat-1.4.2.0-40jpp.112
tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5
bsf-2.3.0-11jpp.1
bsh-1.3.0-9jpp.1
jakarta-commons-codec-1.3-7jpp.2
jakarta-commons-httpclient-3.0-7jpp.1
java-1.4.2-gcj-compat-devel-1.4.2.0-40jpp.112
ldapjdk-4.18-2jpp.3.el5
antlr-2.7.6-4jpp.2
junit-3.8.2-3jpp.1
xmlrpc-2.0.1-3jpp.1
java-1.4.2-gcj-compat-src-1.4.2.0-40jpp.112
Okay, so to begin, let's update /etc/yum.repos.d to include the jpackage repository:
in the /etc/yum.repos.d do:
wget http://www.jpackage.org/jpackage17.repo
but do you see the problem ... I don't want 1.7, I want 1.5, so how do I get that?
What I did was create my own jpackage50.repo file containing this:
[jpackage50-generic]
name=JPackage 5.0, generic
baseurl=http://mirrors.dotsrc.org/jpackage/5.0/generic/free/
gpgkey=http://www.jpackage.org/jpackage.asc
gpgcheck=1
enabled=1
[jpackage50-generic-nonfree]
name=JPackage (non-free), generic
baseurl=http://mirrors.dotsrc.org/jpackage/5.0/generic/non-free/
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc
enabled=1
and now I'll go hunting to remove the jpps:
deleted all the jpp rpms except these:
bsh-manual-1.3.0-9jpp.1
bsh-javadoc-1.3.0-9jpp.1
jpackage-utils-1.7.3-1jpp.2.el5
xmlrpc-javadoc-2.0.1-3jpp.1
now reinstall jdk:
rpm -ev jdk-1.5.0_14-fcs
rpm -iv jdk-1.5.0_14-fcs
install java-compat from jpp:
rpm -iv java-1.5.0-sun-compat-1.5.0.14-1jpp.src.rpm
which seemed to work, but rpm isn't listed with rpm -qa | grep java
but what did work:
yum install java-1.5.0-sun-compat-1.5.0.14-1jpp
and now it's in the rpm list. yay!
and java -version shows the new version - yay yay!
[root@quinoa jdk]# java -version
java version "1.5.0_14"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)
figured out I need tomcat 5.5, not 6.0, and a handy
yum list *tomcat*
gave me a list of all tomcat options, giving me a choice between tomcat5 (which was really 5.5.23) and tomcat6.
ran
yum install tomcat5
and away it went, installing the 37 dependencies and tomcat5 from jpackage.
it ended with this error:
/usr/bin/build-jar-repository: error: Could not find xml-commons-apis Java extension for this JVM
/usr/bin/build-jar-repository: error: Some specified jars were not found for this jvm
and when I started tomcat I got the same error. So I installed xml-commons-apis
yum install xml-commons-apis
which inconveniently uninstalled the jdk, why, I'm not sure, so I installed it back again from the rpm I got from sun.
restarting tomcat didn't get that error this time.
Credits to:
Sun
jpackage.org
Bart Busschotts
Tuesday, January 22, 2008
Monday, January 21, 2008
Postfix useful queue commands
Two Postfix commands I discovered by accident while trying to figure out how to delete mail out of the queue:
postqueue -d
list all mail in the queue currently
postqueue -f
flush mail from the queue; will attempt to deliver all mail
postsuper
superuser postfix command
and the command:
postsuper -d ALL
will delete all messages from the queue
Credit:
Seaglass Postfix FAQ
man postsuper
man postqueue
postqueue -d
list all mail in the queue currently
postqueue -f
flush mail from the queue; will attempt to deliver all mail
postsuper
superuser postfix command
and the command:
postsuper -d ALL
will delete all messages from the queue
Credit:
Seaglass Postfix FAQ
man postsuper
man postqueue
Wednesday, January 16, 2008
Setting up a new server - ntp
Super brief notes on configuring NTP
Make sure ntp is installed
rpm -qa | grep ntp
yum install ntp
Edit /etc/ntp.conf
Add stratum servers from www.ntp.org - check the server pool for your locale.
I added these:
server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org
And this to restrict access from those servers:
restrict 0.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 1.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 2.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 3.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
And permit any host in my private network to get time from my server:
restrict 10.1.1.0 mask 255.255.255.0 nomodify notrap
check if ntpd is currently running:
ps -ef | grep ntp
no dice, so configure it to start at boot
chkconfig --list ntpd
ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Check to see if the server time is reasonably close to ntp time (within 2 minutes), if not run:
ntpdate pool.ntp.org
to synchronize.
Run:
chkconfig ntpd on
service start ntpd
Check for log messages in /var/log/messages and check the time on the server to see if it's accurate. Also check status with:
[root@server etc]# ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
64.73.32.134 64.73.0.9 2 u 30 64 1 72.596 4.418 0.001
66.250.45.2 209.51.161.238 2 u 29 64 1 92.327 -8.728 0.001
66.36.239.127 129.6.15.29 2 u 28 64 1 86.409 1.150 0.001
82.165.184.7 74.208.4.166 3 u 27 64 1 88.581 -7.514 0.001
127.127.1.0 .LOCL. 10 l 26 64 1 0.000 0.000 0.001
Tip of the keyboard to:
ntp.org
linuxhomenetworking.com
Make sure ntp is installed
rpm -qa | grep ntp
yum install ntp
Edit /etc/ntp.conf
Add stratum servers from www.ntp.org - check the server pool for your locale.
I added these:
server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org
And this to restrict access from those servers:
restrict 0.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 1.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 2.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 3.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
And permit any host in my private network to get time from my server:
restrict 10.1.1.0 mask 255.255.255.0 nomodify notrap
check if ntpd is currently running:
ps -ef | grep ntp
no dice, so configure it to start at boot
chkconfig --list ntpd
ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Check to see if the server time is reasonably close to ntp time (within 2 minutes), if not run:
ntpdate pool.ntp.org
to synchronize.
Run:
chkconfig ntpd on
service start ntpd
Check for log messages in /var/log/messages and check the time on the server to see if it's accurate. Also check status with:
[root@server etc]# ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
64.73.32.134 64.73.0.9 2 u 30 64 1 72.596 4.418 0.001
66.250.45.2 209.51.161.238 2 u 29 64 1 92.327 -8.728 0.001
66.36.239.127 129.6.15.29 2 u 28 64 1 86.409 1.150 0.001
82.165.184.7 74.208.4.166 3 u 27 64 1 88.581 -7.514 0.001
127.127.1.0 .LOCL. 10 l 26 64 1 0.000 0.000 0.001
Tip of the keyboard to:
ntp.org
linuxhomenetworking.com
Setting up a new server - logwatch & logrotate
A couple hints so that you get logwatch emails and include other log files you want to monitor.
Logwatch depends on having the email address set for root to forward somewhere, otherwise the emails will sit in the local mailbox for root.
Change this line in /etc/aliases - works for either sendmail or postfix:
# Person who should get root's mail
root: validuser@yourdomain.com
Then run 'newaliases' (for sendmail) so this will be in use.
You may run into issues if the hostname for your box isn't in public DNS because of actions to cut down spam, so set it to masquerade if needed (see last post).
Then to have logwatch check other logfiles besides the defaults, which on my CentOS box are listed in /usr/share/logwatch/default.conf/logfiles
in my case, I'm going to add monitors for the syslog alerts for my network equipment that I have set to go to /var/log/network and also for a newly created mysql backup log file /var/log/mysqlbackup
Defaults are fine, so I created the file /etc/logwatch/conf/logfiles/network.conf
#######################################################
# Defile log file group for /var/log/network
# syslog output for network equipment
# created by JAR 1/16/08
#######################################################
# Actual file
LogFile = network
#EOF
We'll see if this works.
Also a quick note about logrotate - when I configured syslog to accept messages from my network gear, I configured the new log file "network" in logrotate so that it would follow the normal rotation.
I added to the /etc/logrotate.d/syslog file:
/var/log/network
Logwatch depends on having the email address set for root to forward somewhere, otherwise the emails will sit in the local mailbox for root.
Change this line in /etc/aliases - works for either sendmail or postfix:
# Person who should get root's mail
root: validuser@yourdomain.com
Then run 'newaliases' (for sendmail) so this will be in use.
You may run into issues if the hostname for your box isn't in public DNS because of actions to cut down spam, so set it to masquerade if needed (see last post).
Then to have logwatch check other logfiles besides the defaults, which on my CentOS box are listed in /usr/share/logwatch/default.conf/logfiles
in my case, I'm going to add monitors for the syslog alerts for my network equipment that I have set to go to /var/log/network and also for a newly created mysql backup log file /var/log/mysqlbackup
Defaults are fine, so I created the file /etc/logwatch/conf/logfiles/network.conf
#######################################################
# Defile log file group for /var/log/network
# syslog output for network equipment
# created by JAR 1/16/08
#######################################################
# Actual file
LogFile = network
#EOF
We'll see if this works.
Also a quick note about logrotate - when I configured syslog to accept messages from my network gear, I configured the new log file "network" in logrotate so that it would follow the normal rotation.
I added to the /etc/logrotate.d/syslog file:
/var/log/network
Tuesday, January 15, 2008
Setting up a new server - sendmail/postfix
Someday I will create a checklist of things to do to a new unix server to make it behave as I'd like. Until that someday comes, I'll write bits and pieces of things to do to remind myself.
Here's one.
When setting up a new system that has Logwatch enabled, remember by default it's going to email "root@localhost" all the logs. This is fine, except that if you're like me, you seldom check email for root and would prefer that the logfiles get sent to an email address, probably Internet routable, that you check more frequently.
This is how to make that happen, or perhaps what to do first:
Edit the /etc/aliases file
notice that everything is going to root, either directly or indirectly.
At the very bottom of the file, see the line that is commented out:
# Person who should get root's mail
#root: marc
make it a real email address that goes to a real human somewhere.
then run command 'newaliases' so the change you made goes into a file that's read.
Or, if you are, in fact, not a fan of sendmail, you can quickly switch to postfix (or qmail for the diehards) which has the reputation of being more secure and easier to work with.
In fact, I recommend this:
yum install postfix
service sendmail stop
yum erase sendmail
and then, if you want your host to pretend to be a different name (masquerade), edit this line:
myhostname = hostname.outsidedomain.com
and uncomment this line:
myorigin = $mydomain
so that email sent from this box will appear as username@outsidedomain.com.
a quick
service postfix restart
and you're good to go.
Here's one.
When setting up a new system that has Logwatch enabled, remember by default it's going to email "root@localhost" all the logs. This is fine, except that if you're like me, you seldom check email for root and would prefer that the logfiles get sent to an email address, probably Internet routable, that you check more frequently.
This is how to make that happen, or perhaps what to do first:
Edit the /etc/aliases file
notice that everything is going to root, either directly or indirectly.
At the very bottom of the file, see the line that is commented out:
# Person who should get root's mail
#root: marc
make it a real email address that goes to a real human somewhere.
then run command 'newaliases' so the change you made goes into a file that's read.
Or, if you are, in fact, not a fan of sendmail, you can quickly switch to postfix (or qmail for the diehards) which has the reputation of being more secure and easier to work with.
In fact, I recommend this:
yum install postfix
service sendmail stop
yum erase sendmail
and then, if you want your host to pretend to be a different name (masquerade), edit this line:
myhostname = hostname.outsidedomain.com
and uncomment this line:
myorigin = $mydomain
so that email sent from this box will appear as username@outsidedomain.com.
a quick
service postfix restart
and you're good to go.
Monday, January 14, 2008
CVS Setup on Linux
I know, in this fast paced modern world that SVN is thought to be superior to CVS, but for some of my studio audience, and myself, here are my notes from configuring CVS.
I'm using CentOS rel 5, but should be similar on RH or Fedora (now please tell me you're not surprised about that).
check if you have cvs already:
rpm -qa | grep cvs
if not ...
yum install cvs
then add CVSROOT as a variable for everyone using bash ... if they're not using bash, they're on their own ...
add to /etc/bashrc:
CVSROOT=/home/cvsrep
export CVSROOT
create initial repository:
cvs -d /home/cvsrep init
Edit the file /etc/xinetd.d/cvs which starts the service in the xinetd server - this was created by "yum install cvs"
# default: off
# description: The CVS service can record the history of your source \
# files. CVS stores all the versions of a file in a single \
# file in a clever way that only stores the differences \
# between versions.
service cvspserver
{
disable = yes
port = 2401
socket_type = stream
protocol = tcp
wait = no
user = root
passenv = PATH
server = /usr/bin/cvs
env = HOME=/var/cvs
server_args = -f --allow-root=/var/cvs pserver
# bind = 127.0.0.1
}
but note the "disable=yes" line
if you want cvs to work ... change to:
disable=no
and restart xinetd after you make all configuration changes necessary
tip of the keyboard to:
http://personal.vsnl.com/sureshms/linuxindex.html
I'm using CentOS rel 5, but should be similar on RH or Fedora (now please tell me you're not surprised about that).
check if you have cvs already:
rpm -qa | grep cvs
if not ...
yum install cvs
then add CVSROOT as a variable for everyone using bash ... if they're not using bash, they're on their own ...
add to /etc/bashrc:
CVSROOT=/home/cvsrep
export CVSROOT
create initial repository:
cvs -d /home/cvsrep init
Edit the file /etc/xinetd.d/cvs which starts the service in the xinetd server - this was created by "yum install cvs"
# default: off
# description: The CVS service can record the history of your source \
# files. CVS stores all the versions of a file in a single \
# file in a clever way that only stores the differences \
# between versions.
service cvspserver
{
disable = yes
port = 2401
socket_type = stream
protocol = tcp
wait = no
user = root
passenv = PATH
server = /usr/bin/cvs
env = HOME=/var/cvs
server_args = -f --allow-root=/var/cvs pserver
# bind = 127.0.0.1
}
but note the "disable=yes" line
if you want cvs to work ... change to:
disable=no
and restart xinetd after you make all configuration changes necessary
tip of the keyboard to:
http://personal.vsnl.com/sureshms/linuxindex.html
Tuesday, January 08, 2008
Using Syslog to get network device logs
Because I always forget how to do this ...
To configure syslog on a CentOS Linux box to receive logs from my network gear; examples below for Cisco ASA/PIX, Foundry SI, Cisco Catalyst 3500XL, and Netscreen-50 firewall. This will also work for Fedora and RedHat, in case you were curious.
If you want names to display instead of IP addresses in the log file, add names to /etc/hosts.
On the Linux host, add these lines to /etc/syslog:
I've set all the network gear to log to local3 - you can choose different local values for each if you want to log to different files.
local3.* /var/log/network
To keep the logging from the network gear *out* of the /var/log/messages file, I added this "local3.none" to this line in /etc/syslog.conf, as below:
*.info;mail.none;authpriv.none;cron.none;local3.none /var/log/messages
And have syslog listen for remote requests by changing this line in /etc/sysconfig/syslog -OR- /etc/init.d/syslog - check the /etc/init.d/syslog file to see if it checks the /etc/sysconfig file.
Add the "-r" option to listen to remote requests
SYSLOGD_OPTIONS="-m 0 -r"
then
service syslog restart
a couple quick checks:
netstat -a | grep syslog
check that the file /var/log/netlog was created
and now configure the network devices:
on the ASA/PIX, facility 19 = local3
logging enable
logging timestamp
logging trap notifications
logging facility 19
logging host inside 10.1.1.10
On a Catalyst 3500 switch:
service timestamps log datetime localtime #this displays the timestamp in the syslog file
logging trap notifications
logging facility local3
logging 10.1.1.10
remember to set the clock to the right time, or use ntp
clock set ...
For a Foundry SI:
logging 10.1.1.10
logging facility local3
For a Netscreen 50:
set syslog config "10.1.1.10"
set syslog config "10.1.1.10" facilities local3 local3
set syslog src-interface ethernet1
set syslog enable
For Dell switches (poweredge something or other)
logging 10.1.1.10 facility local3
And don't forget if you want the new netlog rotated - add to /etc/logrotate.d/syslog
/var/log/netlog
Tip of the keyboard to:
http://www.linuxhomenetworking.com/wiki/index.php/
Quick_HOWTO_:_Ch05_:_Troubleshooting_Linux_with_syslog#Configuring_the_Linux_Syslog_Server
To configure syslog on a CentOS Linux box to receive logs from my network gear; examples below for Cisco ASA/PIX, Foundry SI, Cisco Catalyst 3500XL, and Netscreen-50 firewall. This will also work for Fedora and RedHat, in case you were curious.
If you want names to display instead of IP addresses in the log file, add names to /etc/hosts.
On the Linux host, add these lines to /etc/syslog:
I've set all the network gear to log to local3 - you can choose different local values for each if you want to log to different files.
local3.* /var/log/network
To keep the logging from the network gear *out* of the /var/log/messages file, I added this "local3.none" to this line in /etc/syslog.conf, as below:
*.info;mail.none;authpriv.none;cron.none;local3.none /var/log/messages
And have syslog listen for remote requests by changing this line in /etc/sysconfig/syslog -OR- /etc/init.d/syslog - check the /etc/init.d/syslog file to see if it checks the /etc/sysconfig file.
Add the "-r" option to listen to remote requests
SYSLOGD_OPTIONS="-m 0 -r"
then
service syslog restart
a couple quick checks:
netstat -a | grep syslog
check that the file /var/log/netlog was created
and now configure the network devices:
on the ASA/PIX, facility 19 = local3
logging enable
logging timestamp
logging trap notifications
logging facility 19
logging host inside 10.1.1.10
On a Catalyst 3500 switch:
service timestamps log datetime localtime #this displays the timestamp in the syslog file
logging trap notifications
logging facility local3
logging 10.1.1.10
remember to set the clock to the right time, or use ntp
clock set ...
For a Foundry SI:
logging 10.1.1.10
logging facility local3
For a Netscreen 50:
set syslog config "10.1.1.10"
set syslog config "10.1.1.10" facilities local3 local3
set syslog src-interface ethernet1
set syslog enable
For Dell switches (poweredge something or other)
logging 10.1.1.10 facility local3
And don't forget if you want the new netlog rotated - add to /etc/logrotate.d/syslog
/var/log/netlog
Tip of the keyboard to:
http://www.linuxhomenetworking.com/wiki/index.php/
Quick_HOWTO_:_Ch05_:_Troubleshooting_Linux_with_syslog#Configuring_the_Linux_Syslog_Server
Monday, January 07, 2008
PHP Note To Self
Things to install for PHP, Drupal, and SugarOS to be happy:
yum install curl-devel
yum install gd-devel
yum install gd-progs
and also because I got errors that ./configure couldn't find libgd because it's not in the same place as gd.h:
ln -s gd.h /usr/lib/gd.h
and the final ./configure line:
./configure --with-mysql --with-apxs2=/usr/sbin/apxs --lib-dir=/usr/lib --with-gd=/usr/lib --with-curl=/usr/bin/curl --enable-mbstring --with-jpeg-dir=/usr/lib --with-png-dir=/usr/lib --with-freetype-dir=/usr/lib
make
make test
make install
good to go
addendum:
to get ldap to work with SugarOS, more than likely I need to install all these, if they aren't already installed:
openldap
openldap-clients
openldap-servers (this adds the file /etc/init.d/ldap)
openldap-devel
but I haven't tried it yet, so we'll see
yum install curl-devel
yum install gd-devel
yum install gd-progs
and also because I got errors that ./configure couldn't find libgd because it's not in the same place as gd.h:
ln -s gd.h /usr/lib/gd.h
and the final ./configure line:
./configure --with-mysql --with-apxs2=/usr/sbin/apxs --lib-dir=/usr/lib --with-gd=/usr/lib --with-curl=/usr/bin/curl --enable-mbstring --with-jpeg-dir=/usr/lib --with-png-dir=/usr/lib --with-freetype-dir=/usr/lib
make
make test
make install
good to go
addendum:
to get ldap to work with SugarOS, more than likely I need to install all these, if they aren't already installed:
openldap
openldap-clients
openldap-servers (this adds the file /etc/init.d/ldap)
openldap-devel
but I haven't tried it yet, so we'll see
Friday, January 04, 2008
What I've been waiting for: ISP redundancy on PIX/ASA
I don't know how long I've wanted this...but by chance searching I found it exists as of the middle of last year:
ISP redundancy/tracking on the Cisco PIX and ASA as of the 7.2(x) release!
You can now use a second, inexpensive ISP (like DSL or cable) as a backup to a primary ISP - it's implemented with "tracking" a downstream IP address with ICMP, and if ICMP fails, the default static route is replaced with a backup.
More here:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
ISP redundancy/tracking on the Cisco PIX and ASA as of the 7.2(x) release!
You can now use a second, inexpensive ISP (like DSL or cable) as a backup to a primary ISP - it's implemented with "tracking" a downstream IP address with ICMP, and if ICMP fails, the default static route is replaced with a backup.
More here:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
Subscribe to:
Posts (Atom)