Home‎ > ‎

Updates

Subscribe to posts

Client Computer Approach

posted Jan 19, 2011, 12:40 PM by Mario Caballero   [ updated Jan 19, 2011, 1:19 PM ]

Another thing that i get asked alot, what do i do to keep the office computers running fast and efficient, well the answer, for all you aspiring admins out there is simple. I have but one approach to life(and thus everything else), and it is called KISS(Keep It Simple Stupid). So what does this entail you might ask?
Simple i just follow these basic rules:

1. make a complete back up of the hard drive(a ghost image), keep in mind what software they use and where their files are
2. do a complete, and i mean complete reformat of the drive and install the OS(i prefer WinXP but for others ill install Win7, depends on their preference)
3. install only necessary drivers, no additional software or other bloatware, keep that stuff out(this should be fairly obvious).
4. install only the base software they need, basic productivity software and thier communication software, but make sure it does not run on start-up
5. put files back in the drive, ready!

and thats it, keep it simple, lightweight results in a fast no problems, and easy to replace system of computers. If you want something simple yet efficient this is a good approach!

IP Scheming

posted Jan 19, 2011, 3:24 AM by Mario Caballero   [ updated Jan 19, 2011, 3:40 AM ]

I get this question alot, "How do you manage VPN's and internal IP's on a global scale" well quite frankly, its easy, just takes a little planning and at times, some good scotch. so here is how i like to set up my schemes:

1. the first batch of numbers eg. 10.x.x.x , i correspond to the country they are in (for example 10 is U.S., 11 is Mexico, 12 Brazil, you get the idea).
2. the second batch of numbers, eg. x.122.x.x , i correspond to the office number in that particular country for example in x city they get 122, y city 123.
3. the third batch, eg. x.x.1.x is internal and states the topographical level of the offices network, for example a top level VPN would mostly have 1 in there second level a 2, this is more internal than external it helps manage users inside that branch.
4. and finally we get to the internal ip scheme which i use the last batch. this is where i like to set up statics. aka 1-9(or 19, depending on devices) is reserved for devices such as NAS, AP's, etc. Servers i usually reserve 20-49, 50-199 are my static clients, all the computers we have authorized on the network and have access to all servers and file systems. And finally i reserve 200-254 for the dynamic clients which are isolated from the network and can only access the internet, such as special privilege guests(or sometimes the idiot walking outside the office).

Thats it, thats all, pretty simple stuff, all it takes is a little bit of planning and you'll have a global network up and running efficiently! 

Sonicwall <-> Smoothwall VPN

posted Jan 19, 2011, 2:40 AM by Mario Caballero   [ updated Jan 19, 2011, 3:12 AM ]

After much effort, i was finally able to figure out how to make a VPN using a smoothie and a sonicwall. It is relatively simple, ill do a simple how to here:
First make sure both your smoothie and your sonicwall are up and running!(this tutorial assumes you know how to work your way around both and have basic networking knowledge).
Get external IP from both sites, and get thier internal IP's and subnets
and choose a password, minimum 6 characters

Smoothie side:
1. go to your Smoothies VPN -> Connections
2. choose a name and type it in the name section(easy peasy)
3. left corresponds to Smoothie external IP, type it here
4. left subnet corresponds to your smoothies internal IP scheme and subnet(ex. 10.1.0.0/24)
5. right corresponds to your Sonicwalls external IP
6. right subnet corresponds to your Sonicwalls internal IP scheme and subnet(ex. 10.1.1.0/24)
7. secret and again are your password, type it here
and thats it for the smoothie side!

Sonicwall side:
1. go to the Sonicwalls VPN section and click add
2. the settings for the General page are as such:
    -IPSec Keying mode:IKE using Pre-shared Secret
    -Name: Name of the VPN
    -IPSec Primary Gateway: Smoothies external IP
    -IPSec Secondary Gateway: blank
    -Shared Secret: your password
    -Destination Networks: Specify destination network below
        -Click Add
        -Network:Smoothie internal IP Scheme
        -Subnet:Smoothie internal subnet
        -click Ok
3. go to Proposals
    -IKE (Phase 1) Proposal
        -Exchange: Main Mode
        -DH Group: Group 2
        -Encryption: 3DES
        -Authentication: MD5
        -Lifetime: 28800
    -IPSec (Phase 2) Proposal
        -Protocol: ESP
        -Encryption: 3DES
        -Authentication: MD5
        -Enable Perfect Forward Secrecy: Check
        -DH Group: Group 2
        -Lifetime: 28800
4. go to Advanced(everything will remain unchecked except)
    -Enable Keep Alive
    -Try to bring up all possible tunnels
    -Enable Windows Networking(NetBIOS) Broadcast(optional)
    -VPN Terminated at: LAN
5. thats it hit Ok and just wait for it to come online!

This was created using Smoothie 3.0, and a Sonicwall TZ180 Standard OS.

Leave your comments if you have problems!

*edit: found this nice network calculator for all you who need it!!!

Posting

posted Mar 2, 2010, 3:16 PM by Mario Caballero

This is the slot dedicated to posting fixes, updates, or other stuff you could use.
Yea thats about what I will use this slot for, still in testing phase!

1-4 of 4