Thursday was a very long day at work. It seemed that everything wanted to happen all at once. You know how those days go, I’m sure. So, to make me feel better, I’m naming this blog after one of my favorite songs that I first heard on one of my favorite shows.
The day started with a plan, actually. I’d noticed that the NAT rules on our core router were not quite functioning properly several weeks ago. I’ve got multiple pools configured for different groups of systems (mainly servers, virtual servers, and clients, but also for each of our remote sites). Apparently when I put this all together I fudged the ACLs that assign the IPs to those pools somehow, because I’ve noticed that some clients will translate properly, but others will translate into the server pools instead of the client ones. Not a huge deal as far as access goes, since a public IP is a public IP and the client will be able to get to the Internet. But the server pool has more privileges on our DMZ than the clients, so it could be a small security risk, if an employee wanted to do something they shouldn’t.
When the issue arose, I recreated the config in our test lab, recreated and confirmed the issue, and fixed the config to prevent the issue. Problem solved, right? Continue reading
PacketDaddy's LifeDump 