Monday, February 25, 2013

Mystery Static Route Entries

The other night I was going through our ASA trying to figure out how to make a new VLAN I'd created available through the L2L and remote VPN connections. I did a sh route and saw that there were a bunch of static routes that pointed private IPs to the outside interface, which made no sense. I also realized, comparing the output to a backed up config file I had, that the routes had actually changed so the config change was recent. I was puzzled and started to look into this more closely.

What I found out, thanks to the Cisco Support Community Forums, was that L2L and Client VPN connections inject their own route into the routing table. A VPN client connected to the outside interface will be added as a static route towards the outside interface. A good thing to know. Panic averted.

Sunday, February 24, 2013

ASDM on Mac

This is mainly a little note for myself. I don't tend to use the ASDM to manage ASAs very often, but sometimes you just need a visual representation to wrap your head around something (I'm looking at you, NAT statements). Anyway, I tried to run it on my Mac 10.7.5 and got an error that I needed to install Java. Of course, I already have Java installed and the super useful link for more info simply took me to the Java download site. I found a pretty cool workaround online though. You can launch the ASDM directly from the command line:

javaws https://ip_address/admin/public/asdm.jnlp

Very cool little trick and very useful.

Wednesday, February 13, 2013

MySQL Key Blocks

We've been getting alerts in our monitoring for MySQL that look like this:

There are 3205072 unused key cache blocks on ServerX, even though the hit rate is over 99%.
You may wish to reduce the size of key_buffer_size to free up memory for other caches.

They've been kind've hanging around because we've had bigger things to deal with, it was a warning error (not critical), and quite frankly none of us knew what it was or what to do with it. In an effort to clear up the boards I decided to dive into it, and in the end the solution was simple: disable monitoring for this metric.

A little background: