#PgUp::Send {Volume_Up 3}
#PgDn::Send {Volume_Down 3}
#End::Send {Media_Play_Pause}
#Home::Send {Volume_Mute}
#Insert::Send {Media_Next}
After making the file, you can just double click on it for AHK to pick it up. See their docs for making that happen at login. Since I'm on Windows 8, there is already an on-screen volume meter when you start changing the volume, so I did not need an OSD or anything fancy.
Friday, December 28, 2012
Media Keyboard Shortcuts with AutoHotKey
Recently I switched to a mechanical keyboard, and though I love it, the one thing I missed were the media keys on my old keyboard. At work I frequently utilize the volume and play/pause controls when quickly answering a phone call, and stumbling to hit the volume icon in the system tray was just not quite fast enough.
To solve this problem, I ended up installing AutoHotKey and setting up some very simple automation. The basic method is to create a new text file with an AHK extension (I called mine media.ahk) and add the hotkeys to the file. You can mix these up as much as you want, check the AHK docs for more info. This script uses the windows key for all of the hotkeys:
Monday, October 1, 2012
ASA 8.2 and Hairpin NAT
Don't ask me why people still do this, but there is occasionally the need to set up hairpin NAT on a firewall. This functionality is where a LAN user accesses another server on the LAN by its static public IP. For example, if i am 10.0.0.6 and i try to access 1.1.1.5, the firewall will turn the traffic around (and rewrite the IP) and send it down to whatever 1.1.1.5 is mapped to in the LAN.
This functionality is different depending on the version of ASA software you're running, this is specifically for 8.2. This gets a little messier when you have a mixture of people with 1:1 NAT and PAT set up, but it works either way.
Base config that will not work for hairpinning:
At this point it should be working normally, so here is the completed config:
Once this is done, you should be able to access the public IPs internally and get the traffic routed appropriately. If you are still having problems, i highly recommend the packet-trace command which can help you find out where the problem is occurring.
interface Vlan1 nameif inside security-level 100 ip address 10.0.0.1 255.255.255.0 interface Vlan2 nameif outside security-level 0 ip address 1.1.1.1 255.255.255.0 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) 1.1.1.5 10.0.0.5 netmask 255.255.255.255 static (inside,outside) 1.1.1.6 10.0.0.6 netmask 255.255.255.255The issue with this is that if any user on the LAN tries to access 1.1.1.6, the ASA doesn't really know what to do with it, and drops it. So there are a few things that need to be fixed at this point:
Allow the ASA to turn the traffic around:
same-security-traffic permit intra-interface
Allow PAT'd users to have their IP rewritten when being hairpinned:
global (inside) 1 interface
Allow static NAT users to have their IP rewritten as well:
static (inside,inside) 1.1.1.5 10.0.0.5 netmask 255.255.255.255 static (inside,inside) 1.1.1.6 10.0.0.6 netmask 255.255.255.255
At this point it should be working normally, so here is the completed config:
interface Vlan1 nameif inside security-level 100 ip address 10.0.0.1 255.255.255.0 interface Vlan2 nameif outside security-level 0 ip address 1.1.1.1 255.255.255.0 same-security-traffic permit intra-interface global (outside) 1 interface global (inside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) 1.1.1.5 10.0.0.5 netmask 255.255.255.255 static (inside,outside) 1.1.1.6 10.0.0.6 netmask 255.255.255.255 static (inside,inside) 1.1.1.5 10.0.0.5 netmask 255.255.255.255 static (inside,inside) 1.1.1.6 10.0.0.6 netmask 255.255.255.255
Once this is done, you should be able to access the public IPs internally and get the traffic routed appropriately. If you are still having problems, i highly recommend the packet-trace command which can help you find out where the problem is occurring.
Monday, September 17, 2012
Cisco ASA 5505's and "No more processes"
Today i received an error when trying to upgrade the ASDM image on an ASA 5505. I was copying the new binary via FTP, and this is what i got:
#copy ftp://xxxxx:xxxxx@x.x.x.x/cisco/asm-649-103.bin flash: Accessing ftp://xxxxx:xxxxx@x.x.x.x/cisco/asm-649-103.bin %Error reading ftp://xxxxx:xxxxx@x.x.x.x/cisco/asm-649-103.bin (No more processes)
Of course there were no hits on google for this particular error, and "No more processes" sounded very strange. In the end, the issue was that i misspelled the filename, leaving out the d in asdm. Obviously this was my fault, but it seems fairly shortsighted for Cisco to use such an obscure error message when something along the lines of "File not found" would have made more sense.
Subscribe to:
Posts (Atom)