Zedan IT Blog

IT definitions, discussions and more

Category Archives: Networking & Security

Which to use, CAT5 or CAT6 LAN cables?

original

When you make a new LAN either small or big,  for home or office,  with long distances or relatively short   you may come to a choice between CAT5  or CAT6 cables (Category 5 and Category 6).

CAT5 cables was designed to handle speed of 10/100 Mbps (Fast Ethernet) and it is obsolete and we advise you to not using it, even if you find with low prices.

There is a new enhancement for CAT5 cables which is CAT5e ( ‘e’ stands for enhanced).  This enhanced type can handle speeds of 1000 Mbps (gigabit Ethernet) and designed to reduce crosstalk which means better at keeping signals on different circuits or channels from interfering with each other.

CAT6 cables suitable for speeds up to 10 gigabits Ethernet and even better tackle the issue of crosstalk.   CAT6 cable has an internal separator that isolates pairs from one another.  If you want to “future-proof” your commercial network as much as possible without a significant cost increase, CAT6 is a great choice.

CAT6 cables cost more than CAT5e, and you are building a large network this will be an important factor for cost calculations, and you need to make a proper selection between CAT5e and CAT6.   BUT when you make the selection remember the following:

  • Both types has maximum length of 100 meters
  • If you network mainly depend on applications on the internet, then CAT6 is not the best choice as speeds of download/upload data from the internet these days are limited by tenth of Mbps.
  • There is a considerable difference of cost between CAT5e and CAT6
  • Network devices these days ( and in my believe for some considerable time more ) which are used in business and servers do not exceed speed of a Gbps, and in all residential network do not exceed 10 Mbps,  which means CAT5e is enough.

Conclusion:  in most cases CAT5e is enough, unless you have special requirements and you budget allows.

ISA Logging only shows IP address for SecureNAT clients

I have installed TMG Client and configure it to not automatically configure the web browsers so that users can move between networks easily, then I realized that when monitoring TMG real time logs the URL field only shows the IP address for entries created by those computers with the client installed, and if the client is configured to configure the web browser, the log contain the URL domain name with no problem.

After searching on the internet I noticed that it is the normal behavior of the TMG and ISA as well that to log the hostname clients must be configured as a web proxy (adding the proxy address in the browser settings).

While doing more search I found that there is a fix from microsoft for that specifit issue and described in the KB article:  980723

http://support.microsoft.com/kb/980723

You can copy the script, save it as a vbs file the execute it in the command prompt with the cscript command.

Please note that when copy the script and try to execute it , an error will appear,  that is because the script you copy is actually two scripts for enabling the hotfix and disabling it.   The before you execute it you should delete the lower part of the script which beging with a text saying:  “Save the file as a Microsoft Visual Basic script ………….

Below is the specific part of the script that you can copy and execute it directly.

Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}" Const SE_VPS_NAME = "LogDomainNameForFWC" Const SE_VPS_VALUE = true
Sub SetValue()
    ' Create the root object.     Dim root  ' The FPCLib.FPC root object     Set root = CreateObject("FPC.Root")
    'Declare the other objects that are needed.     Dim array       ' An FPCArray object     Dim VendorSets  ' An FPCVendorParametersSets collection     Dim VendorSet   ' An FPCVendorParametersSet object
    ' Get references to the array object     ' and the network rules collection.     Set array = root.GetContainingArray     Set VendorSets = array.VendorParametersSets
    On Error Resume Next     Set VendorSet = VendorSets.Item( SE_VPS_GUID )
    If Err.Number <> 0 Then         Err.Clear
        ' Add the item         Set VendorSet = VendorSets.Add( SE_VPS_GUID )         CheckError         WScript.Echo "New VendorSet added... " & VendorSet.Name
    Else         WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)     End If
    if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then
        Err.Clear         VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE
        If Err.Number <> 0 Then             CheckError         Else             VendorSets.Save false, true             CheckError
            If Err.Number = 0 Then                 WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"             End If         End If     Else         WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"     End If
End Sub
Sub CheckError()
    If Err.Number <> 0 Then         WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description         Err.Clear     End If
End Sub
SetValue
 

VPN Clients can not access internal network through ISA 2006

I had a VPN access setup through ISA server 2006 that allow remote access users with dial-in permission to access the internal corporate network and it was working fine for several months, and suddenly we found that the remote access users can successfully dial-in and authenticate with no problems but they can not access any internal network resources.  I tried to monitor the connection though ISA server monitoring tool but I could not find any records related to it. Tried also to look in the Routing and Remote access service, the server event logging, also with no luck.

Tried to search on the internet and I found some post talking about the default gateway which gave me a hint.

I have reviewed what changes we made recently, and I found the problem.

Recently, we made another subnet for users separate from the servers subnet and there is a router route traffic between them, and we changes the DHCP server IP address to be in the new subnet with default gate way of the new subnet.

The ISA VPN client access setup was configured to assign IP addresses from the DHCP server of the new users subnet, and the IP address is given to the users with no problem,  but we noticed that the default gateway of the VPN clients is the default gateway of the users subnet, and when they try to access internal network through ISA server they can not,  that’s because the ISA server access the internal network through the servers gateway not the users gateway.

I solved the problem by changing the VPN configuration of the ISA server to assign the IP address from a static pool in the servers subnet instead of the DHCP server and the problem was solved.