					  Date           Trouble Description                                Solution
         Cannot access DMZ web-server             Thinking of dynamic NAT in Cayman
         through internet connection from
         test-bed work stations
02./07   Dr Yang can not access DMZ web-             -   Removed the authentication feature in
         ser from home computer. The server              PIX firewall. It works.
         keep asking authentication and hang.        -   But it should even work with
                                                         authentication. The problem may be in
                                                         remote site with NAT and personal
                                                         firewall ???
02/12    Can not access to DMZ Web-server            -   CAT 5 cable from web-server to switch
         from the Internet                               is loosen
                                                     -   The solution is so simple but It took me
                                                         30minutes to find out. Because at first
                                                         look, the led on connection port was still
                                                         on but the line protocol was down - very
02/23    Make authentication, authorization          -   Authentication work. But authorization
         and accounting in ACS for VPN                   does not. I haven’t found any document
         remote access connection                        from Cisco talking about ACS
                                                         authorization for VPN remote client. I
                                                         need to work around it.

02/26    Galileo server overloaded due to low        -   I decide to make file server
         system resources. Log file showed      become another domain
         that some users could not                       controller and then Intranet DNS server
         authenticate due to low system                  together with Galileo to ease the burden
         memory.                                         of Galileo.
         New file server windows 2003 –              -   For 2 day, I worked on the domain doesn’t replicate with             replication between file server and
         Galileo server through firewall                 Galileo. It failed. I found that due to
                                                         authentication of PIX firewall with ACS
                                                         for any connection from inside out. I
                                                         removed the authentication for all
                                                         outgoing connection because for
                                                         network server, we don’t need to
                                                         authenticate. I am done with it.
                                                     -    From those issues I decide to come
                                                         back to finish network security design.
                                                         Otherwise. I have to spend most of the
                                                         time on troubleshooting small issues.
03/04    Can not register Opnet wireless             -   The only license was given to D140-
         installation                                    33767. This computer was re-installed. I
                                                         have asked Opnet to remove the old
                                                         registration record.
                                                     -   It is required to complete a de-activation

                                               -   License is given to only computer. If I
                                                   want to install in another computer, I
                                                   have to de-register the old installation
03/04   Failed to move HP 4050 printer from    -   Using HP web Remote Admin, I could
        uhcl network to dcsl network               find the printer, but I could not change
                                                   the old IP address. And it kept
                                                   informing of bad network connection to
                                               -   I will find a setup disk from other place
                                                   to try because Karthik said that Mr
                                                   David Webb does not have the disk.
03/04   Setup Wireless Access Point            -   AP belongs to VLAN
                                               -   SSID: dcsld140
                                               -   Pre-shared key: dcsld140
                                               -   I will install DHCP and apply LEAP.
03/09   Setup Wireless Access Point            -   Install DHCP server Galileo Server.
                                                   Address range -
                                          for wireless workstations.
                                               -   Modify Catalyst switch 3550 to forward
                                                   DHCP request traffics from VLAN 30
                                                   to Galileo Server

03/10   Opnet Modeler 11.0 installation        -   Install Opnet and register the license for
                                                   workstation named vpn.
                                               -   Opnet requires C++ compiler and linker
                                                   to run. It supports VC 6 and up. I have
                                                   installed MS .NET 2003 with VC7.
                                               -   I could not run simulation in Opnet
                                                   modeler. It gave error: “No C++
                                                   compiler..” even VC installed. I had to
                                                   set the path manually. It still gave error
                                                   “Could not open file mspdb71.dll” and
                                                   then “could not opne kernell32.lib” and
                                                   finally “Could not find msvrct.lib”.
                                               -    Solution: find and copy kernel 32.lib,
                                                   mspdb71.dll into \.NET2003\VC7\bin
                                                   director. Then find and copy msvcrt.dll
                                                   into ..\opnet\11.0.A\sys directory. Now I
                                                   can run simple simulation.

03/15   Update pages at to       - changed to
        reflect new url                        -   * changed to *
                                               -   Updated pages are uploaded to
                                          Because url

                                            does no work at the
                                                     moment so some links are dead. I will
                                                     update pages to later
03/19   Reconfigure web server                   -   Added authentication for private area                        -   Enabled WebDAV for web publishing.
                                                     So I can disable insecure FTP access
                                                     through firewall to web server. Every
                                                     access to web server to publish pages is
                                                     done through
                                                     nsfsecurity account.
07/04   Setup network printer                    -   Setup network printer
                                                 -   Attach printer to print server Galileo.
                                                 -   Allow students to use network printer ?
08/04   Reconfigure dcsl network according       -   Connect testbed network and server
        to new diagram                               network by setting up a trunk between 2
                                                     12-port switchs. One port in server
                                                     switch join the VLAN 10 in testbed
                                                     switch. This port is connected to the
                                                     second Gigabit LAN card in dell-dcsl
                                                     server (new Domain Controller - DC).
                                                     By this way, old DC and new DC can
                                                     replicate without going through firewall.
                                                 -   Move active directory domain controller
                                                     to new server
                                                 -   Configure new PIX to separate server
                                                     network and student network. PIX
                                                     configured to allow students to
                                                     authenticate with new DC server within
                                                     server network.
                                                 -   Add minor change to network design
                                                     (see diagram) to reflect the
                                                     configuration and enable the usage of
                                                     security features in New router 2801
                                                     (firewall, VPN,..)
                                                 -   Enable PIX Device Manager in PIX
                                                     (PDM) and Security Device Manager
                                                     (SDM) in router for easy management.


