Does anyone have a good ACL for outbound traffic to the Internet?
I think I have a pretty good firewall and inbound ACL (both Cisco SDM set up with VoiP additions) but I get the hebbie-jibbies that something will still get in and I want to kill the outbound stuff that doesn't "feel right"...
Does anyone have a good ACL for outbound traffic to the Internet?
I think I have a pretty good firewall and inbound ACL (both Cisco SDM set up with VoiP additions) but I get the hebbie-jibbies that something will still get in and I want to kill the outbound stuff that doesn't "feel right"...
iDefense iAlert
February 03, 2005@05:02:42 GMT
High Threat Version: 1 2/03/2005@05:04:24 GMT
Flash ID#406822:
Bropia.D Worm Propagating in the Wild via MSN Messenger: Bropia.D is a new variant of the Bropia worm (ID# 406325, Jan. 20, 2005) that propagates via MSN Messenger (MSNM)...
You got 9/10 correct.
I feel bad/badly/awful/terrible about my choice for #6.
SF18C
CCNP, MCSE, A+, N+ & HPCC
Tis better to die on your feet than live on your knees!
CajunCenturion
You ARE the smartest person at Tek-Tips. I told my wife that not only would you know the right answers, but have explanations as to why!
Star for ya!
SF18C
CCNP, MCSE, A+, N+ & HPCC
Tis better to die on your feet than live on your knees!
...enties to your config will send incoming port 80 packets to 10.10.10.100 (the address of the web server).
Post your config and clarify "try to connect to *my* computer"
Oh by the way, NAT is not cheating!!!
SF18C
CCNP, MCSE, A+, N+ & HPCC
Tis better to die on your feet than live on your knees!
Possible solution
Where you have
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.111.8 20 xx.xx.xx.xx 20 extendable
ip nat inside source static tcp 192.168.111.8 21 xx.xx.xx.xx 21 extendable
access-list 1 permit 192.168.111.0 0.0.0.255
I have...
I plan on debating #10's answer after a few more posts. I also answered #8 incorrectly but that was my error!
SF18C
CCNP, MCSE, A+, N+ & HPCC
Tis better to die on your feet than live on your knees!
If this is not the correct forum please curse me and flag this post.
I thought this might be fun.
http://encarta.msn.com/encnet/departments/Homework/?page=Quiz146&Quizid=146>1=6065
If posting scores is acceptable then:
Grammar Gotcha's
Excellent! You got 8/10 correct.
However, with this...
SF18C
In a former (much more exciting life) I used to be a Special Forces Engineer, which has the military occupation specialty code of 18C. I too had this handle back in the “old days of dial up” and have kept it ever since.
One downside, I can’t count how many times I have been asked which...
http://www.checkpoint.com/
They make a nice Hardware Fire wall that is easy to manage and install.
The 225U model would support 100 users easily and have VPN support if needed. Cost around $1500 or less.
I have been using Firewall-1 which is a much higher end equipment but I have thought of...
Sorry first URL should be
http://www.cisco.com/en/US/learning/le3/learning_recertification_training.html
SF18C
CCNP, MCSE, A+, N+ & HPCC
Tis better to die on your feet than live on your knees!
CISCO RECERTIFICATION POLICY UPDATE
Cisco is pleased to announce that effective October 1, 2004, passing any CCIE written exam will recertify any associate-level, professional-level and Cisco Qualified Specialist certification. The policy to have CCIE written exams count towards recertifying...
I'm not a programmer but I do love what http://www.tnk-bootblock.co.uk did for Acrobat! I wonder if they can fix PELMICED.exe. My mouse uses more memory than APPLO 13!
Windows vs Linux: old story and both have issues and I'm sure one day soon Linux will be as blotted and buggy as MS.
SF18C...
FYI
High Vulnerability
Version: 1 8/18/2004@17:10:29 GMT
Initial report
ID#401573:
Cisco Systems IOS Malformed OSPF Packet Denial of Service Vulnerability: Remote exploitation of a denial of service vulnerability in the Open Shortest Path First (OSPF) TCP/IP Internet routing protocol...
FYI
High Vulnerability
Version: 1 8/18/2004@17:10:29 GMT
Initial report
ID#401573:
Cisco Systems IOS Malformed OSPF Packet Denial of Service Vulnerability: Remote exploitation of a denial of service vulnerability in the Open Shortest Path First (OSPF) TCP/IP Internet routing protocol...
At this point I would be looking hard at this part of the config:
crypto ipsec client ezvpn lab-ipphone
connect auto
group yyyy key xxxxxxxxxx
mode network-extension
peer xxxxxxx
username xxxxx password xxxxxxx
It appears that the auto part of this is not working as advertised...
Also check this out;
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a7a7a.html#1051551
SF18C
CCNP, MCSE, A+, N+ & HPCC
Tis better to die on your feet than live on your knees!
Are you using the Secure Devise Manager to configure the VPN or just using the CLI?
Maybe an IOS upgrade is in order? The lastes is 12.3(8)T3
http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/prod_release_note09186a00801fe5b8.html
Open Caveats - Release 12.3(4)XG
This section documents...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.