Search results for query: *

Looking around for a way to indicate that the problem's solved; not finding one... John Craig Alpha-G Consulting, LLC www.alphagconsulting.com

Arrrgh! Turns out it was a problem at my ISP--they had not properly shifted over the subnet in question to the new router (I have two subnets and they apparently got the one, but not the other--this whole mess started when they lost a router and had to shift lots of their subnets over to another...

Hi Folks, To make a long (frustrating!) story short, I'm trying to get an old Pix 501 I had reconfigured to fill in for an ASA 5505 that is giving me trouble. This is a bonehead simple setup: the Pix's inside interface is defined to match the public IPs of a small subnet and several boxes with...

PDM will not work w/ any Java version after 1.5. So, you need that installed and then go to the Java Control Panel dialog and find the "Java" tab & click the "View" button. On the right side of the list, uncheck the Enabled box for any versions newer than 1.5. Apply the changes (and leave the...

Looks like exactly what I needed. Much appreciated! John Craig Alpha-G Consulting, LLC www.alphagconsulting.com

Thanks for your time, hilfy, Crystal Reports 11 MS SQL Server 2008 (see top of original post) How would I go about putting "[my] view into a Command in Crystal"? John Craig Alpha-G Consulting, LLC www.alphagconsulting.com

Trying to create a report that would be dead easy in plain SQL but trying to do it without a SQL view is beyond my CR capability and it turns out the SQL view tends to get removed during a DB upgrade for the 3rd-party application software. Crystal Reports 11 MS SQL Server 2008 Here's the basic...

Yes, with the anti-spoofing disabled, I can get from inside boxes to the services hosted on the dmz boxes. But I'm not clear on how ACLs and NAT control can compensate for anti-spoofing being disabled. (But maybe I'm not very clear on the whole issue.) In the docs on Anit-Spoofing, it says "For...

Hi Folks, I've got the basic 5505 license (so boxes on the dmz interface cannot initiate connections to boxes on the inside interface--traditional dmz setup). But, with anti-spoofing enabled on the outside interface, I also can't initiate traffic from a box on the inside interface to a dmz box...

OK. I have the solution: the ASA 5505 does a bunch of protocol filtering by default (Service Policy Rules), including filtering the "Skinny" protocol--which is associated with port 2000. So, when the HTTPS traffic came through to the non-Skinny app we had listening on that port, the firewall...

Not so simple: I have about 5 dozen names defined and some of them; with easily guessed domain names, would be pretty obvious targets. So, to make it reasonably secure, I'd have to change all the names. 60 searches and replaces is not only a pain, but highly error prone. Hence my decision to see...

Thanks, but I don't know if there's a practical way to scrub the configs and still have them be close enough to what's really there to be worth looking at. At any rate, I'll wait and see if Cisco can help at all (not holding my breath). John

Hi Folks, I'm trying to migrate a really simple setup from a PIX 501 (that I keep having to put back into service 'cause I can't get the ASA 5505 to behave the way the PIX does). The issue is this: on the PIX, I've got common ACL entries that allow access to some basic things like email and...

I agree with kjv1611 that it sounds like overkill to go for a Firebox. If you happen to prefer something other than D-Link, you can look at the Linksys products like the WRT54G2 (again, if you don't want the wireless, just turn the radio off). This has a statefull packet inspection firewall you...

OK. Questions of vlan vs. interface terminology aside, it turns out (given the clearer understanding of what "incoming" means--into the ASA 5505 from a device connected to the inside interface), I don't need to do anything with the implied rules. But, again, just to get the concepts straight in...

Ah, incoming (into the ASA device) from the network ports assigned to the inside interface--nope, I never would have figured that out. Big help; thanks! (That's not how I would have described it if I were King of IP terminology; just another thing to all be grateful for.) John Craig Alpha-G...

Hi Folks, Just so no one else gets sucked into this the way I did: I noted some suspicious traffic on my firewall's log as I was working on resolving some connectivity issues to some resources that are supposed to be available (and were until we put in the new firewall appliance last week)...

Thanks VinceWhirlwind and Supergrrover. What's puzzling to me is that the implicit rule goes away as soon as you put in any kind of explicit rule (as per Supergrrover's explanation). That's very odd-seeming, but next time I'll know to put in the explicit allow any/any rule and then put the...

Hi Folks, I thought I knew my way around my old PIX 501s pretty well, but this ASA 5505 has some curves I (apparently) haven't figured out. Looking at the GUI ASDM program, it shows an implicit ACL rule for my vlan2 (inside): permit service: ip source: any destination: any less secure...

Thanks for taking the time to reply, unclerico. The outside interface has to be set via DHCP; I don't have any control over that. The ISP is routing traffic for both the subnets through an internal (to the ISP) IP address that I don't have any control over either. So, the outside interface...