Search results for query: *

I like the ACL idea, but the location in question has 3com switches and the local admin doesn' manage the switch. I'm not familiar with 3com and if they have logging capabilities. I think creating an ACL with the legitimate traffic defined, the allowing everything else, but with the log...

I've got plenty of experience with Cisco router and switches for configuring logging to console, monitor, or syslog server for troubleshooting my ACLs. I've got an ACL on a 1242AG very 12.3(8) on the dot11radio1.20 interface. The ACL has the ip deny any any log entry. When I do show...

The vlan approach is the best. I used three VLAN, corporate data, VoIP, and guests. Make sure you set the switchport to trunk mode. I use an ACL on the GUEST SSID/VLAN to limit traffic to only DNS server, our Websense filter, then typical Internet protocols. We cannot dump our VLAN outside...

I'm good at catching external attacks, using ACLs with syslog monitoring on WAN links, WireShark and Ethereal for tracking down bandwidth hogs and infected PCs. But how do you monitor the activity of a single user who has nothing better to do than attempt to exploit servers, printers, switches...

I went from a 515 and C3k to just a 5540. I'm running 14 L2L tunnels and utilization is only at 2% all day long sitting on a T3 with 2500 users. Using the extra money to buy an second 5540 for a active-standby config.

Not sure if this is related, but I've got 14 sites on Bell South DSL. The DSL modem has to be changed from default to bridged mode or sometimes called pass thru mode in orderfor the ASA or PIXs to work correctly.

I'm running 7.22 for compatibility with Websense 6.3.x http filtering. The one issue I've encountered so far was the use of the time-range command in the ADSM does not work. You have to create the time range on the CLI, then refresh ADSM to recognized the time ranges that were created. I've...

Usually this is related to a missing NAT exemption for the VPN tunnel. Do you have the same hosts or subnets defined on both sides of the tunnel?

You have to NAT the private inside address to an external public address on the outside interface in order for the external remote desktop to work.

In order for the SEF to pass the protocol is needs to be defined in a rule. That will keep the port "open". If it is not defined, then the firewall will reject it. Under Base Components-Protocols. Make sure that Notes_communicator has a checkmark in "Display In Rules. Create...

I would start at the Cisco router with an inbound access lists that has deny all all for IP and ICMP at the bottom. The access-list permit statements should mirror your allow rules within SEF. Having the router pass only those protocols that actively pass on your DMZ greatly reduces security...

Do you want to block the IP address of the SMTP server or or you trying to block a specific email address? If you want to block the IP address of the remote SMTP server, create Network Entity host entries for each host or subnet to block. Create a Network Entity group call...

The only way to schedule the defrag is to buy the full version from Executive software.