MarkatLMFJ
IS-IT--Management
Howdy All,
I hope I have the right forum, I don't know if I have a PIX or not - I have an ASA 5000 series security appliance which somebody told me is a PIX to an extent.
Here's my situation - everything is working absolutely fine (keep reading)
Our alarm company is attempting to install a Bosch DX4020 module into our alarm panel to use the internet as a reporting engine instead of phone lines (I've had the discussions about some problems with this solution with our CFO and COO but thats what we are doing). Now for the fun part:
--- The device is on my network, is pingable and manageable over telnet
--- When it sends its signals out (the only indication I have that it is even doing anything is when I have the alarm panel open and see the tx led flash) they are not getting to the monitoring center.
We are blocking ICMP so it is hard to ping, I have in my ADSM manager successfully pinged the destination IP address on both of my outside interfaces. My security policy in ADSM does not have any traffic denies, the syslog that scrolls by on the main screen does NOT show any denies on my inside interface nor any warnings with the IP address of the monitoring center.
Now the device in my main corporate office I could assign a public IP to and put it directly on the outside internet but that does not solve my problem, the building across the street that is also considered corporate has the same module, we have 2 GBE connections to that building and a 32 pair cable for phones, so that device has to come through my network. The 9 other locations we have are connected to my corporate office through frame relay with Cisco 1700 series routers, I have 3 of these DX4020's "in the field" all of which have the saem problem (and those are configured properly for their sites with the right gateways).
So I'm trying to figure out what is going on, if anything, with my network that would be preventing traffic from going out from these devices.
I know that these devices are in use at large banks and such (or at least, HSM claims they are). It occurred to me that perhaps they are using VLANs for the alarm devices and routing them differently -- I do not have the vlan option available to me though.
If this is the wrong forum, can ya'll direct me to the right one? I did not see one covering the device I have (it was already here when I started).
MAL
I hope I have the right forum, I don't know if I have a PIX or not - I have an ASA 5000 series security appliance which somebody told me is a PIX to an extent.
Here's my situation - everything is working absolutely fine (keep reading)
Our alarm company is attempting to install a Bosch DX4020 module into our alarm panel to use the internet as a reporting engine instead of phone lines (I've had the discussions about some problems with this solution with our CFO and COO but thats what we are doing). Now for the fun part:
--- The device is on my network, is pingable and manageable over telnet
--- When it sends its signals out (the only indication I have that it is even doing anything is when I have the alarm panel open and see the tx led flash) they are not getting to the monitoring center.
We are blocking ICMP so it is hard to ping, I have in my ADSM manager successfully pinged the destination IP address on both of my outside interfaces. My security policy in ADSM does not have any traffic denies, the syslog that scrolls by on the main screen does NOT show any denies on my inside interface nor any warnings with the IP address of the monitoring center.
Now the device in my main corporate office I could assign a public IP to and put it directly on the outside internet but that does not solve my problem, the building across the street that is also considered corporate has the same module, we have 2 GBE connections to that building and a 32 pair cable for phones, so that device has to come through my network. The 9 other locations we have are connected to my corporate office through frame relay with Cisco 1700 series routers, I have 3 of these DX4020's "in the field" all of which have the saem problem (and those are configured properly for their sites with the right gateways).
So I'm trying to figure out what is going on, if anything, with my network that would be preventing traffic from going out from these devices.
I know that these devices are in use at large banks and such (or at least, HSM claims they are). It occurred to me that perhaps they are using VLANs for the alarm devices and routing them differently -- I do not have the vlan option available to me though.
If this is the wrong forum, can ya'll direct me to the right one? I did not see one covering the device I have (it was already here when I started).
MAL