RE: Cisco ASA Assistance
Here is what I received from my Cisco guy. ONE The Cisco ASA CLI for all idle connections is the following would change it to 15 minutes timeout conn 00:15:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 TWO But, since they come from the world of switch/routers should you have the interface address configured you must then use the interface keyword; example. -access-list OUTSIDEIP extended permit tcp any host SERVERIP eq smtp +access-list OUTSIDEIP extended permit tcp any interface outside eq smtp (In the ASDM you just type outside without the quotes for destination). NOTE from Research: I found the problem. When you use the ASA GUI to make rule changes, it doesn't put the correct syntax on the rule. Instead of access-list outside_acl extended permit tcp any host Email2003 eq https; I was getting access-list outside_acl extended permit tcp any eq https host Email2003 eq https Deleted that rule, put the right syntax, and it is fixed. Thanks to all who read and helped. exerted from http://www.themssforum.com/ExchangeSetup/Cisco/ THREE Example of DMZ Mail Server configuration from Cisco http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806745b8.shtml Cisco ASA configuration example for Exchange 2007 Edge setup http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_23372433.html#a21489032 It must be takem into consideration what environment MS Exchange is in whether, it is a FrontEnd, BackEnd, or just a single internal server. Hope this helps. CAR Office: 305-443-0331 xt. 1202 Mobile: 786-412-1746 Skype: 305-851-2606 Fax: 305-443-0350 e-Mail: [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] BB Pin: 23E727FF AIM: cramosMIA MSN: [EMAIL PROTECTED]mailto:[EMAIL PROTECTED] Yahoo: cramosMIA From: Sean Martin [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2008 6:56 PM To: NT System Admin Issues Subject: Cisco ASA Assistance Anyone out there familiar with the Cisco ASA GUI? I need my network department configure the HTTPS timeout for 15 minutes based on Microsoft recommendations for Exchange ActiveSync. The only guy available in our network department isn't familiar with the ASA. Thanks, - Sean This e-Mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-Mail in error please notify the sender via returned e-Mail. Please note that any views or opinions presented in this e-Mail are solely those of the author and do not necessarily represent those of the company. Although IDF operates anti-virus programs, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. ** Think before you print this message. ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Cisco ASA Assistance
When you use the ASA GUI to make rule changes, it doesn't put the correct syntax on the rule. what version of ADSM are you running ? Erik Goldoff IT Consultant Systems, Networks, Security _ From: Cesare' A. Ramos [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:25 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance Here is what I received from my Cisco guy. ONE The Cisco ASA CLI for all idle connections is the following would change it to 15 minutes timeout conn 00:15:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 TWO But, since they come from the world of switch/routers should you have the interface address configured you must then use the interface keyword; example. -access-list OUTSIDEIP extended permit tcp any host SERVERIP eq smtp +access-list OUTSIDEIP extended permit tcp any interface outside eq smtp (In the ASDM you just type outside without the quotes for destination). NOTE from Research: “I found the problem. When you use the ASA GUI to make rule changes, it doesn't put the correct syntax on the rule. Instead of access-list outside_acl extended permit tcp any host Email2003 eq https; I was getting access-list outside_acl extended permit tcp any eq https host Email2003 eq https Deleted that rule, put the right syntax, and it is fixed. Thanks to all who read and helped. exerted from http://www.themssforum.com/ExchangeSetup/Cisco/ http://www.themssforum.com/ExchangeSetup/Cisco/ THREE Example of DMZ Mail Server configuration from Cisco http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuratio n_example09186a00806745b8.shtml http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration _example09186a00806745b8.shtml Cisco ASA configuration example for Exchange 2007 Edge setup http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Fire walls/Cisco_PIX_Firewall/Q_23372433.html#a21489032 http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firew alls/Cisco_PIX_Firewall/Q_23372433.html#a21489032 It must be takem into consideration what environment MS Exchange is in whether, it is a FrontEnd, BackEnd, or just a single internal server. Hope this helps. CAR Office: 305-443-0331 xt. 1202 Mobile: 786-412-1746 Skype: 305-851-2606 Fax: 305-443-0350 e-Mail: mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] BB Pin: 23E727FF AIM: cramosMIA MSN: mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] Yahoo: cramosMIA From: Sean Martin [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2008 6:56 PM To: NT System Admin Issues Subject: Cisco ASA Assistance Anyone out there familiar with the Cisco ASA GUI? I need my network department configure the HTTPS timeout for 15 minutes based on Microsoft recommendations for Exchange ActiveSync. The only guy available in our network department isn't familiar with the ASA. Thanks, - Sean _ This e-Mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-Mail in error please notify the sender via returned e-Mail. Please note that any views or opinions presented in this e-Mail are solely those of the author and do not necessarily represent those of the company. Although IDF operates anti-virus programs, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. ** Think before you print this message. ** No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 11/14/2008 8:32 AM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Cisco ASA Assistance
The one that requires Java 5.1.3.2.5.2.555 exactly or won't work. From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 6:28 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance When you use the ASA GUI to make rule changes, it doesn't put the correct syntax on the rule. what version of ADSM are you running ? Erik Goldoff IT Consultant Systems, Networks, Security _ From: Cesare' A. Ramos [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:25 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance Here is what I received from my Cisco guy. ONE The Cisco ASA CLI for all idle connections is the following would change it to 15 minutes timeout conn 00:15:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 TWO But, since they come from the world of switch/routers should you have the interface address configured you must then use the interface keyword; example. -access-list OUTSIDEIP extended permit tcp any host SERVERIP eq smtp +access-list OUTSIDEIP extended permit tcp any interface outside eq smtp (In the ASDM you just type outside without the quotes for destination). NOTE from Research: I found the problem. When you use the ASA GUI to make rule changes, it doesn't put the correct syntax on the rule. Instead of access-list outside_acl extended permit tcp any host Email2003 eq https; I was getting access-list outside_acl extended permit tcp any eq https host Email2003 eq https Deleted that rule, put the right syntax, and it is fixed. Thanks to all who read and helped. exerted from http://www.themssforum.com/ExchangeSetup/Cisco/ http://www.themssforum.com/ExchangeSetup/Cisco/ THREE Example of DMZ Mail Server configuration from Cisco http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuratio n_example09186a00806745b8.shtml http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration _example09186a00806745b8.shtml Cisco ASA configuration example for Exchange 2007 Edge setup http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Fire walls/Cisco_PIX_Firewall/Q_23372433.html#a21489032 http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firew alls/Cisco_PIX_Firewall/Q_23372433.html#a21489032 It must be takem into consideration what environment MS Exchange is in whether, it is a FrontEnd, BackEnd, or just a single internal server. Hope this helps. CAR Office: 305-443-0331 xt. 1202 Mobile: 786-412-1746 Skype: 305-851-2606 Fax: 305-443-0350 e-Mail: [EMAIL PROTECTED] BB Pin: 23E727FF AIM: cramosMIA MSN: [EMAIL PROTECTED] Yahoo: cramosMIA From: Sean Martin [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2008 6:56 PM To: NT System Admin Issues Subject: Cisco ASA Assistance Anyone out there familiar with the Cisco ASA GUI? I need my network department configure the HTTPS timeout for 15 minutes based on Microsoft recommendations for Exchange ActiveSync. The only guy available in our network department isn't familiar with the ASA. Thanks, - Sean _ This e-Mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-Mail in error please notify the sender via returned e-Mail. Please note that any views or opinions presented in this e-Mail are solely those of the author and do not necessarily represent those of the company. Although IDF operates anti-virus programs, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. ** Think before you print this message. ** No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 11/14/2008 8:32 AM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Cisco ASA Assistance
Hmmm, against an ASA5520 I've been using ADSM 5.0(6) and it claims Java Version 1.6.0_02 ... not even close to what you list... Erik Goldoff IT Consultant Systems, Networks, Security _ From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:34 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance The one that requires Java 5.1.3.2.5.2.555 exactly or won’t work. From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 6:28 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance When you use the ASA GUI to make rule changes, it doesn't put the correct syntax on the rule. what version of ADSM are you running ? Erik Goldoff IT Consultant Systems, Networks, Security _ From: Cesare' A. Ramos [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:25 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance Here is what I received from my Cisco guy. ONE The Cisco ASA CLI for all idle connections is the following would change it to 15 minutes timeout conn 00:15:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 TWO But, since they come from the world of switch/routers should you have the interface address configured you must then use the interface keyword; example. -access-list OUTSIDEIP extended permit tcp any host SERVERIP eq smtp +access-list OUTSIDEIP extended permit tcp any interface outside eq smtp (In the ASDM you just type outside without the quotes for destination). NOTE from Research: “I found the problem. When you use the ASA GUI to make rule changes, it doesn't put the correct syntax on the rule. Instead of access-list outside_acl extended permit tcp any host Email2003 eq https; I was getting access-list outside_acl extended permit tcp any eq https host Email2003 eq https Deleted that rule, put the right syntax, and it is fixed. Thanks to all who read and helped. exerted from http://www.themssforum.com/ExchangeSetup/Cisco/ http://www.themssforum.com/ExchangeSetup/Cisco/ THREE Example of DMZ Mail Server configuration from Cisco http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuratio n_example09186a00806745b8.shtml http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration _example09186a00806745b8.shtml Cisco ASA configuration example for Exchange 2007 Edge setup http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Fire walls/Cisco_PIX_Firewall/Q_23372433.html#a21489032 http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firew alls/Cisco_PIX_Firewall/Q_23372433.html#a21489032 It must be takem into consideration what environment MS Exchange is in whether, it is a FrontEnd, BackEnd, or just a single internal server. Hope this helps. CAR Office: 305-443-0331 xt. 1202 Mobile: 786-412-1746 Skype: 305-851-2606 Fax: 305-443-0350 e-Mail: [EMAIL PROTECTED] BB Pin: 23E727FF AIM: cramosMIA MSN: [EMAIL PROTECTED] Yahoo: cramosMIA From: Sean Martin [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2008 6:56 PM To: NT System Admin Issues Subject: Cisco ASA Assistance Anyone out there familiar with the Cisco ASA GUI? I need my network department configure the HTTPS timeout for 15 minutes based on Microsoft recommendations for Exchange ActiveSync. The only guy available in our network department isn't familiar with the ASA. Thanks, - Sean _ This e-Mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-Mail in error please notify the sender via returned e-Mail. Please note that any views or opinions presented in this e-Mail are solely those of the author and do not necessarily represent those of the company. Although IDF operates anti-virus programs, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. ** Think before you print this message. ** No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 11/14/2008 8:32 AM No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 11/14/2008 8:32 AM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Cisco ASA Assistance
It's actually a bit of Cisco humor as their gui's used to be very dependent and specific Java versions. From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 6:40 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance Hmmm, against an ASA5520 I've been using ADSM 5.0(6) and it claims Java Version 1.6.0_02 ... not even close to what you list... Erik Goldoff IT Consultant Systems, Networks, Security _ From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:34 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance The one that requires Java 5.1.3.2.5.2.555 exactly or won't work. From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 6:28 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance When you use the ASA GUI to make rule changes, it doesn't put the correct syntax on the rule. what version of ADSM are you running ? Erik Goldoff IT Consultant Systems, Networks, Security _ From: Cesare' A. Ramos [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:25 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance Here is what I received from my Cisco guy. ONE The Cisco ASA CLI for all idle connections is the following would change it to 15 minutes timeout conn 00:15:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 TWO But, since they come from the world of switch/routers should you have the interface address configured you must then use the interface keyword; example. -access-list OUTSIDEIP extended permit tcp any host SERVERIP eq smtp +access-list OUTSIDEIP extended permit tcp any interface outside eq smtp (In the ASDM you just type outside without the quotes for destination). NOTE from Research: I found the problem. When you use the ASA GUI to make rule changes, it doesn't put the correct syntax on the rule. Instead of access-list outside_acl extended permit tcp any host Email2003 eq https; I was getting access-list outside_acl extended permit tcp any eq https host Email2003 eq https Deleted that rule, put the right syntax, and it is fixed. Thanks to all who read and helped. exerted from http://www.themssforum.com/ExchangeSetup/Cisco/ http://www.themssforum.com/ExchangeSetup/Cisco/ THREE Example of DMZ Mail Server configuration from Cisco http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuratio n_example09186a00806745b8.shtml http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration _example09186a00806745b8.shtml Cisco ASA configuration example for Exchange 2007 Edge setup http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Fire walls/Cisco_PIX_Firewall/Q_23372433.html#a21489032 http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firew alls/Cisco_PIX_Firewall/Q_23372433.html#a21489032 It must be takem into consideration what environment MS Exchange is in whether, it is a FrontEnd, BackEnd, or just a single internal server. Hope this helps. CAR Office: 305-443-0331 xt. 1202 Mobile: 786-412-1746 Skype: 305-851-2606 Fax: 305-443-0350 e-Mail: [EMAIL PROTECTED] BB Pin: 23E727FF AIM: cramosMIA MSN: [EMAIL PROTECTED] Yahoo: cramosMIA From: Sean Martin [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2008 6:56 PM To: NT System Admin Issues Subject: Cisco ASA Assistance Anyone out there familiar with the Cisco ASA GUI? I need my network department configure the HTTPS timeout for 15 minutes based on Microsoft recommendations for Exchange ActiveSync. The only guy available in our network department isn't familiar with the ASA. Thanks, - Sean _ This e-Mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-Mail in error please notify the sender via returned e-Mail. Please note that any views or opinions presented in this e-Mail are solely those of the author and do not necessarily represent those of the company. Although IDF operates anti-virus programs, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. ** Think before you print this message. ** No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 11/14/2008 8:32 AM No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 11/14/2008 8:32 AM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Cisco ASA Assistance
ahhh, humor, arrr-a-a I actually only started using the gui recently, more of a CLI person myself ... Erik Goldoff IT Consultant Systems, Networks, Security _ From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:48 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance It’s actually a bit of Cisco humor as their gui’s used to be very dependent and specific Java versions. From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 6:40 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance Hmmm, against an ASA5520 I've been using ADSM 5.0(6) and it claims Java Version 1.6.0_02 ... not even close to what you list... Erik Goldoff IT Consultant Systems, Networks, Security _ From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:34 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance The one that requires Java 5.1.3.2.5.2.555 exactly or won’t work. From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 6:28 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance When you use the ASA GUI to make rule changes, it doesn't put the correct syntax on the rule. what version of ADSM are you running ? Erik Goldoff IT Consultant Systems, Networks, Security _ From: Cesare' A. Ramos [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:25 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance Here is what I received from my Cisco guy. ONE The Cisco ASA CLI for all idle connections is the following would change it to 15 minutes timeout conn 00:15:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 TWO But, since they come from the world of switch/routers should you have the interface address configured you must then use the interface keyword; example. -access-list OUTSIDEIP extended permit tcp any host SERVERIP eq smtp +access-list OUTSIDEIP extended permit tcp any interface outside eq smtp (In the ASDM you just type outside without the quotes for destination). NOTE from Research: “I found the problem. When you use the ASA GUI to make rule changes, it doesn't put the correct syntax on the rule. Instead of access-list outside_acl extended permit tcp any host Email2003 eq https; I was getting access-list outside_acl extended permit tcp any eq https host Email2003 eq https Deleted that rule, put the right syntax, and it is fixed. Thanks to all who read and helped. exerted from http://www.themssforum.com/ExchangeSetup/Cisco/ http://www.themssforum.com/ExchangeSetup/Cisco/ THREE Example of DMZ Mail Server configuration from Cisco http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuratio n_example09186a00806745b8.shtml http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration _example09186a00806745b8.shtml Cisco ASA configuration example for Exchange 2007 Edge setup http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Fire walls/Cisco_PIX_Firewall/Q_23372433.html#a21489032 http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firew alls/Cisco_PIX_Firewall/Q_23372433.html#a21489032 It must be takem into consideration what environment MS Exchange is in whether, it is a FrontEnd, BackEnd, or just a single internal server. Hope this helps. CAR Office: 305-443-0331 xt. 1202 Mobile: 786-412-1746 Skype: 305-851-2606 Fax: 305-443-0350 e-Mail: [EMAIL PROTECTED] BB Pin: 23E727FF AIM: cramosMIA MSN: [EMAIL PROTECTED] Yahoo: cramosMIA From: Sean Martin [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2008 6:56 PM To: NT System Admin Issues Subject: Cisco ASA Assistance Anyone out there familiar with the Cisco ASA GUI? I need my network department configure the HTTPS timeout for 15 minutes based on Microsoft recommendations for Exchange ActiveSync. The only guy available in our network department isn't familiar with the ASA. Thanks, - Sean _ This e-Mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-Mail in error please notify the sender via returned e-Mail. Please note that any views or opinions presented in this e-Mail are solely those of the author and do not necessarily represent those of the company. Although IDF operates anti-virus programs, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. ** Think before you print this message. ** No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 11/14/2008 8:32 AM No virus found in this incoming message. Checked by AVG
RE: Cisco ASA Assistance
Me, too, but sometimes the gui can be faster. I agree with what Martin said, the gui is very java specific. I'm still running my Pix on v6 something and have had to keep my Java at 1.42 or the gui wouldn't load. Paul Chinnery Network Administrator Memorial Medical Center 231-845-2319 _ From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 10:26 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance ahhh, humor, arrr-a-a I actually only started using the gui recently, more of a CLI person myself ... Erik Goldoff IT Consultant Systems, Networks, Security _ From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:48 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance It's actually a bit of Cisco humor as their gui's used to be very dependent and specific Java versions. From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 6:40 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance Hmmm, against an ASA5520 I've been using ADSM 5.0(6) and it claims Java Version 1.6.0_02 ... not even close to what you list... Erik Goldoff IT Consultant Systems, Networks, Security _ From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:34 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance The one that requires Java 5.1.3.2.5.2.555 exactly or won't work. From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 6:28 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance When you use the ASA GUI to make rule changes, it doesn't put the correct syntax on the rule. what version of ADSM are you running ? Erik Goldoff IT Consultant Systems, Networks, Security _ From: Cesare' A. Ramos [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:25 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance Here is what I received from my Cisco guy. ONE The Cisco ASA CLI for all idle connections is the following would change it to 15 minutes timeout conn 00:15:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 TWO But, since they come from the world of switch/routers should you have the interface address configured you must then use the interface keyword; example. -access-list OUTSIDEIP extended permit tcp any host SERVERIP eq smtp +access-list OUTSIDEIP extended permit tcp any interface outside eq smtp (In the ASDM you just type outside without the quotes for destination). NOTE from Research: I found the problem. When you use the ASA GUI to make rule changes, it doesn't put the correct syntax on the rule. Instead of access-list outside_acl extended permit tcp any host Email2003 eq https; I was getting access-list outside_acl extended permit tcp any eq https host Email2003 eq https Deleted that rule, put the right syntax, and it is fixed. Thanks to all who read and helped. exerted from http://www.themssforum.com/ExchangeSetup/Cisco/ http://www.themssforum.com/ExchangeSetup/Cisco/ THREE Example of DMZ Mail Server configuration from Cisco http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configura tion_example09186a00806745b8.shtml http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configur ation_example09186a00806745b8.shtml Cisco ASA configuration example for Exchange 2007 Edge setup http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_F irewalls/Cisco_PIX_Firewall/Q_23372433.html#a21489032 http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_ Firewalls/Cisco_PIX_Firewall/Q_23372433.html#a21489032 It must be takem into consideration what environment MS Exchange is in whether, it is a FrontEnd, BackEnd, or just a single internal server. Hope this helps. CAR Office: 305-443-0331 xt. 1202 Mobile: 786-412-1746 Skype: 305-851-2606 Fax: 305-443-0350 e-Mail: [EMAIL PROTECTED] BB Pin: 23E727FF AIM: cramosMIA MSN: [EMAIL PROTECTED] Yahoo: cramosMIA From: Sean Martin [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2008 6:56 PM To: NT System Admin Issues Subject: Cisco ASA Assistance Anyone out there familiar with the Cisco ASA GUI? I need my network department configure the HTTPS timeout for 15 minutes based on Microsoft recommendations for Exchange ActiveSync. The only guy available in our network department isn't familiar with the ASA. Thanks, - Sean _ This e-Mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-Mail in error please notify the sender via returned e-Mail. Please note that any views or opinions presented in this e-Mail are solely those of the author and do not necessarily