.
Z
Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org
From: Tom Miller [mailto:tmil...@sfgtrust.com]
Sent: Tuesday, January 08, 2013 10:54 AM
To: NT System Admin Issues
Subject: Cisco ASA question
Hi Folks,
At a new job
) with a few rules, and another Inside (outgoing)
with a few rules. What's the difference?
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Tuesday, January 08, 2013 11:00 AM
To: NT System Admin Issues
Subject: RE: Cisco ASA question
Short term solution would be to restrict out smtp to our
Looks right to me, both in sequence and content [1].
- You're allowing SMTP from specific host(s). Correct. Not so much a 'best
practice' ptooey as a must-do.
- Next, you're denying SMTP from anything else. Also correct.
- Implied, but must exist, is the Deny Any Any at the end. You'd be
...@sfgtrust.com]
Sent: Tuesday, January 08, 2013 10:54 AM
To: NT System Admin Issues
Subject: Cisco ASA question
Hi Folks,
At a new job here. I have a few Cisco ASA. One of them, an ASA 5510, seems
to be not very strict on outbound rules. I’m new to ASA (came from the
Fortinet world), so any
I had the direction incorrect! Thanks for the help folks,
Relay only by exemption on the mail servers, though.
From: Patrick Salmon [mailto:psal...@gmail.com]
Sent: Tuesday, January 08, 2013 11:21 AM
To: NT System Admin Issues
Subject: Re: Cisco ASA question
Looks right to me, both in sequence
Folks,
I have a new job and they use Cisco ASA firewalls here. I'm new to Cisco
firewalls so I'm still learning.
Under Remote Access VPN -- AAA/Local User --- AAA Server groups, I have a few
Windows 2000 servers that are DCs listed here. Those are going to be retired
and I need to
System Admin Issues
Subject: Cisco ASA question
Folks,
I have a new job and they use Cisco ASA firewalls here. I'm new to Cisco
firewalls so I'm still learning.
Under Remote Access VPN -- AAA/Local User --- AAA Server groups, I have a few
Windows 2000 servers that are DCs listed here. Those
Nothing that I know of, just change the IP's to point to your new DC's. That's
all I had to do.
From: Tom Miller [mailto:tmil...@sfgtrust.com]
Sent: Tuesday, November 13, 2012 9:59 AM
To: NT System Admin Issues
Subject: Cisco ASA question
Folks,
I have a new
Are you using Radius or NT Domain?
From: N Parr [mailto:npar...@mortonind.com]
Sent: Tuesday, November 13, 2012 11:28 AM
To: NT System Admin Issues
Subject: RE: Cisco ASA question
Nothing that I know of, just change the IP's to point to your new DC's.
That's all I had to do
(presuming
you’re using NT Domain protocol).
They’ve got a bloody convenient ‘test’ button out to the right side of that
section, to make sure it flies.
From: Tom Miller [mailto:tmil...@sfgtrust.com]
Sent: Tuesday, November 13, 2012 10:59 AM
To: NT System Admin Issues
Subject: Cisco ASA question
and see if I can find
it but Damien is on the right track. Jon
From: damien.solo...@harrison.edu
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: Cisco ASA question
Date: Tue, 13 Nov 2012 16:14:14 +
Check the Windows 2000 DCs listed; they are likely running IAS. On 2008+ that’s
all
DNS names need to be in the same domain (wildcard) or you need to define all
hosts in the SAN field.
Cheers
Ken
From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Wednesday, 16 June 2010 1:13 AM
To: NT System Admin Issues
Subject: Re: Cisco ASA Question/IIS Question
+1 on SSL needs
On Tue
hosts in the SAN field.
Cheers
Ken
*From:* Erik Goldoff [mailto:egold...@gmail.com]
*Sent:* Wednesday, 16 June 2010 1:13 AM
*To:* NT System Admin Issues
*Subject:* Re: Cisco ASA Question/IIS Question
+1 on SSL needs
On Tue, Jun 15, 2010 at 1:10 PM, Richard Stovall rich...@gmail.com
Your 2 options: are:
a) SAN certs
b) Separate IP numbers and SSL certificates
IIS does not yet support TLS SNI
(http://en.wikipedia.org/wiki/Server_Name_Indication) and won't until
Windows Server 8 (or whatever the next major version will be called) at
the earliest.
Downside to SAN certs: each
...@medaille.edu wrote:
Who do you recommend for SAN certs? I think that is the way I am going
to go.
Thanks!
-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com]
Sent: Wednesday, June 16, 2010 11:03 AM
To: NT System Admin Issues
Subject: Re: Cisco ASA Question/IIS Question
to the appropriate website.
Cheers
Ken
From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Wednesday, 16 June 2010 9:46 PM
To: NT System Admin Issues
Subject: Re: Cisco ASA Question/IIS Question
Would a SAN cert serve up different content in the same way you can have
multiple sites on the same port and IP
ASA Question/IIS Question
Who do you recommend for SAN certs? I think that is the way I am going to go.
Thanks!
-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com]
Sent: Wednesday, June 16, 2010 11:03 AM
To: NT System Admin Issues
Subject: Re: Cisco ASA Question/IIS
Thanks for your insight Ken..
Bob
-Original Message-
From: Ken Schaefer k...@adopenstatic.com
Sent: Wednesday, June 16, 2010 10:14 PM
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Subject: RE: Cisco ASA Question/IIS Question
I've personally used Digicert
To: NT System Admin Issues
Subject: RE: Cisco ASA Question/IIS Question
Thanks for your insight Ken..
Bob
-Original Message-
From: Ken Schaefer k...@adopenstatic.com
Sent: Wednesday, June 16, 2010 10:14 PM
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Subject: RE: Cisco
Ok here my scenario:
I have 2 websites on a Windows Server 2008 box with IIS7. We are using
one IP address for both sites using host headers. On our internal AD
DNS we have an entry in for both hostnames pointing to the same IP
address (A records). For our first site we have a one-to-one
I *think* you would need a second public IP address. then you would do a one
to one with the second public server and the internal website.
On Tue, Jun 15, 2010 at 11:09 AM, Chyka, Robert bch...@medaille.edu wrote:
Ok here my scenario:
I have 2 websites on a Windows Server 2008 box with
That would work. However I would just use the same IP for both publically and
let the host header take care of it.
From: Candee Vaglica [mailto:can...@gmail.com]
Sent: Tuesday, June 15, 2010 11:35 AM
To: NT System Admin Issues
Subject: Re: Cisco ASA Question/IIS Question
I *think* you would
: Tuesday, June 15, 2010 11:38 AM
To: NT System Admin Issues
Subject: RE: Cisco ASA Question/IIS Question
That would work. However I would just use the same IP for both
publically and let the host header take care of it.
From: Candee Vaglica [mailto:can...@gmail.com]
Sent: Tuesday, June 15
Yep, it will work exactly like your internal host header set up.
From: Chyka, Robert [mailto:bch...@medaille.edu]
Sent: Tuesday, June 15, 2010 11:41 AM
To: NT System Admin Issues
Subject: RE: Cisco ASA Question/IIS Question
Hi Jim,
So I would just need 1 nat translation on the asa with port
Nice. I will give that a shot.
Thanks..
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Tuesday, June 15, 2010 11:42 AM
To: NT System Admin Issues
Subject: RE: Cisco ASA Question/IIS Question
Yep, it will work exactly like your internal host header set up
[mailto:bch...@medaille.edu]
*Sent:* Tuesday, June 15, 2010 11:41 AM
*To:* NT System Admin Issues
*Subject:* RE: Cisco ASA Question/IIS Question
Hi Jim,
So I would just need 1 nat translation on the asa with port 80 open and 2
entries with our public dns server with 2 different hostnames
:41 AM
*To:* NT System Admin Issues
*Subject:* RE: Cisco ASA Question/IIS Question
Hi Jim,
So I would just need 1 nat translation on the asa with port 80 open and 2
entries with our public dns server with 2 different hostnames pointing to
the same public ip and then the headers
On Tue, Jun 15, 2010 at 11:09 AM, Chyka, Robert bch...@medaille.edu wrote:
My question is: How do I do another one to one NAT translation with a
different public IP address so I can register both sites with our public DNS
provider?
Sounds like you already got the right answer (just use one
Hi all,
Working on a Cisco ASA 5505, trying to get to a machine on the inside
interface via SSH from a machine on the outside interface. I can SSH to
the ASA itself, but can't figure out how to get to a host behind it. I
tried all kinds of ACL's, no joy. Any suggestions for a ASA noob?
Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003
_
From: Kelsey, John [mailto:jckel...@drmc.org]
Sent: Friday, February 27, 2009 9:42 AM
To: NT System Admin Issues
Subject: Cisco ASA Question
Hi all,
Working on a Cisco ASA
-
From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Friday, February 27, 2009 09:48
To: NT System Admin Issues
Subject: RE: Cisco ASA Question
I'm not familiar with the ASA devices, but are you creating a
VPN tunnel through
Bodnar [mailto:christopher_bod...@glic.com]
*Sent:* Friday, February 27, 2009 09:48
*To:* NT System Admin Issues
*Subject:* RE: Cisco ASA Question
I’m not familiar with the ASA devices, but are you creating a VPN tunnel
through the device first? I would think you would need to do that to access
...@dpsciences.com mailto:dwiss...@dpsciences.com
http://www.dpsciences.com/
From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Friday, February 27, 2009 10:10 AM
To: NT System Admin Issues
Subject: Re: Cisco ASA Question
You can I think do the port forwarding but I don't know how. I have
Amateur!
;-)
From: Rohyans, Aaron [mailto:arohy...@dpsciences.com]
Sent: Friday, February 27, 2009 10:31 AM
To: NT System Admin Issues
Subject: RE: Cisco ASA Question
1.1.1.1= Outside IP Address
192.168.1.1 = Inside Host IP Address
Asa(config)# static (inside,outside) tcp 1.1.1.1 22
34 matches
Mail list logo
