Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi there,One of my customers are facing a DDoS attack on their email servers. I am in charge of ASA config.Here is what I have done so far and it was not very effective:tcp-map LimitEmail check-retransmission checksum-verification exceed-mss drop ...
Hi,After one year and 3 months without any problems I had to upgrade the ASA 5520 from version 8.03 to 8.04 due to a known bug (tcpmss problem).Everything worked fine with one exception: the Oracle application is not working any more.Whenever I remov...
Hi,I am facing a quite interesting problem with VPN and HSRP.Attached you can find a draft topology of the scenario. Every office has two routers: Main and secondary. All routers have fixed IP address.The Central Site main router has a VPN Site-to-Si...
Hi,I am facing a quite interesting problem between a PIX 515 and an ASA 5510.The PIX is in the HQ and has multiple dynamic VPN connections (aroung 130) and IPsec remote vpn working just fine. I needed to add one Static PIX-to-ASA L2L VPN and it is no...
Hello,I have set up Remote IPSec VPN and it is working just fine. I need to access the connected VPN clients and it is not working. I have already added an entry to the nonat ACL allowing traffic from inside my network to the VPN Network.More info:In...
Hi Sean,Thanks for the reply. Yes, it is on.I could not find any class-map type inspect for SMTP/POP3/IMAP. ASA 8.2(1) has those for DNS, HTTP, IM, etc... Rgs,Marcelo Pinheiro
Thank you for your response. The first option I already did and it is working.The second is impossible because it is an application server.I was wondering if there is a way to keep sqlnet inspecting with this problem or is it a bug?
Hi Ivan,Thanks for your quickly reply. I have already tried monitoring the ISP IP or the router interface. The problem is: If I track any other object, I would never get to know if the remote peer (either the central or remote site) is up and the tra...
Thanks Ivan for your helpful hint.After a long discussion, now I understood why it suddenly stopped working. The supplier was simply changing his configuration without telling me anything.Sorry for the long delay.Best regards.
Hi Ivan,Here is the conf at the ASA side. This is the suppliers conf.object-group network Test network-object host 192.168.1.88object-group network Remote_NET network-object 10.0.0.0 255.255.255.0crypto map SPEEDY_map 2 match address SPEEDY_2_cryptom...
