About lfkentwell

lfkentwell · 10-02-2012

I have setup an Ironport with TLS in prefered mode. If I telnet to the device and issue starttls it returns go ahead with tls which I take as a good sign. What I want to do it fully test it by actually sending an email via telnet over TLS. Can any...

lfkentwell · 09-18-2012

I want to setup a content filter that does a certain action but I want the condition to be if the message came from an email address in a list of source addresses. I seem to only be able to apply one. I really dont want to have to create 200 condit...

lfkentwell · 09-10-2012

I know the Ironport cluster is not like your traditional cluster where you have a VIP and redundant hardware to ensure seamless failover should a device fail. Im keen to hear then how others have achieved a Highly available state for incoming emails...

lfkentwell · 09-10-2012

I know it is recomended to give an ironport ESA a public IP on a dedicated interface to take advantge of the reputation checking etc. I believe this is so it recieves the email frmo the original sender IP and if you put a relay between the Ironport ...

lfkentwell · 09-09-2012

Can anyone help with what is probably a simple question. I will be pointing an ASA to use an RSA server fro 2 factor login using SDI. THere will be a primary and a replica (for redundancy) RSA server. Normally if you where pointing a windows machi...

lfkentwell · 09-19-2012

Yes I eneded up looking at that but to be honest wasnt sure if that would work or not. If it doest then great.

lfkentwell · 08-02-2012

Great that explains it thanks. From what im reading about ASA WCCP implemntation the client and the "proxy" have to both be reachable on the same interface as WCCP. You cant redirect the request to a "proxy" that might be sitting on a DMZ of anoth...

lfkentwell · 03-06-2012

Awesome that helps. One last question. Assumig I dont want to restric them incoming I want them to be able to access any host inside my network. Do I need to create a rule or anykind to allow this incomign access or does the ASA just allow it?Tha...

lfkentwell · 03-03-2012

I got this to work, there was a Xauth setting that I had to turn off to stop it from also asking for user credentials and it worked perfectly. It recognised the cert and verified it was issed by the CA I setup in the conifg.However this raises a bi...

lfkentwell · 03-01-2012

Jason,So are you saying that I can connect a client VPN to an ASA with a non public IP provided another device infront of it e.g. a Juniper\Checkpoint firewall etc is doing one to one NAT for that ASA to a public IP?I thought you couldnt do that or ...

Member Since	‎02-29-2012 02:10 PM
Date Last Visited	‎08-18-2017 03:54 AM
Posts	19

User Statistics

User Activity

Send an email over TLS from telnet or cli

apply a content filter to a group of sender addresses

Ironport clusters not like traditional clusters

Ironport ESA behind a NAT address

ASA VPN login using RSA SDI and 2 RSA servers

apply a content filter to a group of sender addresses

ASA WCCP Failover

Client VPN and access rules

IPAD Cisco VPN Client certificate authentication?

Is NAT to blame.