Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
With Pix/ASA OS 7.1 to configure http inspection the configuration guide shows expamples like the following:access-list HTTP_PORTS extended permit tcp any any range 80 81!class-map http-ports match access-list HTTP_PORTS exit!http-map maphttp max-uri...
When upgrading from Pix OS 6.3.x to Pix 0S 7.x, Cisco says that the old fixup commands are translated into the new inspect and policy commands.So if I had a line as: fixup ftpthis is translated in something like: class map inspection_default match ...
I can't understand how should the vpn-filter ACL work for a remote access VPN policy (and a L2L policy too).I configured a RA group and policy that's corretly working. Then I tried to add a filter to restrict remote clients access to inside servers. ...
I discovered the problem at the beginning of january because our e-mail servers could not receive a lot of messages. I understood that it was related to the upgrade of PIX OS from 7.1.x (yes, in 7.1.x ESMTP inspection works, but is less accurate than...
In 7.2.x (including the latest 7.2.2 interim releases) there are bugs related to SMTP/ESMTP inspection. PIX inspection engine drops connections if it finds a registered header name, as "Content-type", inside another header of any kind. This can happe...
Actually we don't use this feature, but I could test it and it worked.In IAS you have to add the "Class" attribute with a value as "ou=;".It worked for me both for IPSec and SSL VPNs.
