Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About sabinj
Stats
Member since
02-26-2003
36
Posts
0
Helpful
0
Solutions
11-14-2018
06:53 PM
Thanks for the responses. I should have worded my question a little better.
So the goal is to block any third party application used to obtain a remote desktop session. Things like Teamviewer, ScreenConnect, PC Anywhere (is that still around), GoToMyPC and do so at the edge. We have already blocked 3389, but those applications don't use that port and some use random port or tunnel over https as pointed out.
I wasn't sure if ASA had the ability to do this native or not. I wanted to make sure it cannot before I recommend a new product like Firepower or another security appliance / software.
... View more
11-14-2018
12:09 PM
I have a request from management to block 3rd party remote desktop applications at the firewall. I'm wondering if this can be done on an ASA, possibly through the Service Policy Rules...
ASA-5545 version 9.2(4)27
Any advice would be appreciated.
... View more
02-10-2012
01:48 PM
Hello Richard, We had reverse route injection selected on our L2L cryptomap rule. It really was not needed so I disabled it. However I still am getting some of the addresses popping up. I did a lookup on them and most are coming back as the following.. Reverse lookup for addresses below: .deploy.akamaitechnologies.com 23.1.217.83 whois = Domain Name: AKAMAITECHNOLOGIES.COM 65.197.244.80 whois = Domain Name: AKAMAITECHNOLOGIES.COM 65.197.244.82 whois = Domain Name: AKAMAITECHNOLOGIES.COM 72.246.225.83 whois = AKAMAITECHNOLOGIES.COM Apparently this AKAMAITECHNOLOGIES.COM provide deployment services and bandwidth for companies such as Microsoft and many more. No results 206.160.105.254 whois = Sprint.com 204.95.60.12 whois = Sprint.com 112.80.48.236 whois = Something in China...Blocked this network at firewall. Reverse lookup for addresses below: dns-redir-lb-02.tampabay.rr.com 65.32.5.112 65.32.5.111 A little more background on our setup. We have a very small network with no more than 80 connected devices. All devices have been accounted for. We have a L2L VPN tunnel to our client (did have Reverse route injection enable/now disabled as not needed). Here we use a dynamic policy NAT to NAT our internal hosts to an address space (Provided by ISP) usable in our clients network. The nat is configured so packets destined for client network on VPN tunnel get hit a pool of addresses and the source IP is then translated. We are also using PAT, which is used for packets not destined for the vpn tunnel (like the web). What is most puzzling, is if I turn off the PAT and delete the dynamic policy nat, then recreate a new dynamic nat with any any to the pool of addresses, these strange addresses do not show up in ARP table.
... View more
02-09-2012
05:50 PM
Hello, In our setup the management interface is also the inside interface. We do not dedicate an interface to management only.
... View more
02-09-2012
05:30 PM
Whats more troubling is the fact they are showing up on my inside interface.
... View more
02-09-2012
05:22 PM
Yes I can confirm that there are no static arps configured. sho run arp: no results returned We don't NAT to any of the addresses that are showing up in the ARP table, they are addresses that are completely foreignto the networks that we access on our known networks.
... View more
02-09-2012
02:17 PM
I need some advice on this topic. I am seeing strange entries in my ARP table on my ASA 5510. We do not use any static ARP on the firewall at all. There are several dynamic arp entries being created that are not local to my network, yet they show up on the Management(Inside) interface. I am pretty new to this so I may just not fully understand how/why a dynamic ARP entry is create on the inside interface of my firewall. I see all of my local IP's in this table, but am concerned with the ones that are not local.
... View more
Labels:
05-03-2010
07:16 AM
We are installing a new 1GB AIM-CUE in our 2651XM voice router. I have found hardware installation guides and that seems simple enough. However, I am unable to find any doc that outlines what happens to unity express when I put in the new card. I assume the card will be blank and I will have to upload a new image and configuration, scripts, prompts etc. I just want to make sure I am not overlooking something. If anyone can post what that process is or point me to a doc that oulines what to do in this scenario I would greatly appreciate it.
... View more
Labels:
03-23-2010
10:41 AM
I figured it out. It was a two part issue. Part 1: Client neglected to inform us that we are required to authenticate to their firewall prior to traffic being send to remote hosts. This solved the connectivity problem. Part 2: NAT is being done with policy-nat in the following manor access-list policy-nat extended permit ip 192.168.1.0 255.255.255.0 object-group VPN Global (outside) 1 10.10.10.96-10.10.10.127 netmask 255.255.255.224 Global (outside 1 interface Since the tunnel terminates on my outside interface, and the network I am natting to is the same as the outside interface, I am able to use a combination of a global pool, and PAT for natting accross the tunnel. works like a charm. The only draw back PAT is only used when the pool runs out of addresses, and each user that goes to the web get a natted address from the pool. Actually I don't see the pool for internet access as a draw back as it gives me better information when monitoring what certain users are doing. Thanks to all for the help on this issue. I was quite challenging, and this is for a new client so I didn't want to start finger pointing without being 100% sure that my config was correct. Worst part is I asked about the firewall authentication prior to even starting this project and of course I was assured that it was not required. Then after 4 days of my time being wasted, they realized that it was required.
... View more
03-19-2010
06:32 AM
I was trying not to show my config to much... I got it working turned out my config was good. However, I'm still not natting correctly. It is using the PAT address of the outside interface to go through the tunnel instead of the range I specified. THANK YOU FOR THE HELP IT IS GREATLY APPRECIATED.
... View more
03-19-2010
06:10 AM
I've attached my entire config I know something has to be wrong somewhere. I'm no expert on this and am going by documentation. If you don't mind please review the config and tell me where I'm wrong.
... View more
03-19-2010
05:11 AM
static (inside,outside) tcp 71.x.x.116 smtp 192.168.1.5 smtp netmask 255.255.255.255 dns static (inside,outside) 71.x.x.117 192.168.2.16 netmask 255.255.255.255 dns global (outside) 1 interface global (outside) 1 71.x.x.96 netmask 255.255.255.224 nat (inside) 0 access-list management_nat0_outbound_1 - Cisco VPN Client tunnel from remot access nat (inside) 1 access-list policy-nat dns nat (inside) 1 0.0.0.0 0.0.0.0 dns
... View more
03-18-2010
04:08 PM
When I do a show xlate the translation for the host I'm testing from does not show up. Any idea what could be causing that?
... View more
03-18-2010
02:11 PM
Yes I can do that. I do have a question if you don't mind... Should I see a translation for my host in the sho xlate?
... View more
11-14-2018
Thanks for the responses. I should have worded my question a little
better. So the goal is to block ...
11-14-2018
I have a request from management to block 3rd party remote desktop
applications at the firewall. I'm...
02-10-2012
Hello Richard,We had reverse route injection selected on our L2L
cryptomap rule. It really was not n...
02-09-2012
Hello, In our setup the management interface is also the inside
interface. We do not dedicate an int...
02-09-2012
Yes I can confirm that there are no static arps configured. sho run arp:
no results returned We don'...
02-09-2012
I need some advice on this topic. I am seeing strange entries in my ARP
table on my ASA 5510. We do ...
05-03-2010
We are installing a new 1GB AIM-CUE in our 2651XM voice router. I have
found hardware installation g...
03-23-2010
I figured it out. It was a two part issue.Part 1: Client neglected to
inform us that we are required...
03-19-2010
I was trying not to show my config to much... I got it working turned
out my config was good. Howeve...
03-19-2010
I've attached my entire config I know something has to be wrong
somewhere. I'm no expert on thisand ...
03-19-2010
static (inside,outside) tcp 71.x.x.116 smtp 192.168.1.5 smtp netmask
255.255.255.255 dnsstatic (insi...
03-18-2010
When I do a show xlate the translation for the host I'm testing from
does not show up. Any idea what...
Public Statistics
| Date Registered | 02-26-2003 10:05 AM |
| Date Last Visited | 12-07-2018 11:03 AM |
| Total Messages Posted | 36 |
.jpg "VIP Advisor"){kind=icon}
