Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have a pair of ASA 5540s running 8.2(3) in active/active failover mode. The internal networks are arranged on a /24 subnet "ring" around a central core switch. The ASAs are connected to a 3750 stack to provide redundant paths for each ASA as well...
Mail from myspace.com is being blocked by our ASAs (not that *I* think that is necessarily a bad thing, but our users do).The ASA is triggering ASA-3-108003: Terminating ESMTP/SMTP connection; malicious pattern detected in the mail addressData:MAIL ...
This signature appears to be looking for script markers in the header, but is firing on just the presence of 'script' which is not a problem. Example:000000 47 45 54 20 2F 42 75 72 73 74 69 6E 67 53 63 72 GET /BurstingScr000010 69 70 74 2F 61 64...
jkell wrote:That still announces the next-hop as the originating node, not the ASA address as next-hop. They all share a common subnet (nodes, core, ASA inside all on same /24 backbone "ring").More accurately, the node announces the default, and all...
That still announces the next-hop as the originating node, not the ASA address as next-hop. They all share a common subnet (nodes, core, ASA inside all on same /24 backbone "ring").
"That other IDS package" can find it with:alert tcp $HOME_NET any -> $EXTERNAL_NET 3724 (msg:"World of Warcraft connection"; flow:established,to_server; content:"|00 02|"; depth:2; content:"WoW|00|"; distance:2; within:4;)You can probably do that wit...
You are essentially correct, multiple context mode disables VPN and routing protocols.The "active/active" is a misleading term because we are used to thinking in terms of a single context, and "active/standby" is the only way things worked prior to t...
