firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: Cisco VPN reconnection every 23 minutes (Andrew Bell)
2. Re: Odd Cisco ASA question. . . (lordchariot@embarqmail.com)
----------------------------------------------------------------------
Message: 1
Date: Sat, 9 Jun 2007 14:10:47 -0400
From: "Andrew Bell" <andrewb@poscomp.ca>
Subject: Re: [fw-wiz] Cisco VPN reconnection every 23 minutes
To: "'Firewall Wizards Security Mailing List'"
<firewall-wizards@listserv.cybertrust.com>, "'ditribar'"
<ditribar@gmx.de>
Message-ID: <000e01c7aac1$8197ae80$6401a8c0@poscomp.ca>
Content-Type: text/plain; charset="US-ASCII"
> 2007-06-01T17:40:20+0100 [...] Session disconnected. Session Type:
IPSecLAN2LAN,
> Duration: 0h:23m:00s, Bytes xmt: 0, Bytes rcv: 2460, Reason: User
Requested
This looks like a simple inactivity timeout. 0 bytes were transmitted
through the tunnel in the 23 minutes the session was up, according to your
log, but since your group policy sets an unlimited idle timeout, and the
default for the ASA is 30 minutes anyway, I'd look at the far end idle
timeout settings.
Regards,
Andrew
------------------------------
Message: 2
Date: Sun, 10 Jun 2007 18:07:10 -0400
From: <lordchariot@embarqmail.com>
Subject: Re: [fw-wiz] Odd Cisco ASA question. . .
To: "'Firewall Wizards Security Mailing List'"
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <4AD03C567B3E447D838B25E1D09E0A8A@lordchariot.com>
Content-Type: text/plain; charset="us-ascii"
>> Problem is, it appears a LOT of my filtering is over a single interface.
Don't understand. What does this mean? Are you seeing inbound traffic going
back out through the same interface?
KS1500s could handle that with ease (although not recommended), don't know
about the ASA.
-----Original Message-----
From: firewall-wizards-bounces@listserv.icsalabs.com
[mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Keith
A. Glass
Sent: Friday, June 08, 2007 6:10 PM
To: firewall-wizards@listserv.icsalabs.com
Subject: [fw-wiz] Odd Cisco ASA question. . .
Here's my situation: I'm having to replace several old Cyberguard KS-1500s
with new Cisco ASA 5500's. Problem is, it appears a LOT of my filtering is
over a single interface.
It doesn't help that we're on an entirely private network, and subnets have
been added willy-nilly.
And re-organizing the network is NOT a player.
Suggestions ? Other than "Down, not across", that is. . . .
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 14, Issue 6
***********************************************
No comments:
Post a Comment