Subscribe:
RSS feed
-
Follow
Following
Already have a WordPress.com account? Log in now.
Have you already experienced that the VPN session times out without after some minutes on your IPad. No matter if the keepalive setting is reached or not, it will disconnect after some minutes. There is a document for IPads what the support regarding the IPSEC. Here ist the link: manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf (Page 68 – Certificate section.) […]
November 28, 2010
The AnyConnect client provides remote end users running Microsoft Vista, Windows XP or Windows 2000, Linux, or Macintosh OS X, with the benefits of a Cisco SSL VPN client, and supports applications and functions unavailable to a clientless, browser-based SSL VPN connection. In addition, the AnyConnect client supports IPv6 over an IPv4 network. The AnyConnect […]
November 25, 2010
Checkpoint is not a cli based firewall, the cli is generally (in the daily life) not used. What the admin wants, can do through the GUI. For troubleshooting purposes or just query something there are some useful commands. In this list I tried to collect what I already had to use (or wanted to try […]
November 24, 2010
This document is not up to date as the firewall is PIX. Maybe the ASA codes have the same command as this old PIX. I did not have time to test it. Use the following commands to check your PPPoE interface: show ip address outside pppoe show vpdn session pppoe show vpdn pppinterface show vpdn […]
November 24, 2010
For the following examples to use you will need unix (awk, grep, sort, uniq,…) commands. TASK1. Filter to the Dual ISP feature’s syslog messages from pix_log.txt file that is a log file for a day. Solution: Log file name: pix_log.txt 1. Collect Dual ISP feature’s syslog messages from Cisco UniverCD: 622001 327001 – 327003 422004 […]
November 23, 2010
1. Identify the attack. 1.1. How did Customer notice the attack? – Slow Internet access – High performance on the attacked device: – local server – the firewall – etc… 1.2. How can we confirm the attack? Depending on the time of the issue we can have an attack: A, happened in the past. We […]
November 23, 2010
On the Cisco ASA Firewall can we configure a backup link, for example a backup Internet link. That means if our Internet access has some problem, we still have a backup link to access the Internet or whatever we want. The configuration is not part of this documentation, it is only useful if there is […]
November 23, 2010
Troubleshooting memory issues requires TAC support to get accurate result. 1. To identify a memory leak on pix, get the periodic (hourly) output of “show memory detail”. Send this to the TAC, they will see the memory utilisation divided per block size. Example: pixfirewall(config)# show memory detail Free memory: 201811608 bytes (75%) Used memory: Allocated […]
November 23, 2010
1, Get a config where CBAC is enabled and access-list are applied on the interfaces If the configuration of the CBAC and ACL is wrong then the following steps will show wrong results. Check the configuration of the router before you suggest the followings. 2, Check the “show commands” output 2.1 Check the inspection states […]
November 22, 2010
The basic certificate based VPN is as easy as the VPN with pre-shared key. There is only some additional steps required from the ASA site. The problems arise if the clients starts to use certificates without knowing what and how they should do. As a Firewall administrator you can not have responsibility for all clients, […]
itsecworks 
December 7, 2010
0