Cisco Firewalls Changing the Web Management Port
Cisco 5500 Changing the ASDM Port Unable to Port Forward HTTPS KB ID 0000268 Problem You want to change the port that the Cisco ASDM runs over, or you are attempting to port forward https/ssl and see the following error Error: ERROR: unable to reserve port 443 for static PAT ERROR: unable to download policy You are trying to port forward (Create a static PAT entry) on a Cisco ASA for port 443 / https. This port is in use by the ASDM....
Cisco Remote (IPSEC) VPN Clients Timeout / Disconnect
KB ID 0000309 Problem By default, your remote VPN clients will timeout their connections after 300 seconds of inactivity, should you wish to increase that you can, on a user by user basis, however sometimes that does not work. To fix the problem you need to disable ISAKMP monitoring at the “Head End”. Solution Enable via Command Line (see below for ASDM instructions) 1. Connect to the the firewall (see here for...
DNS resolves intermittently – EDNS Problems
KB ID 0000312 Problem DNS resolves intermittently, and your Exchange outbound mail may fail and give the following error: The following recipient(s) could not be reached: user@domain.com on (Date Time). There was a SMTP communication problem with the recipient’s email server. Please contact your system administrator. <(Domain.com) #5.5.0 smtp;550-Domain does not recognize your computer (xx.xx.xxx.xxx) as connecting from an...
ASA 5500 Adding a DMZ Step By Step
KB ID 0000316 Problem Assuming you have a working ASA 5500 and you want to add a DMZ to it, this is the process. Assumptions 1. Networks, a. Inside network is 10.1.0.0 255.255.0.0 b. Outside network is 123.123.123.120 255.255.255.248 c. DMZ network is 172.16.1.0 255.255.0.0 2. Interfaces, a. Inside Interface is 10.1.0.254 b. Outside Interface is 172.16.1.254 c. DMZ Interface is 172.16.1.254 3. The Web server in the DMZ will have the...
Blocking Google Talk (Cisco ASA)
KB ID 0000323 Problem You want to block access to Google Talk, but not disrupt other services like Google Search and Gmail. Solution Yes, you could write a REGEX and block it with an MPF, like I did here, to block Facebook. But Google Talk only runs on 4 servers and uses 4 ports. 1. Connect to the Cisco ASA, and go to configure terminal mode. PetesASA> PetesASA> en Password: ******** PetesASA# configure terminal...