Cisco ASA Domain Authentication and Trust (Allowing)
ASA Domain Authentication KB ID 0000973 Problem I cringed this morning when I was asked about this, last time I had to get a client to authenticate to a domain through a firewall, it was ‘entertaining’. The problem is Windows loves to use RPC, which likes to use random ports, so to make it work you either had to open TCP ports 49152 and 65535 (Yes I’m Serious). Or you had to registry hack all your domain controllers...
RSA SecurID Error – ‘106: The Web server is busy. Please try again later’
RSA SecurID Error KB ID 0000975 Problem Not the most descriptive of errors! In fact this has got nothing to do with the busyness of the web server at all. Solution : RSA SecurID Error What’s actually happening is the RSA agent on this machine (in this case a web server) cannot communicate with the RSA Authentication Manager. In my case the web server was in a DMZ, and the RSA Authentication Manager Appliance was in another DMZ....
McAfee MOVE AV Multi-Platform Issue – MOVE AV Protection Disabled
MOVE AV KB ID 0000980 Problem There are a number of reasons for you seeing this error, you will see this even if the Offload server(s) are shut down. In my case it was a new deployment, and the Windows firewall on the MOVE Offload server was blocking communication. McAfee Updater OK MOVE AV Multi-Platform Issue – MOVE AV Protection Disabled Solution : Move AV Below I will configure the Windows firewall on my MOVE Offload...
Enable PPTP Split Tunneling
PPTP Split Tunneling KB ID 0000997 Problem I was asked yesterday, “When you get five minutes, I need you to enable PPTP split tunneling, because when I VPN into a network I lose Internet connectivity”. On inspection he was using the Microsoft VPN client, I jumped on the VPN device to discover it was a Cisco IOS router. What I discovered was, unlike the firewall VPN’s I’m used to, you DONT set split...
Juniper JUNOS SRX NAT – Static ‘One-to-One’
SRX NAT KB ID 0000995 Problem Setting up ‘Static NAT’ is the process of taking one of your ‘spare’ public IP addresses, and permanently mapping that public IP to a private IP address on your network. In the example above I want to give my web sever which has an internal IP address of 192.168.1.10/24, the public IP address of 1.1.1.5/24. So if someone out on the Internet wants to view my website, they can...