[Fwd: Re: Pix to ASA migration]
- From: Craig Van Tassle <craig@xxxxxxxxxxxxx>
- Date: Wed, 04 Oct 2006 08:55:15 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This was sent to me off list. I didnt look at the inspect mapping. That also
could be a cause.
- -------- Original Message --------
Subject: Re: Pix to ASA migration
Date: Wed, 04 Oct 2006 04:26:11 -0700
From: Joseph Jenkins <maillist@xxxxxxxxxxxxxxxxxxxxxx>
To: Craig Van Tassle <craig@xxxxxxxxxxxxx>
You have to have to the inspect turned for DNS or it won't work. DNS goes
out on one port and then comes back in on another. You have to specifically
tell the PIX/ASA how to handle that type of traffic. Here is a cutout of my
config with the correct inspect statements:
class-map inspection_default
match default-inspection-traffic
!
!
policy-map asa_global_fw_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
On 10/2/06 2:13 PM, "Craig Van Tassle" <craig@xxxxxxxxxxxxx> wrote:
- ---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
- ---------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFI71DAOTIJ89W4sIRAtUCAKD3gpaXZ5xSG5NA+aAOeI+fcbQdjgCgsNfO
hnUmCGzQskHC/8ZrPxg6AYU=
=UX5c
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Follow-Ups:
- R: [Fwd: Re: Pix to ASA migration]
- From: Massimo Baschieri
- R: [Fwd: Re: Pix to ASA migration]
- Prev by Date: Re: proper password handling
- Next by Date: Re: proper password handling
- Previous by thread: SF new article announcement: Recent Security Enhancements in NetBSD
- Next by thread: R: [Fwd: Re: Pix to ASA migration]
- Index(es):
Relevant Pages
|
|
