Firewall Wizards mailing list archives
Re: firewall-wizards Digest, Vol 18, Issue 10
From: chris mr <chris.misztur () yahoo com>
Date: Sat, 20 Oct 2007 19:09:39 -0700 (PDT)
No, I have the Security+ license. I was just confused as to the way that the ASA treats internal traffic. ----- Original Message ---- From: "firewall-wizards-request () listserv icsalabs com" <firewall-wizards-request () listserv icsalabs com> To: firewall-wizards () listserv icsalabs com Sent: Friday, October 19, 2007 11:00:03 AM Subject: firewall-wizards Digest, Vol 18, Issue 10 Send firewall-wizards mailing list submissions to firewall-wizards () listserv icsalabs com To subscribe or unsubscribe via the World Wide Web, visit https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards or, via email, send a message with subject or body 'help' to firewall-wizards-request () listserv icsalabs com You can reach the person managing the list at firewall-wizards-owner () listserv icsalabs com When replying, please edit your Subject line so it is more specific than "Re: Contents of firewall-wizards digest..." Today's Topics: 1. Re: DMZ to INSIDE Communication (Anthony) 2. Ramifications from increasing IPsec SA or rekey times? (Christopher J. Wargaski) ---------------------------------------------------------------------- Message: 1 Date: Mon, 15 Oct 2007 18:05:22 -0500 From: Anthony <ez4me2c3d () gmail com> Subject: Re: [fw-wiz] DMZ to INSIDE Communication To: Firewall Wizards Security Mailing List <firewall-wizards () listserv icsalabs com> Message-ID: <4713F232.9000409 () gmail com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed So you weren't running into the issue of the base license not allowing DMZ initiated traffic to the inside network? "With the Base platform, communication between the DMZ VLAN and the Inside VLAN is restricted: the Inside VLAN is permitted to send traffic to the DMZ VLAN, but the DMZ VLAN is not permitted to send traffic to the Inside VLAN." http://cisco.com/en/US/docs/security/asa/asa72/getting_started/asa5505/quick/guide/vlans.html#wp1101628 Anthony chris mr wrote:
Thanks for your help... I had to add another static into the ASA and ACL on DMZ in. mail.domain.com = 12.x.x.x EXCHANGE1 = natted ip of Exchange on inside static (inside,DMZ) tcp 12.x.x.x smtp EXCHANGE1 smtp netmask 255.255.255.255 ____________________________________________________________________________________ Don't let your dream ride pass you by. Make it a reality with Yahoo! Autos. http://autos.yahoo.com/index.html _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
------------------------------ Message: 2 Date: Tue, 16 Oct 2007 14:29:45 -0500 From: "Christopher J. Wargaski" <wargo1 () gmail com> Subject: [fw-wiz] Ramifications from increasing IPsec SA or rekey times? To: firewall-wizards () listserv icsalabs com Message-ID: <17065120710161229t4b7e0985kcfef36b91b516053 () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 Folks-- I am investigating what the ramifications are for increasing the SA life or rekey time on an IPsec VPN. Certainly the longer the same SA stays around, the longer the Wiley Wacker has to break my key. Does anyone know of some documents suggesting vulnerabilities from or ramifications of increasing the SA lifetime or rekey time? ------------------------------ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards End of firewall-wizards Digest, Vol 18, Issue 10 ************************************************ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: firewall-wizards Digest, Vol 18, Issue 10 chris mr (Oct 23)