Search found 999 matches

Return to advanced search

by Halo

Mon Jun 24, 2013 3:12 am
 
Forum: Juniper Networking
Topic: New Juniper SRX book
Replies: 1
Views: 1623

Re: New Juniper SRX book

if it's anywhere near as good as the Junos Security book that O'Reilly put out a few years back it's probably excellent.
by Halo

Tue Jun 18, 2013 7:43 am
 
Forum: Cisco Security
Topic: IPSEC VPN between ASA and SRX
Replies: 1
Views: 1386

Re: IPSEC VPN between ASA and SRX

Well gosh now, don't I feel silly? It looked like everything was as I wanted, only for me to find that I'd made a typographical error on the SRX with the subnet mask. Now to see what happens when I add that other policy-based VPN...
by Halo

Tue Jun 18, 2013 6:03 am
 
Forum: Cisco Security
Topic: IPSEC VPN between ASA and SRX
Replies: 1
Views: 1386

IPSEC VPN between ASA and SRX

Amongst my current tasks I've been on-again off-again working with an SRX220. At present I'm trying to get a VPN tunnel established between the two devices. The end topology is supposed to look something like this: SUBNET_A| |--[SRX]------[ASA]--SUBNET_X SUBNET_B| SUBNET_A|--[SRX]------[ASA]--SUBNET...
by Halo

Tue Jun 18, 2013 3:57 am
 
Forum: Cisco Security
Topic: IPS in GNS3?
Replies: 7
Views: 1245

Re: IPS in GNS3?

I've seen QEMU images floating around on the internets. Usually in the same places that ASA QEMU images float around.
by Halo

Tue May 28, 2013 8:54 am
 
Forum: Juniper Networking
Topic: How to prefer one interface when two share the same network
Replies: 0
Views: 789

How to prefer one interface when two share the same network

I have a problem of sorts. I have an SRX220 with four interfaces. Outside, DMZ, Inside, and Management. What I want to do is VPN some traffic through from hosts in the DMZ to hosts somewhere else on the Inside. Simple enough to set up, except for one problem that I presently have: The Inside and Man...
by Halo

Mon Apr 22, 2013 6:25 am
 
Forum: Cisco Security
Topic: ASA error - No addresses available for SVC connetion
Replies: 11
Views: 11253

Re: ASA error - No addresses available for SVC connetion

At a quick guess, you need to expand the size of the pool assigned for AnyConnect users.
(It should be something like 'ip local pool %pool_name% 192.168.0.1-192.168.0.128 mask 255.255.255.0')
by Halo

Fri Apr 19, 2013 2:43 am
 
Forum: Cisco Security
Topic: PIX unable to ping window loopback in GNS3
Replies: 4
Views: 1069

Re: PIX unable to ping window loopback in GNS3

So how was it resolved? I quickly span up an ASA and connected it to a loopback address in GNS3; I found that, as you've mentioned, the ASA could not ping the loopback address of the host PC, but the host *could* ping the ASA. That in mind, I figured it was just a Windows firewall thing and paid it ...
by Halo

Tue Apr 02, 2013 2:18 am
 
Forum: Cisco Routing and Switching
Topic: UDP IS DOWN
Replies: 13
Views: 1252

Re: UDP IS DOWN

Thank you for this thread. It has made my morning.
+1s for everyone!
by Halo

Tue Mar 19, 2013 6:42 am
 
Forum: Cisco Security
Topic: avoid ASA 8.4(2)x engineering releases with SSL VPN
Replies: 7
Views: 1583

Re: avoid ASA 8.4(2)x engineering releases with SSL VPN

Running 9.0 in live. Not a lot of throughput passing it but it's been stable for me.
by Halo

Mon Mar 18, 2013 8:18 am
 
Forum: Cisco Routing and Switching
Topic: tx-queue on port channel member interfaces
Replies: 3
Views: 437

Re: tx-queue on port channel member interfaces

Found this:
http://www.cisco.com/en/US/prod/collate ... 1691c.html
Relevant to what I'm working on, albeit rather in depth.
by Halo

Mon Mar 18, 2013 4:56 am
 
Forum: Cisco Security
Topic: show conn, inbound acl and interesting traffic acl
Replies: 2
Views: 745

Re: show conn, inbound acl and interesting traffic acl

In response to your first question... it depends. On a multicore ASA the control point (where the terminal output runs) gets locked to a single core; hitting a show conn with term pag 0 might cause that core to rise a little which you can see through 'show cpu useage detailed' but it shouldn't affec...
by Halo

Mon Mar 18, 2013 4:37 am
 
Forum: Cisco Security
Topic: Define inspection on ASA
Replies: 4
Views: 891

Re: Define inspection on ASA

dlots - you can specify to match a 'known' protocol on a non-standard port; is that what're you looking to do?
by Halo

Fri Mar 15, 2013 10:53 am
 
Forum: New Member Introductions
Topic: NETWORKING CAREER INSIGHT
Replies: 9
Views: 1331

Re: NETWORKING CAREER INSIGHT

Yeah alright, I'll bite too: Name: Halo Company: UK Government Position: Chair warmer / Extranet 1. How did you get started in this field? Hard work and good fortune. I studied for my CCNA through a local Networking Academy site, blazed the exams like it was 4:20 and never looked back. Didn't get to...
by Halo

Fri Mar 15, 2013 10:30 am
 
Forum: Cisco Security
Topic: Define inspection on ASA
Replies: 4
Views: 891

Re: Define inspection on ASA

Is this what you're looking for? https://supportforums.cisco.com/docs/DOC-1614 [EDIT] Also, yep, you're pretty much there. Presuming you're not doing anything 'interesting' with your inspection policies adding the new traffic classes to the default inspection class will mean that your global service...
by Halo

Fri Mar 15, 2013 10:23 am
 
Forum: Cisco Routing and Switching
Topic: tx-queue on port channel member interfaces
Replies: 3
Views: 437

Re: tx-queue on port channel member interfaces

Thanks for the tip Ristau; what I'm trying to do is prioritise a queue mapped to a dscp value for voice and limit it / assure it to a fixed amount of bandwidth. Other tx queues have different bandwidth percentages for stuff like default, low priority, and signalling traffic. If you've got any elabor...
by Halo

Fri Mar 15, 2013 6:52 am
 
Forum: Cisco Routing and Switching
Topic: tx-queue on port channel member interfaces
Replies: 3
Views: 437

tx-queue on port channel member interfaces

Hi guys, I've been given a task to apply QoS to some of the switches in the part of the network that I look after. I've gone ahead and dutifully replicated the QoS policy I was given by the consultant that implemented it in the parts of the network that I don't look after, but I ran into a problem t...
by Halo

Wed Mar 13, 2013 5:36 am
 
Forum: Cisco Certifications
Topic: Ever heard of these guys?
Replies: 18
Views: 2097

Re: Ever heard of these guys?

$3K to get a CCNA?
You can do it for $300 if you self-study like a boss.
by Halo

Tue Mar 12, 2013 5:56 am
 
Forum: Cisco General
Topic: ITIL V3 Foundation Certificate
Replies: 3
Views: 998

Re: ITIL V3 Foundation Certificate

Google should be pretty helpful.
First result was this:
http://www.vyomlabs.com/training/itil-t ... hyderabad/
by Halo

Mon Mar 11, 2013 8:49 am
 
Forum: Juniper Networking
Topic: Logging URLs through an SRX firewall
Replies: 1
Views: 1100

Re: Logging URLs through an SRX firewall

It looks as though using the local web filtering, it's possible to set the default policy to 'permit and log' which results in outputs like the following when you parse the log: 10.10.10.50(1402)->216.200.241.66(80) CATEGORY="N/A" REASON="BY_OTHER" PROFILE="wf-profile" ...
by Halo

Mon Mar 11, 2013 7:06 am
 
Forum: Cisco General
Topic: Missing letters on the command line
Replies: 2
Views: 610

Re: Missing letters on the command line

Same result from a different client? (ie - still seeing this in SecureCRT if you presently use putty?)
Next

Return to advanced search