It's actually a bit of Cisco humor as their gui's used to be very dependent
and specific Java versions.

 

From: Erik Goldoff [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 14, 2008 6:40 AM
To: NT System Admin Issues
Subject: RE: Cisco ASA Assistance

 

Hmmm, against an ASA5520 I've been using ADSM 5.0(6) and it claims Java
Version 1.6.0_02 ... not even close to what you list...

 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

 

  _____  

From: Martin Blackstone [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 14, 2008 9:34 AM
To: NT System Admin Issues
Subject: RE: Cisco ASA Assistance

The one that requires Java 5.1.3.2.5.2.555 exactly or won't work.

 

From: Erik Goldoff [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 14, 2008 6:28 AM
To: NT System Admin Issues
Subject: RE: Cisco ASA Assistance

 

"When you use the ASA GUI to make rule changes, it  doesn't put the correct
syntax on the rule."

 

what version of ADSM are you running ?

 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

 

  _____  

From: Cesare' A. Ramos [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 14, 2008 9:25 AM
To: NT System Admin Issues
Subject: RE: Cisco ASA Assistance

Here is what I received from my Cisco guy.

 

ONE

 

       The Cisco ASA CLI for all idle connections is the following would
change it  to 15 minutes

 

       timeout conn 00:15:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

 

 

TWO

       But, since they come from the world of switch/routers should you have
the interface address configured you must then use the interface keyword;
example.

 

       -access-list OUTSIDEIP extended permit tcp any host SERVERIP eq smtp

       +access-list OUTSIDEIP extended permit tcp any interface outside eq
smtp

       (In the ASDM you just type "outside" without the quotes for
destination).

 

NOTE from Research:

 

 "I found the problem. When you use the ASA GUI to make rule changes, it
doesn't put the correct syntax on the rule. Instead of access-list
outside_acl extended permit tcp any host Email2003 eq https; I was getting
access-list outside_acl extended permit tcp any eq https host Email2003 eq
https

 

 Deleted that rule, put the right syntax, and it is fixed.

 

 Thanks to all who read and helped. "  exerted from
<http://www.themssforum.com/ExchangeSetup/Cisco/>
http://www.themssforum.com/ExchangeSetup/Cisco/

 

 

THREE

 

Example of DMZ Mail Server configuration from Cisco
<http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuratio
n_example09186a00806745b8.shtml>
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration
_example09186a00806745b8.shtml

 

Cisco ASA configuration example for Exchange 2007 Edge setup

 
<http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Fire
walls/Cisco_PIX_Firewall/Q_23372433.html#a21489032>
http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firew
alls/Cisco_PIX_Firewall/Q_23372433.html#a21489032

 

 

It must be takem into consideration what environment MS Exchange is in
whether, it is a FrontEnd, BackEnd, or just a single internal server.

Hope this helps.

 

CAR

Office: 305-443-0331  xt. 1202
Mobile: 786-412-1746
Skype: 305-851-2606
Fax: 305-443-0350
e-Mail: [EMAIL PROTECTED]
BB Pin:  23E727FF
AIM: cramosMIA
MSN: [EMAIL PROTECTED]
Yahoo: cramosMIA

 

From: Sean Martin [mailto:[EMAIL PROTECTED] 
Sent: Thursday, November 13, 2008 6:56 PM
To: NT System Admin Issues
Subject: Cisco ASA Assistance

 

Anyone out there familiar with the Cisco ASA GUI?

 

I need my network department configure the HTTPS timeout for 15 minutes
based on Microsoft recommendations for Exchange ActiveSync. The only guy
available in our network department isn't familiar with the ASA. 

 

Thanks, 

 

- Sean

 

 

 

  _____  

This e-Mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this e-Mail in error please notify the sender via
returned e-Mail. Please note that any views or opinions presented in this
e-Mail are solely those of the author and do not necessarily represent those
of the company. Although IDF operates anti-virus programs, it does not
accept responsibility for any damage whatsoever that is caused by viruses
being passed.

** Think before you print this message. **

 

 

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 11/14/2008
8:32 AM

 

 

 

 

 

 

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 11/14/2008
8:32 AM

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to