It's actually a bit of Cisco humor as their gui's used to be very dependent and specific Java versions.
From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 6:40 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance Hmmm, against an ASA5520 I've been using ADSM 5.0(6) and it claims Java Version 1.6.0_02 ... not even close to what you list... Erik Goldoff IT Consultant Systems, Networks, & Security _____ From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:34 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance The one that requires Java 5.1.3.2.5.2.555 exactly or won't work. From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 6:28 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance "When you use the ASA GUI to make rule changes, it doesn't put the correct syntax on the rule." what version of ADSM are you running ? Erik Goldoff IT Consultant Systems, Networks, & Security _____ From: Cesare' A. Ramos [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:25 AM To: NT System Admin Issues Subject: RE: Cisco ASA Assistance Here is what I received from my Cisco guy. ONE The Cisco ASA CLI for all idle connections is the following would change it to 15 minutes timeout conn 00:15:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 TWO But, since they come from the world of switch/routers should you have the interface address configured you must then use the interface keyword; example. -access-list OUTSIDEIP extended permit tcp any host SERVERIP eq smtp +access-list OUTSIDEIP extended permit tcp any interface outside eq smtp (In the ASDM you just type "outside" without the quotes for destination). NOTE from Research: "I found the problem. When you use the ASA GUI to make rule changes, it doesn't put the correct syntax on the rule. Instead of access-list outside_acl extended permit tcp any host Email2003 eq https; I was getting access-list outside_acl extended permit tcp any eq https host Email2003 eq https Deleted that rule, put the right syntax, and it is fixed. Thanks to all who read and helped. " exerted from <http://www.themssforum.com/ExchangeSetup/Cisco/> http://www.themssforum.com/ExchangeSetup/Cisco/ THREE Example of DMZ Mail Server configuration from Cisco <http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuratio n_example09186a00806745b8.shtml> http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration _example09186a00806745b8.shtml Cisco ASA configuration example for Exchange 2007 Edge setup <http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Fire walls/Cisco_PIX_Firewall/Q_23372433.html#a21489032> http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firew alls/Cisco_PIX_Firewall/Q_23372433.html#a21489032 It must be takem into consideration what environment MS Exchange is in whether, it is a FrontEnd, BackEnd, or just a single internal server. Hope this helps. CAR Office: 305-443-0331 xt. 1202 Mobile: 786-412-1746 Skype: 305-851-2606 Fax: 305-443-0350 e-Mail: [EMAIL PROTECTED] BB Pin: 23E727FF AIM: cramosMIA MSN: [EMAIL PROTECTED] Yahoo: cramosMIA From: Sean Martin [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2008 6:56 PM To: NT System Admin Issues Subject: Cisco ASA Assistance Anyone out there familiar with the Cisco ASA GUI? I need my network department configure the HTTPS timeout for 15 minutes based on Microsoft recommendations for Exchange ActiveSync. The only guy available in our network department isn't familiar with the ASA. Thanks, - Sean _____ This e-Mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-Mail in error please notify the sender via returned e-Mail. Please note that any views or opinions presented in this e-Mail are solely those of the author and do not necessarily represent those of the company. Although IDF operates anti-virus programs, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. ** Think before you print this message. ** No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 11/14/2008 8:32 AM No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 11/14/2008 8:32 AM ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
