Recent content by JMCraig

Looking around for a way to indicate that the problem's solved; not finding one... John Craig Alpha-G Consulting, LLC www.alphagconsulting.com

Arrrgh! Turns out it was a problem at my ISP--they had not properly shifted over the subnet in question to the new router (I have two subnets and they apparently got the one, but not the other--this whole mess started when they lost a router and had to shift lots of their subnets over to another...

Hi Folks, To make a long (frustrating!) story short, I'm trying to get an old Pix 501 I had reconfigured to fill in for an ASA 5505 that is giving me trouble. This is a bonehead simple setup: the Pix's inside interface is defined to match the public IPs of a small subnet and several boxes with...

PDM will not work w/ any Java version after 1.5. So, you need that installed and then go to the Java Control Panel dialog and find the "Java" tab & click the "View" button. On the right side of the list, uncheck the Enabled box for any versions newer than 1.5. Apply the changes (and leave the...

Looks like exactly what I needed. Much appreciated! John Craig Alpha-G Consulting, LLC www.alphagconsulting.com

Thanks for your time, hilfy, Crystal Reports 11 MS SQL Server 2008 (see top of original post) How would I go about putting "[my] view into a Command in Crystal"? John Craig Alpha-G Consulting, LLC www.alphagconsulting.com

Trying to create a report that would be dead easy in plain SQL but trying to do it without a SQL view is beyond my CR capability and it turns out the SQL view tends to get removed during a DB upgrade for the 3rd-party application software. Crystal Reports 11 MS SQL Server 2008 Here's the basic...

Yes, with the anti-spoofing disabled, I can get from inside boxes to the services hosted on the dmz boxes. But I'm not clear on how ACLs and NAT control can compensate for anti-spoofing being disabled. (But maybe I'm not very clear on the whole issue.) In the docs on Anit-Spoofing, it says "For...

Hi Folks, I've got the basic 5505 license (so boxes on the dmz interface cannot initiate connections to boxes on the inside interface--traditional dmz setup). But, with anti-spoofing enabled on the outside interface, I also can't initiate traffic from a box on the inside interface to a dmz box...

OK. I have the solution: the ASA 5505 does a bunch of protocol filtering by default (Service Policy Rules), including filtering the "Skinny" protocol--which is associated with port 2000. So, when the HTTPS traffic came through to the non-Skinny app we had listening on that port, the firewall...

Not so simple: I have about 5 dozen names defined and some of them; with easily guessed domain names, would be pretty obvious targets. So, to make it reasonably secure, I'd have to change all the names. 60 searches and replaces is not only a pain, but highly error prone. Hence my decision to see...

Thanks, but I don't know if there's a practical way to scrub the configs and still have them be close enough to what's really there to be worth looking at. At any rate, I'll wait and see if Cisco can help at all (not holding my breath). John

Hi Folks, I'm trying to migrate a really simple setup from a PIX 501 (that I keep having to put back into service 'cause I can't get the ASA 5505 to behave the way the PIX does). The issue is this: on the PIX, I've got common ACL entries that allow access to some basic things like email and...

I agree with kjv1611 that it sounds like overkill to go for a Firebox. If you happen to prefer something other than D-Link, you can look at the Linksys products like the WRT54G2 (again, if you don't want the wireless, just turn the radio off). This has a statefull packet inspection firewall you...

OK. Questions of vlan vs. interface terminology aside, it turns out (given the clearer understanding of what "incoming" means--into the ASA 5505 from a device connected to the inside interface), I don't need to do anything with the implied rules. But, again, just to get the concepts straight in...