Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

[Fwd: Re: Pix to ASA migration]

From: Craig Van Tassle <craig () codestorm org>
Date: Wed, 04 Oct 2006 08:55:15 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This was sent to me off list.  I didnt look at the inspect mapping. That also
could be a cause.

- -------- Original Message --------
Subject: Re: Pix to ASA migration
Date: Wed, 04 Oct 2006 04:26:11 -0700
From: Joseph Jenkins <maillist () breathe-underwater com>
To: Craig Van Tassle <craig () codestorm org>

You have to have to the inspect turned for DNS or it won't work.  DNS goes
out on one port and then comes back in on another.  You have to specifically
tell the PIX/ASA how to handle that type of traffic.  Here is a cutout of my
config with the correct inspect statements:

class-map inspection_default
 match default-inspection-traffic
!
!
policy-map asa_global_fw_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp



On 10/2/06 2:13 PM, "Craig Van Tassle" <craig () codestorm org> wrote:


- ---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
- ---------------------------------------------------------------------------



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFI71DAOTIJ89W4sIRAtUCAKD3gpaXZ5xSG5NA+aAOeI+fcbQdjgCgsNfO
hnUmCGzQskHC/8ZrPxg6AYU=
=UX5c
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: