24. November 2012 · Comments Off on How to Upgrade the ASA5500 using CLI · Categories: Cisco · Tags: , , , , ,

Version 9.0 of the Cisco ASA software has now been released. Here are some of the major features in the new release.

Filter ICMP by ICMP code
Clustering of multiple ASAs
OSPFv3 and EIGRP support
IPv6 support on outside interface for VPNs
NAT for IPv6 and NAT64
DHCPv6 relay
Unified ACLs for v4 and v6
Clientless SSL VPN – Support for new browsers and HTML5
Site to Site VPN in multiple context mode
Dynamic routing in multiple context mode
Mixed firewall support in multiple context mode

So Today I decided to upgrade my ASA5505 to Version 9.0(1).  Below are the steps to upgrade your ASA More »

23. November 2012 · Comments Off on Cisco ASA Port Forwarding in 8.3 from the CLI the easy way · Categories: Cisco · Tags: , , , , ,

In this example, we want to be able to access a Media Server behind the firewall.  We’ll assume you are using port 32400, the Media Server’s internal IP address is 10.11.12.13/24, I’ll give you the steps, then I’ll explain.

Step 1: Create a new object group for you web server.

asa5505(config)# object network MediaServer

Step 2: Add the IP of the web server to the network group.

asa5505(config-network-object)# host 10.11.12.13

Step 3: Forward the port via the NAT command.

asa5505(config-network-object)# nat (inside,outside) static interface service tcp 32400 32400

Step 4: Exit back to the root and add the access list

 asa5505(config)# access-list outside_access_in permit tcp any object MediaServer eq 32400 any

That’s it!  Now, let’s explain what’s going on here.  Cisco has started moving more and more towards use of object groups in their configs.  It makes things easier, especially when you have a situation where you have 20 web servers behind the firewall and you want to add 1 more in.  Rather than having to rewrite a whole bunch of ACL’s, you just add the IP of the new web server into the object group and everything is done for you.  So here our Media Server is 10.11.12.13.  If you want to send port 80 to more than 1 IP on your internal network, just add more IP’s to that object group.

This works for ANY port forward.  If you want to RDP into a machine, simply replace port 32400 with 3389.  There is one caveat.  You can only do one port forward per object group.  So let’s say that our Media Server is also an FTP server and you want port 21 to forward as well as port 32400.  You’re going to have to create a whole new object group (object network FTPServer), put the same IP in the group (host 10.11.12.13), do the nat command again (nat (inside,outside) static interface service tcp ftp ftp), exit back to the root of config, and add the access list (access-list outside_access_in  permit tcp any object FTPServer eq ftp).

This should get you up and running in no time

12. September 2012 · Comments Off on Adding an address to Exchange 2010 antispam whitelist · Categories: Microsoft · Tags: ,
Use the following command o add sender SMTP addresses to the BypassedSenders list:
Set-ContentFilterConfig -BypassedSenders somebody@somedomain.com,sombody@somedomain.com
Use the following command to whitelist the sending domain:
Set-ContentFilterConfig -BypassedSenderDomains somedomain.com,someotherdomain.com