ASA shun hosts and QoS

Similar Messages

• IDS and Shun Host/Shun Connection

  Is an alert created when a Shun Connection or Shun Host action conditions are met ?
  Thanks and Regards
  Marina

  There are 2 methods for a Shun (Connection or Host) to be created: manual and automatic.
  With a manual shun request, the user requests (through IDM or SecMon) for the sensor to shun a specific address (or connection) for a specific amount of time.
  In this case the request is manual and there will not be an alert created. Instead there is a status message that the shun was requested.
  With an automatic shun, the user configures the sensor to do an automatic shun (connection or host) when a specific signature is triggered.
  If the signature is triggered then the user will see 2 messages created on the sensor. The first is the alert itself, and the second is the shun request that sensorApp generated (that the network access controller process also receives, it is the network access controller that executes the shun).
  There are, however, a few caveats to this.
  1) If the alert is filtered in the alarm-channel then then neither the alert nor the shun request will be generated and the host/connection will not be shunned.
  2) If the alert is being Summarized, then only 1 shun request should be sent for the first alert, BUT there is a known bug on some signatures where the shun request is being sent for every alert within the summary period. So if the summary alert is a summery of 200 alerts, then you would have seen 200 actual shun requests. This is being corrected in a future version.

• Command to see host and static nat for the same object together

  I have researched this but cannot find an answer.  ASA running version 8.5.
  When you create the config using object NAT you enter the commands as follows
  object network <object name>
     host x.x.x.x
     nat (inside,outside) static y.y.y.y
  When the config is displayed it separates the host and nat commands in two different sections of the config as follows
  object network <object name>
     host x.x.x.x
  object network <object name>
     nat (inside,outside) static y.y.y.y
  Is there a command that will display it all together (like it was typed in)?  Show NAT is something like what I am after but without all of the extra info such as translate_hits, untranslate_hits etc. I need this information but cleaning up the output of a show nat is going to be tough.
  Any suggestions?  
  Thanks.

  Sorry, show nat detail is what I meant in the original post in place of show nat.   Show nat detail still has all of the extra info I was trying to avoid.  Guess I will be editing a text file.
  Thanks for the reply.

• ASA 8.4 and NATControll

  For ASA v8.3 and above we don't need to use nat-controll, traffic from high security interface can go to low security interface without matching NAT statements.So does the ASA automatically NAT s the outgoing traffic to the outside interface by default?
  For example
  ASA inside int---10.1.1.1
  outside int---120.11.1.1
  when the inside hosts try to go out they will be NATed to 120.11.1.1 by default on version 8.3 and later.is that right?

  Thanks Dan. I should have asked my above question differently, please let me know whether my below explanation is correct or not.
  If nat-control is enabled-- for the inside hosts (sec level-100, IP-10.x.x.x) to talk to dmz hosts (sec level-50, IP-192.x.x.x) we need a matching NAT statment like
  nat (inside) 1 0.0.0.0 0.0.0.0
  global(dmz) 1 interface
  for ASA Version 8.3 and above, since there is no nat-control, the inside hosts can talk to dmz hosts without any NAT statement as long as the access-list permits that communication if there is any.

• ASA DMZ zone and Unix proxy server

  Hi.
  i have router which all nat translation done at here. i have a asa and core sw.
  192.168.1930.0/24 subnet my user and some server are located at this subnet. this subnet created at core sw.
  int vlan 393
  ip address 192.168.193.1 255.255.255.0
  core sw connected to asa inside interface.asa inside interface ip 172.30.30.1 and at core sw site this port access vlan 8 which is
  int vlan 8
  ip address 172.30.30.2
  at core sw at i have a default route to asa.
  ip route 0.0.0.0 0.0.0.0 172.30.30.1
  and asa site
  route inside 192.168.193.0 255.255.255.0 172.30.30.2
  all of them are ok.
  i think that is ok.
  at asa i have dmz zone which ip address:
  interface Ethernet0/1
  description connect to CoreSW
  nameif inside
  security-level 100
  ip address 172.30.30.1 255.255.255.0 standby 172.30.30.3
  interface Ethernet0/2
  description DMZ zone connect mail server
  nameif DMZ
  security-level 50
  ip address 172.16.10.1 255.255.255.0 standby 172.16.10.2
  my proxy server inside interface connected to asa dmz zone and ip address 172.16.10.254 and outside interface is connected asa outside site which mean that is same subnet of asa outside interface which is 10.0.0.254 and then 10.0.0.254 i do static nat at router. i have no problem at nat translation.
  i want my 192.168.193.0 subnet pass througth from proxy when this subnet want to connet internet.
  i wrote
  static (inside,DMZ) 192.168.193.0 192.168.193.0 netmask 255.255.255.0
  and access-list
  access-list from_dmz_to_in extended permit ip host 172.16.10.254 any
  access-group from_dmz_to_in in interface DMZ
  at this time what is up?
  the user can not access internet and what i do? i wrote proxy server inside ip and default port 3128 at user internet explorer properties.
  internet explorerr--tools-properties-connection-lan settting and show there 172.16.10.254 and port 3128.
  at this time my user connect internet when i wrote this. when i remove this they can not connect internet
  but i  do not  want write anything at my user. how i solved this?
  after that one problem occur.
  when my server to  do nslookup it can not work.
  i thnik that it is true because we have only one port 3128 is open and my server need udp 53.so it can not work
  how i solve this issue?
  as you see my access-list all of is open and i do
  static (inside,DMZ) 192.168.193.0 192.168.193.0 netmask 255.255.255.0
  it is this wrong proxy connection???
  musti change proxy server inside interface to other device or asa other interface?
  thanks.

  There is 2 way the proxy server can work, ie: either transparent or explicit proxy.
  From your explaination, explicit proxy works just fine when you configure the proxy settings on your browser.
  The reason why transparent proxy does not work is because:
  1) When user browser connects to the Internet, the ASA default gateway is via the outside interface, that is why the Internet traffic is not being routed transparently towards your proxy server which is connected to the DMZ interface.
  The static NAT statement configured on the ASA does not perform redirection. If you would like to transparently route the internet traffic towards the proxy server on DMZ, you would need to route the traffic towards the proxy server. With the current topology that you have, it is not achievable on the ASA. ASA does not support Policy Based Routing, nor it supports WCCP when the user and the proxy server is on different interfaces.
  2) Also need to find out if the proxy server itself supports transparent proxy.
  Otherwise, since explicit proxy works, why don't you just push the proxy settings to the browser via Active Directory Group Policy?

• ASA policy PAT and src/dst port considerations!!

  static (inside,outside) tcp 4.2.2.2 443 10.1.2.3 443 netmask 255.255.255.255
  What happens/is translated when a packet comes from the Internet destined for 4.2.2.2 with ..........
  A:Src tcp port 1025 and dst tcp port 443
  B: Src tcp port 443 and dst tcp port 1025
  and, in the reverse direction from 10.1.2.3 back towards the internet
  A:Src tcp port 1025 and dst tcp port 443
  B: Src tcp port 443 and dst tcp port 1025
  Or; does
  static (inside,outside) tcp 4.2.2.2 443 10.1.2.3 443 netmask 255.255.255.255 only affect packets with dst tcp port 443
  Or, my real question - will this policy NAT handle two way comms and in the manner TCP should work?

  What happens/is translated when a packet comes from the Internet destined for 4.2.2.2 with ..........
  A) the packet will be redirected to 10.1.2.3 on port 443
  B) The packet will be drop by the ASA as there is no port-forwarding for port 1025 ( just for 443)
  and, in the reverse direction from 10.1.2.3 back towards the internet
  A) Packet from  a higher security level to a higher is going to be allowed by default if you have the right translation
  B) The ASA will have already a entry on all of its table for this connection ( xlate,local-host and conn Table) so the traffic will be allowed without any inspection.
  static (inside,outside) tcp 4.2.2.2 443 10.1.2.3 443 netmask 255.255.255.255 only affect packets with dst tcp port 443
  Port-Forwarding is only for inbound connections, the outgoin packet for the same connection will hit this nat but if you start a new brand connection ( outbound) you will need a different nat
  Regards,
  Julio
  Rate all the helpful posts

• Using Host and FPGA.vi in Teststand

  Does anyone know how to use the Host and FPGA vi's in Teststand??  A National App Engr told me I have to call the Project that the vi is in to get all the functionality of the FPGA.  How do you call a Project in Teststand??
  Thanks

  Ensure you are using the TestStand version 2010 or above. Create a new instance of a sequence and add a LabVIEW action step to it. Go to Module panel and browse for a LabVIEW project as displayed below.

• Need to build communication redundancy using serial RS-232 for Data Transfer b/w Host and RT irrespective of TCP/IP Data Transfer

  Hi - I would like to build the logic in which it should accomodate the communication redundancy using serial RS-232 for Data Transfer b/w Host and RT irrespective of TCP/IP Data Transfer.
  I want to do data transfer b/w host and RT through RS232 VISA portal whenever TCP/IP ethernet cable has been unplugged from the controller continuosly , it should keep on checking for TCP/IP link re-establishing also , when ever the tcp/ip link established again that time the communication should be using in that link only. This is accomplished by deploying the RT vi as execuatbale file. I made some logic regards to the above said logic , bur it was not working as much I expected.
  I request you to go through the attached two VI's and let me know , what I did wrong in that,
  Please do the needful.
  Attachments:
  TCP_Serial_Host.vi ‏33 KB
  TCP_Serial_RT.vi ‏41 KB

  even i am new to this topic and i am trying to get familiar with these protocols
  refer to tcp server/client examples in labview examples

• Sending email to 10,000 addresses without knowing Host and Protocols!!

  Context:
  I am building an "eMail Marketing Campaign" application which takes a list of email addresses (unlimited) and sends an eMail to all of them.
  My servlet creates an instance of "MyMailHandler.java/class" and passes a list of addresses.
  Problem:
  If I want to send email to different user, do I need to know about everyOne's HOST and PROTOCOL. My application recieves list of addresses from a remote server of a data-selling-company so they don't have that info.
  Following is the code (hardCode!) of MyMailHandler.
  properties.put("mail.smtp.host", "MAIL.DMCDATABASE.COM");
  properties.put("mail.transport.protocol", "IMAP");
  Question:
  How do I send emails to receivers without knowing everyOne's host and Protocol?????? (new to JavaMail)

  No, you only need to know the name of your own mail host. It will send the e-mails to those 10,000 addresses for you. And the protocol for sending mail is SMTP, that's all you need to know to send mail. IMAP and POP are protocols for storing received mail messages and so are not relevant to your task.

• How do I change an IP address of SQL Server which is locally hosted and is not on cluster?

  Hi All,
  How do I change an IP address of SQL Server which is locally hosted and is not on cluster?
  I am asking about IP for SQL Server, is there a way we can assign a different IP to SQL Server other than the server's(host) IP address? like the same what we do in a clustered env.
  aa

  Full explanation can seen here:
  SQL Server: Configure Listening IP, Port, and Named pipe
  http://ariely.info/Blog/tabid/83/EntryId/151/SQL-Server-Configure-Listening-IP-Port-and-Named-pipe.aspx
  [Personal Site] [Blog] [Facebook]

• I had a iPhone 3G and I change it in to a iPhone 4G 32GB! I have 3 apple ID account. The one I used is edited by host and I know my password but it ask me for my security question and I forgot it! It send a veify email the answer the an email to blu

  I had a iPhone 3G and I change it in to a iPhone 4G 32GB! I have 3 apple ID account. The one I used is <edited by host> and I know my password but it ask me for my security question and I forgot it! It send a veify email the answer the an email to <edited by host> and the email <edited by host> that is my other  apple ID and the password work on apple but my yahoo account I forgot my password and security question and it won't   verify to my email on to my apple email. so it  send the answer  to  <edited by host> and I can't get it! So Can u do something? Both account r also on my iCloud. I can open both apple account but it won't let me buy nothing on my <edited by host> ! On my <edited by host> that one dose let my buy thing but I had lot of thing I bought on <edited by host> I  bought lots of movies music and app. I spend lot of money on this account.

  It's a really bad idea to post your email addresess - it's an invitation to spam - and I've asked the Hosts to remove them.
  This is a user-to-user forum and no-one on here can take any direct action. If your Yahoo address is not working that's something you would need to take up with Yahoo - have you checked it by sending yourself an email to it?
  Otherwise you will need to contact Support: go to https://expresslane.apple.com/ and click on 'iTunes' in the center column and then 'iTunes Store' in the right-hand column and proceed from there.

• The essential guide to DW cs4... by D. Powers: when from wamp to xampp+virtual host and having problems :(

  Following the book in chapter 2 I think Ivé followed everything correctly, but have encluded all the things I've edited below.
  I was using wamp with no problems but after trying to set up a virtual host and now using xampp im abit lost its probabsomething stupid but I can find the prob.
  (This post is abit long and dragged out so I used some colour to try ease the reading..)
  When I try to view a dynamic page in live view or in firefox I get the following error:
  **when using:
  <VirtualHost *:80>
  DocumentRoot c:/xampp/htdocs
  ServerName localhost
  </VirtualHost>
  result:
  Access forbidden!
  You don't have permission to access the requested object.     It is either read-protected or not readable by the server.
  If you think this is a server error, please contact the webmaster.
  Error 403
  thegoodlife
  2009/10/13 12:47:48 PM
  Apache/2.2.12 (Win32) DAV/2 mod_ssl/2.2.12 OpenSSL/0.9.8k mod_autoindex_color PHP/5.3.0 mod_perl/2.0.4 Perl/v5.10.0
  *when using:
  <VirtualHost *:80>
  DocumentRoot c:/htdocs
  ServerName localhost
  </VirtualHost>
  result:
  Object not found!
  The requested URL was not found on this server.          If you entered the URL manually please check your     spelling and try again.
  If you think this is a server error, please contact the webmaster.
  Error 404
  thegoodlife
  2009/10/13 12:32:58 PM
  Apache/2.2.12 (Win32) DAV/2 mod_ssl/2.2.12 OpenSSL/0.9.8k mod_autoindex_color PHP/5.3.0 mod_perl/2.0.4 Perl/v5.10.0
  This is what I've done, blue indicating where I have or was meant to edit, red being the relivant context. (hope it helps )
  1. Created a new folder called htdocs (C:\htdocs)
  2. Changed the pathname to:
  # DocumentRoot: The directory out of which you will serve your
  # documents. By default, all requests are taken from this directory, but
  # symbolic links and aliases may be used to point to other locations.
  DocumentRoot "C:/htdocs"
  and
  # This should be changed to whatever you set DocumentRoot to.
  <Directory "C:/htdocs">
  3. Created vhosts folder; with a sub-folder called thegoodlife (C:\vhosts)
  4. entered new vhost:
  # Additionally, comments (such as these) may be inserted on individual
  # lines or following the machine name denoted by a '#' symbol.
  # For example:
  #      102.54.94.97     rhino.acme.com          # source server
  #       38.25.63.10     x.acme.com              # x client host
  127.0.0.1 localhost
  127.0.0.1 dwcs4
  127.0.0.1 thegoodlife
  127.0.0.1 bin.errorprotector.com ## added by CiD
  5.It says uncomment the command by removing the #, (Supplemental configuation.), but this is the origional file; already uncommented?
  # Real-time info on requests and configuration
  Include "conf/extra/httpd-info.conf"
  # Virtual hosts
  Include "conf/extra/httpd-vhosts.conf"
  # Distributed authoring and versioning (WebDAV)
  Include "conf/extra/httpd-dav.conf"
  6.Set the permissions and changed the code as instructed, unsing (c:/xampp/htdocs) as advised.
  # You may use the command line option '-S' to verify your virtual host
  # configuration.
  <Directory C:/vhosts>
    Order Deny,Allow
    Allow from all
  </Directory>
  # Use name-based virtual hosting.
  ##NameVirtualHost *:80
  # VirtualHost example:
  # Almost any Apache directive may go into a VirtualHost container.
  # The first VirtualHost section is used for all requests that do not
  # match a ServerName or ServerAlias in any <VirtualHost> block.
  <VirtualHost *:80>
  DocumentRoot c:/xampp/htdocs
  ServerName localhost
  </VirtualHost>
  <VirtualHost *:80>
  DocumentRoot c:/vhosts/dwcs4
  ServerName dwcs4
  </VirtualHost>
  <VirtualHost *:80>
  DocumentRoot c:/vhosts/thegoodlife
  ServerName thegoodlife
  </VirtualHost>
  Then creating the site definition:
  local root forlder: C:\htdocs\thegoodlife\
  testing server folder: C:\vhosts\thegoodlife\
  URL prefix: http://thegoodlife/
  hope i've covered all area's where I could have gone wrong

  Just one more thing - the description of what i did while first Kernel appeared:
  Happened 2 days ago. Wasn't turning it off for like a day, only sleep mode by closing it. Worked fine all day, wasn't doing anything, except for checking mail 2-3 times and having windows 7 virtual machine opened but doing nothing, everything was going fine. Then closed it without turning off.
  Opened 3-4 hours later, everything was working fine for 30 minutes of checking mail, then Kernel appeared. After that pretty much everything i did is described in part 1-5.
  Note: all the time MBP was connected to internet via wifi, so updates to both MBP and virtual machine of all programs were possible.
  I only shared downloads and desktop folders, so windows couldn't have access to system folder of Mac Os.
  Hope this might help...Thanks again.

• What is required in the HOST and QUEUE field when ...

  Hi
  When setting up my printer, i fill the options identical to what follows:
  PRINTER:  SAMSUNG HOME
  DRIVER:    GENERAL
  BEARER:  LPR <-----------------------------( NOT SURE IF IT IS THE CORRECT OPTION TO SELECT )
  The following fields appear once LPR is selected:
  ACCES POINT : HOME
  HOST:              WHAT COMES HERE?
  USER:              SKY00BER
  QUEUE:            WHAT COMES HERE?
  ORIENTATION: PORTRAIT
  PAPER SIZE: A4
   if it helps, my printer is SAMSUNG CLX-3175FW. It is Wifi Enable and is connected to my HOME acces point.
  please do correct me if there has to be changes to the BEARER or anything else.
  i could really use some help.
  thanks in advanced.

  sky00ber wrote:
   Hi,
  What is required in the HOST and QUEUE field when setting a WIFI printer?
  When setting up my printer, i fill the options identical to what follows:
  PRINTER:  SAMSUNG HOME
  DRIVER:    GENERAL
  BEARER:  LPR <-----------------------------( NOT SURE IF IT IS THE CORRECT OPTION TO SELECT )
  The following fields appear once LPR is selected:
  ACCES POINT : HOME
  HOST:              WHAT COMES HERE?
  USER:              SKY00BER
  QUEUE:            WHAT COMES HERE?
  ORIENTATION: PORTRAIT
  PAPER SIZE: A4
   if it helps, my printer is SAMSUNG CLX-3175FW. It is Wifi Enable and is connected to my HOME acces point.
  please do correct me if there has to be changes to the BEARER or anything else.
  HELP URGENTLY NEEDED!
  I'm not sure but I give it a try.Turn your security(WPA/WEP) and Firewall temporarely off. HOST is the IP address of the printer. QUEUE can be YES or a specific amount of prints, like 1,2,3......
  If I look at the manual of your printer I see that you can find the IP and MAC addresses in the Network Configuration Report.I don't know what the USER is doing there because if there is a user then there must be a password.
  ‡Thank you for hitting the Blue/Green Star button‡
  N8-00 RM 596 V:111.030.0609; E71-1(05) RM 346 V: 500.21.009

• How to change Host and domain name on APS 10g R2

  Hi,
  I have installed oracle application server 10g rel.2 I want to change the host and domain of the system, what should I do, Plz help.
  Thanks and Regards.
  Khawar

  Hi,
  Thanks to all of you for reply, I started without reading any manual to modify host and domain name and after expending several hours finally decided to reinstall APS, with new installation forms runing ok but report server having problem if you see the status of report server in enterprise manager it shows green mark(if you want to stop it via EM it will not), if you check with Report Queue manager it says no report server with the given name,
  if you check the report with GETSERVERINFO via browser it says
  "REP-51002 Bind to report server AAAAA failed. some one have idea."
  some one plz explain me how can I fix it.
  Thanks and Regards.
  Khawar

• How to change Host directory location?(Problems with host and ed)

  Hi I'm having a problem with the commands Host and Ed. The problem being that when I run them they send back an error saying
  SQL>host
  /bin/gnome-terminal: No such file or directory
  or
  SQL> ed
  Wrote file /home/joe/Documents/editfile.sql
  /bin/gnome-terminal: No such file or directory
  The problem is that /bin/gnome-terminal is not the correct location for my terminal directory, /usr/bin/gnome-terminal is. Are there any suggestions how I can be able to change it? I'm running SQLPlus 11.2.0.1.0 and I'm using ElementaryOS(made from Ubuntu). Let me know if there is any other information needed to help fix this.

  This is not a SQL or PL/SQL language question  and thus off topic. As it is Linux o/s related, I think it is better suited for the Oracle Linux forum space.
  My guess is, from the little info posted, that your TERM environment variable is not correctly set.