Encryption Content Filter: Enc & Deliver Now vs. Enc on Delivery

Similar Messages

• Encryption Content Filter vs. DLP Encrypt Action

  As I go through the IronPort Email Config Guide, I see two places that email encryption is mentioed:
  1) Under DLP configuration (chapter 11): as an action for DLP policy violation 
  2) Under Email Encryption configuration (chapter 12): as a content filter which determines which messages should be encrypted
  Are both of these methods using the same encryption engine? Does DLP "encrypt" policy action ends up invoking CRES and send an encrypted message to a recipient which has the same format as the encrypted message generated by encryption content filter (assuming no DLP filter configured)?
  Thanks.

  I ran into this recently and both of them use the same encryption engine. DLP policies will trigger messages to be encrypted; however, policies are processed top to bottom and left to right, so DLP policies will be enforced after Content Filter policies. Additionally, each policy can be set with specific features. In my opionon, Content Filters provide more options to catch interesting traffic via regular expressions, dictionarys, text resources, etc.

• New ASA5512- 5515: content filter and WAN load balancing

  Hi,
  it's possible to make the content filter with the new models of asa?
  One of our customers would like to have content filter with the possibiliy to monitor the single client activity (log).
  It' s possible also make the load balancing between 2 WAN?
  Now in HQ they have 2 WAN with WAN backup (ASA5505) and VPN to another site.
  Thanks in advance,
  Paolo.

  I saw that you can add CX feature:
  CX - Context Aware Security Feature:
  Cisco  ASA CX Context-Aware Security is a modular security service that  extends the ASA platform with next-generation capabilities. It is  available with SSD purchase for model such as 5512-X, 5515-X, 5525-X,  55545-X and 5555-X.
  Application Visibility Control (AVC):
  This  is additional feature in CX. Activation of this feature require  seperate license. This is the feature that do deep packet inspection for  Application recognition. provide context-aware firewall security.
  Web Security Essentials (WSE):
  This  is additional feature in CX. Activation of this feature require  seperate license. It deliver features like "URL Filtering" and "Global  Threat Intelligence".
  Can somebody confirm that?
  Have somebody already used and configured this features?
  Thank you,
  Paolo.

• Content Filter - attachment stripping logic not working like I think it should

  Hello,
  I am working on a content filter for stripping file attachments - my logic is this:
  Condition: If File Type does NOT EQUAL file type Documents: attachment-filetype != "Document"
  Action: Strip File Attachment by File Info: drop-attachments-by-size(0 bytes) 
  My thought is that files that are not word docs, "test.ZIP" for example, would match the condition of not being a document. The match specifies that the action should then be performed on it - strip the attachment if it is over 0 bytes, which would be a match to any file. 
  Right now, it strip anythings, documents included...its like the condition does not exist. I considered using Message Filters at first, but I need to provide a replacement message with each attachment I strip. Thanks in advance for your help! 

  Hey Daniel
  Your understanding is correct to a point.
  The condition you set is correct, it will look for emails where attachments are NOT document files according to their mime structure.
  Once this condition is met (IE: test.zip)
  it will fall to the action
  Your action however is set to drop all attachments greater than 0 bytes.
  So for a setup like this I would suggest.
  First content filter:
  Attachment filetype is equal to "document"
  Action for this content filter :  skip remaining content filters
  Second content filter:
  (Either no condition or Attachment filetype is NOT "document")
  Action -> Strip if size greater than 0
  The reason why all attachment filetypes are being stripped and even document is the condition simply states what needs to be seen to trigger this action
  But this action is not set to exempt document files but to strip them all

• Exchange server 2013 content filter rejecting all incoming messages as spam.

  Hello All,
  Today out of the blue our Exchange server 2013 install started rejecting any inbound message as spam. It first started with only one user not being able to receive any mail because of this anomaly and
  then after 12 or so hours all users were getting their mail rejected.
  I currently had the threshold set to 5 on external messages only. Internal is disabled.
  I have tried setting the threshold to 8 and 9, and rebooted the server after restarting
  all services just to make sure everything reset. Even dished out a IISRESET just in case. Whatever I tried still does not work.
  The install is a stand alone server facing the outside world (no edge server) living
  in a 2 domain controller environment with a share point farm thrown in (ESXI5.5 environment)
  Everything works just fine and dandy if I disable the content filter all together. Not seeing anything in the application logs out of the ordinary. Everything was working great and the same settings I used on this server worked well for a totally different
  server that runs just fine.
  Any ideas?
  fr0stsp1re

  RunspaceId                            : 87157b62-a061-436b-8fb9-dab446be3473
  Name                                  : ContentFilterConfig
  RejectionResponse                     : Message rejected as spam by Content Filtering.
  OutlookEmailPostmarkValidationEnabled : True
  BypassedRecipients                    : {}
  QuarantineMailbox                     :
  SCLRejectThreshold                    : 6
  SCLRejectEnabled                      : False
  SCLDeleteThreshold                    : 9
  SCLDeleteEnabled                      : False
  SCLQuarantineThreshold                : 9
  SCLQuarantineEnabled                  : False
  BypassedSenders                       : {}
  BypassedSenderDomains                 : {}
  Enabled                               : False
  ExternalMailEnabled                   : True
  InternalMailEnabled                   : False
  AdminDisplayName                      :
  ExchangeVersion                       : 0.1 (8.0.535.0)
  DistinguishedName                     : CN=ContentFilterConfig,CN=Message Hygiene,CN=Transport Settings,CN=Smith And
                                          Smith,CN=Microsoft
                                          Exchange,CN=Services,CN=Configuration,DC=XXXXXXXXXXX,DC=com
  Identity                              : ContentFilterConfig
  Guid                                  : 8f86e0b6-da37-42d3-b7cd-b9635b7db271
  ObjectCategory                        : XXXXXXXXXXXXXXXXXXX/Configuration/Schema/ms-Exch-Message-Hygiene-Conten
                                          t-Filter-Config
  ObjectClass                           : {top, msExchAgent, msExchMessageHygieneContentFilterConfig}
  WhenChanged                           : 5/28/2014 12:15:21 PM
  WhenCreated                           : 5/1/2014 4:17:55 PM
  WhenChangedUTC                        : 5/28/2014 7:15:21 PM
  WhenCreatedUTC                        : 5/1/2014 11:17:55 PM
  OrganizationId                        :
  OriginatingServer                     : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  IsValid                               : True
  ObjectState                           : Unchanged
   This is what it is set at now. Completely disabled. It worked fine for quite some time filtering out spam pretty nicely then one day everyone's mail was being rejected as spam by the content filtering agent. I know of someone else who also had this
  issue except their box was running 2008R2 with EX2007. They too disabled the content filter as it was giving them too many problems with mail being rejected.
  fr0stsp1re

• Regular Expression in content filter

  Hey,
  i want to create a content filter with the "body-contains"-condition in combination with a regular expression. To specify it:
  I want to check whether a string (disclaimer) is already added to the email. If not, i have to add the footer.
  So to say: REGULAR EXPRESSION = does not contain "string"
  But how does the regular expression look like?
  <rule>
  <rule_type>Only_Body_Contains_Rule</rule_type>
  <rule_data>REGULAR EXPRESSION (does not contain...)</rule_data>
  <rule_extra1>1</rule_extra1>
  </rule>
  Thx

  you MAY be able to use a negative lookahead assertion like:
  ?!EXPRESSION
  this results in:
  content_filter: if (only-body-contains("?!disclaimer text", 1) )
  OR in message filters you can say:
  if ( not body-contains("EXPRESSION",1) )
  all that said, you should just have two content filters, 1 to check for the filter and deliver immediately (w/o filter stamp) and another catch-all filter to stamp filters. for example:
  disclaimer_skip
  disclaimer_skip: if (only-body-contains("disclaimer text", 1)) { deliver(); }
  outbound-disclaimer-catchall
  outbound-disclaimer-catchall: if (true) { add-footer("my_disclaimer"); }
  cheers,
  andrew

• Confusing about Message filter and Content filter

  I have a message filter do quarantine action:
  badbody: if body-dictionary-match("badbody", 1) {
  quarantine ("Policy");
  deliver();
  also I write a content filter 'good' to see what spams are missed by Ironport Antispam:
  Conditions (only if all conditions match):
  header("X-IronPort-Quarantine") != "^Policy$"
  header("X-Spam-flag") != "^(?i)YES$"
  Action:
  duplicate-quarantine ("good")
  deliver()
  I think these two rules could not occur both, because the filter badbody had sent the spam to quarantine 'Policy',
  there's no possible to dumplicate to qurantine 'good'.
  But it happens:
  Tue Jun 17 18:52:55 2008 Info: New SMTP ICID 26146919 interface InNet (10.68.2.161) address 61.135.132.136 reverse dns host websmtp.sohu.com verified no
  Tue Jun 17 18:52:55 2008 Info: ICID 26146919 ACCEPT SG ICP match .sohu.com SBRS 5.5
  Tue Jun 17 18:52:55 2008 Info: Start MID 10698519 ICID 26146919
  Tue Jun 17 18:52:55 2008 Info: MID 10698519 ICID 26146919 From: <mia_kma3998>
  Tue Jun 17 18:52:55 2008 Info: MID 10698519 ICID 26146919 RID 0 To: <swordhuihui>
  Tue Jun 17 18:52:55 2008 Info: MID 10698519 Message-ID '<10849536>'
  Tue Jun 17 18:52:55 2008 Info: MID 10698519 Subject '=?GB2312?B?1Pa807z7zsU=?='
  Tue Jun 17 18:52:55 2008 Info: MID 10698519 ready 1452582 bytes from <mia_kma3998>
  Tue Jun 17 18:52:56 2008 Info: MID 10698519 matched all recipients for per-recipient policy DEFAULT in the inbound table
  Tue Jun 17 18:52:56 2008 Info: MID 10698519 was too big (1452582/102400) for scanning by CASE
  Tue Jun 17 18:52:56 2008 Info: Start MID 10698528 ICID 0
  Tue Jun 17 18:52:56 2008 Info: MID 10698528 was generated based on MID 10698519 by duplicate-quarantine filter 'good'
  Tue Jun 17 18:52:56 2008 Info: MID 10698528 ICID 0 From: <mia_kma3998>
  Tue Jun 17 18:52:56 2008 Info: MID 10698528 ICID 0 RID 0 To: <swordhuihui>
  Tue Jun 17 18:52:56 2008 Info: MID 10698528 ready 1452584 bytes from <mia_kma3998>
  Tue Jun 17 18:52:56 2008 Info: MID 10698528 quarantined to "good" (duplicated by content filter:good)
  Tue Jun 17 18:52:56 2008 Info: MID 10698519 quarantined to "Policy" (message filter:flg1)
  Tue Jun 17 18:52:59 2008 Info: ICID 26146919 close
  The log shows the quarantine action of message filter take effect after the content filter action. I'm quite confused.
  Any suggestion?

  The original message was marked to go to the "Policy" system quarantine via the message filter. However, that message continues through the email pipeline. If no other action affects that message(i.e. dropped by Sophos anti-virus), then the system will move the message to the "Policy" quarantine as originally marked.
  However, in your case, the message was marked to be sent to the "Policy" system quarantine, and then it matched your content filter and did two things:
  1. spawned a copy of the original message and sent this new one to the "good" system quarantine. (see MID 10698528)
  2. the original copy was left alone and this one was sent to the "Policy" quarantine. If you had a drop() action, then it would have gotten dropped and you would have been left with the single copy from #1 (see MID 10698519)
  What was the intended behavior you were trying to achieve?
  Here are some references that may help:
  1. Where can I see a diagram of the IronPort email pipeline?
  You can find a diagram of the queue sequence if you click on the Help
  link in the top right of the web interface - it takes a while for it to
  load. Find the section "Understanding the Email Pipeline" and then
  under that "Overview: Email Pipeline".

• Help w/ Content Filter

  With all the phishing emails going on, we have been hit at least weekly for the past 2 months, I'd like to create an Incoming Content Filter to quarantine these. From looking at the messages they all seem to have the word "password:" on a line by itself.
  I've added a content filter to search for that phrase, send me a copy of the message and then deliver the message. I've done this as a test and to my surprise have found 10-20 valid messages per hour with this string!
  What is different about the phishing string and valid string is that for valid email, the word password: is followed by more text.
  So, my question is how do I create a content filter where the entire line is any one of these? I'd even settle for one of them.
  password:
  Password:
  password:
  Password:
  The last two lines have a space after the colon.
  I've tried "^[Pp]assword:$" without the quotes but it doesn't work.

  Are you looking for Case-insensitivity?
  Case-insensitivity (?i)
  The token (?i) that indicates the rest of the regular expression should be treated in case-insensitive mode. Placing this token at the beginning of a case-sensitive regular expression results in a completely insensitive match.
  For example, the regular expression “(?i)viagra” matches Viagra, vIaGrA, and VIAGRA.

• Content filter not working

  I recently got my two teenagers a Droid Maxx and they love it. My question is if anyone knows why the content filter option doesn't work for it. You would think the content filter would work on all phones. Seems to me that prior to releasing any new phone they should have made sure all features of the Verizon account would work. Does anyone know if they are going to resolve this issue and if so when??  I do think it is irresponsible for the feature to not work considering the number of kids using cell phones now. How can a parent who wants to control content do so if not available. I think this should be a priority with Verizon. Do they value kids safety or not?

      Hey there, skyhawk1! Thanks for your purchase of two new Droid Maxx smartphones. I hope your teenagers are loving them! I'm very curious about the crux of your post here. You've expressed interest in Content Filtering, and stated that the service is incompatible with the Droid Maxx. Our records indicate that the model will support filtering. Can you tell me why you feel that it doesn't? Did you attempt to add or request it, only to be denied? Please share the details. Thanks!
  For more info on Content Filtering, please review this link: http://vz.to/17xz67N
  DionM_VZW
  Follow us on Twitter www.twitter.com/vzwsupport

• New content filter = no more ARD !?!?!?!

  I manage two sub-netoworks which use the same router and content filter but with a different IP addresses. I used to be able to connect to any machine on either network from the other one, but now I can't. I also have a new content filter, which I think is causing the problem. The machines are listed as sleeping when I know they are not.
  Any idea how I can get this to work?
  Thanks

  Make sure that the filter and router passes TCP/UDP ports 3283 and 5900. Most likely it's blocking at least 3283.
  Regards.

• Really Slow web surfing through ZBF with IOS Content filter

  Edited: attached partial output of "sh policy-map type inspect zone-pair urlfilter"   
  Hey, all
  We have a 1921 router with IOS Content filter subscribsion and it is also configured as ZBF running latest IOS v15.1. End-user keep complaining about slow web surfing. I connected to network and tested myself and found intermittent surfing experience.
  For example, access to www.ibm.com or www.cnn.com hangs 7 times of 10 attempts and maybe only loads reasonablly quick in 1-2 time of the 3. This also affects the speed of download from websites.
  I have the case openned with Cisco TAC and CCIE checked my configure but nothing caught his eyes...
  I decide to post the issue here in case we both missed something:
  Current configuration : 18977 bytes
  version 15.1
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname abc_1921
  boot-start-marker
  boot system flash:/c1900-universalk9-mz.SPA.151-4.M4.bin
  boot-end-marker
  aaa new-model
  aaa authentication login default local
  aaa authentication login NONE_LOGIN none
  aaa authorization exec default local
  aaa session-id common
  clock timezone AST -4 0
  clock summer-time ADT recurring 3 Sun Mar 2:00 2 Sun Nov 2:00
  no ipv6 cef
  ip source-route
  ip auth-proxy max-login-attempts 5
  ip admission max-login-attempts 5
  ip cef
  ip dhcp excluded-address 192.168.1.1 192.168.1.9
  ip dhcp excluded-address 192.168.1.111 192.168.1.254
  ip dhcp pool DHCPPOOL
  import all
  network 192.168.1.0 255.255.255.0
  domain-name abc.local
  dns-server 192.168.10.200 192.168.10.202
  netbios-name-server 4.2.2.4
  default-router 192.168.1.150
  option 202 ip 192.168.1.218
  lease 8
  ip domain name abc.locol
  ip name-server 8.8.8.8
  ip name-server 4.2.2.2
  ip port-map user-port-1 port tcp 5080
  ip port-map user-port-2 port tcp 3389
  ip inspect log drop-pkt
  multilink bundle-name authenticated
  parameter-map type inspect global
  log dropped-packets enable
  parameter-map type urlfpolicy trend cprepdenyregex0
  allow-mode on
  block-page message "The website you have accessed is blocked as per corporate policy"
  parameter-map type urlf-glob cpaddbnwlocparapermit2
  pattern www.alc.ca
  pattern www.espn.com
  pattern www.bestcarriers.com
  pattern www.gulfpacificseafood.com
  pattern www.lafermeblackriver.ca
  pattern 69.156.240.29
  pattern www.tyson.com
  pattern www.citybrewery.com
  pattern www.canadianbusinessdirectory.ca
  pattern www.homedepot.ca
  pattern ai.fmcsa.dot.gov
  pattern www.mtq.gouv.qc.ca
  pattern licenseinfo.oregon.gov
  pattern www.summitfoods.com
  pattern www.marine-atlantic.ca
  pattern www.larway.com
  pattern www.rtlmotor.ca
  pattern *.abc.com
  pattern *.kijiji.ca
  pattern *.linkedin.com
  pattern *.skype.com
  pattern toronto.bluejays.mlb.com
  pattern *.gstatic.com
  parameter-map type urlf-glob cpaddbnwlocparadeny3
  pattern www.facebook.com
  pattern www.radiofreecolorado.net
  pattern facebook.com
  pattern worldofwarcraft.com
  pattern identityunknown.net
  pattern static.break.com
  pattern lyris01.media.com
  pattern www.saltofreight.com
  pattern reality-check.com
  pattern reality-check.ca
  parameter-map type ooo global
  tcp reassembly timeout 5
  tcp reassembly queue length 128
  tcp reassembly memory limit 8192
  parameter-map type trend-global global-param-map
  cache-size maximum-memory 5000
  crypto pki token default removal timeout 0
  crypto pki trustpoint Equifax_Secure_CA
  revocation-check none
  crypto pki trustpoint NetworkSolutions_CA
  revocation-check none
  crypto pki trustpoint trps1_server
  revocation-check none
  crypto pki trustpoint TP-self-signed-3538579429
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-3538579429
  revocation-check none
  rsakeypair TP-self-signed-3538579429
  !! CERTIFICATE OMITED !!
  redundancy
  ip ssh version 2
  class-map type inspect match-any INCOMING_VPN_TRAFFIC_MAP
  match access-group name REMOTE_SITE_SUBNET
  class-map type inspect match-all PPTP_GRE_INSPECT_MAP
  match access-group name ALLOW_GRE
  class-map type inspect match-all INSPECT_SKINNY_MAP
  match protocol skinny
  class-map type inspect match-all INVALID_SOURCE_MAP
  match access-group name INVALID_SOURCE
  class-map type inspect match-all ALLOW_PING_MAP
  match protocol icmp
  class-map type urlfilter match-any cpaddbnwlocclasspermit2
  match  server-domain urlf-glob cpaddbnwlocparapermit2
  class-map type urlfilter match-any cpaddbnwlocclassdeny3
  match  server-domain urlf-glob cpaddbnwlocparadeny3
  class-map type urlfilter trend match-any cpcatdenyclass2
  class-map type inspect match-all cpinspectclass1
  match protocol http
  class-map type inspect match-any CUSTOMIZED_PROTOCOL_216
  match protocol citriximaclient
  match protocol ica
  match protocol http
  match protocol https
  class-map type inspect match-any INSPECT_SIP_MAP
  match protocol sip
  class-map type urlfilter trend match-any cptrendclasscatdeny1
  match  url category Abortion
  match  url category Activist-Groups
  match  url category Adult-Mature-Content
  match  url category Chat-Instant-Messaging
  match  url category Cult-Occult
  match  url category Cultural-Institutions
  match  url category Gambling
  match  url category Games
  match  url category Illegal-Drugs
  match  url category Illegal-Questionable
  match  url category Internet-Radio-and-TV
  match  url category Joke-Programs
  match  url category Military
  match  url category Nudity
  match  url category Pay-to-surf
  match  url category Peer-to-Peer
  match  url category Personals-Dating
  match  url category Pornography
  match  url category Proxy-Avoidance
  match  url category Sex-education
  match  url category Social-Networking
  match  url category Spam
  match  url category Tasteless
  match  url category Violence-hate-racism
  class-map type inspect match-any INSPECT_PROTOCOLS_MAP
  match protocol pptp
  match protocol dns
  match protocol ftp
  match protocol https
  match protocol imap
  match protocol pop3
  match protocol netshow
  match protocol shell
  match protocol realmedia
  match protocol rtsp
  match protocol smtp
  match protocol sql-net
  match protocol streamworks
  match protocol tftp
  match protocol vdolive
  match protocol tcp
  match protocol udp
  match protocol icmp
  class-map type urlfilter trend match-any cptrendclassrepdeny1
  match  url reputation ADWARE
  match  url reputation DIALER
  match  url reputation DISEASE-VECTOR
  match  url reputation HACKING
  match  url reputation PASSWORD-CRACKING-APPLICATIONS
  match  url reputation PHISHING
  match  url reputation POTENTIALLY-MALICIOUS-SOFTWARE
  match  url reputation SPYWARE
  match  url reputation VIRUS-ACCOMPLICE
  class-map type inspect match-all CUSTOMIZED_NAT_MAP_1
  match access-group name CUSTOMIZED_NAT_1
  match protocol user-port-1
  class-map type inspect match-all CUSTOMIZED_NAT_MAP_2
  match access-group name CUSTOMIZED_NAT_2
  match protocol user-port-2
  class-map type inspect match-any INSPECT_H323_MAP
  match protocol h323
  match protocol h323-nxg
  match protocol h323-annexe
  class-map type inspect match-all INSPECT_H225_MAP
  match protocol h225ras
  class-map type inspect match-all CUSTOMIZED_216_MAP
  match class-map CUSTOMIZED_PROTOCOL_216
  match access-group name CUSTOMIZED_NAT_216
  policy-map type inspect OUT-IN-INSPECT-POLICY
  class type inspect INCOMING_VPN_TRAFFIC_MAP
    inspect
  class type inspect PPTP_GRE_INSPECT_MAP
    pass
  class type inspect CUSTOMIZED_NAT_MAP_1
    inspect
  class type inspect CUSTOMIZED_NAT_MAP_2
    inspect
  class type inspect CUSTOMIZED_216_MAP
    inspect
  class class-default
    drop
  policy-map type inspect urlfilter cppolicymap-1
  description Default abc Policy Filter
  parameter type urlfpolicy trend cprepdenyregex0
  class type urlfilter cpaddbnwlocclasspermit2
    allow
  class type urlfilter cpaddbnwlocclassdeny3
    reset
    log
  class type urlfilter trend cptrendclasscatdeny1
    reset
    log
  class type urlfilter trend cptrendclassrepdeny1
    reset
    log
  policy-map type inspect IN-OUT-INSPECT-POLICY
  class type inspect cpinspectclass1
    inspect
    service-policy urlfilter cppolicymap-1
  class type inspect INSPECT_PROTOCOLS_MAP
    inspect
  class type inspect INVALID_SOURCE_MAP
    inspect
  class type inspect INSPECT_SIP_MAP
    inspect
  class type inspect ALLOW_PING_MAP
    inspect
  class type inspect INSPECT_SKINNY_MAP
    inspect
  class type inspect INSPECT_H225_MAP
    inspect
  class type inspect INSPECT_H323_MAP
    inspect
  class class-default
    drop
  zone security inside
  description INTERNAL_NETWORK
  zone security outside
  description PUBLIC_NETWORK
  zone-pair security INSIDE_2_OUTSIDE source inside destination outside
  service-policy type inspect IN-OUT-INSPECT-POLICY
  zone-pair security OUTSIDE_2_INSIDE source outside destination inside
  service-policy type inspect OUT-IN-INSPECT-POLICY
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key password address 11.22.3.1
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec transform-set TunnelToCold esp-3des
  crypto map TunnelsToRemoteSites 10 ipsec-isakmp
  set peer 11.22.3.1
  set transform-set TunnelToCold
  match address TUNNEL_TRAFFIC2Cold
  interface Embedded-Service-Engine0/0
  no ip address
  shutdown
  interface GigabitEthernet0/0
  description OUTSIDE_INTERFACE
  ip address 1.1.1.186 255.255.255.248
  ip nat outside
  ip virtual-reassembly in
  zone-member security outside
  duplex full
  speed 1000
  crypto map TunnelsToRemoteSites
  crypto ipsec df-bit clear
  interface GigabitEthernet0/1
  description INSIDE_INTERFACE
  ip address 192.168.1.150 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  zone-member security inside
  duplex full
  speed 1000
  ip forward-protocol nd
  ip http server
  ip http access-class 10
  ip http authentication local
  ip http secure-server
  ip nat inside source static tcp 192.168.1.217 5080 interface GigabitEthernet0/0 5080
  ip nat inside source route-map NAT_MAP interface GigabitEthernet0/0 overload
  ip nat inside source static tcp 192.168.1.216 80 1.1.1.187 80 extendable
  ip nat inside source static tcp 192.168.1.216 443 1.1.1.187 443 extendable
  ip nat inside source static tcp 192.168.1.216 1494 1.1.1.187 1494 extendable
  ip nat inside source static tcp 192.168.1.216 2598 1.1.1.187 2598 extendable
  ip nat inside source static tcp 192.168.1.213 3389 1.1.1.187 3390 extendable
  ip nat inside source static tcp 192.168.1.216 5080 1.1.1.187 5080 extendable
  ip route 0.0.0.0 0.0.0.0 1.1.1.185
  ip access-list standard LINE_ACCESS_CONTROL
  permit 192.168.1.0 0.0.0.255
  ip access-list extended ALLOW_ESP_AH
  permit esp any any
  permit ahp any any
  ip access-list extended ALLOW_GRE
  permit gre any any
  ip access-list extended CUSTOMIZED_NAT_1
  permit ip any host 192.168.1.217
  permit ip any host 192.168.1.216
  ip access-list extended CUSTOMIZED_NAT_2
  permit ip any host 192.168.1.216
  permit ip any host 192.168.1.212
  permit ip any host 192.168.1.213
  ip access-list extended CUSTOMIZED_NAT_216
  permit ip any host 192.168.1.216
  ip access-list extended INVALID_SOURCE
  permit ip host 255.255.255.255 any
  permit ip 127.0.0.0 0.255.255.255 any
  ip access-list extended NAT_RULES
  deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.8.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
  permit ip 192.168.1.0 0.0.0.255 any
  ip access-list extended REMOTE_SITE_SUBNET
  permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.5.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.7.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.8.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.9.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2ABM
  permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2Bridgewater
  permit ip 192.168.1.0 0.0.0.255 192.168.8.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2ColdbrookDispatch
  permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2ColdbrookETL
  permit ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2ColdbrookTrailershop
  permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2Moncton
  permit ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2MountPearl
  permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2Ontoria
  permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
  ip access-list extended WEB_TRAFFIC
  permit tcp 192.168.1.0 0.0.0.255 any eq www
  access-list 10 permit 192.168.1.0 0.0.0.255
  route-map NAT_MAP permit 10
  match ip address NAT_RULES
  snmp-server community 1publicl RO
  control-plane
  line con 0
  logging synchronous
  login authentication NONE_LOGIN
  line aux 0
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
  stopbits 1
  line vty 0 4
  access-class LINE_ACCESS_CONTROL in
  exec-timeout 30 0
  logging synchronous
  transport input all
  scheduler allocate 20000 1000
  ntp server 0.ca.pool.ntp.org prefer
  ntp server 1.ca.pool.ntp.org
  end

  Hi,
  I know this is for a different platform but have a look at this link:
  https://supportforums.cisco.com/thread/2089462
  Read through it to get some idea of the similarity, but in particular note the last entry almost a year after the original post.
  I too am having trouble with http inspection, if I do layers 3 & 4 inspection there is no issue whatsoever, but as soon as I enable layer 7 inspection then I have intermittent browsing issues.
  The easy solution here is to leave it at layers 3 & 4, which doesn't give you the flixibility to do cool things like blocking websites, IM, regex expression matching etc...  but in my opinion I just don't think these routers can handle it.
  It appears to be a hit and miss affair, and going on the last post from the above link, you might be better off in having the unit replaced under warranty.
  The alternative is wasting a lot of time and effort and impacting your users to get something up and running that in the end is so flaky that you have no confidence in the solution and you are then in a situation where ALL future issues users are facing MIGHT be because of this layer 7 inspection bug/hardware issue etc?
  I would recommend you use the router as a frontline firewall with inbound/outbound acl's (no inspection), and then invest a few $ in getting an ASA dedicated firewall (but that's just me )

• Cant play DRM encrypted content with flash player 11.3

  Hi, Im working as a developer on a video on demand service!
  I just updated to flash player 11.3 and now i can't  play any DRM encrypted content anymore on windows.
  I use SSL to connect to the DRM server, please help!

  I use Windows Vista.
  Flash Player v 11,3,300,257
  Does not work on Chrome 19, FireFox 13 or IE.
  I tried to play the video http://drmtest2.adobe.com/AccessPlayer/player.html and i get a 3329 DRM error

• Restricting email recipient domain with content filter

  Gents,
  I am looking to restrict email receipient domain to two with the help of content filter instead of using RAT table.
  Please help me out.

  I understand that you want mail to be rejected for all but 2 Recipient users/domains.  You also want to declare the users/domains via a Filter instead of in the RAT.  This is not recommended, here is why:
  - If you set the RAT to  'All Other Recipients' to 'Accept', other hosts may believe the ESA is an 'Open Relay' and may refuse mail from its IP.
  - Bouncing mail after acceptance can cause 'backscatter' emails.  This is where a mail server redistributes spam via bounces and it will cause some hosts to reject your mail.
  - If done incorrectly, can cause valid mail to bounce.
  - If done incorrectly, can make your ESA an Open Relay that can be abused by others.
  If you still wish to proceed knowing that the above risks, here are the high-level steps:
  1) Set 'All Other Recipients' to 'Accept' in RAT
  2) Create a new Incoming Mail Policy
   - Add the valid users and/or domains to this new Policy
  3) Create new Incoming Content Filter:
   - Rule: leave empty
   - Action: Bounce
  4) Disable all scanning on Default Incoming Mail Policy
  5) Apply the new Filter to the Default Incoming Mail Policy
  6) Verify that the new Incoming Mail Policy has appropriate scanning enabled
  This method works by accepting all mail sent to the ESA, even if it is for a domain you do not control or for an invalid recipient for a domain you do control.  When the messages reach the Incoming Mail Policies, valid recipients will match on the new Policy while every other address matches the Default Incoming Mail Policy.  Using the Policies in this way is required so that the message is 'splintered' before processing through most scanning features.  Now only users/domain that do not match your new Policy will be Bounced by the Content Filter.
  Again, I wish to stress that I do _not_ recommend this approach: it is far safer to simply list the valid users or domains directly in the RAT.
  - Jackie

• I have a new iPhone 5S.  While trying to learn about it, I accidentally recorded a voice memo with no content.  I cannot now figure out how to get rid of it.  There is a banner across the top of my phone with this memo which I don't want.  Help!

  I have a new iPhone 5S.  While trying to learn about it, I accidentally recorded a voice memo with no content.  I cannot now figure out how to get rid of it.  There is a banner across the top of my phone with this memo which I don't want.  I have deleted it from iTunes but cannot get it off the phone.  Help!

  The banner usually indicates that the memo is "Paused." If you go back into voice memos, touch the word "Done" beside the big red pause button, give it a name, then it will show in a list. Touch the memo in the list then touch the trash can icon that should appear.

• Can I set up a Content Filter that is Time/Date stamp dependent?

  My company would like to add an additional disclaimer text during Holidays where the company is closed.  It will say something like: "In observance of the 'XYZ' holiday, our offices will be closing at 3:00 PM on Friday, December........ and will reopen at 8:30 AM Monday.......".
  I was wondering if there is a way to set up conditions in an Outgoing content filter to only include that text if the email is sent between certain dates.
  This would allow me to set up the filters prior to the holidays and not have to manage them manually.
  I tried to do it via Exchange Transport rule, but I can't find a time/date dependent condition for the rules in Exchange.
  Thanks,
  Rachel    

  Hi Rachel,
  there is no way to archive this directly in content filters, an indirect way would be to use a message filter that adds an additional header (i.e. X-mas: true) during a specific period. For that, message filters provide the 'date' rule, i.e
  HolidayHeader:
  if ((date > '12/20/2012 13:00:00') and
       (date < '12/28/2012 12:00:00'))
  insert-header('X-mas', 'TRUE');
  You'd then create an outbound content filter matching on this header and inserting the specific footer if the header exists. Or, of course, you could have that action in the message filter already, however in that case you need additional conditions to make sure the rule applies on outbound messages only.
  Hope that helps,
  Andreas