Ip audit name OUTSIDE_INFO info action alarm Ip audit name OUTSIDE_ATTACK attack action alarm drop Logging host inside 192.168.1.x format emblem Network-object XXXXXXXXXXXX ĭescription VOIP-SERVICE-PROVIDERS NetworksĪccess-list world extended deny ip object-group Bad-guys-blocked-ips anyĪccess-list world extended permit ip object-group HQ-Office anyĪccess-list world extended permit tcp host XXXXXXXXXXXX host 192.168.1.X eq sshĪccess-list world extended permit object-group VOIP-RTP-PORTS any host 192.168.1.xĪccess-list world extended permit object-group VOIP-SIP-PORTS object-group remote-offices host 192.168.1.xĪccess-list world extended permit object-group VOIP-SIP-PORTS object-group VOIP-PROVIDERS host 192.168.1.xĪccess-list world extended permit object-group VoIP-Srvr-access-PORTS object-group remote-offices host 192.168.1.xĪccess-list world extended permit object-group Web-Srvr-access-PORTS object-group remote-offices host 192.168.1.xĪccess-list world extended permit icmp object-group remote-offices host 192.168.1.xĪccess-list world extended permit icmp host XXXXXXXXXXXX host 192.168.1.xĪccess-list world extended permit icmp any any echo-replyĪccess-list world extended permit icmp any any source-quenchĪccess-list world extended permit icmp any any unreachableĪccess-list world extended permit icmp any any time-exceeded Object-group service Web-Srvr-access-PORTSĭescription Access to Web server Services Object-group service VoIP-Srvr-access-PORTSĭescription Access to VoIP server Services Service-object udp destination range 10000 20000 Service-object udp destination range sip 5061ĭescription VoIP-RTP-Media-Start/Stop-Port-Range Service-object udp destination range 50000 52000 Object-group network Bad-guys-blocked-ips When i upgraded to ASA Version 9.1(3)2, i cannot even get a connection to the internet.
My questestion is how do i make the ASA to behave the same as the PIX when answering ARP requests. I have gone back to using the PIX for now. they tell me that the connction is fine on their end. So i have norrowed this issue down to an ISP ARP issue and as always when i call. I have tested the some configuration on a different WAN connction and it seem ok. The connection drops every 4 hours for a min or so (When i had ASA Version 8.2(5)) installed, which i suspect is when the ARP times out on the ISP side. That used to work with PIX, but not with ASA firewalls. I have had issues with ARP on this connction where if i swapped the firewall, i had to call them to clear the ARP on the "ISP" side for the connection to work. We have recently upgraded the firewall on this connection from a PIX515E to a ASA 5505 (ASA 5505 Security Plus license). We have a 5/5 (Flexlink) connection from on a Adtran NetVsta 832 gateway.
0 kommentar(er)
