David White

Member Since: Oct 26, 2001

English
David White commented on Smart Call Home on the ASA in Firewalling 4 months ago

Hi hroi, Smart Call-home is not tied to licensing.  If Smart Call-home is not functioning (or not...

David White commented on Smart Call Home on the ASA in Firewalling 2 years ago

Hi Sam, Ok, I had an idea... and just tested this myself.  You can specify the port by following...

David White commented on Smart Call Home on the ASA in Firewalling 2 years ago

Why yes there is!  :-)Have a look here:https://supportforums.cisco.com/document/57466/asa-smart-...

David White commented on TAC Security Podcast #37 - ASA Network Address Translation (NAT) in Firewalling 2 years ago

Hi Adil, Sure, sounds great.  Email us directly:   securityshow [at] cisco.com so we can work out...

David White commented on CSCtr16184 - To-the-box traffic fails from hosts over vpn after upgrade to 8.4.2 - 10 in Cisco Bug Discussions 2 years ago

Hi Roel,This specific issue was fixed in 8.4(3), and confirmed by many customers.Therefore, if you...

David White commented on CSCuh56175 - SRTP to RTP Interworking one way audio at about 22 minutes in Cisco Bug Discussions 2 years ago

Hi Constantinos,Based on your description, I am not sure your symptoms match that of this bug.  But...

David White commented on Cannot port forward 80 443 (ASA 5510 V8) in Firewalling 2 years ago

Great, glad to hear everything is working for you now.Sincerely,David.

David White commented on Cannot port forward 80 443 (ASA 5510 V8) in Firewalling 2 years ago

Hi Boian,Can you confirm that the server is accessible externally?  Since you said a partner was...

David White commented on Cannot port forward 80 443 (ASA 5510 V8) in Firewalling 2 years ago

Hi Boian,You will never be able to connect to the NATed/PATed (ie: Public IP) from the Inside...

David White commented on Bridged F/W in front of PIX? in Firewalling 2 years ago

Hi Rainer,If you practice good security policies (SSH / ASDM with AAA), then only authorized users...

David White commented on Cannot port forward 80 443 (ASA 5510 V8) in Firewalling 2 years ago

Hi Boian,Please note that I CAN SOLVE YOUR PROBLEM, but only if you supply the information I...

David White commented on Cannot port forward 80 443 (ASA 5510 V8) in Firewalling 2 years ago

Can you capture the syslogs (at level 6) when you attempt to access the web server from the outside...

David White commented on if we enable IP audit feature in physical interface, will it apply to sub-interface too ? in Firewalling 2 years ago

That is correct.  There is no inheritence of policy based commands from the physical interface to...

David White commented on Cannot port forward 80 443 (ASA 5510 V8) in Firewalling 2 years ago

Hi Boian,Ok, you have a few problems - but all with the same root issue.When you overload on an...

David White commented on Bridged F/W in front of PIX? in Firewalling 2 years ago

What additional value do you see that providing?I don't see much reason,. but if there is a feature...

David White commented on ASA 5512 - Call Home in Firewalling 2 years ago

I'm not sure any exists for XML/AML output.It may be better not to export as XML.  You can send...

David White commented on how would the firewall react ? in Firewalling 2 years ago

It can be a 'filter' if an ACL is applied to the interface for which the initial packets are...

David White commented on ASA per-client-max settings in Firewalling 2 years ago

Hi Michael,The "per-client-max" setting is for all connections initiated from that client and...

David White commented on how would the firewall react ? in Firewalling 2 years ago

Yes, but it is a very bad idea to leverage tcp-state-bypass here.  The design...

David White commented on CSCul26755 - INSPECT ICMP ERROR ICMP HEADER AFTER UN_NAT DOES NOT MATCH IP DST ADDR in Cisco Bug Discussions 2 years ago

Unfortunately, no.  To get the fix in a 9.0 release, you will need to run an interim image. ...

David White commented on CSCuj81593 - ASA failover interface monitoring status Unknown after reload of active in Cisco Bug Discussions 2 years ago

Hi Donald,You are missing the "Standby IPs" on each interface.  This is required for Failover...

David White commented on CSCul26755 - INSPECT ICMP ERROR ICMP HEADER AFTER UN_NAT DOES NOT MATCH IP DST ADDR in Cisco Bug Discussions 2 years ago

The 9.0.4.2 interim ASA image is only available through a TAC case.  The 9.1.4.4 interim ASA image...

David White commented on CSCsy71401 - Traceback when editing object-group in Cisco Bug Discussions 2 years ago

Yes.  CSCsy71401 does not exist in 8.4.7 code.Sincerely,David.

David White commented on Bug ID CSCug03975 in Cisco Bug Discussions 2 years ago

Yes, the 5585-X is succeptable to bug CSCug03975.Sincerely,David.

David White commented on CSCuf46296 - Unable to add static NAT/PAT after upgrade to 8.4.5 in Cisco Bug Discussions 2 years ago

Hi Jouni,CSCuf46296 will not cause the ASA to crash.  Please open a case with us and upload the...

David White commented on Dynamic ports in Firewalling 2 years ago

Hi Bob,Yes, I find it highly odd that the clients would need to *connect* to a possible 16k ports!...

David White commented on Upgrade from 8.4.2 to 9.03 in Firewalling 2 years ago

You can go straight to 9.0.3Sincerely,David.

David White commented on syslog outside traffic through firewall in Firewalling 2 years ago

When you say you have a DMZ, is this a different interface on the ASA?  (So you would have Outside...

David White commented on Can you do a debug of TCP sessions in a FWSM? in Firewalling 2 years ago

Hi Jeramel,I'm not quite sure what you are looking for.  Syslogs are your best bet for tracking...

David White commented on Dynamic ports in Firewalling 2 years ago

Hi Bob,In the ACE  you defined, the range is from 49000 - 65535, but later in your question you...

David White commented on CSCud17778 - memory leak in middle buffers due to snmp traps in Cisco Bug Discussions 2 years ago

Hi Marty,Yes, all 3 are required (AND conditions).Also note for #2, it is really the "...

David White commented on Required OID number to Monitoring Current host count in Firewalling 2 years ago

Unfortunately, no.  ASDM does not provide this capability natively.  You can use the CLI interface...

David White commented on CSCsm18209 - traceback CHECKHEAPS HAS DETECTED A MEMORY CORRUPTION in Cisco Bug Discussions 2 years ago

The ASA crashed due to trying to access some memory which became corrupted.You will need to open a...

David White commented on ASDM "Cannot launch device manager from x.x.x.x" Windows 8 - Java 7u25 in Firewalling 2 years ago

All - please note that we have been tracking this issue via bug CSCum46193, which has since been...

David White commented on Sync config b/w different location stand alone firewalls in Firewalling 2 years ago

Hi Khalid,The ASAs cannot replicate configs between two different devices (which are not in...

David White commented on Forward DNS request to External DNS in Firewalling 2 years ago

Hi Isom,This is possible to accomplish on the ASA using static Destination NAT.  What you will do...

David White commented on ASA 5545-X with IPS generating DHCPDiscover packets in Firewalling 2 years ago

Thanks Marcelo.David.

David White commented on ASA access to FQDN in Firewalling 2 years ago

Hi Sergey,You cannot lower the ASA's DNS aging timeout below 1 minute.  Note that each time the...

David White commented on ASA 5545-X with IPS generating DHCPDiscover packets in Firewalling 2 years ago

This should not be happening.  Please open a TAC case for further investigation here.Thanks,David.

David White commented on Required OID number to Monitoring Current host count in Firewalling 2 years ago

Hi,Unfortunately, the ASA does not have an OID for these stats.Sincerely,David.

David White commented on Citrix sessions randomly dropped in Firewalling 2 years ago

Hi Glan,I think we would need further information in order to help identify what is happening here....

David White commented on RSS Feed, e-mail notification alert for bugs in Cisco Bug Discussions 2 years ago

Hi Arun,Please check out the Cisco Notification Service:http://www.cisco.com/cisco/support/...

David White commented on Critical Bug in the Forum in Cisco Bug Discussions 2 years ago

Please contact me.  I'll get you to the right people.dwhitejr [at] cisco.comThanks,David.

David White commented on CSCug24584 - ASA console hangs with duplicate nat statements of sh nat in Cisco Bug Discussions 2 years ago

Hi Mot,For this particular bug, it manifests itself when a user modifies auto-nat statements (ie:...

David White commented on CSCue51351 - ASA Huge NAT config causes traceback due to unbalanced p3 tree in Cisco Bug Discussions 2 years ago

Hi Mot,The mode does not matter.  Meaning, this applies to single context mode, or if in multi-...

David White commented on CSCtz15346 - /mnt/pss directory growing too large and having no free space in Cisco Bug Discussions 2 years ago

Hi Naga,From the CLI, issue "show system internal flash" to see what directory is taking up the...

David White commented on CSCuf90316 - In lanbase intervlan-routing uses 100 percent software path in Cisco Bug Discussions 2 years ago

Hi Mark,This issue *only* affects lanbase licensed images.  Not IP Services.Sincerely,David.

David White commented on CSCue51351 - ASA Huge NAT config causes traceback due to unbalanced p3 tree in Cisco Bug Discussions 2 years ago

Hi Mot,This defect does not affect the number of concurrent sessions.Instead, this defect only...

Bio












David White's Stats

Points456
Discussion started 0
Answers marked as Correct 37
Endorsed 3
Content Rated 8