Currently we are implementing a new VPN Solution based on the Cisco AnyConnect VPN and the Cisco ASA5500 Series Firewalls.
Here you can read my progress in this.
MacDive 2.0.2 has been released lately. A wonderful Tool for keeping an electronic record of you Dives.
Meine Oma ist am 12.08.2010 entschlafen.
Möge Gott ihrer Seele gnädig sein.
Ewige Ruhe schenke ihr, o Herr!
Und das ewige Licht leuchte ihr!
Lasse sie ruhen in Frieden.
Amen.
Regina Schlagenwerth (geb. Krüll)
* 05.11.1921
+12.08.2010
Requiescat in pace
Those days we faced the problem that we recived a mail with approx 150 recipients.
Somewhere in the communication it seams that a mail address is broken by the asa.
Inside E-Mail Server (Blue) mail.example.com
Outside E-Mail Server (Red) mail.asdf.com
220-mail.example.com ESMTP Server [Wed, 18 Aug 2010 10:30:58 +0200]
220-Ready to recycle your bits, but we don't want
220 your unsolicited or bulk e-mail (ie: spam)
EHLO mail.asdf.com
250-mail.example.com Hello mail.asdf.com [192.168.0.1]
250-SIZE 4194304
250-PIPELINING
250-AUTH PLAIN LOGIN CRAM-MD5 NTLM
250-STARTTLS
250 HELP
MAIL FROM:<asdf@asdf.com> SIZE=42157
RCPT TO:<user1@example.com>
<output omited>
RCPT TO:<user20@example.com>
RCPT TO:<user21@
250 OK
example.com>
RCPT TO:<user22@example.com>
RCPT TO:<user23@example.com>
RCPT TO:<user24@example.com>
<output omited>
250 Accepted
<output omited>
250 Accepted
501 <user21@XXXXXXXXXXXXXX: '>' missing at end of address
250 Accepted
250 Accepted
250 Accepted
Inside E-Mail Server (Blue) mail.example.com
Outside E-Mail Server (Red) mail.asdf.com
220-mail.example.com ESMTP Server [Wed, 18 Aug 2010 10:30:58 +0200]
220-Ready to recycle your bits, but we don't want
220 your unsolicited or bulk e-mail (ie: spam)
EHLO mail.asdf.com
250-mail.example.com Hello mail.asdf.com [192.168.0.1]
250-SIZE 4194304
250-PIPELINING
250-AUTH PLAIN LOGIN CRAM-MD5 NTLM
250-STARTTLS
250 HELP
MAIL FROM:<asdf@asdf.com> SIZE=42157
RCPT TO:<user1@example.com>
<output omited>
RCPT TO:<user20@example.com>
RCPT TO:<user21@ 250 OK
XXXXXXXXXXXXXX
RCPT TO:<user22@example.com>
RCPT TO:<user23@example.com>
RCPT TO:<user24@example.com>
<output omited>
250 Accepted
<output omited>
250 Accepted
501 <user21@XXXXXXXXXXXXXX: '>' missing at end of address
250 Accepted
250 Accepted
250 Accepted
This is a little bit strange so i will ask the Guys from Cisco if this is a known feature or a bug.
For the Momemt we have disabled the esmtp fixup, on monday we will do future analysis.
If you feel this helps a bit or may be not ? Please leave a comment.
Powered by Zoundry Raven
| Ctrl+B or Left | Move the cursor one character to the left |
| Ctrl+F or Right | Move the cursor one character to the right |
| Esc, B | Move the cursor one word to the left |
| Esc, F | Move the cursor one word to the right |
| Ctrl+A | Move cursor to the beginning of the line |
| Ctrl+E | Move cursor to the end of the line |
| Ctrl+P or Up | Retrieve last command from history |
| Ctrl+N or Down | Retrieve next command from history |
| Ctrl+T | Swap the current character with the one before it |
| Ctrl+W | Erase one word |
| Ctrl+U | Erase the entire line |
| Ctrl+L | Reprint the line |
| Ctrl+C | Exit configuration mode |
| Ctrl+Z | Apply the current command and exit configuration mode |
[caption id="" align="alignnone" width="401" caption="http://www.filemagazine.com/thecollection/archives/2009/06/midnight_snack.html"]What happens when Darth is sleeping:
[/caption]
set snmp access gReadOnlyV1V2C security-model v1 exact read vUnsecured
set snmp access gReadOnlyV1V2C security-model v2c exact read vUnsecured
set snmp community mycomunity securityname sn_v1v2c_ro
set snmp group gReadOnlyV1V2C user sn_v1v2c_ro security-model v1
set snmp group gReadWriteV1V2C user sn_v1v2c_rw security-model v1
set snmp group gReadOnlyV1V2C user sn_v1v2c_ro security-model v2c
set snmp group gReadWriteV1V2C user sn_v1v2c_rw security-model v2c
set snmp view viewname vUnsecured subtree 1
set snmp view viewname vUnsecured subtree 0.0
If you feel this helps a bit or may be not ? Please leave a comment.
To enable the SSH Service on a Enterasys SecureStack C2 and similar you have to issue "set ssh enabled" on the cli.
C2(su)->set ssh enabled
SSH hostkey generation initiated. Process should complete in 60 seconds.
C2(su)->
If you feel this helps a bit or may be not ? Please leave a comment.
How to use Tacacs+ on Cisco ASA
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ (intern) host X.X.X.X
key YYYYXXXYYY
no aaa authentication http console LOCAL
no aaa authentication ssh console LOCAL
aaa authentication http console TACACS+ LOCAL
aaa authentication ssh console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authorization command TACACS+ LOCAL
If you have allready configured ssh you might see something like
asa1(config)# aaa authentication ssh console TACACS+ LOCAL
Range already exists.
If you feel this helps a bit or may be not ? Please leave a comment.
We recently bought so new Firewalls to replace to aged Cisco PIX515e with some new Gear. We decided to use Ciscos new Firewall flagship the Cisco ASA Devices. Everything was fine after the replacement, we transfered the configuration from the old boxes to the new with the help of the Cisco Security Manager.
Later that day there was complains about e-mails are not delivered properly.
On the Cisco PIX with Software 6.2 we had implemented following:
no fixup smtp
For the ASA5510 we had to implement following
policy-map type inspect esmtp esmtp_pmap
parameters
allow-tls action log
policy-map global_policy
class inspection_default
no inspect esmtp
inspect esmtp esmtp_pmap
exit
exit
If you feel this helps a bit or may be not ? Please leave a comment.
Access-based Enumeration (ABE) is a smart feature to let users see only the folders they have access to.
But if you have Cisco WAAS deployed in your network please be aware you have to add a Dynamic share to the waas configuration so the waas knows about this.
Cisco Wide Area Application Services Configuration Guide (Software Version 4.1.7)
Step 1
For creating a dynamic share you have to add a Domain to the Cental Manager eg "Dynamic Shares"
Step 2
Create a entry under the dynamic shares in the global configuration.
On the WAE CLI
ToBe Done
If you feel this helps a bit or may be not ? Please leave a comment.
If you want to configure tacacs+ on the Cisoc MDS9222i Series you have to enable first the feature.
feature tacacs+
After this the commands to configure the Tacacs+ are available.
!
feature tacacs+
!
tacacs+ distribute
tacacs-server timeout 10
tacacs-server host 10.0.243.247 key 0 secertkey
tacacs-server host 10.0.243.248 key 0 secretkey
tacacs+ commit
!
aaa group server tacacs+ AAA-Servers
server 10.0.243.247
server 10.0.243.248
deadtime 5
!
aaa authentication login default group AAA-Servers
aaa authentication login console local
aaa authentication login error-enable
!
ip route 10.0.243.247 255.255.255.255 10.0.160.1 interface mgmt0
ip route 10.0.243.248 255.255.255.255 10.0.160.1 interface mgmt0
!
interface mgmt0
ip address 10.0.160.99 255.255.255.0
switchport description Management
switchport speed 100
If you feel this helps a bit or may be not ? Please leave a comment.
tacacs key **** tacacs host 10.0.243.247 primary tacacs host 10.0.243.248 tacacs key **** authentication login local enable secondary authentication login tacacs enable primary authentication configuration local enable secondary authentication configuration tacacs enable primary authentication fail-over server-unreachable aaa authorization commands 15 default tacacs+
Heute war dann der Tauchgang 1 für CMAS ** dran. Das heist geben von drei Unterwasserzeichen, abstandhalten vom Boden und keinen Staub aufwirbeln und dann einen Aufstieg von ca. 20 Metern mit Stop auf 9 Metern und dann bis 6 Meter und Ende.
Wir sind gemütlich im Blausteinsee unterwegs gewesen einfach raus bei ca 100° - 110° haben die Übungen gemacht und sind dann noch was bei 3-6 Metern rum geschwommen sehr schön zum Tarien üben.
Danke Klaus für das zeigen einer schönen Tarier Technik.
| Tauchgang Nummer | 43 |
| Tauchplatz | Blausteinsee, Eschweiler |
| Tiefe | 20 Meter |
| Dauer | 30 Minuten |
| Temperatur | 7-21° |
| Sicht | 1-10 Meter |
Mein taucherischer Werdegang.
The worst day diving is better than the best day working:-)
Der Blausteinsee ist ein Badesee der bei der rekultivierung des Braunkohletagebaus "Zukunft" entstanden ist, nähers findet ihr in der Wikipedia.
Zum Tauchen ist der See mit einer Tiefe um die 40 Metern gut geeignet, die Sichtweiten schwanken zwischen 1 und 7 in den oberen Regionen und bis zu 20 Meter im tieferen Bereich. Die Sicht ist stark abhängig von der Anzahl der Taucher und der Algenschicht im Breich bis 6 Meter.
Die Wassertemperatur ist mässig bis kalt (4-6°) in den tieferen Regionen des Sees, werden im Sommer nicht überschritten. Im Flachwasser kann die Temperatur bis 21° betragen.
Daher ist ein guter Kälterschutz und Kaltwassertaugliche Ausrüstung empfehlenswert, die Lampe sollte auch nicht zu Hause bleiben.
Im Wasser gibt es eine Menge von Attraktionen, z.B. zwei LKW Kabinen, diverse Platformen.
Die Tauchbasis am Blausteinsee.
Nach dem Tauchgang.
Der Einstieg.
Nebenan der Segelklub.
Der Weg zum Einstieg.
Die Seebühne neben an, soll woll sowas wie einen Bagger darstellen.
Und noch mehr von der Bühne.
Größere Karte anzeigen
Karte und weitere Beschreibung folgen.