Educause Security Discussion mailing list archives

Re: Pix install

From: John <jgarner () SFASU EDU>
Date: Thu, 10 Mar 2005 10:33:08 -0600

George,



Thank you very much for responding to my request for assistance. Do you mean
acls on the Pix or all on routers between student taking the test and the
Pix? Currently the only acls on the Pix are blocking ports 135-139 and
1433.. Next step will be to tighten the Pix down. Any other ideas are much
appreciated.



Cheers,

John



  _____

From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of George Russ
Sent: Thursday, March 10, 2005 10:02 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Pix install



John,



Try removing your access list on the relevant interfaces one at a time while
testing Accuplace.

When it succeeds you will have at least found the list responsible.  The
rest is process of elimination.



Check your "fixup protocol" settings as Accuplace may not agree with some.
I am not familiar with the product so I cannot say for sure.





---------------------------------------------------------------

George Russ                       Network Support Services

The Citadel                       Charleston SC 29409

--------------------------------------------------------------



  _____

From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John
Sent: Thursday, March 10, 2005 10:22 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Pix install



Greetings All,



We have recently installed a new Pix 525 on a network edge. We are having
issues with some connections dropping. In particular Accuplace web tests
seem to be dropping off. The Pix Devcie manager is logging a traffic drop
for inbound and outbound traffic on both the inside and outside interfaces
about every four minutes. I am unsure if these events are correlated or not
and am roubleshooting.



Should anyone have a clue as to where to look I am very appreciative.



I am poking at Pix, routers and DNS issues and am opening a case with Crisco
TAC.



Cheers,

John Garner

jgarner () sfasu edu

********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/groups/. ********** Participation and subscription
information for this EDUCAUSE Discussion Group discussion list can be found
at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Pix install John (Mar 10)
- <Possible follow-ups>
- Re: Pix install George Russ (Mar 10)
- Re: Pix install Aaron Childs (Mar 10)
- Re: Pix install John (Mar 10)
- Re: Pix install Arturo Servin (Mar 10)
- Re: Pix install George Russ (Mar 10)
- Re: Pix install James M. Driskell (Mar 10)
- Re: Pix install Eric Pancer (Mar 10)