Cisco PIX - Clearing SAs

Link naar Cisco site

Certain configuration changes will only take effect when negotiating subsequent security associations. If you want the new settings to take immediate effect, clear the existing security associations so that they will be re-established with the changed configuration. For manually established security associations, clear and reinitialize the security associations or the changes will never take effect. If the PIX Firewall is actively processing IPSec traffic, it is desirable to clear only the portion of the security association database that would be affected by the configuration changes (that is, clear only the security associations established by a given crypto map set). Clearing the full security association database should be reserved for large-scale changes, or when the PIX Firewall is processing a small number of other IPSec traffic.

Reacties

Een reactie posten

Populaire posts van deze blog

Lessons Learned - Cisco ASA 5505 and TCP request discarded

Hi there, Last week, we set up a Cisco ASA 5505 firewall in one of our customers' LAN. It should replace the ISA 2000 firewall over there, because we need to create a site-to-site tunnel to a PIX 515E on a remote location. All went fine with this ASA 5505, except that it would not pass any traffic from the internet to the LAN. From the inside out, all was OK. From the outside in, nothing would pass the firewall. The relevant config lines were as follows: static (inside,outside) tcp w.x.y.z 25 10.10.10.10 25 netmask 255.255.255.255 access-list outside01 permit tcp any host w.x.y.z eq 25 access-group outside01 in interface outside So, here we redirect all SMTP traffic on public interface with IP w.x.y.z to private host 10.10.10.10. Nothing much would happen. Internally, the SMTP host was listening, of course. From outside, the interface with IP w.x.y.z was pingable, of course. From the outside, configuring the ASA with SSH or HTTPS went fine. (So, traffic TO the
Meer lezen

Change the default telnet client

Enable handling of telnet://hostname:port/ URLs on the command line. With this feature, you can now set PuTTY as the default handler for Telnet URLs. If you run the Registry Editor and set the value in HKEY_CLASSES_ROOT\telnet\shell\open\command to be "\path\to\putty.exe %1" (with the full pathname of your PuTTY executable), you should find that clicking on telnet links in your web browser now runs PuTTY.
Meer lezen

Printing to LPD Printer Is Slow or Fails with Windows

Experienced a nasty printing problem, which was caused by a number of ingredients that together will make it very odd that someone else will ever experience this problem, but anyway: here's the story... At a customer's site, we implemented new industrial labelprinters (Zebra's, very fine machines). Per label printing went fine to these printers, but printing a higher number of labels (> 10) showed a strange phenomenon: a number of labels printed fine, the system waited for a couple of minutes, then some labels again, then some minutes waiting again and so on... Very strange, but more important: very irritating! Other relevant infrastructure components: SAP R3 on Windows 2000 Server, printing to LPR-printers on the 2000-box, which in turn delivers the label on a print server (running Teklynx Sentinel S4 Print Pack for adding barcode functionality etc.). On this print server, the label processing is carried out and at last the label is delivered to the labelprinter. Quite
Meer lezen