firewalls & vpn

you’re doing it wrong

2011-09-07

If you are trying to control what your users can hit on the Internet using firewall rules instead of a web proxy, you’re doing it wrong, so stop.

would you like to know more?

howto://configure pptp vpn support on tmg 2010

2010-07-02

In this post, we’re going to go through setting up our TMG 2010 server to support client PPTP VPN. We’ll go over why PPTP is a good choice for many businesses, the basic network setup involved, and then finally, how to actually configure our TMG server to support PPTP clients. Much of what we will [...]

would you like to know more?

…and then there’s complete paranoia

2010-03-24

  So I’d like to share a word or two about firewalls. More specifically, their configuration and the responses they provide (or don’t) when they encounter traffic that is, shall we say, less than desirable. My goal here is to bring some rationality to the way our maligned little friends act on the wire, simplify [...]

would you like to know more?

howto://troubleshoot microsoft vpn connections part three-tales from the trenches

2010-02-12

    Well if you are still with me after reading part one and part two of this series, thank you for your dedication. I’m glad you found something there to keep you interested. This last part of the series is where I want to share a few things that I have found that just [...]

would you like to know more?

howto://troubleshoot microsoft vpn connections part two-client side issues

2010-02-10

  Welcome to part two in our series on troubleshooting Microsoft VPN connections. In part one of this series, we covered the error codes that point to server side problems. And in part three, we’ll share some tales from the trenches. But here in the creamy middle, we’re going to go over the error codes [...]

would you like to know more?

howto://troubleshoot microsoft vpn connections part one-server side issues

2010-02-08

  And now for something completely different. I love the VPN services offered by the Microsoft platform in general, and by ISA or TMG specifically. SSTP (Microsoft’s SSL VPN) is great!…as long as you have an all Vista or later client base. Until then, IPSec works well as long as you get the NAT issues [...]

would you like to know more?

Trusts Across Firewalls

2008-04-15

Well I had some fun today…virtual support over IM for a perfect stranger. Someone actually hit me up on my Plugoo, and had a couple of questions about setting up trusts across a firewall, so that accounts could be migrated from one domain to another. Here is the transcript, with only his/her alias changed to [...]

would you like to know more?

PIX/ASA logging levels

2007-11-27

PIX/ASA logging supports eight levels. The higher the level, the more information generated, as each level includes the messages from all lower levels. Keyword Level Message emergency 0 System unusable alert 1 Immediate action needed critical 2 Critical condtion error 3 Error condition warning 4 Warning condition notification 5 Normal but significant condition informational 6 [...]

would you like to know more?

Enabling IPSec VPN connections to ISA 2006

2007-08-09

One part of my current job is to manage VPN access to the corporate intranet. This fortunately does NOT involve user access currently, as that is outsourced, but it does involve third party access, and since our outsource solution doesn’t support user password changes, I am in the process of evaluating alternatives. One of the [...]

would you like to know more?

God I hate NAT

2007-07-17

Well, in truth, this is not NAT’s fault per se, but since it was involved, it takes the blame. I am setting up MS ISA 2006 to serve as a VPN concentrator…I’ll post more specifics on this soon. Suffice it to say that I spent a couple of hours getting everything set, to include having [...]

would you like to know more?

Establishing a trust across a firewall

2007-07-10

Hi there. Today, lets discuss setting up a trust between two domains when they are separated by a firewall. There are several KB articles about this, but none of them (in my opinion) give quite enough detail about how to set this up. I will try to do a better job. For purposes of this [...]

would you like to know more?

well known ports

2007-06-07

If you are planning to use one of the protocols on this list, consider it sufficiently “well-known” to indicate you should use the port assigned by IANA. Certain presumptions will be made on firewalls (hardware and client) and IDS systems regarding this traffic. The full list is maintained by the IANA and can be found [...]

would you like to know more?

← Previous Entries