Search This Blog

Thursday, July 26, 2007

Cisco ASA and WebVPN

Cisco released new firmware for ASA - 8.0(2).

WebVPN significantly improved: provides RDP, Citrix, VNC access, AnyConnect - SSL VPN client, better Cisco Security Desktop. If you use WebVPN I suggest you to update ASAP. The admin interface is somewhat different, sometimes confusing. But it gives all you need to get stable WebVPN.

Unfortunately there are some known bugs in this version, as example:
CSCsj00288 CSD - Keystroke Logger check fails when HP Quick Launch app is running

I just discovered new release of CSD -, let's try...

Wednesday, July 25, 2007

Exchange cluster error id 1146

On a Exchange 2003 SP2, W2003SP2, Veritas Software Foundation 4.3 MP2, Scanmail 7.0
we have an error: ClusSvc Warning Failover Mgr 1146 N/A SCHGVAEX001 The cluster resource monitor died unexpectedly, an attempt will be made to restart it.

The cluster gets restarted causing about 3 minutes downtime for users. It repeats few times during a month. The Ms KB does not apply in our case. The problem started after Windows Server 2003 SP2.

MS recommends to run non-MS cluster resources in separate monitors - option option “Run this resource in a separate Resource Monitor” of the cluster admin console. I applied this to Veritas volumes and Scanmail

Let's wait and see what it will bring.

update: problem is gone!!!
update: not really, error is back again. I hope it will not be so often.

Monday, July 16, 2007

How to set ACL in Cisco ASA VPN from IAS

Cisco ASA can work with access lists from IAS Radius. Add to the IAS policy the attribute 'Cisco-AV-Pair' as example:
ip:inacl#1=permit ip host any
ip:inacl#2=permit ip any host
This will limit IP traffic only to/from this host.