Solved

Filtering SIP traffic?

Posted on 2014-02-24
9
693 Views
Last Modified: 2014-03-18
Our phone system has been hacked recently and since then we have been instructed by our telephony co to lock down the devices.

Here is whats required:

Here are more details of what traffic/ports/ips that need to be filtered:

•      SIP Application Layer Gateway or Fixups feature disabled
•      A NAT without port modification (i.e. use the original port without PAT/layer 3 NAT only) on all traffic from the 172.16.10.35 (Ingate SIParator) going out towards exermanl ip 1 / external ip 2. Perform NAT from 172.16.10.35 to <public address>
•      A NAT without port modification (i.e. use the original port without PAT/layer 3 NAT only) on all traffic arriving at the firewall from external ip 1 / external ip 2. Forward traffic to 172.16.10.35. Perform NAT from <public address> to 172.16.10.35
•      Firewall rules to only accept traffic from the source ip address on the ports listed below. Inbound port forwards for packets arriving at <public address> to be sent towards 172.16.10.35
•          Source -> Destination
    external ip 1 (Gamma signalling)   5060/UDP             --- forward to ----> 172.16.10.35 5060/UDP
    external ip 2 (Gamma media)  6000 - 40000/UDP --- forward to ----> 172.16.10.35 6000 - 40,000/UDP (i.e. whole range one to one port mapping/no translation)
 
This is to prevent one-way audio caused by the non-layer 5 aware/disabled device
•      Firewall rules to allow 172.16.10.35 to talk to DNS servers
•      Firewall rules to allow 172.16.10.35 to talk to NTP servers
•      Expedited forwarding/priority queue QoS on egress towards the Internet (for the 30 trunks we require a minimuim priority bandwidth of 2856 kbps)
•      Expedited forwarding/priority queue QoS on egress from the firewall towards 172.16.10.35

The phone system is a shoretel over SIP and we have an Ingate between our firewall and Shoretel.

Does anyone know if these options/filters/port changes can be applied to a Cisco ASA 5505 firewall or our HP 2910al POE L3 Switch?

Thanks]
0
Comment
Question by:CHI-LTD
  • 4
  • 2
9 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 39882604
Can you provide your current configuration on the 5505?  And the software version?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39883076
software version is 8.4

config:
ASA Version 8.4(2)
!
hostname Domain-Site
enable password encrypted
passwd encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
 switchport access vlan 20
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 description To LAN
 nameif inside
 security-level 100
 ip address 172.19.10.15 255.255.0.0
!
interface Vlan2
 description To Internet
 nameif outside
 security-level 0
 ip address wan ip 255.255.255.248
!
interface Vlan20
 nameif Voice
 security-level 100
 no ip address
!
banner login
banner login This system is private property.
banner login Unauthorised users are prohibited and must disconnect now.
banner login All actions are logged.
banner login
boot system disk0:/asa842-k8.bin
no ftp mode passive
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup inside
dns domain-lookup outside
dns domain-lookup Voice
dns server-group DefaultDNS
 name-server 172.29.10.17
 name-server 172.29.10.18
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network inside-network
 subnet 172.19.0.0 255.255.0.0
 description Inside network
object network 10.255.254.0_25
 subnet 10.255.254.0 255.255.255.128
 description DR Site Roam VPN
object network 10.255.255.0_25
 subnet 10.255.255.0 255.255.255.128
 description Live Site Roam VPN
object network 192.168.3.0_24
 subnet 192.168.3.0 255.255.255.0
 description Remote Site LAN
object network 172.19.10.21_pop3
 host 172.19.10.21
object network obj-vpn-Remote Site
 subnet 192.168.3.0 255.255.255.0
subnet wan ip 255.255.255.0
object network 172.19.10.17_ldap
 host 172.19.10.17
object network 172.19.10.21_http
 host 172.19.10.21
object network 172.19.10.21_https
 host 172.19.10.21
object network INGATE
 host 172.16.10.35
object network a-external_ip
 host external_ip
object network a-172.16.10.35
 host 172.16.10.35
object network VLAN20
 subnet 172.16.0.0 255.255.0.0
object-group service DM_INLINE_TCP_1 tcp
 port-object eq ldap
 port-object eq pop3
 port-object eq smtp
object-group network DM_INLINE_NETWORK_1
 network-object object 10.255.254.0_25
 network-object object 10.255.255.0_25
 network-object object 192.168.2.0_24
 network-object object 192.168.3.0_24
object-group service DM_INLINE_SERVICE_1
 service-object tcp destination range 8194 8198
 service-object udp destination range 48129 48137
 service-object tcp destination range 8209 8294
object-group service DM_INLINE_TCP_2 tcp
 port-object range 2300 2400
 port-object eq 6969
object-group service DM_INLINE_SERVICE_2
 service-object tcp-udp destination eq domain
 service-object tcp destination eq 3101
 service-object tcp destination eq 4103
 service-object tcp destination eq 4105
 service-object tcp destination eq ftp
 service-object tcp destination eq www
 service-object tcp destination eq https
 service-object tcp destination range 49100 49200
object-group service DM_INLINE_TCP_3 tcp
 port-object range 1130 1132
 port-object eq 4800
 port-object eq 50110
 port-object range 50112 50115
 port-object range 50140 50142
 port-object range 50802 50803
 port-object range 50806 50808
object-group service DM_INLINE_TCP_4 tcp
 port-object eq ldap
 port-object eq pop3
 port-object eq smtp
object-group network DM_INLINE_NETWORK_3
 network-object 10.255.255.0 255.255.255.0
 network-object object inside-network
object-group network DM_INLINE_NETWORK_5
 network-object host external_ip4
 group-object Mimecast
object-group network DM_INLINE_NETWORK_7
 network-object object inside-network
 network-object 10.255.254.0 255.255.255.0
object-group network DM_INLINE_NETWORK_4
 network-object 10.255.254.0 255.255.255.0
 network-object object 192.168.2.0_24
object-group network DM_INLINE_NETWORK_8
 network-object object 10.255.254.0_25
 network-object object inside-network
 network-object 172.16.0.0 255.255.0.0
object-group network DM_INLINE_NETWORK_9
 network-object 192.168.100.0 255.255.255.0
 network-object 192.168.3.0 255.255.255.0
object-group network DM_INLINE_NETWORK_10
 network-object 172.16.0.0 255.255.0.0
 network-object 172.19.0.0 255.255.0.0
access-list inbound extended permit icmp any object inside-network echo-reply
access-list inbound extended permit icmp any object inside-network time-exceeded
access-list inbound extended permit icmp any object inside-network unreachable
access-list inbound extended permit icmp any object inside-network traceroute
access-list inbound extended permit icmp any object inside-network source-quench
access-list inbound extended permit tcp object-group DM_INLINE_NETWORK_5 host 172.19.10.21 object-group DM_INLINE_TCP_1
access-list inbound extended permit tcp object-group DM_INLINE_NETWORK_5 host 172.19.10.4 object-group DM_INLINE_TCP_1 inactive
access-list inbound extended permit tcp object-group DM_INLINE_NETWORK_5 host 172.19.10.17 object-group DM_INLINE_TCP_1
access-list inbound extended permit tcp any object 172.19.10.21_http eq www
access-list inbound extended permit tcp any object 172.19.10.21_https eq https
access-list inbound extended permit ip any any
access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_10 object-group DM_INLINE_NETWORK_1
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 172.19.0.0 255.255.0.0 object-group 
access-list inside_access_in extended permit tcp 172.19.0.0 255.255.0.0 host external ip object-group DM_INLINE_TCP_2
access-list inside_access_in extended permit tcp 172.19.0.0 255.255.0.0 object-group Proquote object-group DM_INLINE_TCP_3
access-list inside_access_in extended permit tcp 172.19.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_2 eq 8080
access-list inside_access_in extended permit tcp 172.19.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_6 eq 8090
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_2 172.19.0.0 255.255.0.0 any
access-list inside_access_in extended permit tcp 172.19.0.0 255.255.0.0 host external ip 2 eq ssh
access-list inside_access_in extended permit tcp host 172.19.10.17 object-access-list inside_access_in extended permit tcp host 172.19.10.4 object-access-list inside_access_in extended permit ip host 172.19.10.21 any
access-list inside_access_in extended permit tcp host 172.19.10.7 any eq 3101
access-list inside_access_in extended permit icmp 172.19.0.0 255.255.0.0 any
access-list inside_access_in extended permit ip any object-group obj-CiscoCloud
access-list inside_access_in extended permit tcp 172.19.0.0 255.255.0.0 host external ip 3 eq 5677
access-list inside_access_in extended permit ip host 172.19.10.17 any
access-list inside_access_in extended permit tcp host 172.19.10.21 object-group Mimecast object-group DM_INLINE_TCP_4
access-list inside_access_in extended permit tcp host 172.19.10.28 any eq 3101
access-list inside_access_in extended permit ip any any
access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_3 object-group DM_INLINE_NETWORK_4
access-list vpn-roam-split standard permit 172.19.0.0 255.255.0.0
access-list vpn-roam-split standard permit 192.168.3.0 255.255.255.0
access-list vpn-roam-split standard permit 192.168.2.0 255.255.255.0
access-list vpn-roam-split standard permit 172.16.0.0 255.255.0.0
access-list acl-vpn-Remote Site extended permit ip object inside-network object obj-vpn-Remote Site
access-list acl-vpn-Remote Site-dummy extended permit ip object-group DM_INLINE_NETWORK_7 object obj-vpn-Remote Site
access-list outside_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_8 object-group DM_INLINE_NETWORK_9
access-list outside_access_in extended permit ip any host 172.16.10.35
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
pager lines 24
logging enable
logging timestamp
logging buffer-size 16000
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu Voice 1500
ip local pool vpnpool 10.255.255.1-10.255.255.127 mask 255.255.255.128
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit 172.19.0.0 255.255.0.0 inside
icmp permit any inside
icmp permit external ip 4 255.255.255.192 outside
icmp permit host ext_ipoutside
icmp permit external ip 4 255.255.255.192 outside
icmp permit any outside
no asdm history enable
arp timeout 14400
nat (inside,any) source static inside-network inside-network destination static 192.168.2.0_24 192.168.2.0_24
nat (any,any) source static 10.255.255.0_25 10.255.255.0_25 destination static 192.168.2.0_24 192.168.2.0_24
nat (inside,any) source static inside-network inside-network destination static 10.255.255.0_25 10.255.255.0_25
nat (inside,outside) source static inside-network inside-network destination static obj-vpn-Remote Site obj-vpn-Remote Site
nat (inside,any) source static inside-network inside-network destination static 10.255.254.0_25 10.255.254.0_25
nat (inside,outside) source static a-172.16.10.35 a- external ip 4
nat (inside,outside) source static DM_INLINE_NETWORK_8 DM_INLINE_NETWORK_8 destination static DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_9 no-proxy-arp route-lookup
nat (any,inside) source static 10.255.255.0_25 10.255.255.0_25 destination static VLAN20 VLAN20
!
object network 172.19.10.21_pop3
 nat (inside,outside) static interface service tcp pop3 pop3
object network 172.19.10.21_smtp
 nat (inside,outside) static interface service tcp smtp smtp
object network 172.19.10.17_ldap
 nat (inside,outside) static interface service tcp ldap ldap
object network 172.19.10.21_http
 nat (inside,outside) static interface service tcp www www
object network 172.19.10.21_https
 nat (inside,outside) static interface service tcp https https
!
nat (any,outside) after-auto source dynamic any interface
access-group inside_access_in in interface inside
access-group inbound in interface outside
route outside 0.0.0.0 0.0.0.0 external ip 1
route inside 172.16.0.0 255.255.0.0 172.19.4.5 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server DR Site-AAA protocol radius
 interim-accounting-update
aaa-server DR Site-AAA (inside) host 192.168.2.21
 key 
 radius-common-pw 
aaa-server Site-AAA protocol radius
 interim-accounting-update
aaa-server Site-AAA (inside) host 172.19.10.21
 key V?
 radius-common-pw V?
 no mschapv2-capable
user-identity default-domain LOCAL
eou allow none
aaa authentication ssh console LOCAL
http server enable 8443
http 172.19.0.0 255.255.0.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
sysopt noproxyarp inside
crypto ipsec ikev1 transform-set 
crypto ipsec ikev1 transform-set 
crypto ipsec ikev1 transform-set 
crypto ipsec ikev1 transform-set 
crypto ipsec ikev1 transform-set 
crypto ipsec ikev1 transform-set 
crypto ipsec ikev1 transform-set 
crypto ipsec ikev1 transform-set 
crypto ipsec ikev1 transform-set 
crypto ipsec ikev1 transform-set 
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set 
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer external ip
crypto map outside_map 1 set ikev1 transform-set 
crypto map outside_map 2 match address outside_cryptomap_1
crypto map outside_map 2 set peer external ip
crypto map outside_map 2 set ikev1 transform-set 
crypto map outside_map 10 match address acl-vpn-Remote Site-dummy
crypto map outside_map 10 set pfs
crypto map outside_map 10 set peer external ip
crypto map outside_map 10 set ikev1 transform-set crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 10
 authentication crack
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 15
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 20
 authentication rsa-sig
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 40
 authentication crack
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 50
 authentication rsa-sig
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 60
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 70
 authentication crack
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 80
 authentication rsa-sig
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 90
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 100
 authentication crack
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 110
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 120
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh 172.19.0.0 255.255.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
management-access inside
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
vpn-addr-assign local reuse-delay 5

dhcpd option 156 ascii ftpservers=172.16.10.30,layer2tagging=1,vlanid=20
!
dhcpd dns 8.8.8.8 interface Voice
!
!
tls-proxy maximum-session 12
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 194.105.167.1
ntp server 194.105.166.1
webvpn
 port 444
 enable inside
 anyconnect enable
 tunnel-group-list enable
group-policy DfltGrpPolicy attributes
 wins-server value 192.168.2.17 192.168.2.18
 dns-server value 192.168.2.17 192.168.2.18
 vpn-tunnel-protocol ikev1 ssl-clientless
group-policy GroupPolicy_external ip internal
group-policy GroupPolicy_ external ip attributes
 vpn-tunnel-protocol ikev1
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
 vpn-tunnel-protocol ikev1
group-policy GroupPolicy_ external ip internal
group-policy GroupPolicy_ external ip attributes
 vpn-tunnel-protocol ikev1
group-policy VPN-DR Site internal
group-policy VPN-DR Site attributes
 wins-server value 172.19.10.17 172.19.10.18
 dns-server value 172.19.10.17 172.19.10.18
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
 default-domain value abz0.ifb.net
group-policy roam-vpn internal
group-policy roam-vpn attributes
 wins-server value 172.19.10.17 172.19.10.18
 dns-server value 172.19.10.17 172.19.10.18
 vpn-tunnel-protocol ikev1 ikev2 ssl-client ssl-clientless
 pfs enable
 ipsec-udp enable
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value vpn-roam-split
 default-domain value Domain.local
 split-dns none
 webvpn
  url-list none
username CommsAdmin password encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
 address-pool vpnpool
 authentication-server-group Site-AAA
 default-group-policy roam-vpn
tunnel-group DefaultRAGroup ipsec-attributes
 ikev1 pre-shared-key V?
tunnel-group DefaultWEBVPNGroup general-attributes
 address-pool vpnpool
 authentication-server-group Site-AAA
 default-group-policy roam-vpn
tunnel-group 62.73.138.180 type ipsec-l2l
tunnel-group 62.73.138.180 general-attributes
 default-group-policy VPN-DR Site
tunnel-group 62.73.138.180 ipsec-attributes
 ikev1 pre-shared-key uJxihQRz
tunnel-group roam-vpn type remote-access
tunnel-group roam-vpn general-attributes
 address-pool vpnpool
 authentication-server-group Site-AAA
 default-group-policy roam-vpn
tunnel-group roam-vpn ipsec-attributes
 ikev1 pre-shared-key V?QcNCKJ
tunnel-group external ip type ipsec-l2l
tunnel-group external ip ipsec-attributes
 ikev1 pre-shared-key GsJVIYiubSOAcyYq
tunnel-group external ip type ipsec-l2l
tunnel-group external ip general-attributes
 default-group-policy GroupPolicy_external ip
tunnel-group external ip ipsec-attributes
 ikev1 pre-shared-key managed1
tunnel-group external ip type ipsec-l2l
tunnel-group external ip general-attributes
 default-group-policy GroupPolicy_external ip
tunnel-group external ip ipsec-attributes
 ikev1 pre-shared-key managed1
tunnel-group SSL type remote-access
tunnel-group SSL general-attributes
 address-pool vpnpool
 authentication-server-group Site-AAA
 default-group-policy roam-vpn
tunnel-group SSL webvpn-attributes
 group-alias roam-vpn disable
 group-url https:// external ip:444/roam-vpn enable
!
class-map inspection_default
 match default-inspection-traffic
class-map voice
 match port udp range sip 5090
!
!
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:
: end

Open in new window





Rem'ed out the external ips etc..
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 39915984
You have to define how it has been hacked.  SIP if/when possible should travel over a VPN to the provider as to not get hijacked.

Introducing filtering/queuing to a SIP trunk will likely result in jittery conversation.

Does your system allow mobile/remote phones? i.e. one such phone was lost/sold and is now being misused.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:CHI-LTD
ID: 39917137
I believe tandem trunking was enabled on the shoretel which enabled the hackers to make calls out over isdn and sip..
the comms co recommend that we only allow a single IP from the SIP provider inbound access, but my firewall co say its too risky...?
no mobiles...
0
 
LVL 76

Expert Comment

by:arnold
ID: 39917807
If hacking took place IMHO, it is unlikely to be over sip/trunk.  

Check whether shortel has Call data records option.  Configure it and if possible FTP/tftp the results to a server on your LAN.  These records include information of incoming/outgoing calls.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39917823
I can confirm that it did!

Okay, thanks
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 39937405
definitely hacked over sip and idsn.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now