Using Cisco Access Control List to block a subnet

Question: I have the following ClassB network 172.31.0.0/16 that I’m trying to create an access list for. I’d like to allow 172.31.240.0/24 but deny all else, so I’m looking the best way to accomplish this with 2 acl lines. Answer: The best way to accomplish the above is to explicitly allow the subnet you want and then […]




Read the full article...

FTP Disconnects Through Cisco ASA Firewall. MSS Exceeded Problem.

Each TCP device on a network has an associated ‘ceiling’ on TCP Data Size, called the MSS (Maximum Segment Size). The TCP MSS is negotiated between two communicating devices via the TCP SYN and SYN-ACK packets. After this negotiation, each TCP device must comply with the advertised MSS of the peer device, and should not […]




Read the full article...

Troubleshooting IPSEC VPN

This post discusses the most basic steps needed to troubleshoot a LAN-to-LAN IPSEC tunnel between Cisco Routers. A Cisco Router with the proper IOS version can make an excellent IPSEC VPN termination device, and can be used to securely connect two distant LANs over an untrusted network, such as the Internet. In our example below, we […]




Read the full article...