ASA 5500 series dropping TLS packets

I’ve had this nagging problem with our email for quite awhile now, maybe a year or so. I’m more of a desktop/server/software troubleshooter, not so much into the networking stuff. My boss is the network admin. I’ve been getting much more involved in our firewalls and routers as of late. I noticed that TLS hasn’t been working for some reason. I didn’t figure out why until today. It hasn’t been a big issue because we’ve been getting emails anyway, but someone from outside our organization has now sent me two emails in the last month and a half with bounces he’s received.

Diagnostic-Code: smtp; 510 Did not receive the expected protocol response.

It’s sporadic though, he didn’t always have this problem. I was determined to figure it out today. There are people out there who don’t really care if something is working well, as long as it’s working – I’m not one of those. If I’m responsible for it, it’s going to function properly.

We have a firewall in front of our email gateway, an ASA to be exact. I have spent all day working on this, bouncing between our email gateway and the firewall trying to determine where the problem is. I noticed that email from our email server to the gateway was encrypted and from the gateway to the email server was as well. But anything coming to the gateway from the outside and anything going out from the gateway was not. So, ding ding ding, it has to be firewall.

I’m getting more comfortable working with the firewall, but it always makes me anxious because I’m afraid to break something. Essentially what was happening was that the ESMTP inspection was dropping the TLS packets since it couldn’t actually inspect them. Which would be why their server wasn’t receiving the expected response. It’s annoying though, that I didn’t see any indication of packets being dropped in the logs. Maybe I wasn’t looking in the right place. It makes me wonder who else has been having this problem and just not reaching out to us to let us know. I used the GUI for this, but there are commands to run it as well that you can see here at Experts Exchange.

For the GUI: In ASDM go to configuration -> firewall -> service policy rules -> under Global; global_policy, right click on inspection_default and edit -> go to the Rule Actions tab -> uncheck ESMTP.

As soon as I did that and hit apply I went back to my gateway and saw everything being sent/received in TLS now. Mission accomplished.

Source:

• Experts-Exchange

ATI HDMI – gap around the edges

I just bought a new graphics card, ATI Radeon HD 5770, and had a weird problem where what was being displayed was not filling the entire screen.  It left about a one inch gap around the entire monitor.  I’ve never seen that before so I had no idea what settings to even look at to fix this.  I went from connecting using a DVI cable to HDMI (woo!) so I know that had something to do with it.  After googling around a bit I found directions on where to look in the Catalyst Control Center to change the settings, but it isn’t the most intuitive thing in the world so I thought this might be helpful for some people.  I did not find anywhere in the Windows 7 display options to change this kind of setting.  So unless you have Catalyst Control Center installed I’m not sure you’ll be able to adjust it.

What you’re doing is looking for the scaling options and adjusting the overscan percentage.  The smaller the percentage, the more detail you’ll see. This screen shot that I found on wikipedia might help give you an idea of what that actually means.  Screen captures always make things easier to understand, so here are the steps in screen shots.

1. 
2. I don’t know if it’s just me, but I found this to be the confusing part.  It says to click on the triangle on the desktop below that you want to configure but that doesn’t exactly work correctly.  You have to click on the triangle on the tiny display at the bottom, not the bigger one – you don’t get the same options.



3. 

Linksys router blinking power light of death

I’ve been having some odd problems with the router at home recently. I woke up yesterday morning and noticed that neither of my computers could get online. The thing that’s odd about this is that we also have a computer downstairs that has been able to get online while the others haven’t. There haven’t been any changes to the router that I’m aware of. I went through power cycling the router and modem, leaving it alone for a while, and going back through power cycling. But it didn’t work. So I finally decided to check the firmware version to see if there was an upgrade on the Linksys website.

I downloaded the newest firmware package, went into the router setup page and attempted to flash it. I got the “your settings have been successful” page then had to wait for the router to reboot. When it came back up one thing had changed, but not in a good way. I could no longer get to the router’s setup page. I went out to the garage and climbed a ladder up to where we have our modem and router, lugging my laptop up there with me so I could easily bounce between the modem and router. That is when I noticed the blinking power light of death. I had never seen this on a router before so I didn’t know what it meant. But after digging around online I discovered that it meant the firmware was corrupted, which would explain why I couldn’t get to the router’s setup page anymore. I have no idea what happened because I did get the page that said it was successful – a bad download maybe.

I’m sure I spent at least an hour on the ladder in the freezing cold garage figuring this out, but I did finally find a solution that worked for me here in this forum.

Problem: Blinking power light on Linksys router and unable to access setup page.

Solution: What you need to do is statically define your computer’s IP address in order to communicate with the router and flash it with the latest firmware. You will need a little file transfer program, which you can get from Linksys here and also the latest firmware package for your model of router. Plug straight into your modem to download those. I unplugged everything from the router so that the only thing plugged in was my laptop, that probably isn’t necessary though.

1. Go to your control panel and select network connections… or go to network and sharing center, then click on where it says change adapter settings in the left panel.
2. Under LAN or high-speed internet, you will see local area connection. right-click on it then select properties
3. Under local area connection properties, look for internet protocol TCP/IPv4, highlight it and click properties.
4. Once in the internet protocol TCP/IP properties, set it to use the following IP address and settings:
   • IP address: 192.168.1.5 (it must be same range of your default gateway: 192.168.x.x)
   • Subnet Mask: 255.255.255.0
   • Default Gateway: 192.168.1.1 (that is the default one. if not then enter the IP address of your router, to check it, open command prompt, then type in “ipconfig” [no quotes] the default gateway is equivalent to router’s IP address)
   • Also put in 192.168.1.1 as the DNS server.
5. Click ok and click the close button on the local area connection properties window.
6. Now unplug the router and let it sit for a few seconds, plug it back in. I had to do this before I was able to ping the router.
7. Open your start menu and go to run, then type cmd. For windows 7 or Vista, just type cmd in the search bar.
8. Once the black box pops up type in ping 192.168.1.1. We need to make sure your computer can communicate with the router before attempting to flash it again. If it returns 4 responses then you’re good to go, if not then check your settings again and power cycle the router one more time.
9. Now you need to open the program you downloaded earlier, tftp.exe.
10. In the server section you want to type the router’s IP address, which is the 192.168.1.1 and the password for it. The default password for Linksys is admin, but if that doesn’t work you can try the password you set for it if you changed it.
11. Now click the button next to file and find the firmware update you downloaded. Then click upgrade and it should flash the router. It was pretty quick for me.

I had to power cycle my modem and router one more time after this to get everything online again, luckily it saved me another 40 bucks by not having to buy a new router. I would guess that you could probably use tftp.exe with other router brands as well, you just need to download the correct firmware for whatever you have and know the default settings for it since those may be different.