Tricky NAT and VPN

So we have a client that we are looking to do some inbound telemarketing for and everything seems to be going good. Everyone on our team is getting along with everyone on the client’s team and we all understand what needs done.

The first thing that needs completed is a L2L VPN between our ASA and the client’s PIX. Here are the requirements:

1) Private IPs are not allowed to traverse the VPN
2) Need a PAT for users connecting to the clients Terminal Server (initiated from users)
3) Need a Static NAT for connections between AES of Avaya and client’s Verint server (connection is bidirectional, so can be initiated by either side)
4) Need a Static NAT for connections between CLAN of Avaya and client’s Verint system (connection is bidirectional, so can initiated by either side)
Continue reading

Barracuda Web Application Firewall

Recently, we purchased a Barracuda Web Application Firewall (WAF) 460 to parse user input for a couple of our critical web-applications. Namely, those that need to touch our Credit Card environment. Now just for clarification purposes, I am NOT a web application administer in the least bit. Yes, I can write scripts in PHP with MySQL in the back-end. Nonetheless, I was tasked with setting up this appliance.

So I get the device, push a trunk to my desktop switch, and start digging into the device. Basically, out-of-the-box the WAF will work and will stop users from issuing SQL Injections, Cross Site Scripting (XSS), Data Mining (CC / SSN Numbers), Cookie Poisoning, etc. Yet, this may not be what is needed in your environment.
Continue reading