Extended Access Problem

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
User avatar
kh_design
Member
Posts: 85
Joined: Wed Feb 06, 2008 2:57 pm
Location: ..
Contact:

HTTPS logon ldscatalog.com

#11

Post by kh_design »

Wishing they will also allow https:// logon at www.ldscatalog.com
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

#12

Post by techgy »

I received a phone call this morning from the GSD (global service desk) advising me that the issue with the ASA 5505 firewalls has been resolved. Part of the problem had been that it was preventing any access to "https" sites.

If they're correct in their statement - and I haven't been by our buildings to check this yet - then access to NFS (New FamilySearch) and LDS Catalog accounts as well as other https sites should now be back up.

Here's hoping.
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

#13

Post by techgy »

Good News! The ASA5505 problem that's been discussed in this thread has been resolved. However, in order to get things going on your end you have to contact the GSD (Global Service Desk) and ask that they update your scripting on the ASA to the "General Access" script. You'll need to get to the 2nd level support to get this access sent to you.

This script is very similar to the Extended Access. It was just renamed so they can keep track of the one that's working :)

I just went through this process in two of our buildings and now NFS (New Family Search) comes up. The LDS Catalog site also seems to be working.

Obviously, if you have problems, contact the GSD and inquire.
russellhltn
Community Administrator
Posts: 31297
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#14

Post by russellhltn »

Techgy wrote:This script is very similar to the Extended Access. It was just renamed so they can keep track of the one that's working :)

Ummmm, except "General Access" is the name of what's used for the PIX for FHCs. If it doesn't follow the same rules as the original "General Access" (and not Extended Access) I predict more confusion.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

#15

Post by techgy »

I've updated two of the three firewalls that we have and both are working fine. The filtering which is coming up still indicates "Extended Access". I haven't the foggiest idea as to what was done at the other end or what the problems were.

When I was on the phone with the GSD, I inquired as to what the differences were between the two filtering schemes and all that I was told was they're similar. Since it appears to be working now, I didn't question fate :rolleyes:

I'm also not familiar with the filtering used in the FHC's, but I do know that they're not as restricted as the Extended Access scheme. The choice of using the General Access scripting was theirs (2nd level), so I assume that's all been approved. Who knows? Maybe that was their way out of the predicament??

It would be nice to have someone from the GSD chime in and help straighten us out on what the issues were.
User avatar
Mikerowaved
Community Moderators
Posts: 4398
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

#16

Post by Mikerowaved »

RussellHltn wrote:Ummmm, except "General Access" is the name of what's used for the PIX for FHCs. If it doesn't follow the same rules as the original "General Access" (and not Extended Access) I predict more confusion.
In my discussions with GSD, they were working on a third access level for the ASA that was supposed to be similar to the PIX. Hopefully it's ready and this is the new "General Access" level that techgy is referring to.
So we can better help you, please edit your Profile to include your general location.
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

#17

Post by techgy »

Sounds reasonable to me. They DID give me the impression that it was a new script file.
If so, I don't know if they're going to be automatically hosing it down to all the ASA's on record or whether you have to call up and request an update.
danpass
Member
Posts: 495
Joined: Wed Jan 24, 2007 5:38 pm
Location: Oregon City, OR
Contact:

#18

Post by danpass »

Techgy wrote:I just went through this process in two of our buildings and now NFS (New Family Search) comes up. The LDS Catalog site also seems to be working.
Hopefully a STS wanting to have this new General Access scripting installed on all the ASA devices in their stake would not need to be physically present at each location in order to have the update performed. If this update is going to be pushed out to all ASA devices that have been set up with Extended Access, then this is a moot point. But if it is only going to be done by request, then I would hope the entire process can be performed by GSD remotely without needing the device to be power cycled.
techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

#19

Post by techgy »

danpass wrote:Hopefully a STS wanting to have this new General Access scripting installed on all the ASA devices in their stake would not need to be physically present at each location in order to have the update performed. If this update is going to be pushed out to all ASA devices that have been set up with Extended Access, then this is a moot point. But if it is only going to be done by request, then I would hope the entire process can be performed by GSD remotely without needing the device to be power cycled.
I was not present for one of the ASA's that I had updated. All I had to do was provide the IP Address, which I had written down. It also wasn't necessary to power cycle the unit. The other two units were not connected so I had to make a visit to the building, connect them and then make the call for the update.

As to whether or not they're going to push it down to all ASA's of record, I somehow doubt it. If so, I wouldn't have had to call and make the request.

What I would recommend is that if your ASA5505 isn't working as expected that you contact the GSD (global service desk) and make a request for the scripting to be updated.
User avatar
Mikerowaved
Community Moderators
Posts: 4398
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

#20

Post by Mikerowaved »

danpass wrote:Hopefully a STS wanting to have this new General Access scripting installed on all the ASA devices in their stake would not need to be physically present at each location in order to have the update performed.
Eventually someone should be available to test the access after the re-scripting has completed. Being on-site is the easiest way to so this, but it's not required.
danpass wrote:If this update is going to be pushed out to all ASA devices that have been set up with Extended Access, then this is a moot point.
As far as I know, this third option of "General Access" was developed as a backup for PIX installations, since Cisco is no longer manufacturing the PIX device. The PIX is used mainly in FHC/FHL installations to provide broader access to the Internet for searching names and is generally not needed in regular meeting house installations. I'm fairly certain it will not be automatically pushed out, but is a Stake President's option for those who are having problems being blocked with Extended Access from sites they feel they must have.

I understand they are also working with the Extended Access site list to include sites commonly asked for, so General Access wont need to be installed unless where absolutely needed.
So we can better help you, please edit your Profile to include your general location.
Post Reply

Return to “Meetinghouse Internet”