Recent content by 8dstaicu

The messages that you talk about are Dead Peer Detection. As you can see, the dpd that you have received have bigger sn then the one that pix requested. So, it is a ugly problem with the clients. I would suggest a newer version of vpn client software. It looks like a bug. Or a conflict with...

In 2000 I did upgrade from 5.1 to 5.2 to 5.3 and in 2001 to 6.0 then 6.1 and now I wait for 6.2. You need a new license only when upgrade from 4.x to 5.x or 6.x. And this license is free.

Create /var/log/firewall.log with write permission for the user that run syslogd daemon. Then restart the syslogd with kill -1 "pid of syslogd". Anyway I don't advise you to make debug logging without filtering bogus messages - and there's a lot of unneeded messages. Under normal...

You missed something: 1. "logging trap debugging" on Pix. With this command you instruct Pix to send syslog messages. 2. Restart syslog daemon on linux with kill -1 "pid of the syslog daemon".

static [(internal_if_name, external_if_name)] {tcp|udp} {<global_ip>|interface} <global_port> <local_ip> <local_port> [netmask <mask>] [<max_conns> [<emb_limit>]] Works good only in Pix 6. Put a non 0 (zero) value to the <max_conns> and...

I understand your opinion. I tought too. But with [009\001] cisco-av-pair you can push diferent access-lists for every user group. Of course: you can push diferent dns, wins, domains for every user group. So every user group will have different access rights. PDM looks good, but I think it's...

I have 200+ clients connecting to internal network using VPN with Pix 515. Pix it's version 6.0.1. I deploy VPN Client 3. I also use xauth with Cisco Secure ACS 2.6. I have 3 king of clients with different access rights. I made a distinction between my clients based on username and password...

Do you configure your DNS server from named.boot file? Send me this file to gabi@bvb.ro to aloow me find the mistake from this file.

alias (inside) internal_server_ip_address external_ip_address 255.255.255.255 This will rewrite a DNS A record. You have a server with a ip address. This server reside on inside network. And this server has a static command that map real internal ip address into a internet address. When you...

Look a the &quot;alias&quot; command. This it's your problem.

Usually you’ll get this message when a packet has as destination address a PAT address cre-ated with global command. In this case you can ignore it. I get this message when the mail server that it’s in DMZ send an ident packet to a machine that access it through the PAT address. The explana-tion...

Pix 515 or higher have Intel card. If look closer you'll see an Pentium 200 processor. In Pix 535 they put a PII/500. RAM memory it's from PC world too. It will be more then possible to work another net adapter. But, you know, if you'll have any problem they will through you away. And you'll...

It will not work. Never. Pix doesn't route a packet to the interface that came for. In this case. ICMP echo-request came from inside interface and go to destination dmz interface. This one change the bit to echo-reply. But cannot send the pachet back to inside interface because the pachet came...

I made this today using Pix 6 with Cisco VPN Client version 3. With Cisco Secure VPN Client 5.2 and with 5.x version of Pix you cannot browse Windows Network. I actually extend a Windows NT domain over a IPSEC Tunnel. And it works ok. Without a domain you will see computers in Network...

It's this possible? I need for my laptop to change the hardware profile and get another address