Recent content by CHOUM

Hello, I have a problem to migrate from IOS 7.2.3 to 7.2.4 or to 7.2.4(33). My LAN is 10.1.0.0/24 My pool for VPN RA is 10.1.104.0/24 In version 7.2.3 all work fine. When i upgrade to 7.2.4, VPNs RA connect, can send traffic to my lan but no traffic goes from my LAN to the VPNs. I add that...

Hello, I just tryed to upgrade from IOS 7.2.3 to 7.2.4. All seem ok. Nomads connect by VPN RA. But i only have traffic from PC to my LAN, ... ASA refuse the answer of the servers to the PC. I just have an IDS alarm. Is somebody resolve this issue? Thanks PIX 501/515 ASA 5510

You can do lot of things with PIX. Can you give us more infos about your topology? I don't know cisco 3000, i work with cisco ASA, reverse split tunnel work great ;) you specify networks or hosts allowed to go out (no through VPN). PIX 501/515 ASA 5510

Hello, Supergrrover is good but just a tip it it don't work: replace: access-list outside-in extended permit icmp any host [External IP] object-group icmp_messages by : access-list outside-in extended permit icmp any host [External NAT IP(s)] object-group icmp_messages My best regards...

Hello, We have same version and it work fine. Just verify you accept agressive mode (i don't know why but cisco VPN client use agressive mode). (i didn't checked all your config but i can be this ;) PIX 501/515 ASA 5510

This problem is knowned, on previous versions of client you need to reinstall windows or restore previous config ... But now try to reinstall it, uncheck statefull firewall option and then unstall it, it would work ;)

mmm maybe you have a NAT command that bypass your static. make a "sh nat" to see this ;)

mmm it will depend of the checkpoint version you have. you can modify you ACLS and NAT like this access-list 115 permit tcp 193.100.100.1 255.255.255.255 172.30.2.0 255.255.255.0 eq 80 and you must have a NAT0 line too ;)

No, Standar ACL to DMZ or outside, for exemple, work fine. But ACLs on my VPNs don't work, if i want them work i must add them to standar ACLs too, and it's not the solution ... VPNs established but nothing pass through :( Did i miss a new parameter? Best regards Michel

Hello, I just migrate to ISO7 and all is ok but not my VPNs. IT's like the ACL on crypto maps are not used ... if a add an ACL on my inside interface with same policy that in the crypto ACL it work ... But it's not the way it must work. Is somebosy have an idea? Best regards Michel

Hehe just for info PIX 515E work perfectly with PC SD-RAM (100 or 133MHz). Ok you lost the warranty but it's 10 time cheaper ;)

Hello, I have a PIX 515 which encrypt network 10.1.0.0/16 (france) to 10.100.0.0/16 (ukrainia). It work fine for 1 year now. But we want to secure it on ua side so we bought a second web connexion there. We'd like to establish 2 VPN between our 2 networks and perform load balancing on them...

for compression it work but you need to install it like this : LAN=>LAN router=>SHAPER=>PIX====PIX<=SHAPER<=LAN ROUTER<=LAN

Hello, I want to know if it is possible to do load balancing on VPN? I precise. I have a central site with 515E and a distant site with 2600 with 4 interfaces like this: PIX--france provider--ukrain provider--eth2cisco2600 | |eth3...

I have this topology it work fine. Install a shaper on your central site. Of course it's better to use one on each side (to shape UDP or make compression). It's a good solution.