Recent content by davarg

I am able to reproduce my problem. I think it may be a bug or I'm not understandig the commands correctly. Here is the scenario or configuration that cause the problem (see last note as well): aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol...

If you don't mind, could you check the 515. I also opened a case with cisco, but havent had any response. So I'm still not sure if its my config or if its the ios and hardware. I am curious what you're results are. thanks

Thanks for checking that out. After you mentioned the Pix501, I had forgotten that we have some pix501 as well. I ran the command with a one minute time-out, and it works on the Pix501 (ver. 6.3(1)). But the command still does not work on the pix515 (console timeout 1). I'm going to report...

thanks for responding. I am looking for the Console Connection Inactivity Timeout function. With the serial cable console, I've been in enable/config mode for more 3 months without the device logging out. In the previous versions, I knew there was no console timeout so as good practice I...

Has anyone used the new command console timeout <number> in the ios version 6.3(3). I'm currently using the command in our pix515 and noticed that the console connection does not close out. I have configured console timeout 5 ... so I'm assuming that in 5 minutes the connection...

Actually I think I found part of my answer. I may not have enough memory to store certificate locally. I guess need to verify my flash size? But there is no mention of minimum size to deal with certificates...

Does anyone know how to store\save a Certificate to a Cisco router? I can retrieve the certificate with no problems and also use the certicate to connect my vpn tunnels. What I recently noticed is that after a reboot, the CA's certificate and information remains in the router config but...

I don't know anything about port scanning, but do you have a device on the inside listening on port 25 (with a static entry on the pix). I've had to do something similar with a webserver port 80, and I did the above (my last post). Ofcourse, I could never get to my webserver unless I had a...

I have a suggestion, try running your test locally as I did. What I'm getting at is, filter out the cable modem. If your small test works, then start investigating the cable modem. I hope I'm not making you run in circles, but its like you said, everything is the same except you're now using...

I ran your config from the first post on my pix501(IOS6.2.2) with vpnclient 3.6.3b and it worked fine. Ofcourse I had to make accomodations on the ip addresses to reflect my network scheme. Which leads me to two questions, One, did you run the commands as azstyx mentioned clear cryp isa sa...

Did you copy and paste your config onto the secondary pix515. Sometimes when I copy and paste, I grab the encrypted passwords for my preshared key, i.e. when i copy from a good pix after issuing a wr term i'll get something like isakmp key ********* address 1.2.3.4 netmask 255.255.255.255 or...

Sorry about the previous post. I blew right past your access-group statement. Let me offer a different solution. if your mail server is on your inside network, try using static statements for access from the outside. I.e. if your mail server on inside is 192.168.0.122 port 25 try something...

that's interesting ... is the linksys a switch ... forget that! Going back to your problem, do you have any info on your show cryp ipsec sa .... Make sure that the local address, local ident, remote ident, and current peer addresses are correct. Meaning the local address is your pix outside...

I'm guessing the network that doesn't work is the internet---router---linksys---pix----/. I found in the past that I can't get vpns to work with NATted addresses. So I'm inferring that your router or the linksys is giving out local addresses (or some NATted address). As a test, to prove...

just a suggestion, if you haven't tried it already ... did u apply the access-list to an interface like below access-group outside_access_in in interface outside then check to see if you get hits on your counter