Recent content by dx1

Yes, you can have pix to pix vpn and pix to vpn clients. See: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800948b8.shtml

I don't see a NAT statement in there. nat 1 0 0

Make sure your NAT statment on the PIX covers their subnet. From the PIX, can you ping a wks on the remote subnet? Make sure you have a route inside statement on the PIX for the remote subnet and point it to 10.1.1.254.

What's the default gateway for the wks? It should be 10.1.1.254. On 10.1.1.254, make sure you have a default route to the PIX (10.1.1.2) and a specific route to the stores or via a routing protocol. On the PIX, make sure you have a route inside for the store subnet and point it to 10.1.1.254...

802.1x is what your looking for. http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00800da6ff.html

Blackberry has a doc here: http://www.blackberry.com/knowledgecenterpublic/livelink.exe?func=ll&objId=279244&objAction=browse&sort=name that recommends the server behind the firewall. The connection is outbound only so I don't think you will need a static entry. We have it behind the firewall...

Depending on how many clients you have, I would much rather change 2 IP address, the PIX and the router and be over with.

If you want to have a DMZ, you will need another interface. She is referring to a PIX-1FE. If you have an old Intel card laying around, you could possibly use it....depending on the chipset. Do so at your own risk. I personally would just buy the card....not that expensive.

Change the inside ip address of the PIX. Make your router's LAN IP 192.168.1.1. On your router, add a defult route and point it to the PIX inside address and a route for the 192.168.11.0 and point it to the far router's serial address. On your PIX, add a route inside for the other subnet and...

Check to make sure all the ports are on the same vlan and they are not shutdown. Is this a brand new switch or is it used? If new, should be able to just plug and go...if it's used, it might have been pre-configured with different vlans. If you can, post the config.

Not familiar with the 3com product but you should be able to bridge them. Make sure to set the encap type on the Cisco side to ppp.

Try this: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml

Here's my acl to allow outgoing icmp: access-list IN permit icmp any any echo-reply access-list IN permit icmp any any source-quench access-list IN permit icmp any any unreachable access-list IN permit icmp any any time-exceeded Apply that to the outside interface.

Port 21 should be fine. Fixup protocol ftp should be on by default.

Go straight to the source: http://www.cisco.com/en/US/products/hw/wireless/index.html