Recent content by haknwak

Okay - if I understand correctly - the new address space - 10.1.1.x is behind the same firewall as your existing vpn partner - 214.66.40.15. You want this 10.1.1.x address space to see your inside private network - this you didn't specify - if that is the case you should be able to do...

see http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/df.htm#42126 for usage of fixup - there are examples of multiple ports for FTP. You do have necessary static mappings and ACLs in place, right? "If you lived here, you'd be home by now!" George Carlin

would need some sort of drawing or network diagram to better understand "If you lived here, you'd be home by now!" George Carlin

Correction - from http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/s.htm#xtocid20 "For example, a web server on the dmz, 209.165.201.5 needs to be accessible by users on the outside. The static and access-list command statements are as follows. static (dmz,outside)...

I believe if you use all public addresses, you won't be able to use filtering. The PIX depends on having different addresses on the Outside than the inside so that filtering may be applied. With all public addresses on your servers, they will be at a peer level with the PIX outside interface...

I log informational (I think it's level 6) http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/syslog/pixemint.htm - and, depending on your activity level, the files will grow quite large. Make sure you tell Kiwi to create a new file daily if it's busy so you can back up and...

Failover isn't one PIX talking to the other. I assume you mean to connect the two PIXes NICs with a crossover cable. Each NIC requires a path to the outside. I'm sure that a switch port is much more robust in handling all your network traffic as well. Crucial to have all available LAN...

try tracing a route to mit.edu from testpc - where does it stop? Also, I believe you won't be able to ping the outside interface from inside anyway. I can't from my network. Telnet into the pix and try ping outside 18.7.21.69 That is MIT.EDU's IP addie - does the PIX get there...

I think you'll need to enable syslog and use a thrid party log monitor/analysis proggie. I use Insideout - http://www.stonylakesolutions.com - it's nice and does the job but a little pricey Also Kiwi syslog talks Cisco as well - it's cheaper - gives you text output and you parse it as...

Is there a way in the PIX to close out an open session that is in progress ? I was also wondering if anyone knows whether the NAT translations are processed before access-lists on a PIX ? "If you lived here, you'd be home by now!" George Carlin

Does the machine have a default gateway? Can it ping that gateway? What happens if you trace? Where does it stop? Was there a static route on the old machine that you haven't added on the replacement? "If you lived here, you'd be home by now!" George Carlin

in other words, tedsmith , the limit is not in the switch but in the length of wire. 100M is generally accepted. That assumes well made cables, routed properly away from interference etc. "If you lived here, you'd be home by now!" George Carlin

telnet hostIP portno here is a failed attempt "C:\>telnet 192.168.1.1 1433 Connecting To 192.168.1.1... delay while telnet attempts to connect Could not open a connection to host on port 1433 : Connect failed" here is a successful attempt: C:\>telnet 192.168.1.1 1433 long delay...

Unless Cisco or others here have info regarding this as a common occurrence, I'd definitely suspect foul play. Maybe even someone in the client's company. I think it's definitely time to set up different passwords, logging and such. Remove modem or other outside access. Make it as clean and...

I only use tftp to upload IOS - just use hyperterminal, sh conf, Edit, Select All, Edit Copy, open notepad and Edit Paste. Also a nice program to manage configs is Kiwi Cattools - http://www.kiwisyslog.com/products.htm#cattools It manages all your firwall configs and catalogs changes, gathers...