Recent content by havanajoe

What type of card did you end up putting in your system? Thanks

It sounds as if you need a router rather than a pix firewall.

I would agree with chicocouk, it doesn't make sense to make the outside of the pix a dhcp client if you don't have to. You will have to put static routes in the linksys wap for the networks that live behind the pix. If you need to use DHCP, then check to make sure that you are running the...

I use Kiwi and it takes care of any logging that I need. Plus as themut said, it's free.

By default ALL traffic originating from outside of the PIX is blocked from coming into the network. Only connections created by an internal host to an external host can come back through.

If I were in your shoes, I would configure it this way. Internet -- netopia modem -- pix -- internal network You don't need the PIX and the Linksys router. They are both pretty much capable of doing the same things. As far as the VPN goes, I would use the Cisco client to connect to the PIX...

The line that you need to enter on the pix to allow you to ping and get responses back to the pix console is... ICMP permit any echo-reply outside

I would start by checking the status of my e0 interface. Check to make sure that it is in fact getting an ip address from the linksys. I have done a setup like this before and I had to enter a static route in the linksys for the private network behind the pix. Next add these lines into the...

Remember, the ICMP packets are not being blocked going out, the echo-reply packets are being dropped upon their return. So you are in fact pinging out and getting a reply but this statement is doing its job and dropping them. If you remove the deny icmp any outside statement then the pix...

I believe that all you are missing is the route statements. Try adding... route inside 192.168.1.0 255.255.255.0 route dmz 192.168.2.0 255.255.255.0 Since the connections are going through everything is setup fine, however the packets are being dropped because the PIX doesn't know what to do...

Can you ping this address from inside the firewall? Can you ping ANY site (www.cisco.com) from within the firewall? If you can ping www.cisco.com from within your firewall then try that site from your firewall. After these basic steps and if you can't ping www.cisco.com then post your config...

If you have a SmartStart CD boot with that and run the system erase utility and it will wipe the server clean and you can start to rebuild then entire thing from scratch. I ran into some wacky problems recently when I tried to remove linux and install W2K, I had to wipe the entire server clean...

From my experiences I have never had to allow NTP back into the network through the PIX.

The way that I confirm that the NTP is actually happening is to use the syslog logging of the PIX. Then on my workstation I run kiwi syslog to trap the syslog messages. Depending on the version of PIX os you are running you can set up logging on individual ACLs, so when a packet fires off an...

Ok let's give this a try. In the diagram you have the time server coming into the pix (unless the arrows weren't meant to mean anything i.e. push time) then this is wrong. Your clients pull time from the time sync server. time server <-- pix <-- isa server <-- dc <-- workstations so the...