Recent content by julianmd

What is the gateway setting for the IP office and the switches?

Yes you can. Under VPN settings, Advanced Settings you need to enable "Forward packets to remote VPNs" which basically will allow packets destined for tunneled networks to pass through the required tunnel. Julian Dragut If you knew that you wouldn't fall, how far would you have gone?

I've been having this issue for 3 years, and we and Avaya tried everything humanly possible and couldn't find a solution! Anything that worked for you? Cheers, Julian

No the internal IP's are not the same. RemoteSite's IP address is 192.168.1.0 HQSite = 192.168.0.0 PIX1 - ISP1 PIX2 - ISP2 PIX1 + PIX2 protect the same LAN (192.168.0.0), that's why RemoteSitePIX has two maps with the same proxy source, but using two diferent peer addresses Hope this helps!

Take a look at this: Cisco's VPN engineer's respons: Thanks you for all your concern and providing all the info in this regard. Please see that I was not feeling well, so couldn't get back to you soon. My apologies for any production impact caused. What we need to do in this scenario is to...

Relevant config: access-list ymx1acl permit ip 192.168.1.0/24 192.168.0.0/24 access-list ymx2acl permit ip 192.168.1.0/24 192.168.0.0/24 crypto map outside 20ipsec-isakmp crypto map outside 20match address ymx1acl crypto map outside 20set peer X.X.X.X crypto map outside 20 set transform-set...

Hi, I am going nuts with this, if anybody has been there..... this is a cry for help ;-). This is my situation. LAN1 - 2 ISP's, 2 PIX's LAN2 - 1 ISP, 1 PIX I have a vpn tunnel from PIX1-LAN1 going to PIX1-LAN2. Now I'm trying to create a secondary vpn tunnel from PIX2-LAN1 going to...

Take a look here: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml Julian Dragut

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pdm/v_10/pdmig/install.htm Hope it helps Julian Dragut

Try this nat (inside) 0 192.169.2.0 255.255.255.0 10.10.10.0 255.255.255.0 Please post back the results Julian Dragut

Hi, try this instead access-list acl_inside permit icmp any any eq echo-reply access-list acl_inside permit icmp any host <public IP> eq echo-reply access-list acl_inside permit icmp any host <public IP2> eq echo-reply access-list acl_inside permit icmp any host <public IP3> eq echo-reply...

Sorry to reopen it, but now SSH from outside doesn't work anymore! Anybody? Thanks, Julian Dragut

I got it working. access-list outside_in permit tcp any any eq 5555 static (inside,outside) interface 10.0.0.100 netmask 255.255.255.255 Julian dragut

Hi, I am trying to map an external ip address given by the ISP's DHCP to an internal IP address given the the PIX's DHCP for port 5555 What I do is: access-list outside_in permit tcp any host 24.200.200.200 eq 5555 access-group outside_in in interface outside static (inside,outside) tcp...

Assign it: IE: static (inside,outside) 66.66.66.64 192.168.0.16 access-list fromoutside permit tcp any host 66.66.66.64 eq smtp access-group fromoutside in interface outside