Recent content by NetworkGhost

Im pretty sure logmein uses http and https tunneling. At that point you have 2 choices. Use a proxy or content server to filter, find the IP addresses of all the logmein servers and block by IP or use and IDS appliance to drop the packets. What version of PIX code are you running...

Make sure you have this command on the ASA and also ass the VPN Client traffic to the site to site match acl same-security-traffic permit intra-interface http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml#t3 http://www.wr-mem.com

Post the scrubbed config. Looks like you are using acl authorization. Do you have a ACS server? http://www.wr-mem.com

This ACL: access-list 101 deny ip 192.168.0.0 0.0.255.255 any means allow no one from the 192.168.0.0 network to flow. If the router is the internet router than this ACL should not be the problem. Just out of curiosity is there anyway that the router in front of the remote end is blocking ip...

Get the following info from both sides show crypto ipsec sa ping a server that should be accessible through the VPN and get the SAs again show cry ipsec sa When you do your ping, send 500 requests so we can expect to see the decrypt and encrypt counters increment. This will tell us if...

Did you leave out the nat rules also? Please post whatever you left out. you also said that the ICMP traffic stops at the inside interface of the PIX "It stops at the inside interface of the PIX. " If this traffic is destined for Vlan5 than you shouldnt see traffic hitting the DMZ right...

Few problems here. Let me know if I over looked. These are the hosts you want the outside world to access right? access-list acl_outside permit tcp any host 205.143.139.34 eq domain access-list acl_outside permit udp any host 205.143.139.34 eq domain access-list acl_outside permit tcp any host...

Where did you find this out? Was just curious if you got this from Cisco or not. http://www.wr-mem.com

Sounds like it. If you have smartnet you can probably geta replacement sent: http://cio.cisco.com/en/US/docs/security/pix/pix63/hw/installation/guide/501.html#wp1123990 http://www.wr-mem.com

Post a scrubbed config. Also post the output of a show log when this happens. If you dont have logging to the buffer enabled, enable by the following loggin on logging buffered 6 http://www.wr-mem.com

Yeah, I was joking a bit with my comment. :) I think you got the idea. Basically if you could not place these servers off the PIX inside interface and do one to one nat then you could put the devices behind the router and just route the forward the range from the PIX to the router. Yes I am...

Wont be doing one this weekend. I'll make a post for the next one and will also update my site when I do. Just got off vacation and have been pretty busy since. http://www.wr-mem.com

Need more info to help you. If youd like send me a email: joe_at_wr-mem.com http://www.wr-mem.com

The idle state means that the SA is established and isnt doing anything until the SA needs to be rebuilt. This is a good thing. http://www.wr-mem.com

What does the IPSEC SA look like? Do you see the encrypted count incrementing? decrypted? If you enable logging logging buffered 6 and so a show log, do the logs display any errors when you try the VPN traffic? http://www.wr-mem.com