Recent content by rubbaninja

I'm running ASA 8.0(3)6 routed, single context. We are running ipsec vpn on both the external interface and the internal interface. We are connecting with ezvpn clients (871 cisco routers). The client IP addressing is configured on the client. Management is now having us use the connections...

Thanks for the help. Shortly after this I figured it out and that's exactly what I did. I forgot about the "new" packet tracer feature which helped A LOT. Thanks!

I am using a 5540 to allow vpn users access to our network through the outside interface. Users cannot access our webdmz interface that resided on the same device. "ASA-3-305005: No translation group found for tcp src outside:192.168.100.15/1673 dst webdmz:10.72.1.19/80 192 being the address...

Is it possible that the FTP server you are connecting to is denying the client based on the IP address hitting the FTP server (or allowing only certain IP's? If you are getting access denied from the FTP server then it's the only thing that could be the problem. For example; I connect to a...

I don't see any routes. Maybe you had just not included them. Here is some info for you http://www.cisco.com/en/US/customer/docs/security/pix/pix63/configuration/guide/pixclnt.html#wpxref36759 You want to also enable debug vpn to see what is going on.

There is just too many variables to tell you exactly.\. If you had that box unchecked to begin with then the problem lies in your rules.

Is the "Access Denied" message from the ISA server or is it from the FTP server? Can you connect to any other ftp like ftp.microsoft.com if you include ftp.microsoft.com in your existing rule set?

Maybe I answered my own question already CERN = UNIX proxy?

Sorry if the question is silly but... Is ISA a CERN proxy?

Open ISA MMC Right click the ISA server under "Servers and Arrays" and choose properties. Go to the "Outgoing Web Requests" tab and uncheck the "Ask unauthenticated users for identification" check box. This will allow you to use your rules if you want to ask for auth or not.

www.isaserver.org will help you a lot.

It sounds like the registry key for connections has become corrupt and you will need to replace with the original. This happened to us when we changed proxy settings on 2000+ systems. Use the following reg entry to overwrite the corrupt keys with this (make a .reg file and copy paste this into...

Did you add an access list on the dmz interface that allowed access from the DMZ server to your internal DNS servers on port 53?

Or use a host file entry on the server

Our company is directly connect to a partner but have seperate LANs, DNS, etc. and are seperated by a firewall. Our company NATs our address and they NAT their address. Both companies access each others resources. Their dns uses one.com for resolution of our address in their private DNS. We...