Recent content by themut

Smarnet for a 2501 is as follows: CON-SNT-2501 SMARTNet 8x5xNBD for CISCO2501 N/A $289 This will entitle you to download ALL IOS versions from Cisco's web page

It is not possible! Interesting traffic is based on source and destination IP addresses not on traffic type.

I am troubleshooting traffic passing through a router right now... I didn't mean clear interface as it only clears the the interface counters. My bad :( The command needed is: clear access-list <acl-name> counters Sorry about my mistake guys...

You probably need to enable NAT Traversal (NAT-T). Add the following command to the PIX: isakmp nat-traversal <keepalive> The default keepalive value is 20 seconds

Try it from config mode. You can issue ALL commands from config mode

You can also buy the image from any Cisco reseller

clear interface command clears all interface statistics except the number of input bytes

You can access the PIX through the tunnel but you need to include the PIX's outside interface as part of the interesting traffic and configure the corresponding ssh/telnet command. The links below should help you out...

As can be seen from the logs, The PIX is encrypting the packets but it doesn't receive any encrypted packets to decrypt. The information from the VPN3000 confirm this situation, the concentrator is decrypting packets but it is not encrypting any packets. The VPN tunnel is up and working the...

1. Remove the crypto map from the interface 2. Configure the new site 3. Reconfigure the crypto map back to the interface Failure to do so might lock up the PIX and ALL traffic would be encrypted therefore all conections will fail.

You can use the new IP addresses on the PIX. The PIX will proxy arp for them, all you need to do is add the following route on the Internet router: ip route 65.212.x.x. 255.255.x.x <pix-ip-address>

You are correct! The outside world establishes a VPN tunnel to the public interface and if successful then the outside world can access the internal resources.

You will never be able to accomplish this, it makes no sense. The reason for a VPN concentrator is to establish a VPN to the public interface so you can access the private network. If you are already on the private network then you have no reason to establish a VPN so the VPN3000 won't allow it...

Are you trying to VPN from 192.168.1.2 to the public interface?

I came accross this problem once, I was assigning IP address pools directly on the VPN groups: Configuration | User Management | Groups I change my pool assignments and configure a global pool instead: Configuration | System | Address Management | Pools that modification resolved the...