Recent content by Triplejolt

Eg. access-list 199 permit tcp any host 192.168.1.6 eq www A firm beleiver of the "Keep it Simple" philosophy Cheers /T

I'm gonna asume this to be your outside interface: interface GigabitEthernet0/1 ip address X.X.X.242 255.255.255.248 ip access-group 199 in Please look at these two lines: access-list 199 permit tcp any host X.X.X.243 eq www access-list 199 permit tcp any host X.X.X.244 eq www Are either of...

Sweet :) A firm beleiver of the "Keep it Simple" philosophy Cheers /T

Verify these statement: This should allow SMTP traffic to flow unhindered towards your mailserver host-address. A firm beleiver of the "Keep it Simple" philosophy Cheers /T

Hiya encinitas. This line might be worth investigating: Is this the old peer-address or the new one? Furthermore, I'd suggest going over the cryptomap, isakmp statements and any ACL's you may have (especially ACL 101 as this one tunnels the traffic between your offices): crypto map tooffice...

Hi Doug. A few minor suggestions: Do not employ these lines: access-list inbound permit icmp any any access-list inbound permit tcp any host 66.67.68.69 eq 3389 The first line announces you to the world. The second line opens up your server for anyone using Remote Desktop. It's generally a...

Causemaker: Just a friendly tip :) The Ethernet ports on a switch are already "crossed". Interfaces on routers are not. Same goes for PIX-interfaces. Hence the need for a crossover. I second NG's advise. I've done this a few times myself and it should work flawlessly. A firm beleiver of the...

Is ACL 100 located on your outside interface? A firm beleiver of the "Keep it Simple" philosophy Cheers /T

It wont hurt to regenerate the keys, if you use keys. Did you clear the cryptos? A firm beleiver of the "Keep it Simple" philosophy Cheers /T

Add these lines to your PIX config: logging enable logging timestamp logging standby logging console errors logging monitor errors logging buffered debugging logging trap debugging logging history warnings logging host inside [inside IP-address] Then download either KIWI syslog or 3CDaemon...

Check your config on the 515 and see if this line is in the crypto statements: crypto map toPIX501 10 match address 110 (or use nonat as these two are identical) This line tells the PIX to encrypt matching traffic. Without it the traffic wont go through the tunnel but rather on the outside...

Yes, you need to "translate" your internal address to an external one. This is because the address you mention is from the private address-range and is not routed or reachable from the Internet. You need to provide a public address, or a second address if you will. Unless you have a public...

Have you tried to delete the user and make a new one? And you should also check the VPN profile of the user. Some users have a tendency to be "creative"... A firm beleiver of "Keep it Simple" philosophy Cheers /T

At 1st glance I can't see anything wrong. Just make sure that you employ NAT-0 on both VPN end-points. And allow ICMP echo replies from the VPN subnet on the outside interface aswell :) This is only a quick look, but I hope I gave you some hints. A firm beleiver of "Keep it Simple" philosophy...

Yup. In v7 you need to type in: sh run xlate sh run nat :) A firm beleiver of "Keep it Simple" philosophy Cheers /T