Search results for query: *

does "dns domain-lookup" work ? When a ASA5505 8.2 is running EzVPN in NetworkExtention mode ?? Do you need to use inside or outside when using management-access inside... ?

Make sure you have ISAKMP NAT-T in your config.

Yes that is no problem, even with PIX. Your problem is routing, which naturally must be inplace aswell. Fx you can use 3 statics with 3 ISP IP's to 3 inside hosts. but your routing will in the end, decide what way to go. HTH

Hi, I am looking for anyone how in fact has tried installing a ACS4.0 AND the UCP feature. Anyone has this working ? on a win200 server IIS5.0 ? 8)

1. Are your sysloganalyzer process running ? 2. Are your device credentials ok ? HTH Martin

your inside ACL doesnt allow telnet.

The PIX command CAPTURE is a very valuable tool, especially in throubleshooting. What you do is this: 1. Create an ACL of - let's say an inside host you what to track - like this: access-list cap1 permit ip any host INSIDEHOSTRACKED access-list cap1 permit ip host INSIDEHOSTRACKED any 2. Simply...

Hi I have been testing "damesac"'s sugguested method, and it looks like it works ! Great. What I think confused me into think that this doesnt work, is the IMPORT msg after an import: DEVICE NOT IMPORTED: Conflicting Devices (DCA CHANGED): 78 The above msg is not what I would call a pointer...

This is what I have done, andsystem reports Device allready exsists ... as mentioned

classical problem ! Once you have : static (inside,outside) tcp interface 9008 10.10.11.10 9008 netmask 255.255.255.255 0 0 the interface command in that statement mean the IP OF THE OUTSIDE interface. Hence it is THIS IP your application should point to on tcp/9008 !! Hence you need to...

with PDM or SSH you need the ENABLE password - not the password ... HTH Martin

did you solve your problem ?

for some reason you ACL have been misnamed - use the ACL named "inbound" in your : access-group outside_access_in in interface outside i.e. no access-group outside_access_in in interface outside access-group inbound in interface outside Also use the "interface ethernet0 100full" with caution...

as lgarner says plus: 3. enable SSH on other port than default on the server

no matter what you use - here is the concept: you add a static command (NAT translation) from fx interface to inside IP of the forward-to host. you add ACL giving what is permitted. you add ACL to the outside interface. I never uses the PDM, as it will likely mess around with your cfg at...

I would go for a PIX515E, or maybe 506E can do the job aswell

- your NAT cmd are bad (no NAT-= for ipsec) - what is this : crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20 (hint get rid of it) - do you need these: sysopt connection permit-l2tp sysopt ipsec pl-compatible crypto map outside_map 65535 ipsec-isakmp dynamic...

also you have some access-group commands that are bogus...

mostly your cfg looks good. Though teh first one has problem with NAT vs global number and the inside IP address mask vs the mask in the ACL 80 But what I really think is that you should enable IPSEC NAT traversal, via the cmd : isakmp nat-t on both ends. also you might wanna have the cmd...

yep - uses it bigtime you need to enable the UT data aquisition (mind my bad english), and you can do so via "User tracking" in the CM part of LMS2.5 For usernames you need also install crappy application on you AD DC or NDS server etc - which have lead me not to use this feature But just the...