Search results for query: *

PIX 515 is 6.3(2) The IP addresses of the clients would not be consistent. I have another PIX that has been successfully configured for software VPN with a dynamic crypto map, but it seems that if I configure the original PIX the same way it breaks all the static crypto maps. Thanks <<Witty...

bump Anyone? <<Witty Signature>>

...set peer 71.x.x.34 crypto map VPNCLIENT 1223 set transform-set 3DESMD5 crypto map VPNCLIENT interface outside isakmp enable outside isakmp key ******** address x.x.x.x netmask 255.255.255.255 isakmp key ******** address x.x.x.x netmask 255.255.255.255 isakmp identity address isakmp...

AARRGGHH I hate typos. Thanks it alwayshelpt to have a second set of eyes look at it! <<Witty Signature>>

...6.3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password ********* encrypted passwd ********** encrypted hostname PIX208 domain-name domain.local fixup protocol dns maximum-length 512 fixup protocol ftp...

Hey Brian! Thanks for your help with my last problem by the way. I know they use addresses all over the available range, but I'm pretty sure they don't actually need 16.7 million hosts. Unfortunately we didn't build their network, so my guess is that someone decided to use 10.x address space...

Hi there. My client has a 10.0.0.0 /8 (255.0.0.0) network. They need to connect a VPN to another network with a 10.130.0.0 /24 (255.255.255.0). My side is running a PIX 515 and the other side is running a PIX as well, but I don't know the model, other than it's slightly newer. I know we have...

OK we figured out the SMTP problem, finally have a chance to finish the thread. SMTP authentication will not allow special characters in the password. At least it doesn't allow the asterisk... That was the problem there. Thanks again <<Witty Signature>>

Well I got the thing working for the most part. I used Brian's config recommendation and successfully opened the ports to the server. I realized that when used this way, the static command truly forwards the port to the specified internal IP address, and the ACL is what allows them in from the...

Brian - Thanks again for giving me a hand. If I define the ports with the static command, what good does the ACL do? Example 3389, RDP. If I enter this, as you suggest: static (inside,outside) tcp interface 3389 192.168.111.250 3389 netmask 255.255.255.255 and do it for every port I need open...

I only want the ports to go to the server at 192.168.111.250. I was referring to the static mapping command. When I had it set that way earlier, the server was the only machine that could get to the internet. <<Witty Signature>>

Thanks for your reply Brian. What about the rest of the stations? Does the PIX allow the other stations out since it defines a one-to-one NAT between the specified private and only public IP address? That is why I removed the static (inside,outside) line in the first place, but I wasn't using...

...group INTERNET request dialout pppoe vpdn group INTERNET localname blah vpdn group INTERNET ppp authentication mschap vpdn username blah password ********* <snip> I first set the ports up like I usually do when I have a range of public IP addresses using this: static (inside,outside)...

...address-pool vpnpool vpngroup support split-tunnel 90 vpngroup support idle-time 1800 vpngroup support max-time 86400 vpngroup support password ******** telnet 10.0.0.0 255.255.255.0 inside telnet timeout 5 ssh 0.0.0.0 0.0.0.0 outside ssh timeout 60 console timeout 0 dhcpd address...

Hello all - Need to do some testing on a DSL connection that has a Sonicwall TZ 170 Standard, with Firmware SonicOS Standard 2.2.0.1. We need to compare pings over the VPN versus pings to the WAN port, but I don't see how to set it up for that. The Linksyses (Linksyi) has a helpful little...

I got it! I have one port set up on the network to the PIX, and the rest of the ports in a VLAN on the inside. Thanks for the sounding board KiscoKid. Nick <<Witty Signature>>

That sounds great. I do want this to be the default gateway (192.168.3.254) for the 192.168.3.0 network. Do I need to specify the ip address on an interface, or the vlan1, where all the ports reside? <<Witty Signature>>

KiscoKid - Thanks for the reply. My network is only the 192.168.3.0, but I have to ensure traffic gets to other networks via other routers/modems. Example: 192.168.51.0 via 192.168.3.101 192.9.100.0 via 192.168.3.102 172.16.31.0 via 192.168.3.1 A couple of these are Cisco...

The simple question: Can my 3560 act as the default gateway and provide static routes even though I have no VLANs? Currently I have a Linksys acting as the default gateway for the clients. Drawing: Internet--PIX WAN|PIX LAN--Linksys WAN|Linksys LAN The Linksys and PIX are configured with a...

Zelandakh - Thanks for the info. We had previously looked into the Aelita Recovery Manager from Quest, but at US $8.00 per mailbox, decided it was cost prohibitive. The proposed backup of store files and copying to secondary server still works though, right? <<Witty Signature>>