Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Search results for query: *

  1. Triplejolt

    Traffic on port 80 not coming in

    Eg. access-list 199 permit tcp any host 192.168.1.6 eq www A firm beleiver of the "Keep it Simple" philosophy Cheers /T
  2. Triplejolt

    Traffic on port 80 not coming in

    I'm gonna asume this to be your outside interface: interface GigabitEthernet0/1 ip address X.X.X.242 255.255.255.248 ip access-group 199 in Please look at these two lines: access-list 199 permit tcp any host X.X.X.243 eq www access-list 199 permit tcp any host X.X.X.244 eq www Are either of...
  3. Triplejolt

    change IP for PIX-PIX VPN

    Sweet :) A firm beleiver of the "Keep it Simple" philosophy Cheers /T
  4. Triplejolt

    PIX 515E will not route SMTP traffic

    Verify these statement: This should allow SMTP traffic to flow unhindered towards your mailserver host-address. A firm beleiver of the "Keep it Simple" philosophy Cheers /T
  5. Triplejolt

    change IP for PIX-PIX VPN

    ...peer [verify this IP address] crypto map tooffice 20 set transform-set myset crypto map tooffice interface outside isakmp enable outside isakmp key ******** address [verify this IP address] netmask 255.255.255.255 .... I'm adding the rest of the isakmpstatements as a suggestion. Not sure if...
  6. Triplejolt

    Need to be able to VPN in from home

    ...[dns srver1] [dns server2] vpngroup [groupname] default-domain [your domain name] vpngroup [groupname] idle-time 1800 vpngroup [groupname] password ******** Lastly, add this line: aaa-server LOCAL protocol local And then add the users you want to have access through VPN as you normally...
  7. Triplejolt

    connect PIX directly to router?

    Causemaker: Just a friendly tip :) The Ethernet ports on a switch are already "crossed". Interfaces on routers are not. Same goes for PIX-interfaces. Hence the need for a crossover. I second NG's advise. I've done this a few times myself and it should work flawlessly. A firm beleiver of the...
  8. Triplejolt

    PIX 515E will not route SMTP traffic

    Is ACL 100 located on your outside interface? A firm beleiver of the "Keep it Simple" philosophy Cheers /T
  9. Triplejolt

    change IP for PIX-PIX VPN

    It wont hurt to regenerate the keys, if you use keys. Did you clear the cryptos? A firm beleiver of the "Keep it Simple" philosophy Cheers /T
  10. Triplejolt

    Logging help

    Add these lines to your PIX config: logging enable logging timestamp logging standby logging console errors logging monitor errors logging buffered debugging logging trap debugging logging history warnings logging host inside [inside IP-address] Then download either KIWI syslog or 3CDaemon...
  11. Triplejolt

    Unable to tunnel site to site VPN

    Check your config on the 515 and see if this line is in the crypto statements: crypto map toPIX501 10 match address 110 (or use nonat as these two are identical) This line tells the PIX to encrypt matching traffic. Without it the traffic wont go through the tunnel but rather on the outside...
  12. Triplejolt

    Do I need a second static address for a web server?

    Yes, you need to "translate" your internal address to an external one. This is because the address you mention is from the private address-range and is not routed or reachable from the Internet. You need to provide a public address, or a second address if you will. Unless you have a public...
  13. Triplejolt

    Cisco VPN Authentication Problem

    Have you tried to delete the user and make a new one? And you should also check the VPN profile of the user. Some users have a tendency to be "creative"... A firm beleiver of "Keep it Simple" philosophy Cheers /T
  14. Triplejolt

    Help with Site-To-Site VPN access to the DMZ

    At 1st glance I can't see anything wrong. Just make sure that you employ NAT-0 on both VPN end-points. And allow ICMP echo replies from the VPN subnet on the outside interface aswell :) This is only a quick look, but I hope I gave you some hints. A firm beleiver of "Keep it Simple" philosophy...
  15. Triplejolt

    PIX 7.0- xlate and nat commands

    Yup. In v7 you need to type in: sh run xlate sh run nat :) A firm beleiver of "Keep it Simple" philosophy Cheers /T
  16. Triplejolt

    Pix 501 to Pix 501 VPN, Cisco VPN Client

    Here's a basic config which can be applied to both sites (asuming you're not using private addresses): SITE1 access-list SITE1-to-SITE2 permit ip [IP address and mask from SITE1] [IP address and mask from SITE2] This line forces all traffic originating from the inside of site1 with site2 as...
  17. Triplejolt

    How to setup Pix 501 with 1 public IP address

    Setting up the PIX to allow VPN users to connet to it, means it will have to get VPN requests relayed by the DSL router. This because the DSL router holds your "outside" address. Should work if your ISP forwards the VPN requests (UDP 500) to your PIX. It gets a bit more complicated this way, but...
  18. Triplejolt

    how to check if port 25 is open for our mailserver

    Or from the outside: Telnet [IP address of mailserver] 25 If you get a connection, the port is active and open. A firm beleiver of "Keep it Simple" philosophy Cheers /T
  19. Triplejolt

    Access-list for Mail Server filtering

    You're looking at one really big ACL. And problem is that some "blocks" don't necessarily mean they originate from the same country. Either way, you're going to run into major issues if you decide to "block" spam by blocking IP adresses. Spam doesn't always originate from the "blocked" range and...
  20. Triplejolt

    Cisco PIX 501 WAN IP Changing!

    Yup. But to be sure you don't alter any config by accident, just copy, edit and paste the lines you do want to change. Eg. the 3 lines specified earlier :) A firm beleiver of "Keep it Simple" philosophy Cheers /T

Part and Inventory Search

Back
Top