Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Search results for query: *
- Users: captaintuba
- Content: Threads
- Order by date
-
Has anyone ever used DENY in their NO-NAT acl?
Has anyone ever used DENY in their NO-NAT acl? [ponder] For example: !--- ACL to avoid Network Address Translation (NAT) on the IPSec packets access-list 100 deny ip host 10.2.2.12 10.1.1.0 255.255.255.0 access-list 100 permit ip 10.2.2.0 255.255.255.0 10.1.1.0 255.255.255.0 access-list 100...- captaintuba
- Thread
- Replies: 1
- Forum: Security, hacker detection & forensics
-
Two PIX in series - 4 networks - Statics/NATing/VPN?
We've just replaced our outside PIX515UR with a PIX515eUR. Now we'd like to re-deploy the PIX515UR as an inner firewall to further protect database servers on the publicly accessible DMZ. i.e. PIX1-OUTSIDE = Internet PIX1-INSIDE = Corp LAN PIX1-DMZ1 = web servers and PIX2-OUTSIDE =...- captaintuba
- Thread
- Replies: 0
- Forum: Security, hacker detection & forensics
-
PIX515R memory upgrade
I've been told that you have to upgrade a PIX515R to a PIX515UR in order to upgrade from 32Mb to 6Mb RAM. The part number is: PIX-515-SW-R-UR= The UK list is £2,748.00 This is a very expensive 32Mb memory stick ;-) I'm just looking for a bit of performance. I don't need a VAC or Fail-over. I...- captaintuba
- Thread
- Replies: 0
- Forum: Security, hacker detection & forensics
-
How do I: VPN all traffic except SMTP?
I have a site-to-site VPN working from our HQ to an ISP. All traffic goes down the VPN tunnel and is not natted. Now I need to stop SMTP traffic destined for the ISP going down the VPN tunnel. Here's why: The ISP needs to send reports back using SMTP from a machine in the VPN network. They...- captaintuba
- Thread
- Replies: 7
- Forum: Security, hacker detection & forensics
-
How do you get site-to-site VPN from inside and dmz1?
I've been able to get a site-to-site VPN set up OK. Each inside network can see the other inside network. (H.Q. to ISP) We have just added a dmz at our HQ site for web site staging and testing. Now I need to allow one of the servers on the DMZ to connect to the ISP network using the VPN. Is...- captaintuba
- Thread
- Replies: 2
- Forum: Security, hacker detection & forensics
-
Pitfalls of using names. It didn't work for me.
Pitfalls of using names A nice idea – but it didn’t work for me. I’m using 6.0(1) code on a 515 and thought using names would cut down on typos. So it would make the code easier to write and read. I have 3 servers on a DMZ that should be accessible from the outside interface. Each has their...- captaintuba
- Thread
- Replies: 2
- Forum: Security, hacker detection & forensics
-
Best practice - comments, cmd order, global pool, syntax, route
I’m new to working on PIX configs and wanted to check some things out. (I’ve inherited a working PIX but need to create a DMZ for web pre-staging.) Comments Please can you confirm the right syntax to add a comment in a configuration. I don’t see many comments in the configurations I’ve seen so...- captaintuba
- Thread
- Replies: 0
- Forum: Security, hacker detection & forensics
-
IP LOCAL POOL clarification reqd
Folks - I new to pix and just getting up to speed. I just need some clarification on parts of a config I working on. The following interfaces are in use: ip address outside X.Y.Z.115 255.255.255.240 ip address inside 192.168.168.1 255.255.255.0 ip address dmz1 192.168.169.1 255.255.255.0 ip...- captaintuba
- Thread
- Replies: 1
- Forum: Security, hacker detection & forensics
