Search results for query: *

Use a separate ACL for the NAT 0 and the Split Tunnel. Use routable addresses for your VPN group ip local pool. Be more specific in the Split-tunnel ACL because by using an "any any" statement in the ACL, you're telling the PIX that all traffic needs to be tunneled/encrypted--resulting in no...

Thanks. Now I can stop beating my head against the wall. Roland ***************** What's ADD again?

Hi All, Is this possible with the C805? from enable mode I type: config t int e0.1 ip address x.x.x.x 255.255.255.0 and get this response: % Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q, or ISL...

That's cool! I'm still figuring out the differences between 6.3(4) and 7.x... ***************** What's ADD again?

These are the commands you'll need: Replace ACL_Name with whatever you want to name the ACL. access-list ACL_Name deny tcp host 10.1.210.110 any eq 5190 access-list ACL_Name permit ip any any access-list ACL_Name permit esp any any you need the one above if you're running any...

For which the DMZ or the inside?" I'd change the network for the dmz3--especially since it's not created yet. Maybe 192.168.1.0/24 or something else routable. Roland ***************** What's ADD again?

Cisco Secure PIX Firewalls" Edited by David W. Chapman Jr. and Andy Fox. Page 106. ***************** What's ADD again?

The syslog messages shouldn't be affected by an access-list since they originate from the PIX. Check to make sure you aren't running a firewall on the syslog server and make sure the ports/protocol that Kiwi is looking for and the PIX is using are the same. As far as manually creating...

The logging buffer is 4KB in size and is non-configurable. The messages that are oldest are overwritten once the buffer is full. You can use the "clear logging" command to empty the buffer, or the "no logging buffered level " command to turn it off. Roland ***************** What's ADD again?

route webdmz 10.100.100.0 255.255.255.0 192.168.100.1 1 static (inside,vpndmz) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 Then on PIX 2 route dmz3 192.168.100.0 255.255.255.0 10.1.1.1 1 static (inside,dmz3) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 Can the PIX do this ok?" You are...

I believe that link places a cookie on your PC, which gathers the internal IP. So it doesn't mean your firewall isn't working. It's just a clever marketing scheme. Roland ***************** What's ADD again?

Glad to help. ***************** What's ADD again?

Or do I just do "logging buffered warnings 3" and it monitors all of 1,2,and 3"---Bingo! "Do I do the same thing with trap and history?" Yes. The trap is what gets sent to the logging host. I like to have it set at a higher level because I want to be able to dig through it if I need to. But...

Also, This FAQ is good: faq35-4302 ***************** What's ADD again?

logging on logging timestamp logging buffered warnings 'Set this at the level you want. logging trap debugging 'Set this at the level you want. logging history warnings 'Set this at the level you want. logging host inside IPAddressOfSyslogServer 'The PIX...

You need to insert an access-list statement that allows tcp port 3389 into your ACL that's applied to the outside interface. Then statically map that port traffic to the inside machine. access-list ACLName permit tcp any host OutsideIP eq 3389 static (inside,outside) tcp OutsideIP 3389...

If you go to the command prompt and ping Norton_Inside_server does it resolve the IP? If it does, then try leaving the static mapping in place: static (inside,dmz) 172.17.xx.54 172.16.xx.54 netmask 255.255.255.255 0 0 and remove any acl_dmz statements that reference sales_server and...

I'm still getting comfortable with ver 7.x, but I think these are all the related commands. access-list 101 extended permit ip X.Y.2.0 255.255.255.0 host Doc400_Server access-list 101 extended permit ip X.Y.2.0 255.255.255.0 host SAS_Query_Server access-list 101 remark The previous 2 lines are...

Well, I fixed it because I got tired of waiting to hear from TAC--and the Tech support agent kept telling me how "Complex" my config was... I had to change the split-tunnel access-list from an extended ACL to a standard ACL. I also had to add back in my DNS server option. I also lost the WINS...

Not on the site to site--it just survived the code translation. I'll dig out the commands referencing it though and paste them so you can compare. ***************** What's ADD again?