Network Security

This is a weird one to me. Looks like there is a certain pecking order to how the PIX handles requests when it comes to VPN's.2007-01-24 11:44:19 Local4.Error 10.200.89.1 Jan 24 2007 11:44:20: %PIX-3-305005: No translation group found for tcp src new...

hello,can anybody tell me whether auth-proxy feature is supported by tacacs+, i mean i want to use tacacs+ as auth protocol and not radius.although i configured the setup as mentioned in the below url.http://www.cisco.com/en/US/partner/products/ps635...

Hi..We have upgraded IDS 4215 to IPS version 5.1 at one of our clients. And now we have oput it in inline mode. Scenario is as follows::Location A is connected to location B with IPS coming after router and then Firewall and then the DMZ...When i m t...

I have a pix515E that was working fine. then it got in rommon a few days ago and now it shows nothing in hypertrm window except for that in the attachment. what is wrong with it and what can be done, can you tell?

I have to upgrade the PIX OS from 6.3(1) to 7.X.There are few crypto ( site-site)configs with preshared keys.I remember that I had faced issues on the 1700/2600 old routers when upgrading the IOS, the preshared keys seems to be not working.I used to ...

We?re looking for software that will help us audit and keep track of firewall policies. We are constantly doing audits on our firewalls, whenever there is a change. We would also would need to link to documents to change control documentation unles...

Hi All,1. We've one web server which is accessible from outside.RuleAny Web Server http/httpsI am seeing lot of drops by clean up rule on daily basis from the web server to internet sites. On running snoop i see when web server is sending to Intern...

I configure a IPSec Tunnel to Nortel Contivity switch out of my network. The problem is: when I use "show crypto ipsec sa" and "show crypto isakmp sa" commands, the outfut is as following:firewall# show crypto ipsec sa interface: outside Crypto m...

Hi friends,Just wanted to know basically if a requirement is supported in the FWSM or not. There is a FWSM 3.1 blade on the 6500. The main intention of purchasing it was to protect traffic to and from Server VLAN's. There are totally about 12-13 serv...

Hi,We are planning on putting Active/Standby pairs of ASA CSC bundles at three of our sites. We would also like to use these pairs as SSL head end devices.The question is whether we really need to purchase two sets of SSL licenses (and for that matte...

I have worked on PIX's for years and still have a hard as hell time understanding ACL's on a pix, specifically the direction to apply and how they are inspected.If you read the books it always says inbound acl's are used to go from a lower to higher ...