Network Security

does anyone know if PIX can be configured to allow IP options to flow through it? Apparently, certain apps like Netmeeting sent out IP option 0x014 which is rsvp packet and gotten dropped because of the debug action in PIX. I am using version 6.3. th...

I am trying to design redudancy into my network and while fooling around with ideas on paper i came up with some questions. i have two internet routers with two different ISPs. They will be running Gateway load balancing protocol between them and eac...

Hi,Has anyone tried using NAC alongwith Auth-Proxy at the same time ? E.g. Same admission rule configured both for eapoudp and auth-proxy.The goal is1. Have all Users go through NAC. The downloaded ACL after NAC validation isdeny ip any xpermit ip an...

I found that the default http inspect policy causes web mail systems like Yahoo, Gmail, HotMail, etc... to be blocked. The problem was that the PIX just generated a general TCP Deny log entry instead of stating the inspect policy was triggered. In or...

Hi AllCurrently I have x.x.x.64 255.255.255.240 being handled by dmz2 on my pix.The pix has the following set:nat (dmz2) 0 x.x.x.64 255.255.255.240 0 0It also has:static (dmz2,outside) x.x.x.76 x.x.x.76 255.255.255.255 0 0My question is if the dmz is...

Hi All,I have a PIX 525 on production with UR Licence running V6.3.4. I would like to put in a fail-over PIX. Fail-over PIX with FO License runs V6.3.5.. will there be any problems if the fail-over has a higher version than the Active PIX??.. I look...

I have a dummy question regards the ASA5100 with AIP-SSM. I just ordered but not familar to the configution.The requirement is I have three interfaces(external, internal and DMZ) and want to investigate all by the AIP. Can I have a configuration exam...

Hi,How many routing entries are supported by PIX 525 runnning v6.3(5) with OSPF.How big routing table can be?Regards,Anand

PIX 515E firewall is located at central location and i am accessing it from one remote location.I can access through SSH but i want to access it through web page. I am configuring it as pdm location ip address subnet mask outsidehttp ip address subne...

have configured pix to auth with a TACACS+ server using ssh.my motd banner doesn't appear when i connect. anything wrong? Thanks!banner motd <text>banner motd <text>banner motd <text>

Hi Expert, Need help. Issue 1 When bring down ASA firewall Master unit, ASA secondary unit would not change to Active mode, it always in standby mode. This problem only can resolve when we manually change the secondary firewall to Active mode or unpl...

I can't seem to get the correct break sequence so I can access monitor mode on this classic gem. The "Ctrl", "Esc", and "Break" don’t work with HyperTerminal to console. Any help would be appreciated.

We have found this handy URL in the release notes, which generates a test web page with the PIX config (ie. same as wr t). I have also used the https://<ip>/capture/<name>/pcap URL to download packet captures.So I was wondering, is there a reference ...

I have a PIX with 4 fixed interfaces and vlans on 2 of those. Am logging lots of dropped packets for vlan tagging on interfaces not associated with vlans.