Other Security Subjects

To ping outside and dmz devices, I used to configure "conduit permit icmp any any". With pdm, I have my implicit permit rules from high to low security interfaces. In order to allow icmp echo replies back through, I configure a rule to allow icmp ech...

Hi,I am currently trying to configure reflective access-lists on a cisco 2621, running IOS 12.2The problem is that in all of the examples that i can find, allowing outbound traffic seems to be defined as follows:permit tcp any any reflect outpermit ...

I have 2 failover Pix 525 under version 6.1.1 we found some inbound packet > Jul 11 07:33:53 [primary-inside.2.2] %PIX-6-302001: Built inbound TCP> connection> 87177438 for faddr 218.1.1.1/32932 gaddr 218.1.2.2/443 laddr 218.1.2.2/443> Jul 11 07:33:5...

I have a 1710 router (with a external ADSL modem) and with the correct software (IP/IPX). Is it possible to make a IPX connection over ADSL (using GRE I persume). And I have a unconfigured 2621 VPN router in HQ.1710 <---> ADSL (internet) <-----> fire...

Hi guys,I'm putting a new PIX as the outside firewall of our DMZ, there is an ISA server between the new PIX and the internal network.There are two web servers inside the ISA and both have their IP addresses translated to the outside interface of the...

HiWe have a vpn3015 concentrator which our users use to access intranet resources remotely. The bulk of these customers use pptp clients. The problem I have come up against is that when their passwords start to expire they get no warning. When their ...

Thisa is my first setup on a cisco product\ and I recently set up a pxi 501. I want to configure the VPN settings. As this is our gateway to the net I want to be able to reload the pix with a saved configuration from the tftp server. I cannot find...

I have got packets lost about 5 packets or more continous over L2TP VPDN connection when I ping (at 32bytes packet size ) from a PC that connects over L2TP to LNS ip address at ethernet, loopback or WAN. On the same time, I have got NO packet lost on...

Is there a way I can grant a user the privilege of doing an extended ping or trace without giving the "enable" access?

It seems to be only warning, but I would like to know how I can fix it. When I enable debuging crypto subsystem I see the folowing message in the log:"IPSEC(encapsulate): encaps area too small: moving to new buffer: idbtype 0, encaps_size 84, header ...

Hello,I am in Japan trying to set up a VPN using a PPPOE based connection called "BFlets". However, when VPN Dialer is installed and Deterministic Network Enhancer kicks in, the computer becomes unable to ping large packets, and therefore unable to ...

Hi,I would like to know if it's possible to setup mutiple simutanous 3002-3060 connection with the same user passwordthanks

Does the IDM/IEV provide a method for sending email alerts in the manner that the CSPM does?Cosby

Some sample access-lists that I have seen show an output like the one below. My question …….is it necessary to have the deny for tcp and udp specific port numbers? It is my understanding that the implicit deny at the end will block these. The spec...

Below is config for my pix I'm working with. However, I can't connect to FTP from the inside when allowing FTP ports both TCP and UDP. However, when I allow all ports (i.e. permit IP any any) it works fine. What gives?nameif ethernet0 outside secu...