Hi Experts.Last saturday I attempted to replace an old Pix 520 OS 5.1(5) with 2 brand-new Pix 515E OS 6.3(3) in standard failover configuration.The Customer has many public servers on the inside and a few servers on the DMZ as well. Additionally, the...
Hi Experts.My Customer has an old Pix 520 w/ OS ver. 5.1(5), no DES/3DES licence and needs to establish a site-to-site VPN.He's far from my location and I would avoid to go on site to upgrade the activation key.While they're evaluating a hardware upg...
Hi Experts.Just probing whether Pix OS 7.0 will support non-FIFO queueing algorithms, e.g. priority queueing, WFQ, CBWFQ or something like that.Thank you!michele
Hi Experts.I'm wondering if the Pix has an IOS-like administrative distance concept. I've always assumed that, before it applies the longest-match-first routing algorithm, it orders routing info in this way (from most preferable to less preferable):1...
Sachin and Gareth,thank you very much for your answers. What I really needed was field experience (exactly what you reported), as I can find manuals and config tips myself.More or less, I had the suspect that the Pix was messing up ARP tables, but di...
Hi Jay.I too had read the info you reported. Anyway, thank you for providing it.However, it is not clear to me what symptoms the "no sysopt noproxyarp inside" addresses and I'm not able compare them with the symptoms I observe. So it's difficult to m...
I would try this configuration (see Example 2 of the Nat-on-a-stick doc), that requires you to change the subnet on fa0/0:int fa0/0 ip address 172.16.0.1 255.255.255.0 ip nat outsideip policy route-map Nat ! int fa0/1 ip address 192.168.1.1 255.255.2...
The PAT (overloaded) translation does take place as it matches the policy you have configured in the overload line:- input interface is marked with "ip nat inside";- source IP address matches access-list 1;- output interface is fa0/0- output interfac...