If you are having problems with P2P users, you would probably want to invest in something that can filter that kind of traffic. Products like Websense will integrate with the PIX firewall and block access to P2P sites, and the Websense network agent ...

I have some bad news for you.You cannot do this in 6.x. You need version 7.x. Unfortunately, the 7.x branch is not (yet) supported on the PIX 506. With PIX 7.x static statements, you can specify "udp" with "udp_max_conns".The best you can hope to ach...

It will allow the traffic. I don't believe it does inspection, however. Try the following: access-list 101 ethertype permit ipxaccess-group 101 in interface insideaccess-group 101 in interface outside

I'm not sure what you mean by no xlate. Since you are doing a nat 0 on the VPN traffic, no translations are performed, and there wouldn't be any corresponding xlate entries...right?From what I understand about Cisco firewalls, an xlate entry is only ...

In 7.0 it's a little more complicated than doing just a no fixup. You must modify the inspection class for the default global policy map.firewall# conf tfirewall(config)# policy-map global_policyfirewall(config-pmap)# class inspection_defaultfirewall...