Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Is there a way to kill/clear a single TCP connection on Pix/ASA. I have a user who has hung connections to a server behind the firewall. His session idle time on the Show Connection CLI output is incrementing. I want to kill that session/connectio...
I have had this problem a couple of times and have not resolved it yet. I have a Pix that I manage at a remote site via SSH to the outside interface. The remote Pix has an IPSEC VPN tunnel to my main site Pix. I want to use SNMP from my main site ...
We need to setup multiple secureID groups using RSA authentication. But each group should only be able to access certain areas of the network. Is there a way to synchronize the groups in the VPN3000 with groups in the RSA server so that there is po...
I have a request to build two IPSEC VPN tunnels across two different ISPs on site A going to site B with one ISP and a Pix. Site A has a Pix, and a couple of 2691 routers. Which design would make better use of two ISP redundancy at Site A, two rout...
I had a remote VPN user complain about constant disconnects from our VPN 3005 when he was trying to connect from home one weekend. I went through all the concentrator logs and saw six times with the same disconnect reason... Does this point to a par...
Do a traceroute from a server/PC on the 506 side. You will probably asterisk out when you hit the Pix, but it should show you if you have a routing problem. Also check your crypto ACL on the 506 side. Do show xxxx access-list and see if there are ...
I am still getting familiar with ASA or version 7.x software, but I don't see how the ACL allow_in is applied to the outside interface. Are the loss of pings and the dropping of the VPN tunnels happening at the same time? That would seem to be an I...
Thanks for your reply. In the example that you gave, how were you able to dynamically reroute the traffic over the other VPN when one ISP went down? HSRP with tracking on the outside interfaces?
Since rack space rental in the hosting center is a monthly cost, I have to consider that also. If we went with two 3845s, and three DS3 cards, the procurement cost quoted was over $31K, and it would take up 6 RU of rack space. One 7206 could handle...
Well, two of the three connections are actually on serial interfaces now, 6Mbps on one, 44Mbps on another, and a third one coming soon at over 3 Mbps. I had never seen that much bandwidth running on a serial interface before I got here last month....
