Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi all,I have a small problem regardin IOS SLB as firewall loadbalancer. Let`s say I have a firewallfarm with IOS SLB between FWs and Internetgatway.When I deploy this scenario with CSM, I have to configure reals for my firewalls and a real for my in...
Hi all,I did some tests regarding PIX and passing BGP traffic through this box.When I configure the PIX to do no NAT (NAT 0) config and configure a BGP session between two routers (one on inside and one on outside net) everything works ok.When I conf...
Hi all,I have some problems to do shunning via PIX.I`m running IDS 4235 with 4.1(3)S62 and a PIX with PixOS 6.3.3.Both the sniffing and the management Interface of the IDS are on the inside network of PIX. PIX does no NAT (NAT 0) for all trafficI con...
Hi,if you install Cisco PEAP supplicant , the MS Supplicant with MSCHAPv2 support will disabled and only Cisco PEAP-GTC is available.Is there any possibility to have both versions available at the same time , so i can select which PEAP method I`d lik...
Hi all,I`d like to know if it is possible to enable Client Firewall Enforcement on a per user basis via ACS Server. What will happen if I apply the "CVPN3000-Required-Client-Firewall-Vendor-Code" and "CVPN3000-Required-Client-Firewall-Product-Code" A...
additional to Cisco Clear Access (which can do lot more than just webbased login) there are following solutions-Cisco BBSM (the main purpose of this box is to do the weblogin thing)-Cisco SSG (Service Selection Gateway - an IOS feature) in combinatio...
Hi Eric,no, IPSec (standard IPSec as per RFC) does not allow to transmit Multicast and Broadcast traffic via a IPSec VPN.You have more or less following possibilities :-wait for IKEv2/ESPv3 then Multicast/Broadcast traffic is an allowed option- conf...
Hi,the user can export the certificate, but it is useless as long as they are unable to grab the corresponding private key from the Certificte store.If you don`t want to protect your certificate against misuse (somebody steals the pc, where the certi...
Hi,the certificate MUST always be exportable, cause otherwise the PIX can`t authenticate your VPN user.(It`s your public portion)What you should protect is your private key. If you use the Microsoft Keystore, there is somewhere a option (during certi...
