About nnw11903

nnw11903 · 03-11-2007

Hi,at the moment I have some vpn-filters applied to remote access VPN groups defined and everything works as expected (sysopt connection permit-vpn is enabled).Now I need to setup a few L2L tunnels and I want to restrict traffic beyond the crypto-acl...

nnw11903 · 08-15-2004

Hi,can someone explain the functionality of the FWSM traffic classifier in depth?We're having a complex FWSM config with around 40 contexts and 20 shared interfaces between most of the contexts.To enable - inter-context communication over shared vlan...

nnw11903 · 05-21-2004

Hi,I've the following setup running (relevant parts):interface Ethernet0/0 ip address 10.200.30.21 255.255.255.248 ip nat inside standby 122 ip 10.200.30.22 standby 122 name HSRP_int!interface Ethernet0/1 ip address xxx.xxx.xxx.132 255.255.255.192 ip...

nnw11903 · 03-16-2004

Hi,I want to extend a VPN setup by adding 836 routers as EzVPN clients in NEM mode connecting to a 3005 VPN Conc.As far as I understood 12.2T, 12.3 and 12.3(T) documentation correctly, EzVPN will not work with digital certificates for authentication...

nnw11903 · 11-05-2003

Hi,since I upgraded our redundant PIX 515E from 6.3(1) to 6.3(3) there is a noticeable higher amount of dropped packets (x5).The dropped connections are equal in one point: While closing the tcp client/server session, there is a RST packet involved (...

nnw11903 · 04-03-2007

Hi,for RA VPNs, the vpn-filter works flawlessly for me with "sysopt connection permit-vpn" enabled. Software release is 7.2(2).I didnt had the time to test it with L2L tunnels yet, but I'm going to implement this with caution after I read the post fr...

nnw11903 · 10-08-2004

Yes, they should, if you do not want to use FWSM transparent mode.If you do not assign an IP address to the SVI, for what reason it should be configured?OTOH you can have another L3 routing device in the same VLAN outside the CAT6k that acts as a gat...

nnw11903 · 10-08-2004

Hi,1) You can have more than 1 SVI shared between MSFC and FWSM.MSFC(config)#firewall multiple-vlan-interfacesenables this.Then, you configure L3 VLAN interfaces on the MSFC. MSFC(config)#interface VLAN ...These VLANs must be trunked to the FWSM thro...

nnw11903 · 07-30-2004

Hi,maybe the IKE/IPSec settings on your Conc. forcing XAUTH? Try to use a IKE proposal without XAUTH, for example the predefined IKE-3DES-MD5-RSA-DH1.To the "ra" thing: a CA (sub or root) may delegate registration tasks to a so called registration au...

nnw11903 · 07-29-2004

Hi,I succeeded, but without the use of EZVPN. Now we're connecting the 836's to a central IOS hub doing IPSec Lan-to-Lan VPN with certificates (836 remote router with dynamic IP address assignment from ISP).Sample config for 836 (only relevant parts)...

Member Since	‎05-13-2003 11:30 PM
Date Last Visited	‎05-18-2020 02:57 AM
Posts	24
Total Helpful Votes Received	3

User Statistics

User Activity

asa/pix vpn-filter clarification needed

FWSM classifier

HSRP and ip nat redundancy

836 EzVPN and Certificates

PIX 6.3(3) RST problem

Re: asa/pix vpn-filter clarification needed

Re: FWSM: svi, vlan 1

Re: FWSM: svi, vlan 1

Re: 836 EzVPN and Certificates

Re: 836 EzVPN and Certificates