Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I need help from experts in this forum:I have a pair of Cisco VXR7206 running IOS version c7200-jk9s-mz.124-10a.bin. I setup this pair of routers for stateful IPSec failover. In other words,if the Active router is rebooted, the standby routerwill t...
In Cisco IOS, I can send AAA accounting logto multiple AAA servers using a methodcalled broadcast like this:aaa group server tacacs+ partner_1 server 192.168.1.1!aaa group server tacacs+ partner_2 server 192.168.1.2aaa accounting exec VTY start-stop ...
I have a primary ACS with IP address 10.250.97.29/24. it is working fine.Now I would like to add a secondaryACS with IP 10.250.97.50/24. BothACS 4.1 are identical with version 23 patch 5. both are running on Win2k3with Service Pack 2. Both Win2k3 ...
I need advice from someone with experience with both Cisco ACS 4.1 build 25 and RSA SecurID 6.1I have a primary ACS 4.1 build 25 running on win2k3 Service Pack 2 AD controller call box_1. This machine, box_1, also has RSA SecurID Primary installed. ...
I would like to use Microsoft ActiveDirectory (AD) to authenticateremote access users connecting to the VPN3005 concentrator. Everything is working fine but I want the VPN3k to usemicrosoft ds (tcp port 445) instead ofnetbios (tcp port 139) when it ...
AdventNet is ok, not that great. I used CSM inthe past and it is a horrible product fromCisco. I would use Sawmill. It's a cheap productand can do what you need.
I work with both Checkpoint and Cisco Pix, andwhat you're asking can not be done with CiscoPix. Pix lacks the plugg-in module for thesefeatures. Checkpoint can take care of thisvia SmartDefense. Perhaps this can be donewith ASA with an IPS plugg-i...
I would like to say that you're not designingyour network correctly by having multi-tierfirewalls architecture from a single vendor.This is simply not a good design.What I would do is using the Pix firewallas the layer of defense at the first tier an...
you do NOT need to allow anything on the outside interface. In fact you can even do this:access-list ccie_security deny ip any any logaccess-group ccie_security in interface outsideyour pptp still works after that becausethe connection is initiated ...
