About mitchrussell42

mitchrussell42 · 09-26-2011

Inside, outside, and two discrete DMZs. Inside 100, outside 0, DMZ1 50, DMZ2 40. DMZ1 -> 192.168.7.0/24. DMZ2 -> 192.168.8.0/24.Wireless APs on DMZ2 - using public DNS, want to hit FTP server on DMZ1 with public address:nat (DMZ2,DMZ1) source static ...

mitchrussell42 · 11-16-2010

Independent contractor is e-mailing reports (about 120K) inbound from personal Yahoo account. Our C160 reports repeated "Receiving aborted by sender" errors. Version 7.01-010Our timeouts are huge (10 minutes on reject, 30 minutes on accept). This is ...

mitchrussell42 · 07-16-2010

This is going to be our new Internet router. I expect port 22 to be open for SSH. But, I've got everything obvious turned off. Here is the test config (I dont' have the IP addrs from our new ISP yet):version 15.0no service padservice tcp-keepalives-i...

mitchrussell42 · 04-09-2010

Client behind a PAT home router, with local address in 192.168.1.0/24.Servers in 192.168.1.0/24 behind PIX firewall.Client uses VPN client to connect to PIX firewall, is assigned IP from 172.31.1.0/24 pool.Client cannot access servers in 192.168.1.0/...

mitchrussell42 · 07-13-2009

2811 router, multilink frame-relay for Internet. 100 miles to CO for frame termination.I'm working with an Cisco engineer on the MFR aggregation virtual interface that is dropping inbound packets. Six T1's with full CIR. All links clean. Other side o...

mitchrussell42 · 09-28-2011

Workaround - black hole techniqueIf you packet trace both scenarios, you find the 5.5.5.50 access does a translation, but no translation is attempted for 192.168.200.100. Both then match the ACL.So, put a dummy translation into the NAT statements. I ...

mitchrussell42 · 09-28-2011

OK, here is an instance with all fake info:PC3 <--> ASA <--> PC2PC3 is 5.5.5.2, WinXP, gw 5.5.5.1PC2 is 192.168.200.100, Ubuntu, gw 192.168.200.1ASA is 5.5.5.1 outside, 192.168.200.1 inside.From PC3, I can connect to the NAT of PC2 at 5.5.5.50 with f...

mitchrussell42 · 09-27-2011

I'm just going to open a ticket on this item. I'd rather not put too much information on a public forum.

mitchrussell42 · 07-12-2010

Cisco VPN client does not support 64bit. See: http://www.cisco.com/en/US/products/sw/secursw/ps2308/, bullet 5. This is how Cisco is forcing migrations from the VPN client.

mitchrussell42 · 04-12-2010

I tried a policy NAT, but it wouldn't fire. The VPN terminates on our only PIX firewall. The issue is that NAT is associated with an interface. The untunneled VPN traffic is not arriving on any of the interfaces available to the NAT command, it just ...

Member Since	‎12-23-2008 01:49 PM
Date Last Visited	‎08-18-2017 03:56 AM
Posts	15

User Statistics

User Activity

NAT control issue - traffic with and w/o nat allowed

Problems receiving e-mail from Yahoo

New 2951 - 15.0(1)M2, with ipbase: why are port 25 and 110 open?

IPSec VPN clients to PIX 7.x - addressing conflict

2811 multilink frame-relay - is six T1s too many?

NAT control issue - traffic with and w/o nat allowed

NAT control issue - traffic with and w/o nat allowed

NAT control issue - traffic with and w/o nat allowed

Re: Installed VPN client 5.0.7.290 with 64bit Win 7 and cannot i

Re: IPSec VPN clients to PIX 7.x - addressing conflict