About mismtk2007

mismtk2007 · 05-29-2009

Just changed AAA to use LDAP to MS2K8 AD rather than former RADIUS. Simply added hosts to existing LDAP group through ASDM. It is working fine, but I am getting tons of the following in the logs ... May 29 12:54:14 pix2-inside May 29 2009 12:56:11:...

mismtk2007 · 11-13-2007

Original post is here: http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbe7b88I have configured hairpinning on our DMZ2 interface and it appears to be working for all traffic except DNS re...

mismtk2007 · 11-08-2007

I have a pair of failover Pix 515e running software (8.02) and I have 6 interfaces. Outside, inside, inside2, DMZ1, DMZ2, failover.DMZ2 contains our external DNS server that services DNS requests for our domain and several client's domains that we ho...

mismtk2007 · 09-06-2007

I got most of the answers to this question here:http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddf9232Please see th...

mismtk2007 · 08-22-2007

We are in the process of setting up eBGP and iBGP between our datacenter and Verizon internet services. We will have 4x T1s (2x 3.0mbit) two connected to VZ in Dallas and two connected to VZ in KC. This gives us diverse paths to the internet so if VZ...

mismtk2007 · 11-09-2007

I entered:same-security-traffic permit intra-interfaceand then I tweaked the ACLs and NAT rules accordingly and it is working for everything except DNS. But the DNS is not being dropped due to an ACL but rather this inspection error.

mismtk2007 · 11-09-2007

OK, this is mostly working now, the only problem I have is with DNS queries. The error I get is:(inspect-dns-invalid-pak) DNS Inspect invalid packetI know it has something to do with DNS inspection but I'm not sure what. Here's my inspection config:c...

mismtk2007 · 11-09-2007

Sorry, to answer your question yes both of these systems are on DMZ2. I will give this a try and let you know how it goes, thanks for your help so far!

mismtk2007 · 11-08-2007

I did not add same-security-traffic permit intra-interface because I'm not sure what that will do to the rest of my traffic. Is there a way to only apply that access to DMZ2 and not all interfaces?I did not do nat (DMZ2) 200 0 0 what will that do?

mismtk2007 · 11-08-2007

Here's what I think is relevent:global (outside) 200 interfaceglobal (inside) 200 interfaceglobal (DMZ1) 200 interfaceglobal (inside2) 200 interfaceglobal (DMZ2) 200 interfacenat (inside) 200 192.168.x.0 255.255.0.0nat (DMZ1) 200 10.0.x.0 255.255.255...

Member Since	‎08-22-2007 07:12 AM
Date Last Visited	‎03-03-2021 12:52 AM
Posts	18
Total Helpful Votes Received	3

User Statistics

User Activity

113022: AAA Marking server 0.0.0.0 as failed

Hairpinning DMZ DNS traffic

PIX DMZ contains both outside DNS and e-mail server, doesn't work.

Load Sharing When Dual-Homed to One ISP - Followup

Load Sharing When Dual-Homed to One ISP with 2x 2821 and 2x Pix 515e

Re: PIX DMZ contains both outside DNS and e-mail server, doesn't

Re: PIX DMZ contains both outside DNS and e-mail server, doesn't

Re: PIX DMZ contains both outside DNS and e-mail server, doesn't

Re: PIX DMZ contains both outside DNS and e-mail server, doesn't

Re: PIX DMZ contains both outside DNS and e-mail server, doesn't