Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Just changed AAA to use LDAP to MS2K8 AD rather than former RADIUS. Simply added hosts to existing LDAP group through ASDM. It is working fine, but I am getting tons of the following in the logs ... May 29 12:54:14 pix2-inside May 29 2009 12:56:11:...
Original post is here: http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbe7b88I have configured hairpinning on our DMZ2 interface and it appears to be working for all traffic except DNS re...
I have a pair of failover Pix 515e running software (8.02) and I have 6 interfaces. Outside, inside, inside2, DMZ1, DMZ2, failover.DMZ2 contains our external DNS server that services DNS requests for our domain and several client's domains that we ho...
I got most of the answers to this question here:http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddf9232Please see th...
We are in the process of setting up eBGP and iBGP between our datacenter and Verizon internet services. We will have 4x T1s (2x 3.0mbit) two connected to VZ in Dallas and two connected to VZ in KC. This gives us diverse paths to the internet so if VZ...
I entered:same-security-traffic permit intra-interfaceand then I tweaked the ACLs and NAT rules accordingly and it is working for everything except DNS. But the DNS is not being dropped due to an ACL but rather this inspection error.
OK, this is mostly working now, the only problem I have is with DNS queries. The error I get is:(inspect-dns-invalid-pak) DNS Inspect invalid packetI know it has something to do with DNS inspection but I'm not sure what. Here's my inspection config:c...
Sorry, to answer your question yes both of these systems are on DMZ2. I will give this a try and let you know how it goes, thanks for your help so far!
I did not add same-security-traffic permit intra-interface because I'm not sure what that will do to the rest of my traffic. Is there a way to only apply that access to DMZ2 and not all interfaces?I did not do nat (DMZ2) 200 0 0 what will that do?
