Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi, I've not used PIX/ASA for a while and was wondering the following:We currently terminate site2site & RA vpn's directly on our perimeter ASAWhat would be the better option - to use sysopt or not - ie:If we use the external firewall acl to screen ...
Hi, I seem to remember that if you change any of the vpn settings through the CLI you need to remove the crypto map from the interface before & re-apply after. Is this still the case - ie do you have to have downtime on existing vpn's when adding new...
Hi all, we have many site-to-site IPSEC VPN's that are sending traffic to us successfully - most of this traffic is either FTP or SFTP.There is no sysopt setup on the ASA firewall. Access-lists have been setup on outside interface of the ASA to perm...
Hello chaps, here's a quickie for youWe have been asked to set up a vpn connection from our pix firewall here to a business partner's checkpoint.In our interesting traffic we specify our networks as the source address and their proxy server as the de...
Hello, we need to access our extranet DMZ remotely via VPN and are having some problems getting this to work.The endpoints of the vpn are two pixes - one of which has the extranet dmz residing on it (see attached diagram)The vpn is setup fine and can...
brilliant, you've solved it - please see below: I was using sh run sysopt (it's been a while since I've used PIX!) - great that it doesn't show in the config too - sneaky! MOJPIXS11-1# sh run all sysoptno sysopt connection timewaitsysopt connection t...
Hi Federico - I've attached the config (I've sanitised our public IP's but you should get the drift) all of the connections that are permitted via VPN (insideIP to insideIP) are currently 0.CheersMark
Hi Federico there is no explicit permit AH/ESP in the external ACL - from what I understand the PIX/ASA will terminate VPN connections without the sysopt command & without explicit VPN ACL's.. what I was wondering was whether the crypto ACL takes pre...
