Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm confused by portions of the Cisco "VSS-Enabled Campus Best Practic Configuration Guide", specifically with the configuration example in Appendix A. The configuration example repeatedly shows seperate configurations labeled "Core 1" and "Core 2" w...
I'm having trouble opening a passive FTP connection between two hosts, both of which are behind firewalls and NAT'd. The FTP inspection on my end is properly inspecting the FTP traffic and is therefore seeing the "REAL" IP address as a result of the ...
Is there a way to NAT a server initiated connection based upon destination similar to what's possible using a souce group in a CSS. What I'd like to do is NAT a server initiated connection to the Virtual IP when the server is connecting to the intern...
Can someone explain to me how ASDM handles the _ref ACL entries, it appears to me that it will create them automatically, and sometimes replace my original entry with _ref appended. For instance if I create an ACL sql_servers and then later make chan...
I've seen this discussed several times in regard to a CSS Appliance, however I was unable to find out if the SSL Module will support a Wildcard Certificate.Thanks in advance.
Thanks, I understand what is supposed to happen during a passive FTP session. The problem appears to be that his firewall is not properly inspecting the FTP packet. He does have the global policy enabled, but for whatever reason his NAT device, which...
Sorry I didn't see that line, but what's happening now is that your not matching your phase 1 configuration. Save your existing configuration, delete the existing crypto map entries and try this:crypto dynamic-map outside_dyn_map 10 match address out...
Suzanne,Try adding this line to tie your static crypto map to your dynamic mapcrypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_mapAlso make sure that your encryption lists are exact mirrors of each other on both ends of the tunnel.Mark.
Suzanne,Yes there is. You'll need to create a dynamic crypto map and associated isakmp configuration. The config is basically identical to a remote access VPN setup, except that you need to tell the PIX not to NAT tunnelled networks. You can do that ...
