Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,I am having trouble getting the config right for failover on a pair of ASA 5505 with a plus license. I have a Cisco Press book but I think the examples are for 5510 and up. I could not find what I needed on the web site either. Can someone provide...
We just migrated a bunch of in-bound access rules from a Netscreen to a PIX 515 (v7.2). When several Linux servers ping devices on the internet they get back icmp (dup) messages. These hosts have the PIX set as their default gateway.Has anyone seen t...
I'm working with a PIX (V7.2 code) that is set up to only do IPSec connections via the internet. I am trying to add the ability to make unencrypted non IPSec connections to the internet.In a previous forum post someone suggested I should do split-tun...
Hi,This weekend I'm migrating a Netscreen's firewall rules to a PIX .I was hoping someone can take a look at what I plan on doing and let me know if there are any possible issues. I am not so much concerned with the issues of in-bound security. More ...
Hi,I was hoping I could get some help from the group on the following.I'm working with a PIX that is set up to only do IPSec connections via the internet. I am trying to add the ability to make unencrypted non IPSec connections to the internet.Below ...
Anthony,Thanks, your suggestion worked for me....but when I do a sh fail I get Unknown (Waiting) status as indicated in the output below. The 2 units seem to be communicating OK and changes made on the primary are copied to the secondary.I found a Ci...
An additional comment on this. The devices that see these icmp (dup) messages have static translations and acl rules allowing in-bound connections. Other Linux devices on the local that do not have the statics and acls don't get the dups.
Sorry I'm having trouble understanding how the access list works. I thought the “inside_nat0_outbound†part is just a name and the nat statement relates to the actual interface.I have to work on something else right now, but I will look at your s...
