About mmorris74

mmorris74 · 08-04-2005

Hello,We are having a terrible time having a site-to-site VPN co-exist on a PIX firewall terminating VPN client connections.The site-to-site VPN can be initiated from the other, but not from our endWould anyone have a sample configuration or know of ...

mmorris74 · 01-11-2005

Hello,I have an applications which connects to a VIP defined as 140.168.172.200 on ports 5555 5565 5575 5585 and 5595. The service associated with this VIP in the content rule is defined as followsservice av-testeai-01 ip address 140.168.170.53 proto...

mmorris74 · 05-31-2004

Hello there,We are currently reviewing a number of ACLs and moving them to utilise sequence numbers. The issue we have is that whilst it is possible to sequence the "permit" and "deny" statement you cannot sequence any "remark" statements. Thus if yo...

mmorris74 · 05-30-2004

Hi ThereI was wondering if anyone knew of a way to pull back hits against the ACEs in an IP ACL through SNMP. That is the same info you get from say "show ip access list <acl_#>"?If this is possible what MIB package can it be found in?Thanks very muc...

mmorris74 · 08-07-2005

Hello Jay,It seems we have determined what this issue was. When a PIX firewall terminates both VPN client connections and site-to-site VPNs, you cannot use a singe access-list to both define what traffic is exempt from NAT (nat 0 access-list xxx) and...

mmorris74 · 01-12-2005

Hello Gilles,I have to make a retraction, by removing the port statement from the service configuration it stopped PAT translating everything to port 5595. Instead if a client connection is received by the VIP on say port 5585 then it is forwarded to...

mmorris74 · 01-12-2005

Hello Gilles,I have tried the approach you suggested however when I removed the port statement the service went into a 'down' state.I managed to get around this by modifying the keepalive statement to use one of the ports the server listens on i.e. ...

mmorris74 · 01-12-2005

Thank-you ZachPlease find attached the configuration for our two content switches, note the the issue we are experiencing is for the av-testeai-01 and av-testeai-02 services (though I assume we will see the same issue for the production services as w...

mmorris74 · 01-12-2005

Hello Zach,Only a single VIP has been configured for the host on port 5595. When I say its only forwarding to port 5595 this refers to connections between the CSS and the backend server.I have also tried what you suggested around specifying the range...

Member Since	‎08-25-2003 08:58 PM
Date Last Visited	‎08-18-2017 03:51 AM
Posts	11
Total Helpful Votes Received	5

User Statistics

User Activity

PIX site-to-site VPN with VPN client connections

CSS11503 - VIP and port forwarding

ACL Seq #'s AND the remark keyword

SNMP MIB for ACL hits

Re: PIX site-to-site VPN with VPN client connections

Re: CSS11503 - VIP and port forwarding

Re: CSS11503 - VIP and port forwarding

Re: CSS11503 - VIP and port forwarding

Re: CSS11503 - VIP and port forwarding