Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi ThereSome Doubts regarding Ipsec process.According to Cisco Pix firewall book by Richard A.Deal,the Ipsec process in snapshot is as ..1.IKE phase 1 A.Initial exchange:main or aggresive mode B.Identity Authentication #Pre-share Keys #RSA en...
Hi ThereI have a little doubt regarding global command.If my global address is defined like this..global (outside) 1 A.B.C.67 netmask 255.255.255.248Are we using A.B.C.67-A.B.C.71 address for outbound connection?If this why we are not using global (o...
Hi ThereSome doubts regarding serial based and lan based failover.For Stateful link:According to cisco documentation "If the two units are more than six feet apart, you can use the same Ethernet state link as the failover link, but we recommend that ...
Hi ThereI have some doubts regarding access. I have tried to explain it clearly.These statements are from cisco documentation(Using nat,global,conduit and .....). "..By default, there are no access restrictions on outbound connections through the PIX...
Hi JmondacaWhatever i get from this config is that in DMZ(usuarios) u are using 192.168.150.* address with this config. ip address usuarios 192.168.150.2 255.255.255.0 INSIDE(+)192.168.151.11 ---->192.168.150.11 DMZ(-){that is inside address 192.168....
Thanks Scott for bearing meNow very much clear.To do stateful failover we have to dedicate an un-used interface(cossover if less han 6 feet,if more use switch in between,but no crossover wire) on both PIX's either for serial or lan based failover.No...
Thanks a lot ScottMy understanding regarding failover (now) is..1.If the PIX's are within 6 feet of one another, use serial based failover which uses a proprietary serial cable that goes between the primary and stand-by PIX. This cable is only manuf...
If this is the configuration ,the source address should be public address(not 10.*.*.*)?Since we are using nat 0.access-list test permit ip 10.0.0.0 255.0.0.0 anynat (inside) 0 access-list testthe PIX will allow all inside 10/8 hosts to access lower ...
