Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
All,Is there a capture tool, similar to the Pix has, for routers? I am trying to access a router via ssh, but I can't. I want to run a "capture" on the external interface to see if the packets are reaching the router or not and/or being NATed along t...
Hello,We have a DMVPN environment for our remote offices, that use 2800 ISR's. We use gre tunnels along with HSRP to two different core VPN gateways. Some of our remote locations would like to have High Availability (load balancing isn't necessary) s...
On a Pix, is there a way to limit the number of connections (not just SYN) one host can make to mitigate a DoS attack? For example, don't allow an ip more then 100 connections in 1 second.Or can this only be accomplished with a Top Layer type device?...
Does anyone know what the 2560 blocks represent? In the PIX performance monitor doc, they describe the 4, 80, 256, 1550, and 16384 blocks, but not 2560. On one of our firewalls, the current count is at 1. SIZE MAX LOW CNT 4 1600 159...
Does anyone know of a document explaining how the Pix handles, in regards to state, uncommon IP protocol packets such as ESP, AH, OSPF, GRE, etc.? I'm concred with the traffic passing through it, not destined for the pix.I understand how TCP, UDP, an...
One of my ISP's said they only support BGP. I'm still waiting to hear back from my other ISP. Does anyone know if I can accomplish what I'm trying to do above using BGP?
Do you mean "does it have to be from the inside?"Regardless, you can tftp a file from either the inside or outside, it doesn't matter. Just type "copy tftp flash" and it will prompt you for the ip and file name.
This is probably not a firewall issue rather a dns issue. Can you ping "fserver" from your internal network and it resolves to the correct ip? If so, are your servers in the DMZ using the same DNS servers? If no to either question, you can add hosts ...
Actually, "pix" is the default username of the ssh user. The default password of this account is "cisco", and can be changed with the "passwd" command (same password if you have telnet enabled). Hopefully the person who has their password set to pix ...
If the PIX fails to communicate with the tacacs server after 3 attempts, it will allow you to login as the user "pix". This is the default local user when you enable SSH.
