Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hey NetPros, I'm running into an odd problem. I have many remote PIX's set up, all running v6.3(5) and a head office ASA5540 running 7.0(6). All devices are set up with 'service resetinbound' and 'service resetoutside'. If I attempt to connect to one...
Hi NetPro's. I'm looking for a way to add path redundancy to select sites on my existing site to site VPN (all PIX based at the moment).My headend is a PIX 525 (running 7.0.4) and the remote sites are either 501's or 506's (running 6.3.5).I would lik...
Hello, I ran into a problem last night with one of my C2950T-48-SI's. A minute before 11PM, the switch stopped accepting traffic from all ports between 25 and 31, but was still transmitting to them (unidirectional).Clearing out the configuration of t...
Hello, I have a PIX 501 that is configured as a DHCP server for some internal hosts consisting of Thin Clients (Neoware and Wyse) and PC's. For the last few weeks, the DHCP service has been acting up and refusing to assign addresses to the Thin Clien...
Hi, I have two 525's configured in FO. A few months ago I ran into a problem with 6.3.3-133 where both of my PIX's would stop responding on the Inside (embedded) interface and the secondary would flip and take control. After an upgrade to 6.3.4 the p...
Upgrading is never fun Once I get back from vacation, I'm hitting the lab with a few firmware versions to test out. I was trying to stay away from 7.2 due to stability problems I've had with it in the past, but I might not have a choice anymore..Tha...
Thanks for the response, Patrick. However, the problem isn't that I need the ASA to respond to the RST-ACK (or generate one!), I just need it to forward it on to the requestor (a user on the inside network), instead of silently dropping it.The ASA is...
Thanks for the Tip, Jason. Unfortunately, I have too much traffic going through this device to pin-point the problem for sure. One of the counters that is incrimenting pretty close to when I do a 'clear asp drop' is for 'Bad TCP SACK ALLOW option'. S...
I'm running into this same problem of 'Outside NAT' breaking the 'Inside NAT'.305011: Built dynamic UDP translation from inside:192.168.1.2/3738 to outside:10.61.147.123/1084305005: No translation group found for udp src inside:192.168.1.2/3738 dst o...
Hi Stephen, No, I'm using local accounts on the server, but nothing to do with 802.1x. Google shows quite a lot of hits concerning FreeRadius and 802.1x authentication. Two of the most likely candidates listed below:http://www.tldp.org/HOWTO/html_sin...
