Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,Could you please tell me some vendors, whose IPSec implementation always requires thet the originating side ISAKMP port MUST have UDP 500?My problem is that I have to PAT IPSec connections without nat traversal, which is working with "ip nat servi...
Hi,As per CCO:Timesaver For example, if you have an IP address space that applies to your engineering group and there are no Windows systems in that group, and you are not worried about any Windows-based attacks to that group, you could set up a vari...
Hi,Is it possible to create something similar to "default-information originate" on a CVPN 3000 w/ OSPF?I want to adv. a 0/0 route into the area.Thanks,Attila Suba
Hi there,My problem is:I want to create a rule on IPS 5.x, in which a TCP high port rage sweep triggers a low alarm, but if the sweep includes tcp 2400 port, than I receive a high level alarm. But in the same time I don't want any alarms, if theres i...
Hi,The followings are from the Yusuf bible. I think some of you had read and configured all that labs, so I really hope it's just a simple question for you.So, In Chap. 1 / Section 7.1:-------------------------------------------------"Configure two u...
Hi Pete!Would you please send an update about the result of your case? I have just stucked in to the same problem. It would be nice to have a quick solution... thanks,Aa
Hi,You don't have to add the failover unit, since if the primary unit fails tha failover unit would use the same IP addresses. Instead use logging standby feature if you want both units to send syslog.From topological point of view logically the two ...
Sorry to say that man, but this answer does not even has a bowing acquasintance with my question. I need information about OTHER VENDORS, whose IPSec devices will be not available, since IKE is not origiated from UDP 500. So once again the question:"...
Hi,Allow the following traffic BACK the pix (so access-list on the outside):access-list aclout permit icmp any any unreachableaccess-list aclout permit icmp any any time-exceededaccess-list aclout permit icmp any any echo-replyA_a
