In the case of PIX, packets destined to the device are not evaluavate against the inbound ACL. Have a look at the discussion at http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%...

Yes. The inbould ACL should also allow IKE and IKAKMP traffic as well. I am assuming you are using IOS. In IOS, the inbound ACL is evaluavate before and after decryption. With newer release, this is however not the case. You can refer to http://ci...

In short, you need to create access-control list and then apply then on both the interfaces. access-list test deny {tcp/udp} any any eq 1025.

Hmm...I am not too sure about this either. AFAIK, the password is only for certifcate revocation.Also, in the MS CA Server, there is an "Auto-enroll" option , which is disabled by default. So perhaps you can try changing this and share your expirien...

hi, U need to install the SCEP add-on from http://www.microsoft.com/downloads/details.aspx?FamilyID=9f306763-d036-41d8-8860-1636411b2d01&displaylang=enOnce this is done, U can configure the trust point as explained http://www.cisco.com/en/US/products...