You need to translate the IP addresses of the private networks acceptable to the internet provider.The VLAN 1 is connected to the intenet directly and routerable. All others are private networks and will be dropped by the internet provider.

This one worked with pix ver 6.2LAN1-(192.168.4.0/24) --| PIXa |----| PIXb | -- (192.168.4.0/24)-LAN2Both Private_LAN1 and Private_LAN2 have an IP subnet of 192.168.4.0/24. This simulates the overlapping address space behind each side of the IPSec tu...

If you can change the 192.168.0.x/24 to a different subnet such as 192.168.1.x/24.Or, you can add "ip subnet-zero" in both routers' configuration.The addresses in the NAT pool test are subnet zero addresses. The ping to the device fails because no tr...

The syntax of the login is "domain/user" and the password is the domain password.Make sure you have the "agent" installed on all the Domain-Controllers(pdc/bdcs) as service. On the Websense-manager's "configuration" manu, verify you hightlight all th...

If the log entry is similar to "PIX-3-106011: Deny inbound (No xlate) tcp src outside:x.x.x.x/2657 dst outside:y.y.y.y/80", you are dropping "CodeRed" packets. Cisco advisory.http://www.cisco.com/tac/newsflash/codered_secadvisory_08162001.html