Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
The 501 has a cute little light on the front panel that supposedly indicates when an ipsec tunnel is active. I'm running websense url-filtering from the 501 back to my headquarters site using a LAN-to-LAN tunnel between the 501 and my HQ 515, so ther...
Has anyone else used winiprelay? I need to use it or something like it to bounce some traffic generated by my pix into an ipsec tunnel, and it looks too good to be true. It seems to work great, but I am worried about it opening a back door. TIA!Mike ...
My FWSM (2.2(1)) PDM (4.0) traffic rate shows approximately one-tenth the actual traffic rate for IPsec traffic. The outside interface appears to reflect the correct rate, but the internal interface looks incorrect. Has anyone else seen this? TIA.
I've got a PIX 515E ethernet1 interface plugged in to a catalyst 6513 10/100 blade, both ends are set to 100/full (not autonegotiate). The PIX is my failover standby, so I didn't notice any problem till we failed over while connecting some new interf...
did you do the second part also - change the allowed nat source addresses to 0.0.0.0 0.0.0.0? Which server is initiating the connection, sql or web server? We need to focus on which interface starts the session.
Confirm that you have a "global" statement for your dmz, with the same nat index as the one you have for your outside access (which I presume is working).I always miss this too.
Sorry to be so chatty. You might try switching to the nat/global approach instead of statics. Put in a global statement for the dmz, and change (temporarily) your nat statements to allow all addresses - 0.0.0.0 0.0.0.0
I looked at your config again and now see the static (inside,dmz), and dmz acl, which should take care of addresses. Try narrowing the static mask to class C.
That's correct, the statics are just NATs (although they can also do much more).The global statement will just do for your dmz what you already have set up for your inside - a global statement for the outside and a nat statement that specifies what i...
