You can't copy the OS from the PIX to a tftp server--only the other way around. Perhaps there's a hack to get around it, but they purposefully decided not to allow the OS to be copied off.
Any particular reason you don't put in a full mesh so all traffic doesn't have to cross LocalB? All your devices support multiple tunnels, so you'd just have to set up a connection from LocalA to LocalC.That would be your best option (by far!), but ...
I can't find a complete reference for 12.3, but here's the one for 12.0:http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide_book09186a00800881ca.htmlBetter than 90% of stuff should be about the same, and those that don't wor...
the 2611 should meet your needs. With CBAC, you only need to open holes for services you explicitly want to provide to the outside world. So Pointing TCP 80 and 443 to your web server, etc. For your internal hosts, all connectivity will work fine wi...
In general terms:permit any necessary access to your internal network (web servers, printers, whatever. BE SPECIFIC!!)deny all access to your internal network (deny ip any subnet)permit ip any any