Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Across 20 Pix's, over 50% of my syslog messages are inbound on SOURCE port 80 (message 106023) from the internet to our PAT address. It doesn't seem to have any effect on our traffic but it is basically giving us way to many false positives on the s...
All of our Pix's are setup with a PAT address for outbound web surfing. By default, we allow destination ports TCP 80 and 443 outbound (DNS is handled by an internal server). There are no related ports allowed inbound as the return traffic should b...
I am in the process of setting up VMS and have noticed that with every 'save and deploy' that I do, that all of my Pix's (which run VPN's) are given the following commands:‘no crypto map x interface outside’‘crypto map x 20 set security-association l...
Hello Jared-I saw your posting on the VMS Auto Update server failing. I am having the exact same issue. The OS and PDM updates work fine, but the config update is giving me the HTTP POST error.Have you come up with anything?Any help would be apprec...
How many VPNs are running on the 501?You are using 128-bit encryption for IPSec.(crypto ipsec transform-set AES esp-aes esp-sha-hmac ). I haven't found the isakmp encryption to play a major role in slowdowns because that happens fairly quickly and i...
The encryption you are using may be killing system resources. What kind of encryption are you using? And which model of Pix?I did some testing and found AES-128 to be the best bet for security and speed (AES-256 killed my 501 and 506s).Login to PDM...
To make it simple, use the command 'HTTP 0.0.0.0 0.0.0.0 inside' to remove all restrictions on your ability to use PDM from the inside of your network.To console into the Pix, you must use a rolled cable. If you bought the Pix directly from Cisco, o...
There are administration rules that limit what IP addresses can connect via PDM. To specify HTTP access for your PC via the inside address, you must have:"HTTP x.x.x.x 255.255.255.255 inside"configured (x.x.x.x is your PC's IP address).The same goes...
