About davemit

davemit · 12-13-2011

Hello!We are moving from an ASA to IOS routers for our site to site VPN tunnels. On the ASA we have several tunnels set up as "Answer-Only". How do I configure this same setting on the IOS router? It isn't jumping out at me as an option in the cr...

davemit · 09-13-2011

I will be deploying the ACE with two virtual contexts in routed mode. Each context will have its own separate server VLAN, but I am wondering if I can share the Client side VLAN between contexts? Is this possible, or does each context need it's ow...

davemit · 05-10-2005

I am currently using VMS Security Monitor to generate reports for my PIX firewalls. Network usage, denied IP's, etc.I would like to be able to generate these same reports for my IOS Firewalls (Routers with CBAC). Does anyone know if this is possibl...

davemit · 04-04-2005

Hello all, I have a question about NAT on a FWSM. I don't believe it would be any different on a normal PIX appliance though.The question is, do I need to implement some sort of NAT (whether static, or dynamic) to allow traffic between interfaces?Fo...

davemit · 02-17-2005

I have an Exchange server that is getting bombarded with MYDOOM.BB viruses. The server virus software is detecting these, but we would like to determine the source. However, my IDS 4215 which is monitoring that network segment is not alarming at al...

davemit · 12-16-2011

Thanks for thinking outside the box Marcin! That may work, but I don't think I want to "cludge" up the config of our head end router with a dynamic crypto map just to implement this one feature. I was hoping the feature was available in static cry...

davemit · 12-13-2011

Thanks for the reply Marcin!How do I apply a crypto ipsec profile to a static VPN?I know you can configure VTI interfaces that use profiles, but my understanding is that both sides would have to use VTI interfaces, whereas we have a variety of custo...

davemit · 10-06-2011

I just started messing around with this trying to get it to work and am running into the same problem. There doesn't seem to be any effect at all after applying the policies to either interface in either direction.Has anyone got this working?

davemit · 09-21-2011

I had this issue trying to upgrade code on my 5505 (I am running with only 256MB RAM).I couldn't get it to work until I had 25% memory available (via sh mem command). To do this I disabled the threat detection features, and all VPN features and reb...

davemit · 09-14-2011

Got it, thanks Cesar. The difference is that you are running One-Arm Mode on both contexts. I will be in-line routed mode, so if I understand properly I will need to have separate client VLANS for both contexts in order to avoid this problem.

Member Since	‎11-04-2004 05:40 AM
Date Last Visited	‎08-18-2017 03:53 AM
Posts	40
Total Helpful Votes Received	10

User Statistics

User Activity

IOS VPN Tunnel - Answer Only?

ACE Multi-Context Shared VLAN?

VMS Security Monitor and IOS Firewalls

Necessity of NAT on a PIX

IDS and MYDOOM.BB

IOS VPN Tunnel - Answer Only?

IOS VPN Tunnel - Answer Only?

ASA rate-limit via QoS doesn't work ?

Problem uploading new software to ASA

ACE Multi-Context Shared VLAN?