Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello!We are moving from an ASA to IOS routers for our site to site VPN tunnels. On the ASA we have several tunnels set up as "Answer-Only". How do I configure this same setting on the IOS router? It isn't jumping out at me as an option in the cr...
I will be deploying the ACE with two virtual contexts in routed mode. Each context will have its own separate server VLAN, but I am wondering if I can share the Client side VLAN between contexts? Is this possible, or does each context need it's ow...
I am currently using VMS Security Monitor to generate reports for my PIX firewalls. Network usage, denied IP's, etc.I would like to be able to generate these same reports for my IOS Firewalls (Routers with CBAC). Does anyone know if this is possibl...
Hello all, I have a question about NAT on a FWSM. I don't believe it would be any different on a normal PIX appliance though.The question is, do I need to implement some sort of NAT (whether static, or dynamic) to allow traffic between interfaces?Fo...
I have an Exchange server that is getting bombarded with MYDOOM.BB viruses. The server virus software is detecting these, but we would like to determine the source. However, my IDS 4215 which is monitoring that network segment is not alarming at al...
Thanks for thinking outside the box Marcin! That may work, but I don't think I want to "cludge" up the config of our head end router with a dynamic crypto map just to implement this one feature. I was hoping the feature was available in static cry...
Thanks for the reply Marcin!How do I apply a crypto ipsec profile to a static VPN?I know you can configure VTI interfaces that use profiles, but my understanding is that both sides would have to use VTI interfaces, whereas we have a variety of custo...
I just started messing around with this trying to get it to work and am running into the same problem. There doesn't seem to be any effect at all after applying the policies to either interface in either direction.Has anyone got this working?
I had this issue trying to upgrade code on my 5505 (I am running with only 256MB RAM).I couldn't get it to work until I had 25% memory available (via sh mem command). To do this I disabled the threat detection features, and all VPN features and reb...
Got it, thanks Cesar. The difference is that you are running One-Arm Mode on both contexts. I will be in-line routed mode, so if I understand properly I will need to have separate client VLANS for both contexts in order to avoid this problem.
