Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
This past weekend I upgraded the PIX515 from 6.2.2 to 6.3.1. Ever since then I have noticed a high number of error messages with the code %PIX-3-106001. I have noticed that the large bulk of these messages have the following conditions: TCP traffic c...
I was wondering what the 3005 running 3.5.3(A) is looking for when authenticating VPN users on a NT 4.0 domain. Is it just looking for a user & password match in the domain or does it look for the dial-up option to be checked for the user account in ...
I have setup a PPP multilink interface that is supported by 2 T1 PPP links. The situation is that everything seems to be working, I can ping in and out I can web browse and ftp from the ethernet interface to the internet. The problem comes in when I ...
My internet perimeter router has an access list that permits traffic inbound destined for UDP ports greater than 1024. From what I can tell this is needed for web browsing. Does anyone have any knowledge as to why web browsing needs UDP ports greater...
I upgraded a PIX 515 from 5.1(4) to 6.0(1) and now I am seeing some strange syslog messages at the rate of about 200/hour. The message is as follows:%PIX-3-106011: Deny inbound (No xlate) tcp src outside:216.52.4.52 (Unresolved) /80 dst outside:X.X.X...
If you set sysopt connection permit-ipsec to disabled, then all your VPN traffic is processed by the outside interface access list of the PIX that is receiving the VPN traffic. The VPN setup is handled before the incoming outside access list so you d...
The PIX can handle up to 64000 PAT connections, but in the real world you don't wont to PAT for more than about 4,000 - 5,000 connections. You can get very creative with this though. You can have multiple PAT pools and have each pool serve a single s...
