Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have a VPN Concentrator sitting outside my network with a vpnpool of 10.53.2.129-254 set aside for remote VPN clients. The concentrator connects to a DMZ port on a PIX with a security level of 60. When I try to ping an address on another interfac...
Is it possible to telnet to the inside interface of a PIX through a VPN tunnel terminating on the same PIX's outside interface. For Example, I have a L2L VPN tunnel between a PIX and 3030 Concentrator. Interesting traffic on the Concentrator side i...
I have a web server on my DMZ that needs a persistent TCP connection to an internal host. My problem is this connection keeps dropping after an hour or 2. I have my conn timeout set to 8 hours and my xlate timeout set to 3 hours. Is there a way on...
I'm having a problem with the "new mail" notification on internal outlook clients receiving mail from an Exchange server on the DMZ. If I use the "send/receive" on the client I am able to get mail, but automatic delivery doesn't work. I think I und...
Can anyone tell me why a PIX would be dropping Citrix sessions after about 2 hours? All timers are set to default and the sessions terminate consistantly at about 2 hours whether there are periods of inactivity or not. Just starting to debug the is...
The config is attached. To restate: we are getting an IP address of 10.53.2.129 from the concentrator for our remote client. The client then tries to ping 172.16.192.67 and we don't get a reply. Doing the degug icmp trace we see both the echo and ...
Just wanted to reply in case anyone was monitoring this thread. We were able to get this to work by using the "management-access" command on the PIX that is available in 6.3. This allows our VMS Security Manager to connect to the PIX over the VPN tu...
We might be seeing an issue and are trying to rule this out. We have been losing connections to our Cisco IDS using NetForensics where NF shows a connection established using netstat but the IDS shows no connection. In order to get the connection r...
Great post (as usual), couple of questions though. Will this put a great deal of overhead on the processing of packets and cause missed packets? Also, I know you can't post roadmap stuff on this forum, but can you say if Cisco is looking at adding t...
