Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am working to convert a 6.3(1) config from conduit to ACL so I can upgrade the code. Output interpreter will not offer conversion suggestions because of an alias command in the config.Situation: Static inbound nat from outside to dmz with destina...
I have a VoIP / QoS situation I just discovered on the Cat 3560's. In this case, a particular manufacturer's IP Phones do not tag CoS or DSCP. As such, I have defined extended ACL's/Policies on the Cat 3560 switches to detect and mark traffic from ...
I frequently configure QoS on cat switches. On the 3560 (Standard ipbase image)I configure ACL's to define interesting traffic, then apply these to class/policy maps for marking CoS and DSCP. From a router connected to the Cat 3560 switch, I see th...
Simple enough. Works perfectly, thank you very much! I still had to modify the matching conduits (soon to be acls). With alias, the conduit referred to the public (outside) address. With static, the conduit properly refers to the private (dmz) ad...
The (inside,dmz) statement affects only traffic between the inside an dmz - not to outside. This is a common translation technique. Often, I see it as a translation for the entire internal subnet rather than just to a host. You still need a valid ...
Before throwing the firewall out, what are the basics for the hosts? You do not have icmp enabled. Enable it from any to any for troubleshooting. Then, make sure the hosts can ping the firewall and cand can ping the router in front of the firewall...
Essentially, the firewall must have some sort of translation to refer to , whether it is to NAT or not to NAT. In order for a lower security interface to communicate with a higher security interface, we need to tell the PIX not to nat packets betwee...
