Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,If I configure following command, how can I enter enable user name and password to get into enable prompt? Can someone explain to me how to enable tacacs autherntication for enable access?"aaa authentication enable default group tacacs+ enable", ...
Hi,I understand FWSM, PIX and ASA devices support IPSec tunnel for the management. I would like to understand the deployment scenarios. Under what circumstances one would use IPSec management tunnel instead of using SSH or SSL for configuration manag...
Hi,Can I run routing protocols on IPSec VPN between two PIXes? I believe on IOS this is possible using tunnel interfaces but PIX doesn't seem to have this ability. Is there a way to accomplish support for dynamic routing protocols between two IPSec s...
Hi,I'm not able to successfully establish an IPSec tunnel between a IOS box (2600 router) running 12.3(9) and PIX501 running pixos 6.2. I see following error on 2600.*Mar 10 06:09:50.416: ISAKMP (0:1): retransmitting phase 1 MM_SA_SETUP...*Mar 10 06:...
Hi All,On IOS, prior to 12.3(8)T, inbound traffic would go through inspection once before decryption and again after decryption. Because of this, the inbound ACL should contain permit statement for IPSec protocols as well as interesting traffic. I wa...
AFAIK NAT/PAT happens before the packet is encrypted. So it should work all fine. You just need to use the PAT'ed address in the crypto ACL on both the sides. Doing PAT at one end is very restrictive. Connections can be initiated only from your site ...
I understand you want VPN client users to access networks behind both the offices. I think you can do this only on PIX 7.0. PIX 6.x does not support the traffic arrived on an interface to exit out of the same interface. If upgrading PIX os is not an ...
Hi,I see following list on my PIX. You can enter protocol value instead of name also. ip tcp udp icmp icmp6 igrp igmp gre nos eigrp ospf ipinip esp ah pcp pim snp ipsec pptp protocol number between 0 - 255thanks,krishna
I think same result can be accomplished with identity NAT or NAT-0 ACL on PIX. I think you should be able to find configuration examples for this on CCO.HTH,krishna
I think the configuration required on the router and PIX is usual Lan2Lan IPSec configuration when the tunnel-end points are getting NAT'd. If you are using preshared key, you need to make use of post NAT'd address of PIX tunnel-end point address in ...
