About krishnas

krishnas · 08-07-2005

Hi,If I configure following command, how can I enter enable user name and password to get into enable prompt? Can someone explain to me how to enable tacacs autherntication for enable access?"aaa authentication enable default group tacacs+ enable", ...

krishnas · 07-27-2005

Hi,I understand FWSM, PIX and ASA devices support IPSec tunnel for the management. I would like to understand the deployment scenarios. Under what circumstances one would use IPSec management tunnel instead of using SSH or SSL for configuration manag...

krishnas · 07-21-2004

Hi,Can I run routing protocols on IPSec VPN between two PIXes? I believe on IOS this is possible using tunnel interfaces but PIX doesn't seem to have this ability. Is there a way to accomplish support for dynamic routing protocols between two IPSec s...

krishnas · 07-18-2004

Hi,I'm not able to successfully establish an IPSec tunnel between a IOS box (2600 router) running 12.3(9) and PIX501 running pixos 6.2. I see following error on 2600.*Mar 10 06:09:50.416: ISAKMP (0:1): retransmitting phase 1 MM_SA_SETUP...*Mar 10 06:...

krishnas · 07-14-2004

Hi All,On IOS, prior to 12.3(8)T, inbound traffic would go through inspection once before decryption and again after decryption. Because of this, the inbound ACL should contain permit statement for IPSec protocols as well as interesting traffic. I wa...

krishnas · 07-27-2005

AFAIK NAT/PAT happens before the packet is encrypted. So it should work all fine. You just need to use the PAT'ed address in the crypto ACL on both the sides. Doing PAT at one end is very restrictive. Connections can be initiated only from your site ...

krishnas · 07-27-2005

I understand you want VPN client users to access networks behind both the offices. I think you can do this only on PIX 7.0. PIX 6.x does not support the traffic arrived on an interface to exit out of the same interface. If upgrading PIX os is not an ...

krishnas · 08-26-2004

Hi,I see following list on my PIX. You can enter protocol value instead of name also. ip tcp udp icmp icmp6 igrp igmp gre nos eigrp ospf ipinip esp ah pcp pim snp ipsec pptp protocol number between 0 - 255thanks,krishna

krishnas · 08-25-2004

I think same result can be accomplished with identity NAT or NAT-0 ACL on PIX. I think you should be able to find configuration examples for this on CCO.HTH,krishna

krishnas · 08-25-2004

I think the configuration required on the router and PIX is usual Lan2Lan IPSec configuration when the tunnel-end points are getting NAT'd. If you are using preshared key, you need to make use of post NAT'd address of PIX tunnel-end point address in ...

Member Since	‎03-26-2002 10:51 AM
Date Last Visited	‎08-18-2017 03:53 AM
Posts	18
Total Helpful Votes Received	4

User Statistics

User Activity

aaa authentication enable command

Deployment scenarios of management IPSec tunnel in FWSM

support for dynamic protocols in Pix-to-pix IPSec vps

IPSec between a IOS device and a PIX

Inbound packet inspection flow on PIX

Re: PIX IPSec VPN using PAT

Re: Client tunnel to Branch Office tunnel on the same Pix

Re: List of allowed protocols for Protocol object group?

Re: Pix to Pix config

Re: IPSEC Tunnel with Static NAT