About bbacola

bbacola · 04-13-2007

You should have a seperate network block for management and only allow that subnet to access the vty port.

bbacola · 04-13-2007

Each VPN tunnel has its own crypto map that must be activated. The specified "interesting" traffic should be enough to bring up the tunnel so there shouldnt be a need to ping across the tunnel.

bbacola · 04-13-2007

I wouldnt use access-lists to block traffic but instead I would use policy nat.access-list WEB permit ip x.x.x.x x.x.x.x any nat (inside) 1 access-list WEBglobal (outside) 1 interfaceYou will have to play with your subneting to get it right ..... I s...

bbacola · 04-10-2007

You need to configure a split tunnel on the 501. You create an ACL that specifies the split traffic and then you assign it to the VPN group.

bbacola · 04-10-2007

Have you used the "clear xlate" command?

Member Since	‎03-07-2006 06:41 AM
Date Last Visited	‎02-14-2021 03:48 PM
Posts	9
Total Helpful Votes Received	8

User Statistics

User Activity

Re: Denying telnet traffic from VRF interfaces on the router

Re: Tunnel Initiation problem

Re: Few hosts from subnet

Re: EasyVPN client and internet/local lan access

Re: PIX Firewall 515E , Public static NAT - redirect