Recent content by candersoncc

I have a Cisco 1811 with the Advanced IP Services image. I am running into a problem configuring different types of IPSEC simultaneously. It appears to be mostly limitations I am running into with dynamic peers. Ideally, I would like to have the following set up: 1. Static IPSEC tunnels for...

For anyone else that might have a similar question in the future, I found a better way to do this. You can apply an access list to the crypto map entry as follows: crypto map <map_name> <map_priority> set ip access-group <acl_name> in

Sorry, I again misunderstood what you were saying (apparently haven't caught up on my sleep yet) That actually works out quite well for what I need. So I didn't have to duplicate everything in the outside interfaces incoming filter, I just did a deny of all the traffic from "interesting"...

That is a possibility, but I just don't normally like replying on other parties to maintain security for me... (It takes it out of my scope of control). I guess I could just put a PIX in there behind it to firewall the network. Thank you for your suggestions!

Actually, I may have initially misunderstood... this might work, but would only filter outbound (which is the opposite of what I want to do). This may work if I want to get REALLY restrictive, like only allow certain traffic between 2 hosts, but what I really need is to be able to restrict...

That is one of the things that I tried, and it didn't seem to do the trick. It appears that it is totally bypassing all ACLs on the interfaces.

AFAIK, you can only limit what traffic is outbound from your site (I only have control over 1 of the 2 routers involved). I need to be able to prevent incoming traffic.

I have mostly implemented IPSec tunnels on Cisco PIX firewalls in the past. After setting up a tunnel between a couple of Cisco IOS devices, I did some testing and found that IPSec traffic bypasses the access list on the outside interface. On the PIX, this is an option, so you can use "no...

I was able to find a solution after scouring Cisco's website for awhile. For anyone interested, it goes something like this... I added an exclusion for the 2 IPs that are being static NATed to the access list that controls dynamic NAT (I probably should have done that anyway). I then added...

I was able to find a solution after scouring Cisco's website for awhile. For anyone interested, it goes something like this... I added an exclusion for the 2 IPs that are being static NATed to the access list that controls dynamic NAT (I probably should have done that anyway). I then added...

Site A Has a Cisco PIX with Dynamic NAT and a single external IP. Site B has a Cisco 1811 with 2 Static 1:1 NAT entries, and the rest of the internal hosts on a dynamic NAT sharing an IP. There is an IPSEC tunnel between the 2 sites which works, except when trying to access hosts that have...

Thanks, I'll give that a shot.

Any other ideas on this?

Any ideas on how this can be done while using static NAT?

I have tried JFFNMS (jffnms.org) and Nagios among others. I've found that JFFNMS allows for a LOT more data than Nagios. On the other hand, Nagios is better if all you want is a simple "Up/Down" or "Red/Green" Status.