Recent content by forumsviewer

same-security-traffic permit intra-interface looks like a ASA code not PIX 501?

Again, I will answer my own discoveries. Using the internet from the main pix doesnt work (in and out the same outside port doesnt make sense when you think about it) Also I had to run the commands: isakmp identity address isakmp nat-traversal 20 to get it working for internal ips

I should add to my thread by some discoveries and my thought process. 1. Of course I can have site to site AND remote going at the same time. I am sure there is a limit but i'm almost positive that I can have both at the same time as well. 2. I have been able to successfully connect via the...

I have a couple of questions concerning remote VPN also known as road warrior mode. I have a PIX that I want to setup as site to site with another PIX but also VPN for remote worker such as at airports, hotels, etc. Lets say the location of the PIX is on 192.168.1.0/24. When I setup the...

Supergrrover - I have that information in the access list already (range XXXX XXXX) but your coding above says [host ExternalIP].... I have "any" in replace of that and it still does not work. Also, if i have to put an actual external IP address there, how could I do that when the server it is...

Supergrrover - Thank you so much for your assistance! You are very generous with your time and expertise. So if i understand you correctly, you can BLOCK a port range. Example: access-list inbound deny tcp any interface outside range 1 20 access-list inbound deny tcp any interface outside...

Is there major security conflicts by doing this? Ultimately, because of how far away all of the port ranges are, there are going to be a ton of "open ports" that are forwarded to the inside server. What I mean is that there are single ports such as 1111 or 2222 and then a group range like...

Can you expound a little bit on what you mean? There is only one destination IP address for any of the ports that we are forwarding.

Is there a way to port forward a large range of ports (say 5,000 to 10,000 ports) to a specific internal IP address? I have read in other places that using STATIC port forwarding for a RANGE of ports does not work with the PIX line of firewall routers. Because this seems like it would be a...