Recent content by horus42

I would block anything with source private IP on my edge routers.

It's bit difficult to say because it will depend on what you have connected to the public interface. For example if you have remote VPN configured and you are assigning IPs in the above range to your users you could get the above message. However if this is connected to your router and you...

Yeah I do, I'm using or shall I say trying to use win2003 with scep, I have everything installed and I can even retrieve the cert from the server.

Hi Guys I hope someone can help. We use our PIX with pre-shared password and want to switch to Certificates and this, it looks like this is not documented that well so if anyone has done this or has seen a good step by step guide can you please point me at the right direction I have already...

If you asking if you can PAT all of your internal IPs to one IP or the outside interface of the pix the answer is yes, nat (inside) 1 0 0 global (outside) 1 interface Hope that helps

See this for more info http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml#pptpwith Hope that helps

The first thing I would change is the IP pool for the VPN users no ip local pool VPN 10.10.0.75-10.10.0.100 ip local pool VPN 192.268.250.1-192.168.250.254 access-list nonat permit ip 10.10.0.0 255.255.255.0 192.268.250.0 255.255.255.0 nat (inside) 0 access-list nonat You might also want...

One way you can do this is by probably getting people to login by using AAA and then enable accounting which will give you total bandwidth utilised. Another option is to SPAN a port and then use something like NTOP to see breakdown of the traffic including per IP utilisation...

What you specified is what I would probably do but I would also use ntop so I can see a breakdown of what is consuming the bandwidth and maybe block that specific traffic. Hope that helps

If you are trying to pass through GRE traffic to a server where all the VPN will be terminated then you will need static address, and since most people NAT everything behind the firewall you will need static mapping for that server to exist. Hope that helps

I'm not quit sure what you mean by "displaying wrong gateway", if everything is ok then that should include the route as well, when you say RDP to the machine are you doing this via the VPN tunnel or over the net directly to the server. can you please paste you VPN configuration here, obviously...

see these pages http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml http://www.tek-tips.com/viewthread.cfm?qid=1315032&page=1

It might help if we can see you PIX's config. From what you said your enviroment is hooked up like this, internet_router---PIX---linksys-----2PCs can the two PCs ping beyond the PIX, the backside of the firewall will have to be in a different segmnet to that of the internet router.

The only thing that you might have to change would be if you disabled NAT for this traffic, you need to enable it.

Sounds like you might have resources issue, does this affect only this server?