Recent content by nosebreaker

I had lots of trouble in the past trying to get a Sonicwall E5500 to work with my ASA's. Basically when the tunnel comes up from the other IP, it doesn't rekey properly. I could get it to come up if I connected to the sonicwall GUI and deleted the active tunnel and let it rekey (most of the...

I am pulling my hair out trying to get this to work! I have other NAT/PAT entries for different IP addresses that work fine (DNS/WEB/SSH) but when I try to visit a website they show the IP of the outside interface, so it doesn't appear to be a static NAT. I have a scrubbed example (using...

Which version do you have? I know there is a big difference between 8.2 and lower vs 8.3 and newer.

thread558-1646990 Not sure how to reply to it, but the problem was that the vlan's weren't forced to be active. Depending on the switch, the command is either "vlan active" or "state active".

The ASA's in the diagram are a hot/standby failover pair. I cannot ping the secondary interface any more now that I moved them onto the 2nd switch. It's as if the switch isn't passing the vlan traffic to the other! I show that spanning-tree has blocked the 4gb link in the diagram between the...

The ASA isn't coming into the picture if a device in the same subnet and vlan can't ping the other! Yes the different colors indicate different vlans and subnets. The 4gb/5gb/8gb links are trunks that should be passing all vlans across all the switches.

That was the only way I could actually get it to accept the commands at all! I couldn't find a 5224 config online, I was hoping someone out there might have one to show me.

The only thing I can see that might be a problem is the NAT/global rules. You have 0 in there for no_nat for the VPN, but the rule after that I don't think can be the same for different interfaces, I think you should have: global (outside) 1 interface global (outside) 2 2nd_ip global (outside)...

The switches aren't doing any routing, the ASA is. sw1 and sw2 are not stacked, they are Dell 5448's. The problem appears to somehow be with the VLANs or spanning tree or something, because the devices on sw2 in those 2 other subnets can't even be seen by devices in the same subnet as they are...

To be honest, the advertised speeds by most cable companies aren't indicative of what you actually get. They do traffic shaping on their end, such that the first few packets of a connection go through faster than subsequent ones so that those speedtest websites show you have a fast link. I'm...

More information is needed. Is access-list 100 on the outgoing ACL? A pix wouldn't need those deny statements, it would do that by default. A router would though. But assuming those things then it should work yes.

I don't think the PIX 501 was ever intended to allow unlimited connections. if I recall it has a very slow CPU and very little memory! I've never seen one that has more than 50 workstations behind it and more than a few public IP addresses!

I'm not sure this is what you want then, if you are going to have 2 different locations (connected via a VPN over the internet?), you'd want 2 routers to connect the 2 locations, or maybe 2 firewalls depending on the situation. We'd need more information about the network setup at each location...

I have 4 switches, 2 are Dell 6248 (sw1 and sw2) and 2 are Dell 5224 (sw3 and sw4). I can create a 2-port trunk between the 6248's no problem, but I cannot create a trunk to the 5224's without it causing a broadcast storm. I have googled for examples and I don't see what I am doing wrong. For...

Ok, I have cleaned the config so there might be duplicate items here. sw3/sw4 are actually 3750-X switches in a stack. http://nosebreaker.com/sw1-scrubbed.txt http://nosebreaker.com/sw2-scrubbed.txt http://nosebreaker.com/sw3-scrubbed.txt http://nosebreaker.com/sw4-scrubbed.txt