Search results for query: *

Smarnet for a 2501 is as follows: CON-SNT-2501 SMARTNet 8x5xNBD for CISCO2501 N/A $289 This will entitle you to download ALL IOS versions from Cisco's web page

It is not possible! Interesting traffic is based on source and destination IP addresses not on traffic type.

I am troubleshooting traffic passing through a router right now... I didn't mean clear interface as it only clears the the interface counters. My bad :( The command needed is: clear access-list <acl-name> counters Sorry about my mistake guys...

You probably need to enable NAT Traversal (NAT-T). Add the following command to the PIX: isakmp nat-traversal <keepalive> The default keepalive value is 20 seconds

Try it from config mode. You can issue ALL commands from config mode

You can also buy the image from any Cisco reseller

clear interface command clears all interface statistics except the number of input bytes

You can access the PIX through the tunnel but you need to include the PIX's outside interface as part of the interesting traffic and configure the corresponding ssh/telnet command. The links below should help you out...

As can be seen from the logs, The PIX is encrypting the packets but it doesn't receive any encrypted packets to decrypt. The information from the VPN3000 confirm this situation, the concentrator is decrypting packets but it is not encrypting any packets. The VPN tunnel is up and working the...

1. Remove the crypto map from the interface 2. Configure the new site 3. Reconfigure the crypto map back to the interface Failure to do so might lock up the PIX and ALL traffic would be encrypted therefore all conections will fail.

You can use the new IP addresses on the PIX. The PIX will proxy arp for them, all you need to do is add the following route on the Internet router: ip route 65.212.x.x. 255.255.x.x <pix-ip-address>

You are correct! The outside world establishes a VPN tunnel to the public interface and if successful then the outside world can access the internal resources.

You will never be able to accomplish this, it makes no sense. The reason for a VPN concentrator is to establish a VPN to the public interface so you can access the private network. If you are already on the private network then you have no reason to establish a VPN so the VPN3000 won't allow it...

Are you trying to VPN from 192.168.1.2 to the public interface?

I came accross this problem once, I was assigning IP address pools directly on the VPN groups: Configuration | User Management | Groups I change my pool assignments and configure a global pool instead: Configuration | System | Address Management | Pools that modification resolved the...

If you are establishing IPSec sessions using different manufacturers then lifetime values and all other settings should have the the same values configured on both devices. This will save you a lot of headaches

Looks like the tunnel is established since you have inbound and outgoing SPIs according to the debugs. Your problem could be due to routing. Issue a show crypto ipsec sa command on the PIX and determine if packets are being encrypted and decrypted correctly. On the VPN3000 go to...

Let us assume you have internal web server 100.100.100.100 and you don't want to translate this server, so it can be reach from the outside using its real IP address 100.100.100.100. The commands needed would be: static (inside, outside) 100.100.100.100 100.100.100.100 netmask 255.255.255.255...

If you are able to ping the public interface then you should be able to access the network where the public interface resides. It has nothing to do with VPN, you VPN to access the private network. Once you establish a VPN tunnel then your computer is part of the private network, so if you want...

If a router has a VPN module then the encryption/decryption process is done in hardware, using the VPN module. If no module is present then the encryption/decryption process is done in software, using the router's cpu to accomplish this task. IOS images supporting IPSec 3DES normally has "k9"...