Search results for query: *

Thank you for the response ! I tried the kiwi server and now it works....

HI ! I wanted to set up a syslog server to receive syslog messages from the PIX (515 with 6.2 (2)) I tried the syslogserver from cisco (pix firewall syslog server) but it received nothing! It seems that the Pix isn´t sending anything to the syslog server ! I used "logging host inside...

Thanks both ! To Yizhar, it is because of the lack of public addresses ! Best Regards !

Thanks for the reply ! Do you mean IOS or firmware ??? I didn´t know that I can upgrade the Firmware .. only the IOS .. I´m using the IOS version 6.2(2) You can do this by using a static command like " static(inside,outside) xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx" But that´s not what I...

HI ! I would like to connect through my pix to another pix using the cisco vpn client. As I am using PAT I think I would need transparent tunneling for this but the pix doesn´t seem to support that and I don´t want to use static commandos ! Is it possible to solve this problem with the...

You can differentiate them by htere ip address ! You can use crypto map entries fr that and you can specify the username and the password with vpngroups ... Try searching in this forum, there were several threads for this issue.. Best regards Have fun

HI ! You can do it with "no sysopt connection permit-ipsec" and then use access-lists to permit access to the speficied destinations ! Hope that helps Best regards

I think when you don´t want to share your information, then you should either send only really neccesary informations (when more people have the informations you have a better chance to find a solution) or you should ask yizhar because I think he has the most experience of us ! Best regards

Hi ! Send what you want to do and what you need and we´ll see how we can help.. Best regards

I got it. Thanks to microsoft ! I needed SP1 and several security updates for XP and now it works ! (only with the static command) Is it possible to vpn out of the PIX withouth using static ??? Thanks to everybody

Use PIxcript from http://come.to/yizhar for basic configuration !

You don´t want to do this ! I had a simlilar problem. The PIX doesn´t allow traffic that comes from the dmz to go to the inside !( exept the traffic that comes from inside) When you have to let traffic from the dmz to go to the inside , use:" static (inside,dmz) ........" but thats...

Could that happen because I use several IP-pools (for each VPN client another pool) ?? THanks

Yes I tried setting up a static and with this entry I can establish the vpn tunnel BUT I can´t do ANYTHING ! I can´t ping anything on the other side of the tunnel ! I don´t see anything in the logs ! What could I´ve done wrong ? any suggestions ? The tunnel can be established and I´don´t see...

you can close them in groups... for example when you want to delete a vpngroup you just have to type "no vpngroup GROUPNAME" Or when you want to delete a cryptomap just write "no cry ma MAPNAME" Best Regards

You just need to permit th etraffic you want you don´t have to deny traffic because the pix denies all traffic by default!

Yeah was something .... but the IP addresses weren´t the same on the inside and the dmz because thats not possible but basically you are right.

Please provide more informations (loggin ?, what exactly do you want to do, from where do you want to ping etc..) Best Regards

Ok I think I figured it out myselfe... I just have to use a static command ... Thanks for the help. Best regards

just use access-lists and access-groups ... eg: when you want to block access from inside to outside over port 5190 --> access-list inside deny tcp a a eq 5190 access-group inside in interface inside or when you want to block the ports from 5190 to 5193 access-l inside deny tcp any any...