IPSec is an open standard, therefore anything that speaks IPSec *should* be able to talk to any other device that speaks IPSec.
I've done this before between PIX & Netgear VPN firewalls. The PIX is totally capable of it, it all depends on the code running on your Linksys.
Best regards,
Ryan...
You mentioned that your webserver was previously hacked, so you added a firewall and are only allowing www and mysql. That's fine and dandy, but be sure to patch MySQL on a biweekly basis ;D, or the pix will do you no good.
As far as FTP goes, setup a static statement from the outside to the...
* agreed...
Conduits= bad
Anytime you want to provide a service to the outside you require a static & ACL.
Where is the AS400 in regards to the PIX (inside/outside/dmz)?
Also look to see that fixup for FTP is enabled, or FTP will break :).
Best regards,
Ryan Lindfield
When you setup AAA, you can specify multiple sources for authentication, I would imagine first local, then the server and you could use both. Seems to me that the best idea would be to use ACS or something similar for all authentication to the network.
I'm curious to know if this would work...
S3G,
From a design stand point, it is always recommended to use private IP range on your DMZ and then NAT to these hosts. The idea behind that is to hide your internal adressing information from anyone on the outside. In that case you would setup static NAT from one IP to another, or if you...
Rookcr, I assume you are behind a NAT device at home, then launching your VPN client from a desktop. IPSec can have issues with NAT, try adding the following line to your PIX.
isakmp nat-traversal 20
Best Regards,
Ryan Lindfield
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.