No, you will not have to reenter your configuration. However, like the above poster mentions it would be a good idea to have a current copy of the running configuration.
It would be helpful to see your config. Absent that, here are some suggestions:
If your PIX isn't heavily loaded with connections turn debuggin on and watch the messages for errors i.e. denied packets etc
VPN will not work through PIX OS < 6.3 without an available NAT address -NOT- a PAT...
The error is because the PIX can't find a valid remote image. Make sure when you download from Cisco the image remains as a '.bin' file extension and that you have the correct path that that .bin file setup on your tftp server.
pdm v1.1 is not compatible with pix os 6.31. To upgrade PDM you...
I wouldn't put 6.3 into production use without first testing it. While I run it at home on my 501 without any problems, I did find that the production 515R at work had all kinds of unusal problems. I had to downgrade to 6.2.
This would require the IAS server which is speaking RADIUS to pass certain RADIUS attributes to the Cisco PIX which it does not support. In short you cannot limit ports, per user via IAS. You can however, limit access to your internal network on a system wide basis via a VPN access list...
>> If you're going to use MS VPN protocols, and you have a W2K server that you're going to use as part of it, then you can consider using the MS W2K server as the VPN tunnel endpoint (RRAS VPN server) instead of the pix.
If you already have a PIX firewall then whats the point of using a...
Nothing jumps out at me as being technically wrong with your configuration. You should turn on debugging and see what the logs say to you.
logging console debug
logging on
debug crypto ipsec isakmp
debug crypto ipsec ca
From PIX 1 try to ping the inside address of the other. You should see...
It sounds like to me you have a websever sitting off say a DMZ interface on your PIX, and that webserver is also connected to your internal network via its second NIC. Eeek!
You are correct in your assertion about a security risk of someone compromising the webserver and having access to...
I think this link http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/c.htm#xtocid11 will provide you some insight to your question. Basically if you setup a dynamic map, the PIX does not need to previously know about the peer -- so while this may not be an idea solution if...
As of PIX ver 5.2.1 ICMP is not permitted on an interface.
I have honestly never heard of that. Paste your configuration. Do a 'sh run' and look for any icmp statements. By default the PIX inside interface will allow pings to it but not through it -- unless you are somehow blocking icmp...
I think they are going for something like $420 and change. Check www.pcconnection.com or your favorite retailer. I have no idea if this will prepare you for the CSS1 exam.
Tom
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.