I've seen this on networks with Exchange servers and site-to-site VPNs as well. I've had to remove the fixup protocol smtp 25 command from the PIXs to allow the communication between the servers.
Scott [pipe]
CCNA, CCSE, CCSP, ISS-CE
Actually, your call to Cisco will not be all that pleasant. Buying equipment second hand makes Cisco call it "Grey Market". So, they will not allow you to register a support contract with it. You will have to buy a software license from Cisco to get a support contract to get the software...
Yes. You can have as many site to sites as you need and client VPNs as well. Well, you can have as many as your PIX supports. You need to keep the crypto maps the same but increment the numbers to specify WHICH map it is and where it goes. The same is true of the ISAKMP policies.
The...
Is it possible that one of the statics is using the IP address of your outside interface? I've seen this happen when that was the case.
Scott [pipe]
CCNA, CCSE, CCSP, ISS-CE
You can also attempt to use the following document to help get this working. I have used it and it did work just fine.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml
Scott [pipe]
CCNA, CCSE, CCSP, ISS-CE
I've had this problem with several PIXs running any of the 6.3 codes. If you have any type of an access list on the external interface you have to add a ACL to allow the ICMP traffic. Like this.
access-list outside_access_in permit icmp any any
Scott [pipe]
CCNA, CCSE, CCSP, ISS-CE
You can configure that using Pix Object Groups. With them you can configure a range of ports that can be allowed.
http://www.cisco.com/warp/public/707/pix_obj_grp.html
Scott [pipe]
That is pretty much it.
Access-list MyAccessList permit tcp <source> <destination> eq port.
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a3.html#1067755
Scott [pipe]
Is it possible to use any type of internal user authentication for VPNs on the 501 other than xauth to an outside source?
I now have a 501 at home and would like to use more than just the group passwords but I would like to avoid tying it to my Win2K server if possible.
Thanks.
Scott [pipe]
We have several DTS packages that were written by a now former employee that have design passwords on them. Is there a way to recover or delete these passwords so that we can get to the design of these packages???
Thanks.
Scott [pipe]
Here is the script that I always used before. It switches the log daily and creates daily backups of the files.
for /F "tokens=1-4 delims=/ " %%i in ('date /t') do (
set DayOfWeek=%%i
set Month=%%j
set Day=%%k
set Year=%%l
set Date=%%i %%j/%%k/%%l
)
set...
Are you sure that you are looking at EXPORTED logs and not the actual .log or .alog files? The reason I ask is because I have never had this issue when I have exported the logs. They are plain text then. They are also stored as test when you use FWLOGSWITCH.
Scott [pipe]
Here is the link to the WAN Users Guide. Page 160 mentions an option for BOOTP/DHCP Forwarding. That should do it for you.
ftp://download.intel.com/support/express/routers/wan_ug.pdf
Good luck.
Scott [pipe]
Okay, don't ask me why but I had a heck of a time getting the MX record to read properly on my Win2K server when I recreated this. [shocked] Which is probably why I use Linux and BIND for everything except internal AD DNS.
Below is the copy of the zone record that I created that does work...
I have to agree with the opinion of getting an education instead of a certification. A CS education but no experience is going to give you a good foundation that you can build on. A certification and no experience is going to get your resume in my trashcan before I even blink. Since I hire...
If, and I say if, you are using Cisco routers on both ends you need to set up Bootp forwarding. On the router that is where the laptops is located add "ip helper-address x.x.x.x" where x.x.x.x is the IP of your DHCP server.
It would probably help here is you could list the contents of the actual zone file. On a Windows server it should be in \WINNT\system32\dns. Most likely it will be named Pathwayschurch.com.dns.
A first guess here would be that the passwords for the administrator accounts are not the same. If the passwords are the same on each machine then it should go ahead and pass your rights through.
The absolute first thing that I would do would be to put some type of firewall software on the remote machines. Connecting any pc or server up directly to the Internet without any kind of protection is just asking to get hacked. For an inexpensive solution I'd recommend Black Ice. I have been...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.