Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
-
First Pix-NoGo
Don't know if this is still of interest, but I had the same problem using Client V1.1 until I added: sysopt ipsec pl-compatible According to the PIX documentation, this should not be needed and is included for legacy support. But, you know, you go with what works.- dotxbob
- Post #12
- Forum: Security, hacker detection & forensics
-
CCNA - What is the best study material
I recently completed the Academy curriculum for CCNA. The materials teach you "the world according to Cisco," and from what I gather, this is important for passing the exam. I had a strong computer background, but was new to networking. Your success will depend on how strong your...- dotxbob
- Post #2
- Forum: Security, hacker detection & forensics
-
PIX to PIX VPN tunels
Get the command reference and this: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/ You should be good to go. -db- dotxbob
- Post #2
- Forum: Security, hacker detection & forensics
-
Telnet to PIX from outside
After consulting this site and scouring the Cisco documents, I figured out how to do the site-site thing. What a pain in the ass--finding the right info, that is. (BTW, I hope noone at Cisco *really* said this can't be done; their docs say in numerous places that it can.) It's not hard to do...- dotxbob
- Post #9
- Forum: Security, hacker detection & forensics
-
PIX Firewall 5.3 access-list question
This should do it: access-list 130 deny ip host 199.218.125.23 any access-list 130 permit ip any any access-group 130 in interface inside 199.218.125.23 will only be able to communicate with hosts on the inside interface's segment(s). -db- dotxbob
- Post #4
- Forum: Security, hacker detection & forensics
-
Pix configuration for vpn client access?
"If possible, it would nice if the vpnclients could access the internet as well, but I guess thats only possible by split-tunnel or a proxy on the inside and that´s out of the question." The users are coming *in* through the public internet. They already have access to it. The...- dotxbob
- Post #3
- Forum: Security, hacker detection & forensics
-
PIX Firewall 5.3 access-list question
" access-list 130 deny smtp any host 199.218.125.23 eq smtp access-list 130 permit ip any any access-group 130 in interface inside " In the first line, I don't think that the first "smtp" is legal. You need to specify tcp, udp, icmp, or ip there. Your statement would read...- dotxbob
- Post #2
- Forum: Security, hacker detection & forensics
-
About "route inside"
So is this command useless on a PIX 506 (only 2 interfaces)?- dotxbob
- Post #3
- Forum: Security, hacker detection & forensics
-
About "route inside"
My PIX 506 configuration has a "route inside 172.30.0.0 255.255.0.0 172.20.x.x 1" command. I am in the .20 network; my default gateway is the inside interface of the PIX. When I try to ping a host on the .30 network, it constantly times out. I would think that this command would...- dotxbob
- Thread
- Replies: 3
- Forum: Security, hacker detection & forensics
-
PIX 506E - DMZ
Slightly OT, but how do you find a specific numbered thread? I didn't see an option for thread ID on the search page, and doing a keyword search gave hundreds of hits. -db- dotxbob
- Post #6
- Forum: Security, hacker detection & forensics
