Thanks for that clarification. ACLs and their behavior are serious mind-benders...I don't know about you, but I have to look at them very carefully to fully grasp the effect. Particularly when your PIX has 120 entries over 4 interfaces! I just inherited this network/firewall and am trying to...
Thanks Packethead. I understand why you would have to re-apply the access-group statement if you killed the access-list with a "no access-list" statement...what I asked Yizhar was whether you had to re-apply the access-group statement if you added to an existing access-list.
Hi,
I was on the Cisco beta-team for the PDM. It is far better now than it was in it's original incarnation.
BTW, I am at a new site and they are running a PIX 520 with 5.3(2) code. They are running ACLs, not conduits...do you know of any serious issues with just upgrading this device to...
You need to use the "outside" or public IP address of the FTP server in the following line of code:
access-list outside_access_in permit tcp any gt 1024 host 192.168.10.88 eq ftp
If I apply the following access-list to the "inside" interface:
access-list frominside deny tcp any host x.x.x.x
Is the behavior the same as the router IOS code? IOW, is their a implied deny any any and basically no other traffic will be allowed from the "inside" interface...
Thanks Yizhar. Client is WIN98. Server OS is WIN NT 4.0.
This remote site client needs to have domain authentication to access resources located at the HQ. The client IP addresses and other relevant info such as WINS and DNS are statically assigned. So no LMHOSTS involved at the moment.
I...
I have successfully established an IPSec site to site tunnel with the 2 endpoints being a PIX 515 with 6.21ED code and a PIX 506E with 6.12 code.
The problem is that when I reboot the Windows client, the NT domain login fails. If I cancel out of the login dialog box and go to a command prompt...
I configured a Windows 2000 server as our internal CA. With a Microsoft provided add-on that I installed , I was able to configure the VPN concentrator and the VPN clients to request certs via SCEP (simple certificate enrollment protocol). SCEP is a Cisco protocol to streamline the...
Give me an example of your LMHOST file? Did you use the #DOM parameter ? Is your client configured to login to the correct domain? Do you login to the client before firing up the VPN connection?
The Cisco VPN client ships with a striped down version of Zone Lab's ZoneAlarm host firewall product. You cannot alter this firewall configuration. It is statically set to not allow any incoming traffic to the vpn client, *UNLESS* the traffic was initiated from the vpn client itself. You...
Hey Pthang,
I have two PIX 515 in a failover config. We have experienced the exact same problem as you have described. I contacted TAC and they brought to my attention the following Field Notice:
http://www.cisco.com/warp/public/770/fn9871.shtml
They are shipping replacement units no...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.