Search results for query: *

Nat-Control is only giving the nat funtioanlity nothing else so if you doen't need nat then disable it. Actually, nat-control forces the use of natting statments. If there isn't a corresponding nat statement the traffic is denied. Nat-control does not enable or disable the nat ability. You can...

ndic, I have as ASA5510 with the AIP-10 module I'm looking to offload. You interested? Brent Systems Engineer / Consultant CCNP, CCSP

It depends on networks and goals. Can you post a config and a topology that you want to achieve? Brent Systems Engineer / Consultant CCNP, CCSP

Yes you do need an nat exemption acl. The standard practice is to make a site2site acl for each site (designate interesting traffic) and then a single nat exemeption acl that lists ALL the no nat traffic statements. Brent Systems Engineer / Consultant CCNP, CCSP

You can do it by QoS Take a look at this - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml Brent Systems Engineer / Consultant CCNP, CCSP

Sorry, stupid iphone. Just saw this interface Ethernet2 shutdown nameif DMZ security-level 50 ip address 172.31.1.254 255.255.255.0 just go into the interface and do a no shut Should be good to go. Brent Systems Engineer / Consultant CCNP, CCSP

Route dmz 172.32.2.0 255.255.255.0 172.31.1.1 Brent Systems Engineer / Consultant CCNP, CCSP

Ssh or telnet on the management port. It should grab an ip by dhcp. You need to know the passwords. 1st login username = pix password is your telnet password the type enable and your enable password and you are ready to config. Brent Systems Engineer / Consultant CCNP, CCSP

What does your router config like? Brent Systems Engineer / Consultant CCNP, CCSP

Really just set up squid on a cheapo Linux box. Only allow the Linux ip out using acls. Problem solved. Brent Systems Engineer / Consultant CCNP, CCSP

You should be good with those. Just get the right ios version. Brent Systems Engineer / Consultant CCNP, CCSP

Pix won't do that unless you have a proxy server Brent Systems Engineer / Consultant CCNP, CCSP

Your acl format is wrong acl_name permit tcp source_ip destination_ip eq port Brent Systems Engineer / Consultant CCNP, CCSP

Use the cli. It's cheaper, faster and much much safer. Brent Systems Engineer / Consultant CCNP, CCSP

Post your scrubbed config Brent Systems Engineer / Consultant CCNP, CCSP

access-list outside_access_in permit tcp any interface outside eq 13000 access-list outside_access_in permit udp any interface outside eq 13000 access-group outside_access_in in interface outside Brent Systems Engineer / Consultant CCNP, CCSP

Not really. Setup your own and make it the only ip to be allowed web traffic. Brent Systems Engineer / Consultant CCNP, CCSP

access-list inside-out extended permit udp any host 208.67.222.222 eq dnsix should just be dns Brent Systems Engineer / Consultant CCNP, CCSP

sure Brent Systems Engineer / Consultant CCNP, CCSP

internet router | switch | | --------------------- | | | |...