Search results for query: *

the two PIXs are not identical for configuration but for the PIX i complain from , the traffic is sourced from inside interface , and no access-list is applied for the outbound direction. In other words nothing is restricting the outbound connection except the default inspection policy.Regarding...

Sir, You may try this ip access-list extended PC2-TRAFFIC permit tcp any host 10.0.3.1 ip access-list extended RDP-TO-PC1 permit tcp any eq 3389 host 10.0.2.1 class-map match-all PC2 match access-group name PC2-TRAFFIC class-map match-all PC1 match access-group name RDP-TO-PC1...

sir, i have new thing really strange, i repeated my test but behind another Firewall 525 with OS 7.2 with the same default inspection policy , and it worked, but my current PIX i use 515 with OS 7.2 also is not working, do u think the PIX itself has some problem?!!!

Dear sir exim mta is the mail server type you asked

Sir, I did what you told me but i got nothing helpful, logging jus showed some TCP or UDP connections to some IPs and most of them were google.com, i couldn't see one connection opened to port 25 as a destination IP address!! sorry for being late to reply you and thank you for help

Hi sir, i mean the opposite. In other words my customer was not working until i removed this inspection and then it worked. I guess esmtp inspection works on inbound connection not on outbound specially my customer intiates an outbound connection from inside to outside. Here below the global...

Hi, By default the PIX inspect smtp on port 25 or even in new versions 7.2 inspect esmtp on the same port , and i as i read it's for traffic coming from higher security interfaces to lower not the opposite . I had a client behind my secure zone trying to use an external smtp, and he use it...

i guess it's a default behaviour ofr OS 7.2 , as it sees it as a more security for authentication ( i.e no workarround to disable it) In other words just create any local account on your PIX ( not a must to configure a real ACS or AAA)

Hi, Thank you for your help.I already solved it, i just was confused as i thought at the begining changing from global configuration mode the default inspection for FTP service would change globally the whole inspection process plus replacing it with the new policy not adding to this policy (...

Hi, I faced the same problem, and the solution was by removing the whole configuration regarding VPN based IPSEC ( ISAKMP, CRYPTOMAP..etc) and put it again, and even with XAUTH configuration, you will find the PIX prompts you ( as a VPN client) to enter a username and password, so tro to create...

sir, First my OS is 7.2 not 6.x, second i don't want to globally modify the default behaviour of the PIX for its special handling to FTP traffic ( i.e for only specific client FTP traffic). Third why with using show conn i found that the connection is UIOB ( UP,Inbound traffic,Outbound traffic)...

Hi i have a problem with my PIX in dealing with ftp at different non-standradr port ( e.g 2121). I opened for the client this port and he configured his IIS ( Microsoft correctly no doubt about that). So once i connect to that server on that port ftp://IP:2121 the connection is up through the...

Here is my config, putting into your account that my VPN i complain from is with vpn name "admin". I also enabled VPDN(PPTP) as a backup solution if i have problems from IPsec VPN Note: also i have aborted some configurations like my access-list, naming, static nating that won't add any kindl...

Hello, Any updates please regarding this case? Today i have found that every thing is O.K and all routes exist in my routing table after connecting successfully but nothing is pingable..even after many resets..but in vain

Sir, i have done what you recommended but the PIX doesn't log any activities from vpn client whether if i could successfully ping my target or not ( i.e in the case of reachable target , i can not evn see my actvity on my PIX although i have enabled loging on level 7!!!). I'm not sure if that...

Sometimes i see the same problem (symptom) but using IPSec even with a dedicated pool for my VPN clients , sometimes i connect and take an IP address but i can not ping any thing

Thanks for help , but even if the specs for my new memory were not compatable with the original one, why when rebooting the switch again using the original one, i got the same error that i had when i used the new one?!!. Does this mean that the new ( let's say now non-compatable memory) made...

Hi, i have a specific server beyound my PIX 525, one day i had many sessions ( all were coming from legitimate users) but each IP address has more than 50 connections with my server , it was shows by the command show conn , and for sure each user is utilizing my server resources, so my target...

Hello, I had a problem while i tried to upgrade the memory on my 8690 SF on my passport 8600, as while rebooting the switch logged that the intialization failed for this card 8690 because the CPU can not read from a specific location in the sram, which caused the sawitch to fail while...