Search results for query: *

I have a Cisco 1811 with the Advanced IP Services image. I am running into a problem configuring different types of IPSEC simultaneously. It appears to be mostly limitations I am running into with dynamic peers. Ideally, I would like to have the following set up: 1. Static IPSEC tunnels for...

For anyone else that might have a similar question in the future, I found a better way to do this. You can apply an access list to the crypto map entry as follows: crypto map <map_name> <map_priority> set ip access-group <acl_name> in

Sorry, I again misunderstood what you were saying (apparently haven't caught up on my sleep yet) That actually works out quite well for what I need. So I didn't have to duplicate everything in the outside interfaces incoming filter, I just did a deny of all the traffic from "interesting"...

That is a possibility, but I just don't normally like replying on other parties to maintain security for me... (It takes it out of my scope of control). I guess I could just put a PIX in there behind it to firewall the network. Thank you for your suggestions!

Actually, I may have initially misunderstood... this might work, but would only filter outbound (which is the opposite of what I want to do). This may work if I want to get REALLY restrictive, like only allow certain traffic between 2 hosts, but what I really need is to be able to restrict...

That is one of the things that I tried, and it didn't seem to do the trick. It appears that it is totally bypassing all ACLs on the interfaces.

AFAIK, you can only limit what traffic is outbound from your site (I only have control over 1 of the 2 routers involved). I need to be able to prevent incoming traffic.

I have mostly implemented IPSec tunnels on Cisco PIX firewalls in the past. After setting up a tunnel between a couple of Cisco IOS devices, I did some testing and found that IPSec traffic bypasses the access list on the outside interface. On the PIX, this is an option, so you can use "no...

I was able to find a solution after scouring Cisco's website for awhile. For anyone interested, it goes something like this... I added an exclusion for the 2 IPs that are being static NATed to the access list that controls dynamic NAT (I probably should have done that anyway). I then added...

I was able to find a solution after scouring Cisco's website for awhile. For anyone interested, it goes something like this... I added an exclusion for the 2 IPs that are being static NATed to the access list that controls dynamic NAT (I probably should have done that anyway). I then added...

Site A Has a Cisco PIX with Dynamic NAT and a single external IP. Site B has a Cisco 1811 with 2 Static 1:1 NAT entries, and the rest of the internal hosts on a dynamic NAT sharing an IP. There is an IPSEC tunnel between the 2 sites which works, except when trying to access hosts that have...

Thanks, I'll give that a shot.

Any other ideas on this?

Any ideas on how this can be done while using static NAT?

I have tried JFFNMS (jffnms.org) and Nagios among others. I've found that JFFNMS allows for a LOT more data than Nagios. On the other hand, Nagios is better if all you want is a simple "Up/Down" or "Red/Green" Status.

I technically could... Except that I need outbound connections from those internal IPs to use their static NAT entries (one of them is a mail server, so it needs to present it's proper IP on outbound SMTP connections). There has got to be a way to bypass NAT for certain addresses with Static...

10.100.x.x/16 is the local (Site B) network, and 10.4.1.x/24 is the remote (Site A) network. The NAT pool is just a range of public IP addresses. access-list 175 deny ip 10.100.0.0 0.0.255.255 10.4.1.0 0.0.0.255 The above works for every host except the ones that have 1:1 NAT entries. The...

Sorry, I forgot to mention. Access list 175 already denies those ranges currently. I am using the same exclusion list for excluding the dynamic NAT as I am for the static ones (via the pool). For some reason it is still not bypassing NAT, however. I am certain I am overlooking something. I'd...

Site A Has a Cisco PIX with Dynamic NAT and a single external IP. Site B has a Cisco 1811 with 2 Static 1:1 NAT entries, and the rest of the internal hosts on a dynamic NAT sharing an IP. There is an IPSEC tunnel between the 2 sites which works, except when trying to access hosts that have...