Search results for query: *

Hi guys, I'm just wondering as I've to do this in the coming days is there a particular procedure in upgrading the IOS on a 3750 Stack? Do I have to upgrade the IOS on all Switches in the Stack or just the Master? Thanks, Paul Paul Kilcoyne B. Eng. Innealtóir/ Engineer http://www.pknetworks.ie

I got it working, I was only inspecting ICMP traffic, so I just added DNS and HTTP. It's a steep learning curve. Thanks, Paul Kilcoyne B. Eng. Innealtóir/ Engineer http://www.pknetworks.ie

Hi again, I got ping working now from my laptop behind the ASA. There was an issue with NAT on the SSG. Again, my setup is as follows: laptop---ASA----SSG---InternetRouter-----INTERNET----FREE-DNS From my laptop I can ping the DNS server 208.67.220.220 But I cannot browse the Web. I moved...

Any help/ideas guys? Paul Kilcoyne B. Eng. Innealtóir/ Engineer http://www.pknetworks.ie

Andy, thanks again, I did as you said and added the following: class-map global-class match any ! ! policy-map global-policy class global-class inspect dns class class-default inspect icmp ! service-policy global-policy global This no joy. Here's some of the log output...

Hi, packet trace tool now works to IPs on the internet, don't know what changed :-) But when I do pings from the actual PC they fail :-( Paul Kilcoyne B. Eng. Innealtóir/ Engineer http://www.pknetworks.ie

Hi there, I did the packet trace again; The icmp packet passes the acl, Is nat'd, But the result shows the packet dropped with the reason: (sp-securit-failed) Slowpath security checks failed. Yes ADB100, you're right my networks is of the form: PC---ASA5550----SSG350----Internet...

Andy, thanks for the input. I've made the changes you suggested. I've now only one acl on the inside; any any permit IP Still not able to ping the dns server :-( Paul Kilcoyne B. Eng. Innealtóir/ Engineer http://www.pknetworks.ie

Here's my config: asaprimary# sh run : Saved : ASA Version 7.2(4) ! hostname asaprimary domain-name vmware.com enable password vs58aXBRi4lxH.QI encrypted passwd 2KFQnbNIdI.2KYOU encrypted names name 194.196.148.0 ATT_Network description from AT&T Router name 10.20.30.2 DMZ_interface...

Hi thanks for the reply. I can ping the DNS server from the internet. In my security policy table I have a rule allowing ping and DNS through. I run the Packet Trace tool and ping from a host on the LAN to the default gateway and it fails saying that the Implicit Deny rule has blocked the...

Hi, I'm not sure what you mean by inspecting DNS traffic. I've all IP traffic allowed through my firewall as far as I can tell but I cannot ping the dns server (208.67.220.220)from behind the firewall. Any ideas why I cant even ping? Thanks, Paul Kilcoyne B. Eng. Innealtóir/ Engineer...

Hi, I'm having a problem with my 5550 whereby DNS queries from a pc on the lan is being blocked eventhough I've all IP traffic allowed from the lan. Here's my alarm: 172.16.30.x 208.67.220.220 Deny inbound UDP from 172.16.30.x/57671 to 208.67.220.220/53 due to DNS Query Any ideas? Thanks...

Hi again, is it possible to do static dhcp on a cisco switch? I found a document here: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t11/feature/guide/gtdhcpsm.html#wp1060281 But I don't have the "origin" option within my DHCP configuration. Is there any other way of doing this? Thanks...

OK so once the new switch is running a similar release IOS adding it to the stack should work fine? Paul Kilcoyne B. Eng. Innealtóir/ Engineer http://www.pknetworks.ie

Hi there, I have a stack of four WS-C3750-48PS-S Switches on the user lan. I have one WS-C3750G-48TS-S that was assigned to training that now needs to join the user lan. Is it possible or even advisable to add a WS-C3750G-48TS-S to the current stack?? Thanks, Paul Kilcoyne B. Eng...

Hey, I got it working, thanks for the tip. I went to: configuration>Properties>Device Access>HTTPS/ASDM> selected my DMZ interface with the source 0.0.0.0 0.0.0.0 Thanks a million, won't have to think about this over the weekend now :-) Paul Kilcoyne B. Eng. Innealtóir/ Engineer...

Hi there, I've given up on https access for the time being. Is there any way to ssh to the outside interface of an 5550? Thanks, Paul Kilcoyne B. Eng. Innealtóir/ Engineer http://www.pknetworks.ie

Hi, I have a newly installed ASA behind our outer firewall, I want to be able to access it from the Internet via the ASDM java programme. What port would I have to forward to allow ASDM access? Thanks, Paul Paul Kilcoyne B. Eng. Innealtóir/ Engineer http://www.pknetworks.ie

Great, thanks again. So I can configure my cisco router/ switch to do GLBP on the two interfaces my ISPs are connected into. I'll let you know how I get on. Paul Kilcoyne B. Eng. Innealtóir/ Engineer http://www.pknetworks.ie

Lastly, will this implementation of VRRP load balance internet traffic or will it just chose one ISP always above the other similar to redundancy? Many thanks, Paul Kilcoyne B. Eng. Innealtóir/ Engineer http://www.pknetworks.ie