Search results for query: *

I had lots of trouble in the past trying to get a Sonicwall E5500 to work with my ASA's. Basically when the tunnel comes up from the other IP, it doesn't rekey properly. I could get it to come up if I connected to the sonicwall GUI and deleted the active tunnel and let it rekey (most of the...

I am pulling my hair out trying to get this to work! I have other NAT/PAT entries for different IP addresses that work fine (DNS/WEB/SSH) but when I try to visit a website they show the IP of the outside interface, so it doesn't appear to be a static NAT. I have a scrubbed example (using...

Which version do you have? I know there is a big difference between 8.2 and lower vs 8.3 and newer.

thread558-1646990 Not sure how to reply to it, but the problem was that the vlan's weren't forced to be active. Depending on the switch, the command is either "vlan active" or "state active".

The ASA's in the diagram are a hot/standby failover pair. I cannot ping the secondary interface any more now that I moved them onto the 2nd switch. It's as if the switch isn't passing the vlan traffic to the other! I show that spanning-tree has blocked the 4gb link in the diagram between the...

The ASA isn't coming into the picture if a device in the same subnet and vlan can't ping the other! Yes the different colors indicate different vlans and subnets. The 4gb/5gb/8gb links are trunks that should be passing all vlans across all the switches.

That was the only way I could actually get it to accept the commands at all! I couldn't find a 5224 config online, I was hoping someone out there might have one to show me.

The only thing I can see that might be a problem is the NAT/global rules. You have 0 in there for no_nat for the VPN, but the rule after that I don't think can be the same for different interfaces, I think you should have: global (outside) 1 interface global (outside) 2 2nd_ip global (outside)...

The switches aren't doing any routing, the ASA is. sw1 and sw2 are not stacked, they are Dell 5448's. The problem appears to somehow be with the VLANs or spanning tree or something, because the devices on sw2 in those 2 other subnets can't even be seen by devices in the same subnet as they are...

To be honest, the advertised speeds by most cable companies aren't indicative of what you actually get. They do traffic shaping on their end, such that the first few packets of a connection go through faster than subsequent ones so that those speedtest websites show you have a fast link. I'm...

More information is needed. Is access-list 100 on the outgoing ACL? A pix wouldn't need those deny statements, it would do that by default. A router would though. But assuming those things then it should work yes.

I don't think the PIX 501 was ever intended to allow unlimited connections. if I recall it has a very slow CPU and very little memory! I've never seen one that has more than 50 workstations behind it and more than a few public IP addresses!

I'm not sure this is what you want then, if you are going to have 2 different locations (connected via a VPN over the internet?), you'd want 2 routers to connect the 2 locations, or maybe 2 firewalls depending on the situation. We'd need more information about the network setup at each location...

I have 4 switches, 2 are Dell 6248 (sw1 and sw2) and 2 are Dell 5224 (sw3 and sw4). I can create a 2-port trunk between the 6248's no problem, but I cannot create a trunk to the 5224's without it causing a broadcast storm. I have googled for examples and I don't see what I am doing wrong. For...

Ok, I have cleaned the config so there might be duplicate items here. sw3/sw4 are actually 3750-X switches in a stack. http://nosebreaker.com/sw1-scrubbed.txt http://nosebreaker.com/sw2-scrubbed.txt http://nosebreaker.com/sw3-scrubbed.txt http://nosebreaker.com/sw4-scrubbed.txt

I thought the 3750-X switches had 10g modules you could add to them. The cisco page seems to show the module has 2 10gb fiber links.

So are you trying to do policy routing (if traffic from X go out Y interface)? I'm not sure you can do that with that hardware. You can set traffic going to a specific destination (all traffic going to Z go out Y interface) to go out one link instead of another with regular route commands. If...

I have 4 switches set in a partial mesh: sw1 <-> sw3 | | sw2 <-> sw4 I have an asa5510 plugged into sw1 and sw2, with a few vlans. The problem is that servers plugged into sw2 on 2 of the vlans cannot be seen by anything else! Servers in the same vlan on sw1,2,3 or 4 can see each...

I ended up doing a vpn from the router instead, but its being torn down today anyway. I'll see if I can close this thread.

No NAT on the router. The BGP routed public /24 gets routed to the firewall and it uses that for its outgoing block. The firewall does static translations for some of the IP addresses though. The router isn't using the IP's, they are sent via BGP down the line.