Search results for query: *

for anyone that may have been following or was interested, the fix came from using a secondary IP address. I kept running into PAT issues trying to statically NAT the ISA server with the outside PIX interface address. Once we got a secondary address I nat'ed that to the dmz and everything was...

need more info. what inbound services (if any) are needed to be opened? what site to site vpn's (if any) do you have? what restrictions do you want to set for Inbound traffic? what restrictions do you want to set for Outbound traffic? Any DMZ's? you can look at other post to get an idea of a...

sometimes using udp helps but it looks like you were doing this already. another way around this is if you have any extra public IP's available you can do a static NAT translation for your PC on the inside network going out with the vpn client. I don't know how many internal users have vpn...

to allow ping replies from inside LAN out and back apply the following access-list: access-list Outside-In permit icmp any any echo-reply add any other rules needed and then bind it to the interface with: access-group Outside-In in interface outside. Assuming there are no other firewalls...

Hi all, Have problem here and would appreciate anyone's help. Scenario: Cisco pix 515 w/ 3 int MS ISA server w/ 2 int (one in dmz, one in lan) currently 1 public IP via cable modem (possibly might get a second one from ISP - pending) setup: Inet -> Pix -> network 192.168.3.0/24 |...

so, I CAN do a 1 to 1 nat to the outside address even if it's the only IP address available and already in use by the global NAT/PAT? I thought it would run into problems in the translation tables.

Hi all, simple question: I have a PIX 515E with only one usable public IP address. I have the single address used as the global NAT/PAT for all users and it's also the endpoint to the Internet for my inbound VPN connections. I need to do a static NAT to an inside host on port 25 as this...

As Sobak said, clear your routers cache(s) if they haven't been done since the NAT address changes. Clear any translations current. Also, check to make sure it isn't a simple routing problem. What is the default gateway of your Webserver?

I've seen this before out in the field too. In my case, it was like Sobak where the Static entries were hung but the dynamics were ok. I just assumed at the time it was some kind of buffer overflow from the web and cleared transactions and wiped out the arp cache. It never came back (yet) but...

Does native Win2k Terminal Services support local com port mappings? I can do this in Citrix, but I can't seem to get TS to map a local com port using the net use com1 \\client\comx commands... Does anyone know for sure? This will be used for some hand held pocket PC's using MS active sync on...

thanks. just wanted to be sure.

Hi all, Using version 6.3 software on PIX 515. Our provider only gave us 2 usable addresses on a /30 network some time ago. Can I implement a VPN to it with only one address or do I need seperate addresses (one for the firewall and one for global PAT & everything else) not sure if connecting...

Hi all, this is more of a native W2k Terminal server question but the functionality is similar so I am posting here. Goal: Get Compaq Evo thin clients connecting to our W2k Terminal Server to work with handheld devices using com ports. Intend to use MS Active Sync for data transfers. The idea...

Hi all, Need help/advice: Goal: Get Compaq Evo thin clients connecting to our W2k Terminal Server to work with handheld devices using com ports. Intend to use MS Active Sync for data transfers. The idea is that maintenance will log/use handhelds and then upload/sync data up to the server's...

Hey, thanks for the followup. I originally had two acl's bound to both inside and out by 2 access-groups. It didn't work at all, but I may have missed something. I will rebuild the 2 lists, and try again to see..... thanks. stay tuned.... :)

...along the lines of "faster provider", you could be running into legitimate speed issues. You didn't specify whether both PIX's were configured equally allowing the necessary TS traffic to each other, so I'm going to assume the configs are fine. That being the case, your problem is...

Yes, this can be done. In PIX, you can set up a client to site VPN as you have done, and allow your remote user access to the Internal network and also be able to not use NAT for external web usage. The key is DNS. Internal DNS makes this possible, if you are not using internal DNS, and...

as stated by previous poster, in your PIX config you must allow inbound connections for smtp (port 25) and forward them to an internal host. post a sample of your config (doesn't have to be exact as you should not post your passwords, etc.) and change your IP addresses if desired but leave all...

Hi all, Using PIX 506 v6.2(2) between 2 networks. Trying to prevent users on inside from accessing any services on the outside other than specified services/hosts per access-lists. Have setup something like below: inside IP: 10.10.10.254 /24 outside IP: 99.99.99.99 /24 access-list outbound...

could you guys tell me via scripting how to send and email and cc someone from the command line? Maybe I can test Outlook this way as it doesn't appear to be a problem outside of the Outlook install on the Citrix server. All of our other in-house users use the same internal smtp server with...