Search results for query: *

I'm running ASA 8.0(3)6 routed, single context. We are running ipsec vpn on both the external interface and the internal interface. We are connecting with ezvpn clients (871 cisco routers). The client IP addressing is configured on the client. Management is now having us use the connections...

Thanks for the help. Shortly after this I figured it out and that's exactly what I did. I forgot about the "new" packet tracer feature which helped A LOT. Thanks!

I am using a 5540 to allow vpn users access to our network through the outside interface. Users cannot access our webdmz interface that resided on the same device. "ASA-3-305005: No translation group found for tcp src outside:192.168.100.15/1673 dst webdmz:10.72.1.19/80 192 being the address...

Is it possible that the FTP server you are connecting to is denying the client based on the IP address hitting the FTP server (or allowing only certain IP's? If you are getting access denied from the FTP server then it's the only thing that could be the problem. For example; I connect to a...

I don't see any routes. Maybe you had just not included them. Here is some info for you http://www.cisco.com/en/US/customer/docs/security/pix/pix63/configuration/guide/pixclnt.html#wpxref36759 You want to also enable debug vpn to see what is going on.

There is just too many variables to tell you exactly.\. If you had that box unchecked to begin with then the problem lies in your rules.

Is the "Access Denied" message from the ISA server or is it from the FTP server? Can you connect to any other ftp like ftp.microsoft.com if you include ftp.microsoft.com in your existing rule set?

Maybe I answered my own question already CERN = UNIX proxy?

Sorry if the question is silly but... Is ISA a CERN proxy?

Open ISA MMC Right click the ISA server under "Servers and Arrays" and choose properties. Go to the "Outgoing Web Requests" tab and uncheck the "Ask unauthenticated users for identification" check box. This will allow you to use your rules if you want to ask for auth or not.

www.isaserver.org will help you a lot.

It sounds like the registry key for connections has become corrupt and you will need to replace with the original. This happened to us when we changed proxy settings on 2000+ systems. Use the following reg entry to overwrite the corrupt keys with this (make a .reg file and copy paste this into...

Did you add an access list on the dmz interface that allowed access from the DMZ server to your internal DNS servers on port 53?

Or use a host file entry on the server

Our company is directly connect to a partner but have seperate LANs, DNS, etc. and are seperated by a firewall. Our company NATs our address and they NAT their address. Both companies access each others resources. Their dns uses one.com for resolution of our address in their private DNS. We...

Hmm, I did read almost the same text but the text from the command reference uses BIA and virtual in the same statement so I making up a MAC address seems to be what's needed. I configured our 6.3 PIX a couple of weeks ago with the BIA of the inside and outside interfaces, I better go back to...

Hmm, I take it you're not talking PIX here. Although not supported with 6.3 PIX OS, we use command authorization sets for our routers and switches. Here is a good link...

Can someone clarify my understanding of how to specify MAC address for failover mac address command (single context) I've read the docs and a couple of books and the help but the term "virtual" keeps rearing it's head and throws me for a loop. failover mac address phy_if active_mac standby_mac...

Very simple. (don't forget to remove your original acl. ) access-list acl_outside permit tcp 10.128.254.0 255.255.255.0 host 192.168.254.2 eq http ----- [no] access-list id deny | permit {any | prefix mask | host address}

Your VPN Clients are connecting to a site on a DMZ segment? If yes, is that the site they can connect into? If not, does your VPN device need new routes? What are your logs saying?