Search results for query: *

I am having the same problem at the minute and unfortunately haven't fixed it yet. However, I think that the problem may relate to NAT. I can see that your Checkpoint has Natting setup for Exchange. How is this setup? Do you perform any Nat from your router > firewall? I also want to get to the...

Our company recently merged with another company and we are migrating into their AD domain. I need to move from our DNS servers that all hosts are currently using to a new DNS server that is installed on the new domains local DC. There is currently a 2 way trust between our domain and their...

My config allows all ip traffic to pass in both directions between the outside and inside interfaces of my pix 501 even though they are on different subnets as shown below: - ip address outside 10.0.0.253 255.0.0.0 ip address inside 192.168.0.253 255.255.255.0 I have the following ACLs setup: -...

Update, I have tried to get RIP working without success to route between the 10.0.0.0 and 192.168.0.0 networks. The only way I have managed to get successful pings from the 10.0.0.0 to the 192.168.0.0 network is to add the static statement "static (inside,outside) 10.0.0.150 192.168.0.1 netmask...

System IP Addresses: ip address outside 10.0.0.253 255.0.0.0 ip address inside 192.168.0.254 255.255.255.0 Current IP Addresses: ip address outside 10.0.0.253 255.0.0.0 ip address inside 192.168.0.254 255.255.255.0 CP501FW(config)# sh access-list access-list...

Ok, I am getting a little closer now. I now get replies when I ping the LAN (10.0.0.0/8) from the DMZ (192.168.0.0/24). I added the following to my config to get this to work: - access-list allow_icmp permit icmp any any access-group allow_icmp in interface outside access-group allow_icmp in...

Above I asked if it was possible to use the 2 internal interfaces... however I have just been reading and as I am using the pix 501 it only has 1 outside interface and 1 inside interface (not 2). Is this correct?

All I am basically wanting to do is to implement a DMZ that is protected via the Pix. Any traffic that is destined for the DMZ must pass through the Pix first. I already have a Perimiter Router / firewall in place protecting the LAN. The Perimiter Router is performing NAT with an internal IP...

ok, I have added the following but still no joy :( nat (inside) 0 0.0.0.0 0.0.0.0 0 0 nat (outside) 0 0.0.0.0 0.0.0.0 0 0 Can anyone point to where I am going wrong?

What is the syntax for this nonat rule? - i am having trouble locating documentation on it.

Some more information... I turned on debug icmp trace and pinged from a server in the DMZ to the inside interface and the outside interface. here are the results: - CP501FW# sh ip address System IP Addresses: ip address outside 10.0.0.253 255.0.0.0 ip address inside...

My LAN ip address is currently 10.0.0.0/8. I would like my DMZ to be 192.168.0.0/24. From the above config I can ping both networks on the pix successfully. However, if I ping the LAN from the DMZ or the DMZ from the LAN I get no response. Do I need to setup ACLs or routing for this?

I am looking at setting up a DMZ as follows: - Internet > router > pix -------> dmz / isa > web servers ¦ ¦-----> lan I want to set up the DMZ with a 192.168.0.0 address. At present I have my Pix setup with the outside...

This is for WWW traffic and not specific site to site. Basically I will have various customers connecting to my network via the Internet using SSL. I need to ensure that should one ISP Internet connection become unavailable then the other can be used as failover. Ideally I want to load balance...

Hi, I have a requirement for 2 seperate Internet connections from 2 different ISPs to my network. This is to provide redundancy in the case of one failure. I would like to load balance these connections and configure the routers for failover should one go down. Is this configuration possible? I...

Thanks for the replies :) The load balancer is a great idea but I also have a copy of ISA server which I know will also be able to perform this function so I may just use that. If I do use the ISA then the pix is pretty much useless :( and one of the reasons I got the Pix was to learn how to...

Further to just getting my Pix working in the DMZ to manage all port forwarding I think I have encountered a problem that is looking unlikely the Pix is able to handle. My Setup is as follows: - Internet > (public ip address)Router(NAT enabled - ip 10.0.0.254) > DMZ / Pix (10.0.0.253) >...

YES :) You beauty, that did it. So the reason this was occuring was that the traffic was getting to the pix but the pix did not have a default route setup for the outside to send traffic back. Great stuff and many thanks!

I have ditched the DMZ as suggested and enabled a simple port forward for SSH (SSH is predefined within the routers port forward rules just needed to be enabled) to my Pix. Unfortunatley I still get a timeout. I am using Putty SSH Client and I get the following errors in the client log file: -...

here is my config: - PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password ######## encrypted passwd ########## encrypted hostname CP501 domain-name mydomain.com fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup...