Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
-
ASA 5505 newbie
robbhan - Ahhh, I see your problem. Your outside acl reads as: access-list outside_access_in extended permit object-group TCPUDP any host 192.168.10.35 eq www Well the destination host address you're using is 192.168.10.35. This is the IP address of the server on the inside. Well, when...- bell1996
- Post #4
- Forum: Security, hacker detection & forensics
-
ASA 5505 newbie
robhan - If you want folks from the "outside" to access your web server (which it appears you do), then you'll need an ACL to allow www into the DMZ. You'll need to add the following ACL: access-list outside-acl extended permit tcp any host 192.168.10.15 www Then apply the ACL to the...- bell1996
- Post #2
- Forum: Security, hacker detection & forensics
-
837 router firewall config to allow NAT passthrough port 80
Can you put the Web server on one of the PIX DMZ's? That would make it easier. That way you wouldn't need to implement firewalling on the 837 router.- bell1996
- Post #2
- Forum: Security, hacker detection & forensics
-
Cisco 501 Pix Configuration problem
What is the default route for the PIX? The PIX needs a default route. Is the PIX getting a default route via DHCP?- bell1996
- Post #2
- Forum: Security, hacker detection & forensics
-
Uplink two cisco routers using RJ45 x-over
Yes you can do this. Just get a standard RJ45 crossover cable. Very straight forward. -
Allow HTTPS traffice through 2811 router
It sounds like you have an ACL configured on an interface. To verify if you passing HTTPS just add this line to your current ACL: access-list 100 permit tcp any any eq https If you aren't using numbered ACL's and are using "named", then use: permit tcp any any eq https Once you have this... -
Installing IOS security
You got it. Double check that you have enough flash and DRAM for the image to function. If you have an external flash card, you can load the image to this flash card and then boot from the external flash card. This way if the image is not accepted the router will attempt boot off the nest...- bell1996
- Post #2
- Forum: Security, hacker detection & forensics
-
Cisco 1801 ACL/Access Control list assistance
First you have to allow via static NAT, all the ports you want to accessible to the world. All the statements should look like your first static NAT (which I just copied below); ip nat inside source static tcp 10.10.10.10 25 interface FastEthernet0 25 Second, your access-list 101 should then... -
Always on
HSRP usually does not cause an interruption in service. What I would suggest: 1) Enable EIGRP on the FR router and cable router (if you haven't done so already). 2) Configure an IPSec tunnel between the cable router and the other end (which you've done already) 3) Configure a GRE tunnel... -
Always on
Questions: How is the cable backup being done? Via an IPSec tunnel? IPSec and GRE? What routing protocol are you using? What I'm trying to get at here, is if you have a GRE/IPSec tunnel established with a routing protocol, the routers will have 2 ways to a destination. If one of the routers... -
offices on MPLS network cannot ping frame-relay site
The configs do help alot, but a show ip route from all routers would be more helpful. I'll continue to examine the configs. -
offices on MPLS network cannot ping frame-relay site
Could you post the routing tables for 4 sites. I'm suspecting it's a routing issue. -
Cisco 1841 access routing through VPN tunnel
Your access-list 103 should include any subnets you want to access. Just add the missing subnet.- bell1996
- Post #2
- Forum: Security, hacker detection & forensics
-
VLAN Creation
They do the same thing. The VLAN database will one day be eliminated. One way in not better than other. I prefer doing all my configuration in the global config mode. This way I can see all the commands (including the VLAN commands) when I do a show run. -
Router NTP and Win2K Server
Verify that your server is using the same port number as the router. Some devices use UDP port 37 with others use UDP port 123. I don't recall which port the router uses (I'll research this later). -
PIX 515e Routing Question.
Is the PIX configured for "split-tunnelling" for the VPN Client? Or is the PIX assigning all traffic to default on the client? If you're using split tunnelling make sure to specify the networks you want to access in you ACL's. Can you post you config? -
Natting source and dest with vpn help!!
petersb - You may want to setup a GRE tunnel between the two IPSec endpoints. Then setup the GRE tunnel as a NAT outside interface. Right now, you have IPSec and NAT on the same interface and it may be confusing the router. Usually, you don't NAT traffic thru an IPSec tunnel. But, it seems...- bell1996
- Post #2
- Forum: Security, hacker detection & forensics
-
Wireless Connection Problem - Want to connect
I have a pda with built-in 802.11b wireless connectivity. I follow the instructions to makea connection to the wireless network but it doesn't seem to be working. The wireless network name is displayed when I do a scan and it does get a signal. But, I don't get an IP address via dhcp. I try...- bell1996
- Thread
- Replies: 0
- Forum: Smartphones
-
Pix 515 and Authorization
I know you can use a MS Raduis server for authentication. Which I've setup in the past. I've never setup a MS Raduis server for authorization, but I'm sure there's a way to get it done. Are your engineers going to VPN thru the PIX to get to resources on the inside?- bell1996
- Post #2
- Forum: Security, hacker detection & forensics
-
2611 and CEF ??
I've worked with Cisco routers now for a long time and have never seen the command you are describing: ip load-sharing per-packet I did a lookup on CCO and found that command. It is specifically for the 10000 and 12000 series platforms. The regularing Cisco router series does not support this...
