Search results for query: *

robbhan - Ahhh, I see your problem. Your outside acl reads as: access-list outside_access_in extended permit object-group TCPUDP any host 192.168.10.35 eq www Well the destination host address you're using is 192.168.10.35. This is the IP address of the server on the inside. Well, when...

robhan - If you want folks from the "outside" to access your web server (which it appears you do), then you'll need an ACL to allow www into the DMZ. You'll need to add the following ACL: access-list outside-acl extended permit tcp any host 192.168.10.15 www Then apply the ACL to the...

Can you put the Web server on one of the PIX DMZ's? That would make it easier. That way you wouldn't need to implement firewalling on the 837 router.

What is the default route for the PIX? The PIX needs a default route. Is the PIX getting a default route via DHCP?

Yes you can do this. Just get a standard RJ45 crossover cable. Very straight forward.

It sounds like you have an ACL configured on an interface. To verify if you passing HTTPS just add this line to your current ACL: access-list 100 permit tcp any any eq https If you aren't using numbered ACL's and are using "named", then use: permit tcp any any eq https Once you have this...

You got it. Double check that you have enough flash and DRAM for the image to function. If you have an external flash card, you can load the image to this flash card and then boot from the external flash card. This way if the image is not accepted the router will attempt boot off the nest...

First you have to allow via static NAT, all the ports you want to accessible to the world. All the statements should look like your first static NAT (which I just copied below); ip nat inside source static tcp 10.10.10.10 25 interface FastEthernet0 25 Second, your access-list 101 should then...

HSRP usually does not cause an interruption in service. What I would suggest: 1) Enable EIGRP on the FR router and cable router (if you haven't done so already). 2) Configure an IPSec tunnel between the cable router and the other end (which you've done already) 3) Configure a GRE tunnel...

Questions: How is the cable backup being done? Via an IPSec tunnel? IPSec and GRE? What routing protocol are you using? What I'm trying to get at here, is if you have a GRE/IPSec tunnel established with a routing protocol, the routers will have 2 ways to a destination. If one of the routers...

The configs do help alot, but a show ip route from all routers would be more helpful. I'll continue to examine the configs.

Could you post the routing tables for 4 sites. I'm suspecting it's a routing issue.

Your access-list 103 should include any subnets you want to access. Just add the missing subnet.

They do the same thing. The VLAN database will one day be eliminated. One way in not better than other. I prefer doing all my configuration in the global config mode. This way I can see all the commands (including the VLAN commands) when I do a show run.

Verify that your server is using the same port number as the router. Some devices use UDP port 37 with others use UDP port 123. I don't recall which port the router uses (I'll research this later).

Is the PIX configured for "split-tunnelling" for the VPN Client? Or is the PIX assigning all traffic to default on the client? If you're using split tunnelling make sure to specify the networks you want to access in you ACL's. Can you post you config?

petersb - You may want to setup a GRE tunnel between the two IPSec endpoints. Then setup the GRE tunnel as a NAT outside interface. Right now, you have IPSec and NAT on the same interface and it may be confusing the router. Usually, you don't NAT traffic thru an IPSec tunnel. But, it seems...

I have a pda with built-in 802.11b wireless connectivity. I follow the instructions to makea connection to the wireless network but it doesn't seem to be working. The wireless network name is displayed when I do a scan and it does get a signal. But, I don't get an IP address via dhcp. I try...

I know you can use a MS Raduis server for authentication. Which I've setup in the past. I've never setup a MS Raduis server for authorization, but I'm sure there's a way to get it done. Are your engineers going to VPN thru the PIX to get to resources on the inside?

I've worked with Cisco routers now for a long time and have never seen the command you are describing: ip load-sharing per-packet I did a lookup on CCO and found that command. It is specifically for the 10000 and 12000 series platforms. The regularing Cisco router series does not support this...