Search results for query: *

The messages that you talk about are Dead Peer Detection. As you can see, the dpd that you have received have bigger sn then the one that pix requested. So, it is a ugly problem with the clients. I would suggest a newer version of vpn client software. It looks like a bug. Or a conflict with...

In 2000 I did upgrade from 5.1 to 5.2 to 5.3 and in 2001 to 6.0 then 6.1 and now I wait for 6.2. You need a new license only when upgrade from 4.x to 5.x or 6.x. And this license is free.

Create /var/log/firewall.log with write permission for the user that run syslogd daemon. Then restart the syslogd with kill -1 "pid of syslogd". Anyway I don't advise you to make debug logging without filtering bogus messages - and there's a lot of unneeded messages. Under normal...

You missed something: 1. "logging trap debugging" on Pix. With this command you instruct Pix to send syslog messages. 2. Restart syslog daemon on linux with kill -1 "pid of the syslog daemon".

static [(internal_if_name, external_if_name)] {tcp|udp} {<global_ip>|interface} <global_port> <local_ip> <local_port> [netmask <mask>] [<max_conns> [<emb_limit>]] Works good only in Pix 6. Put a non 0 (zero) value to the <max_conns> and...

I understand your opinion. I tought too. But with [009\001] cisco-av-pair you can push diferent access-lists for every user group. Of course: you can push diferent dns, wins, domains for every user group. So every user group will have different access rights. PDM looks good, but I think it's...

I have 200+ clients connecting to internal network using VPN with Pix 515. Pix it's version 6.0.1. I deploy VPN Client 3. I also use xauth with Cisco Secure ACS 2.6. I have 3 king of clients with different access rights. I made a distinction between my clients based on username and password...

Do you configure your DNS server from named.boot file? Send me this file to gabi@bvb.ro to aloow me find the mistake from this file.

alias (inside) internal_server_ip_address external_ip_address 255.255.255.255 This will rewrite a DNS A record. You have a server with a ip address. This server reside on inside network. And this server has a static command that map real internal ip address into a internet address. When you...

Look a the &quot;alias&quot; command. This it's your problem.

Usually you’ll get this message when a packet has as destination address a PAT address cre-ated with global command. In this case you can ignore it. I get this message when the mail server that it’s in DMZ send an ident packet to a machine that access it through the PAT address. The explana-tion...

Pix 515 or higher have Intel card. If look closer you'll see an Pentium 200 processor. In Pix 535 they put a PII/500. RAM memory it's from PC world too. It will be more then possible to work another net adapter. But, you know, if you'll have any problem they will through you away. And you'll...

It will not work. Never. Pix doesn't route a packet to the interface that came for. In this case. ICMP echo-request came from inside interface and go to destination dmz interface. This one change the bit to echo-reply. But cannot send the pachet back to inside interface because the pachet came...

I made this today using Pix 6 with Cisco VPN Client version 3. With Cisco Secure VPN Client 5.2 and with 5.x version of Pix you cannot browse Windows Network. I actually extend a Windows NT domain over a IPSEC Tunnel. And it works ok. Without a domain you will see computers in Network...

It's this possible? I need for my laptop to change the hardware profile and get another address

#!/bin/sh grep $1 /var/log/pix.log |grep 304001|awk {'print $9'}| cut -f1 -d:|sort -nb| uniq |while read address do host $address done logging it's made on a unix machine in /var/log/pix.log from syslog server. I'm looking for 304001 message:&quot;user@ipaddress Accessed URL...

The alias command change the structure in a dns response so that a name will point to address of a machine that is on the same pix interface. If you ask a dns server that reside to other pix interface &quot;what's the address of xxx.dom.com&quot; the answer will be xxx.dom.com ip address that...

For a simple web server it's right what have you done. But, maibe, your web mail use another port beside 80 and Pix cannot extract from http trafic the needed port. You must look to syslog meesages that pix gives you. You must look for some deny messages.

It's a problem that came frident protocol. Your email server try to ident the sender of the email. It try to make a connection on port 113. I don't look to much at your configuration but from what I understand you get out with a PAT (many internal address to few global address). Using Pat, you...

1st: name you interfaces and give the a secutiry with command nameif. 2nd: give an ip to every interface. 3rd: define a nat with nat.... And a pat if you need with global ... 4th: make a static with static. Attach a conduit permit. don't forget! for testing you'll need: conduit permit icmp any...