Search results for query: *

First of all, you need at least IPSO 3.9 or higher to run NGx R60, and as far as I know, IP330 does NOT support IPSO 3.9 or higher. Secondly, the processor on the IP330 is an AMD low end processor. After installing ipso and NGxR60, you will 100% CPU utilization, even in distributed mode. I am...

lynx is gone in 4.x. You have to use stupid "clish" now. stupid nokia

1) As stoo said, you should be using lynx if you have Nokia 2) You should be using "sysconfig" if you have SPLAT. 3) If you really know what you're doing, you can use "dbset" to change IP address. to go even further, you can even edit the /config/active file to accomplish what you want...

Yes, but only if you use version 7.x

do this: static (inside,dmz) 192.168.64.0 192.168.64.0 netmask 255.255.255.0 access-list dmz_access_in permit icmp any any log access-list dmz_access_in permit tcp 192.168.66.0 255.255.255.0 any log access-group dmz_access_in in interface dmz After that, you can telnet from inside to dmz

access-list outside permit icmp any any log access-list outside permit ip any any log access-group outside in interface outside that will work.

I've never dealt with Pix501 so I am not sure if pfs is supported. I only dealt with 506, 506E, 515, 515E and higher model and I know pfs is supported because I've done it many times.

you need this statement: isakmp identity address crypto map monovpnmap 10 set pfs group1 that will enable psf on phase II to match with the other side.

you need this statement: crypto map monovpnmap 10 set pfs group1 that will enable psf on phase II to match with the other side.

access-list outside permit udp any any eq 500 access-list outside permit esp any any access-group outside in interface outside

do this and it will work: isakmp keepalive 20 that will force the vpn connection to stay active. let me know if it works for you.

you don't. Use "yahoo.com." and it will block everything to "yahoo.com". Use "yahoo.com.uk." and it will block everything to yahoo.com.uk.

you can use the following: source = your network destination = yahoo.com, msn.com (create objects with domain) Service = Any Action = Drop Just make sure you have DNS Server entries on the Nokia Enforcement module (i.e. when you do nslookup from the nokia for www.yahoo.com, it can resolve to...

hi, do this: isakmp nat 10 You need to tell the pix 501 that the client may be behind a firewall. That way, pix will use nat-T and it will work. Try it and let us know. wirelesspeap CCIE security

Hi There, What you are trying to do is perfectly achievable. That being said, I think you need NGx to do that. What you are trying to do is "according to cisco" OSPF via GRE and tunnel everything via IPSec. I know how to do that with Cisco but I don't know how do that with Checkpoint...

Hi, You have to perform "double NAT" on both end of the tunnels. It is a pain in the ass to setup. I've setup quite a few and if you're not careful, you can bring down your network altogether. I would strongly suggest that you throw away the Pix firewall and go with Checkpoint Firewall...

Hi, In order to accomplish what you described, you need third party applications such as Websense or N2h2 for that. The other alternative is to throw away the Pix firewall and put in checkpoint. Cisco Pix firewall is overrated. wirelesspeap CCIE Security

on the pix, type in this command: isakmp nat 10 that will enable nat-traversal and it will use udp port 4500 instead of ESP if the client is coming from behind a firewall.

It seems to me that the file you downloaded is corrupted somehow. You may want to download and try it again.

destination address should be your internal network. if you do NOT change the "sysopt connection permit-ipsec", it means that he can initiate traffics from his end also. "sysopt connection permit-ipsec" is a dangerous command. It allows the IPSec traffics to bypass ALL of your ACL. In other...