Search results for query: *

Hi all, Thanks for your answers. I'll have a look at the memory next time the pb occurs. Right now, every goes OK and the "sh mem" gives me this : Free memory: 4419240 bytes Used memory: 12357976 bytes ------------- ---------------- Total memory: 16777216 bytes

Hello everybody, I've got a strange situation at the office. Our outside FW is a PIX 501, and 2 times a day I have to "clear xlate" to allow users to access to the internet. What happens is likely that we reach some kind of PAT limit on the PIX. Most users can still access the internet, a few...

Well, I continue my thought : Is this correct : To allow VPN clients to reach the remote site, I should had statements in the NoNAT ACL like : access-list NoNAT permit ip 10.12.2.0 255.255.255.0 10.3.3.0 255.255.255.0 access-list NoNAT permit ip 10.12.2.0 255.255.255.0 192.168.2.0...

Ok, thanks, I'll try this tonight (I can only work in real-time on RAS VPN from my home, as I haven't direct Internet Access at work). Will this split-tunnel configuration also allow the Client VPN to reach the remote Office through the site to site VPN ? Myster

Triplejolt, in fact, the internal FW, the IPtables one, doesn't make NAT, it's just routing packets accordingly to the firewall rules. I finally achieved reaching the internal network, I just missed needed statements in the ACL :-) Here is my *final* config.... The main reason it was'nt...

WOUHOUHOUHOUHOU !!!! Well how to tell that :-). I took all the informations you all gave me, plus a sample config from Cisco web site reproducing the same architecture, are here we are !!! It's finally working. To give simple explanation, I took the ACLs and I separeted the one concerning the...

D'oh !! I just thought about something : I'm using this : crypto ipsec transform-set toyota esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set toyota crypto map bmw 1 ipsec-isakmp crypto map bmw 1 match address 101 crypto map bmw 1 set peer 66.XXX.XXX.4 crypto map bmw 1 set...

Well, I can confirm that, as PIX-501 only has 2 "interfaces" (1 out, 4 in), the only solution was to make the DMZ a transit zone to reach our internal zone. I must also say that I've tried defining 2 policies, but it resulted in site-to-site VPN failure. Moreover, policy 1 matches both...

Ok, I see what you mean and I understand your explanations. These are excerpts from the whole config, as stated at the beginning of my post : name 10.12.2.0 ld_ras_lan [...] ip local pool ld_ras_pool 10.12.2.1-10.12.2.254 [...] access-list 101 permit ip 192.168.70.0 255.255.255.0 192.168.2.0...

Well well well... First of all, my VPN pool is now the 10.12.2.0/24 full range. I've added the ACL statement as you told me to : access-list 200 permit ip 10.12.2.0 255.255.255.0 10.12.1.0 255.255.255.0 But, after analysis of this statement, there are some things I do not found "logical" : -...

Thanks for your answer, First of all, to make things easier in a first time, I will change the VPN pool to a full C class range (10.12.2.0/24). As you suggested it, I will also add in the ACL 200 the line about this pool, but something still seems strange to me : - as the VPN tunnel can be...

Hello, I tried adapting my conf according to the one you provided me, but it's not working... In fact, is event worse ! I don't understand your ACL. Is the 193.100.3.0/25 your VPN pool or is it your public IP plan . When I added the statement : "access-list 101 permit ip any 10.12.2.0...

Here are some other infos : Result of "debug isakmp" command obtained in 15-20 seconds : crypto_isakmp_process_block:src:else_home, dest:195.XXX.XXX.1 spt:500 dpt:500 ISAKMP (0): processing NOTIFY payload 36136 protocol 1 spi 0, message ID = 1452642716 ISAMKP (0): received...

I've tried changing MTU size (which was already set to 1300 so that *should* have worked already before), but i still don't have returning packets. This is becoming quite urgent (as usual..) as our CEO will need RAS VPN access by the end of the week... Please help ;-)

OK, thanks, I will try changing MTU. Anyway, as explained in my first email, i see incoming packets on the server i'm trying to ping, outgoing response packets on the same server (using tcpdump on the interface), but theses response packets do never reach the client (ethereal on the client)...

Hi, Thanks for your answer but the VPN pool (named ld_ras_lan) is already included in the 101 access-list that by passes outgoing nat... :-) Any other idea(s) ? ;-)

Hi everybody ! I've browsed the forum a lot without finding anyone having the same issue as i do... so here is my post :-)... The configuration is as follow: - 2 sites connected by VPN (working correctly) - on each site, PIX-501 - v6.3(3) I'm trying, beside the site-to-site VPN, to setup...

Can someone tell me, is it possible to use expect and/or file handles to execute a command line based sub-program, such that whenever the sub-program needs user input, it can be entered in a pop-up tk entry box, and passed back to the sub program?