Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pix 506e 1

Status
Not open for further replies.
Mac2118

Mac2118

MIS
Apr 11, 2007
24
US
I have been working with a company to establish Port Address Translation between a piece of machinery here to their location. The internal address of the PLC of the machine is 192.168.1.47. Below I have what our current configuration is (minus password and VPN setup for security reasons, and I have replaced our public IP address with X's except for the last octet). I am by no means a Cisco guru when it comes to configuring a Pix. I know the basics on how to establish an internal address to a public address, and beyond that is above my head. I have been working with the tech on the other companies side and I have also included what he came up with. The public IP address we're trying to set this up with is XX.XXX.XXX.232.

With the modifications I made, he can connect to the machine on our end, but the machine will not communicate back to his machine. He is using RSLinx to communicate with this machine (if that helps any)

Current Config:

PIX Version 6.3(5)
interface ethernet0 100full
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password
passwd
hostname
domain-name
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list IPSEC permit ip 192.168.1.0 255.255.255.0 192.168.254.0 255.255.255.0
access-list IPSEC permit ip 192.168.254.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 120 permit ip 192.168.1.0 255.255.255.0 192.168.254.0 255.255.255.0
access-list outside_access_in permit tcp any host XX.XXX.XXX.227 eq www
access-list outside_access_in permit tcp any host XX.XXX.XXX.227 eq https
access-list outside_access_in permit tcp any host XX.XXX.XXX.228 eq 3389
access-list outside_access_in permit tcp any host XX.XXX.XXX.227 eq 3389
access-list outside_access_in permit udp any any eq isakmp
access-list outside_access_in permit esp any any
access-list outside_access_in permit ip 192.168.254.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_access_in permit tcp any host XX.XXX.XXX.228 eq smtp
access-list outside_access_in permit tcp any host XX.XXX.XXX.228 eq www
access-list outside_access_in permit tcp any host XX.XXX.XXX.229 eq 3389
access-list outside_access_in permit tcp any host XX.XXX.XXX.229 eq citrix-ica
access-list outside_access_in permit tcp any host XX.XXX.XXX.229 eq www
access-list outside_access_in permit icmp any any
access-list outside_access_in permit tcp any host XX.XXX.XXX.230 eq pcanywhere-data
access-list outside_access_in permit tcp any host XX.XXX.XXX.230 eq 5632
access-list outside_access_in permit tcp any host XX.XXX.XXX.231 eq pcanywhere-data
access-list outside_access_in permit tcp any host XX.XXX.XXX.231 eq 5632

<-- Stud Machine -->
access-list outside_access_in permit tcp any host XX.XXX.XXX.232 eq 5900
access-list outside_access_in permit udp any host XX.XXX.XXX.232 eq 5900
access-list outside_access_in permit udp any host XX.XXX.XXX.232 eq 44818
access-list outside_access_in permit tcp any host XX.XXX.XXX.232 eq 44818
access-list outside_access_in permit udp any host XX.XXX.XXX.232 eq 2222
access-list outside_access_in permit tcp any host XX.XXX.XXX.232 eq 2222
<-- /Stud Machine -->

pager lines 24
logging on
mtu outside 1500
mtu inside 1500
ip address outside XX.XXX.XXX.226 255.255.255.240
ip address inside 192.168.1.3 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool VPNPOOL 192.168.254.1-192.168.254.100
pdm location 0.0.0.0 255.255.255.240 outside
pdm location XX.XXX.XXX.227 255.255.255.255 outside
pdm location 192.168.1.50 255.255.255.255 inside
pdm location 192.168.1.81 255.255.255.255 inside
pdm location 192.168.254.0 255.255.255.0 inside
pdm location 192.168.1.0 255.255.255.0 outside
pdm location 192.168.254.0 255.255.255.0 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list IPSEC
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) XX.XXX.XXX.227 192.168.1.81 netmask 255.255.255.255 0 0
static (inside,outside) XX.XXX.XXX.228 192.168.1.106 netmask 255.255.255.255 0 0
static (inside,outside) XX.XXX.XXX.229 192.168.1.117 netmask 255.255.255.255 0 0
static (inside,outside) XX.XXX.XXX.230 192.168.1.39 netmask 255.255.255.255 0 0
static (inside,outside) XX.XXX.XXX.231 192.168.1.40 netmask 255.255.255.255 0 0

<-- Stud Machine -->
static (inside,outside) XX.XXX.XXX.232 192.168.1.47 netmask 255.255.255.255 0 0
<-- /Stud Machine -->

access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 XX.XXX.XXX.225 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set STRONG esp-3des esp-md5-hmac
crypto dynamic-map cisco 20 set transform-set STRONG
crypto map VPNMAP 20 ipsec-isakmp dynamic cisco
crypto map VPNMAP interface outside
isakmp enable outside
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5

That is our current setup. I have "Stud Machine" "commented out" in order for it to stand out more while reading. ports 2222, 44818, and 5900 need to be open on TCP and UDP.

Here is what their tech came up with on PAT. TBO, it looks a bit Greek to me and I could use some help with this:

PIX Version 6.3(5)
interface ethernet0 100full
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password
passwd
hostname
domain-name
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list IPSEC permit ip 192.168.1.0 255.255.255.0 192.168.254.0 255.255.255.0
access-list IPSEC permit ip 192.168.254.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 120 permit ip 192.168.1.0 255.255.255.0 192.168.254.0 255.255.255.0
access-list outside_access_in permit tcp any host XX.XXX.XXX.227 eq www
access-list outside_access_in permit tcp any host XX.XXX.XXX.227 eq https
access-list outside_access_in permit tcp any host XX.XXX.XXX.228 eq 3389
access-list outside_access_in permit tcp any host XX.XXX.XXX.227 eq 3389
access-list outside_access_in permit udp any any eq isakmp
access-list outside_access_in permit esp any any
access-list outside_access_in permit ip 192.168.254.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_access_in permit tcp any host XX.XXX.XXX.228 eq smtp
access-list outside_access_in permit tcp any host XX.XXX.XXX.228 eq www
access-list outside_access_in permit tcp any host XX.XXX.XXX.229 eq 3389
access-list outside_access_in permit tcp any host XX.XXX.XXX.229 eq citrix-ica
access-list outside_access_in permit tcp any host XX.XXX.XXX.229 eq www
access-list outside_access_in permit icmp any any
access-list outside_access_in permit tcp any host XX.XXX.XXX.230 eq pcanywhere-data
access-list outside_access_in permit tcp any host XX.XXX.XXX.230 eq 5632
access-list outside_access_in permit tcp any host XX.XXX.XXX.231 eq pcanywhere-data
access-list outside_access_in permit tcp any host XX.XXX.XXX.231 eq 5632

<-- Stud Machine -->
global (outside) 2 XX.XXX.XXX.232 netmask 255.255.255.0
nat (inside) 2 192.168.1.47 255.255.255.0
nat (inside) 2 192.168.1.48 255.255.255.0
access-list stud_press_out permit tcp 192.168.1.47 255.255.255.0 any eq 44818
access-list stud_press_out permit udp 192.168.1.47 255.255.255.0 any eq 44818
access-list stud_press_out permit tcp 192.168.1.47 255.255.255.0 any eq 2222
access-list stud_press_out permit udp 192.168.1.47 255.255.255.0 any eq 2222
access-list stud_press_out permit tcp 192.168.1.47 255.255.255.0 any eq 80
access-list stud_press_out permit tcp 192.168.1.48 255.255.255.0 any eq 5900
access-list stud_press permit tcp any host XX.XXX.XXX.232 eq 5900
access-list stud_press permit tcp any host XX.XXX.XXX.232 eq 44818
access-list stud_press permit udp any host XX.XXX.XXX.232 eq 44818
access-list stud_press permit tcp any host XX.XXX.XXX.232 eq 2222
access-list stud_press permit udp any host XX.XXX.XXX.232 eq 2222
access-list stud_press permit tcp any host XX.XXX.XXX.232 eq 8088
static (inside,outside) tcp XX.XXX.XXX.232 44818 192.168.1.47 44818 netmask 255.255.255.255
static (inside,outside) udp XX.XXX.XXX.232 44818 192.168.1.47 44818 netmask 255.255.255.255
static (inside,outside) tcp XX.XXX.XXX.232 2222 192.168.1.47 2222 netmask 255.255.255.255
static (inside,outside) udp XX.XXX.XXX.232 2222 192.168.1.47 2222 netmask 255.255.255.255
static (inside,outside) tcp XX.XXX.XXX.232 8088 192.168.1.47 80 netmask 255.255.255.255
static (inside,outside) tcp XX.XXX.XXX.232 5900 192.168.1.48 5900 netmask 255.255.255.255
access-group stud_press_out in interface inside
access-group stud_press in interface outside
<-- /Stud Machine -->

pager lines 24
logging on
mtu outside 1500
mtu inside 1500
ip address outside XX.XXX.XXX.226 255.255.255.240
ip address inside 192.168.1.3 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool VPNPOOL 192.168.254.1-192.168.254.100
pdm location 0.0.0.0 255.255.255.240 outside
pdm location XX.XXX.XXX.227 255.255.255.255 outside
pdm location 192.168.1.50 255.255.255.255 inside
pdm location 192.168.1.81 255.255.255.255 inside
pdm location 192.168.254.0 255.255.255.0 inside
pdm location 192.168.1.0 255.255.255.0 outside
pdm location 192.168.254.0 255.255.255.0 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list IPSEC
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) XX.XXX.XXX.227 192.168.1.81 netmask 255.255.255.255 0 0
static (inside,outside) XX.XXX.XXX.228 192.168.1.106 netmask 255.255.255.255 0 0
static (inside,outside) XX.XXX.XXX.229 192.168.1.117 netmask 255.255.255.255 0 0
static (inside,outside) XX.XXX.XXX.230 192.168.1.39 netmask 255.255.255.255 0 0
static (inside,outside) XX.XXX.XXX.231 192.168.1.40 netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 XX.XXX.XXX.225 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set STRONG esp-3des esp-md5-hmac
crypto dynamic-map cisco 20 set transform-set STRONG
crypto map VPNMAP 20 ipsec-isakmp dynamic cisco
crypto map VPNMAP interface outside
isakmp enable outside
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5

Whenever I paste his configuration modifications into the Pix, we lose all Internet access until I remove the lines. I do not believe that the stud_press and stud_press_out are configured properly or if they can even be used.

Can someone please help me with this? I will check this thread every few hours to answer any questions someone might have on what exactly we're trying to do if I haven't explained this far enough in detail.
 
Sort by date Sort by votes
This
<-- Stud Machine -->
access-list outside_access_in permit tcp any host XX.XXX.XXX.232 eq 5900
access-list outside_access_in permit udp any host XX.XXX.XXX.232 eq 5900
access-list outside_access_in permit udp any host XX.XXX.XXX.232 eq 44818
access-list outside_access_in permit tcp any host XX.XXX.XXX.232 eq 44818
access-list outside_access_in permit udp any host XX.XXX.XXX.232 eq 2222
access-list outside_access_in permit tcp any host XX.XXX.XXX.232 eq 2222
<-- /Stud Machine -->

and this
<-- Stud Machine -->
static (inside,outside) XX.XXX.XXX.232 192.168.1.47 netmask 255.255.255.255 0 0
<-- /Stud Machine -->

are all you need. So the first config is correct. The second one is waaaaaayyy off. It will break your existing connection.

Is the traffic coming back through the pix? Load the PDM and see if you see the packets hitting the interface and going back out.



Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
I don't mean to sound "Noobish", but how would I go about looking at packet traffic on the firewall through PDM? I brought up the PDM in the Monitoring tab, but I am unsure of where to go from there. I don't know if I should look under incoming or outgoing. I'm thinking I need outgoing.
 
Upvote 0 Downvote
Don't worry - we all start somewhere...

You can go to the monitoring tab and select VPN statistics and then IPSEC VPNs and watch the encrypt/decrypts - that will tell you the tunnel is up and which way the traffic is flowing.

You can also choose PDM Log and set it to informational and have them connect and see what happens in the logs.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Will that work even though they are not connecting through VPN?

The only VPN I am familiar with was the initial setup of the VPN and having users make a connection with the Cisco VPN Client and access all of the network resources that way.
 
Upvote 0 Downvote
I set up the logging in the PDM logs and I missed the initial connection, but it does state:

302014: Teardown TCP Connection 390268 for outside: xx.xx.xx.24/20706 to inside: 192.168.1.47/2222 duration 0:02:01 bytes 0 SYN Timeout
 
Upvote 0 Downvote
I caught the inbound connection:

302013: Built inbound TCP connection 394371 for outside: xx.xx.xx.24/25003 (xx.xx.xx.24/25003) to inside: 192.168.1.47/2222 (xx.xx.xx.232/2222)

then about 2 minutes later I see

302014: Teardown TCP connection 394518 for outside xx.xx.xx.24/25208 to inside: 192.168.1.47/2222 duration 0:02:01 byes 0 SYN Timeout

I see nothing inbetween.
 
Upvote 0 Downvote
is he actively trying to connect to something on the inside once he's on the vpn? when he's connected can you ping or are him? my guess is that the error is on his side.

Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
He told me that he's connected with other customers before. On his log it shows that he can send packets to the machine, but the machine will not reply back out. I for one cannot see how that can be when the ports that it needs are opened up and ready to go.

he can contact the machine
I can contact the machine

the only difference is I receive packets back when I ping it, and he doens't (from the outside)

when I go to ping.eu it says that the ports are closed and there is no response on a ping from that side or just-ping.com

75.117.159.232 is the address in question btw.


I found that .232 and .231 addresses don't work. as you can see, I have .231 configured for another machine. I wonder if they ever had any problems... they do not reply back to the pings on any service I use to test.

I will have to check with my Internet provider to find out about the addresses.
 
Upvote 0 Downvote
as a little test, I took the .231 public IP address that "did" ping on other sites and removed the info for that and the .232 ip that I am having problems with. I replaced all information in the .231 with the .232 info. I am still showing no ping information for that device.

I am really at a loss here with what this problem is and with that, no solution.
 
Upvote 0 Downvote
Try using a port query on the ports you need instead. Ping is blocked unless you allow it.

Can you try it from the outside?


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
I just want to throw this into the mix just in case. I thought the problem could have been that I was using an unallocated public IP. I called to verify that I was using the right address and we got to talking about what I was planning on doing. Our setup is the T1 comes into a Cisco router, then into the Cisco Pix, from there into a 3com switch, into a 4port Linksys router and that connects to the PLC unit in question. From my Pix I can ping 192.168.1.47. if I "show arp" the address also shows up. From the router itself, I cannot ping 192.168.1.47 but I can ping the public IP of xx.xxx.xxx.232.

I was told that I needed a 1:1 Static NAT entry to tell the router that when someone comes looking for .232 that it needs to send it to the firewall for it to take care of it. After reading up on static nat's, I presume I needed the code:
ip nat inside source static 192.168.1.47 xx.xxx.xxx.232 ?

After adding that line I was able to ping the machine, but the machine's company still could not connect to the device as of last night.
 
Upvote 0 Downvote
Some thoughts:

1. First off, I didn't go through your config line for line, but I didn't see a rule that would allow PING communications through, ONLY the PLC traffic. So if you want to test from a ping perspective, I believe you'd have to open that up.

2. Did you confirm that the PLC has a default gateway? That would be a reason that the PLC can't respond back.

3. You won't be able to ping the 192.168.1.47 address, it's a private subnet PLUS that is what the NAT translation is for (protecting your internal subnet from direct connections). The external address is the one that you should focus on.

4. For troubleshooting, SOMETIMES (nobody hang me on this) I will create a rule that allows full access (all ports) to verify that communications are working properly, THEN I will restrict it only to the ports that are needed. Sometimes this is the best approach as it helps to rule out whether you're facing a TCP/IP routing rule, or a security rule, or a NAT rule, etc.
 
Upvote 0 Downvote
Regarding #4 above, I mean ONLY to the PLC, and not for the entire subnet. Just want to clarify that.
 
Upvote 0 Downvote
Mac2118 - totally sorry , I was reading through the post and I got caught on the VPN thing and they weren't even using it.


Go to your outside ACL and change theses lines to this
access-list outside_access_in permit tcp any host XX.XXX.XXX.232 eq 5900 log
access-list outside_access_in permit udp any host XX.XXX.XXX.232 eq 5900 log
access-list outside_access_in permit udp any host XX.XXX.XXX.232 eq 44818 log
access-list outside_access_in permit tcp any host XX.XXX.XXX.232 eq 44818 log
access-list outside_access_in permit udp any host XX.XXX.XXX.232 eq 2222 log
access-list outside_access_in permit tcp any host XX.XXX.XXX.232 eq 2222 log

No add an inside ACL
accesslist inside_access_out permit ip host 192.168.1.47 any log
accesslist inside_access_out permit ip any any
access-group inside_access_out in interface inside

Now the hits going both directions will appear in your log files

sho logg

will display the buffered log file so have him start the connection and see what shoes up immediately in the logs.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
I do not believe that we have logging configured.

when I run the "sho log" command I get the following:

Syslog logging: enabled
Facility: 20
Timestamp logging: disabled
Standby logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: disabled
Trap logging: disabled
History logging: disabled
Device ID: disabled


I've been looking at how to enable the logging. I really wish I knew more about Cisco programming. Give me HTML or Javascript and I'm good to go, but Cisco? ugh.

I really appreciate the help everyone is giving me so far.
 
Upvote 0 Downvote
I apologize, I spoke too soon.

I configured the logging for lvl 5 on the "History" and "Monitor" settings

I now see:

Syslog logging: enabled
Facility: 20
Timestamp logging: disabled
Standby logging: disabled
Console logging: disabled
Monitor logging: level notifications, 0 messages logged
Buffer logging: disabled
Trap logging: disabled
History logging: level notifications, 14 messages logged
Device ID: disabled

however, I do not know how to go in and view those logs. I do not believe we have the logs being transmitted to a server.
 
Upvote 0 Downvote
there is limited local logging

logging timestamp
logging buffered debugging
logging enable

then do a
show logging


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
I am still showing:

302013: Built inbound TCP connection 394371 for outside: xx.xx.xx.24/25003 (xx.xx.xx.24/25003) to inside: 192.168.1.47/2222 (xx.xx.xx.232/2222)

then about 2 minutes later I see

302014: Teardown TCP connection 394518 for outside xx.xx.xx.24/25208 to inside: 192.168.1.47/2222 duration 0:02:01 byes 0 SYN Timeout


I'm going to have to give out the public IP for the next part:

I tried to traceroute my address using an online traceroute ( and if I trace 75.117.159.232, it will reach our gateway (75.117.159.225) and time out. I have another machine connected with the exact same configuration (different ports though) of 75.117.159.229 and it will resolve to my server. If I look on my router (Cisco 1721) and "show arp", the address is there with the same hardware address as the other machines I have configured (I'm presuming the firewall). I added the line "ip nat inside source static 192.168.1.47 75.117.159.232 extendable" to the router and the tracert will complete to that public IP address; however my gateway does not show up at all.
 
Upvote 0 Downvote
Is there no return traffic in your log from the inside host? Check it's settings for firewall, default gateway etc. Can it access the internet right now?

Use portqry from an outside pc and not ping. You have to configure ping separately.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
61
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
71
brownmab53
brownmab53
quazimotto
  • Locked
  • Question
Correct Upgrade Path for PIX
Replies
7
Views
138
quazimotto
quazimotto
quazimotto
  • Locked
  • Question
Ping thru PIX to subnet inside??!!
Replies
0
Views
58
quazimotto
quazimotto
hall5942
  • Locked
  • Question
Site to Site VPN with Cisco 881 and PIX
Replies
0
Views
53
hall5942
hall5942

Part and Inventory Search

Sponsor

Back
Top