Right now there is no Win2k client available from Cisco. There is a beta
out of the Altiga 3000 client - which can work with the PIX as well. You
may be able to call TAC and request a copy. Though if you are hiding behind
PAT and terminating on a PIX you are still SOL. The alternative for win2k
clients is PPTP with MPPE. Very simple to implement and is a hold over
until the 2k client is available. You can either terminate on the PIX and
use Funk software radius server ( cisco secure ACS doesn't support MPPE ), a
local database created on the PIX, or put a beefy win2k server in a DMZ and
pass the PPTP traffic to that server. It'll need to be dual homed and
secure as much as possible. Good luck
Kenny
----- Original Message -----
From: "Kevin O'Gilvie" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, February 09, 2001 7:29 AM
Subject: Re: Pix Firewall Issue
> Does anyone know of a vpn client for Windows 2000, I have Cisco Secure but
> it doesnt run on 2000, I need to implement a vpn solution for my company
> that will integrate with the PIX 515 that I just purchased..
>
> Regards,
>
> Kevin
>
>
> >From: "Kenny Sallee" <[EMAIL PROTECTED]>
> >Reply-To: "Kenny Sallee" <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Re: Pix Firewall Issue
> >Date: Wed, 7 Feb 2001 15:55:14 -0800
> >
> >Actually it's not a good idea to do a 'conduit permit icmp any any'. If
> >you
> >want ping traffic to originate inside then do this:
> >
> >conduit permit icmp 208.184.23.0 255.255.255.0 any echoreply
> >
> >Think about the way ping works - your workstation sends an icmp echo -
the
> >end station sends an icmp echo-reply - which from the PIX standpoint is a
> >new inbound packet ( cuz it's stateless ). Therefore - let the
echo-reply
> >in only. Not all ICMP messages.
> >
> >Kenny
> >
> >"Daniel Cotts" <[EMAIL PROTECTED]> wrote in message
> >303479FA060CD211B8930000F805A88AA10F4C@EXCHANGE1">news:303479FA060CD211B8930000F805A88AA10F4C@EXCHANGE1...
> > > You're not telling us from where you are pinging. From the PIX? From a
> >host
> > > behind the Firewall? From a host outside the Firewall?
> > > Anyway this command is good to have in later versions if you want
pings
> >to
> > > traverse the PIX.
> > > conduit permit icmp any any
> > > You may also want to modify that command or eliminate it, if you want
to
> > > enforce a stronger policy.
> > >
>
>http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/co
n
> > > fig.htm#xtocid1091627
> > >
> > > > -----Original Message-----
> > > > From: exchange [mailto:[EMAIL PROTECTED]]
> > > > Sent: Wednesday, February 07, 2001 1:09 PM
> > > > To: '[EMAIL PROTECTED]'
> > > > Subject: Pix Firewall Issue
> > > >
> > > >
> > > > Hi Gang,
> > > >
> > > > I have a Pix Firewall 520 and wondered if this was a feature or a
> > > > configuration issue on my firwall. We have an entire class C
> > > > address say
> > > > 208.184.23.x to use for our network. We use the 192.168.1.x
> > > > network for our
> > > > internal network. I am having problems pinging a machine's
> > > > Internet ip
> > > > address say 208.184.23.11 which I noticed is statically mapped to
it's
> > > > internal address say 192.168.1.10 on the pix.
> > > >
> > > > For example, If I ping another box 208.184.23.12 and not
> > > > statically mapped
> > > > to a internal ip address on the pix, I get a response.
> > > >
> > > > Any help or hints would be greatly appreciated.
> > > >
> > > > Thanks!
> > > >
> > > > _________________________________
> > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct
> > > > and Nondisclosure violations to [EMAIL PROTECTED]
> > > >
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> >_________________________________
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
