Can you point me in the right direction of where I can research the
alternatives..
Regards,
Kevin
>From: "Kenny Sallee" <[EMAIL PROTECTED]>
>To: "Kevin O'Gilvie" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Subject: Re: Pix Firewall Issue
>Date: Fri, 9 Feb 2001 08:23:24 -0800
>
>Right now there is no Win2k client available from Cisco. There is a beta
>out of the Altiga 3000 client - which can work with the PIX as well. You
>may be able to call TAC and request a copy. Though if you are hiding
>behind
>PAT and terminating on a PIX you are still SOL. The alternative for win2k
>clients is PPTP with MPPE. Very simple to implement and is a hold over
>until the 2k client is available. You can either terminate on the PIX and
>use Funk software radius server ( cisco secure ACS doesn't support MPPE ),
>a
>local database created on the PIX, or put a beefy win2k server in a DMZ and
>pass the PPTP traffic to that server. It'll need to be dual homed and
>secure as much as possible. Good luck
>
>Kenny
>
>----- Original Message -----
>From: "Kevin O'Gilvie" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
>Sent: Friday, February 09, 2001 7:29 AM
>Subject: Re: Pix Firewall Issue
>
>
> > Does anyone know of a vpn client for Windows 2000, I have Cisco Secure
>but
> > it doesnt run on 2000, I need to implement a vpn solution for my company
> > that will integrate with the PIX 515 that I just purchased..
> >
> > Regards,
> >
> > Kevin
> >
> >
> > >From: "Kenny Sallee" <[EMAIL PROTECTED]>
> > >Reply-To: "Kenny Sallee" <[EMAIL PROTECTED]>
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: Pix Firewall Issue
> > >Date: Wed, 7 Feb 2001 15:55:14 -0800
> > >
> > >Actually it's not a good idea to do a 'conduit permit icmp any any'.
>If
> > >you
> > >want ping traffic to originate inside then do this:
> > >
> > >conduit permit icmp 208.184.23.0 255.255.255.0 any echoreply
> > >
> > >Think about the way ping works - your workstation sends an icmp echo -
>the
> > >end station sends an icmp echo-reply - which from the PIX standpoint is
>a
> > >new inbound packet ( cuz it's stateless ). Therefore - let the
>echo-reply
> > >in only. Not all ICMP messages.
> > >
> > >Kenny
> > >
> > >"Daniel Cotts" <[EMAIL PROTECTED]> wrote in message
> > >303479FA060CD211B8930000F805A88AA10F4C@EXCHANGE1">news:303479FA060CD211B8930000F805A88AA10F4C@EXCHANGE1...
> > > > You're not telling us from where you are pinging. From the PIX? From
>a
> > >host
> > > > behind the Firewall? From a host outside the Firewall?
> > > > Anyway this command is good to have in later versions if you want
>pings
> > >to
> > > > traverse the PIX.
> > > > conduit permit icmp any any
> > > > You may also want to modify that command or eliminate it, if you
>want
>to
> > > > enforce a stronger policy.
> > > >
> >
> >http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/co
>n
> > > > fig.htm#xtocid1091627
> > > >
> > > > > -----Original Message-----
> > > > > From: exchange [mailto:[EMAIL PROTECTED]]
> > > > > Sent: Wednesday, February 07, 2001 1:09 PM
> > > > > To: '[EMAIL PROTECTED]'
> > > > > Subject: Pix Firewall Issue
> > > > >
> > > > >
> > > > > Hi Gang,
> > > > >
> > > > > I have a Pix Firewall 520 and wondered if this was a feature or a
> > > > > configuration issue on my firwall. We have an entire class C
> > > > > address say
> > > > > 208.184.23.x to use for our network. We use the 192.168.1.x
> > > > > network for our
> > > > > internal network. I am having problems pinging a machine's
> > > > > Internet ip
> > > > > address say 208.184.23.11 which I noticed is statically mapped to
>it's
> > > > > internal address say 192.168.1.10 on the pix.
> > > > >
> > > > > For example, If I ping another box 208.184.23.12 and not
> > > > > statically mapped
> > > > > to a internal ip address on the pix, I get a response.
> > > > >
> > > > > Any help or hints would be greatly appreciated.
> > > > >
> > > > > Thanks!
> > > > >
> > > > > _________________________________
> > > > > FAQ, list archives, and subscription info:
> > > > > http://www.groupstudy.com/list/cisco.html
> > > > > Report misconduct
> > > > > and Nondisclosure violations to [EMAIL PROTECTED]
> > > > >
> > > >
> > > > _________________________________
> > > > FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
>[EMAIL PROTECTED]
> > > >
> > >
> > >
> > >_________________________________
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _________________________________________________________________
> > Get your FREE download of MSN Explorer at http://explorer.msn.com
> >
> >
>
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
