RE: PIX Help

2000-11-09 Thread Plambeck, Todd 

Make sure the translation is in the xlate table ( sh xlate ). If not ping
out from the inside host then check it again.

Todd

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Austin
Sent: Thursday, November 09, 2000 12:50 PM
To: [EMAIL PROTECTED]
Subject: PIX Help


I am using a static mapping on the pix for an inside illegal address to an
outside legal address.
I want to allow the inside machine to be pinged from the outside as well as
allow http traffic to that machine.
Lets say the inside address is 10.1.1.5 and the internet legal address is
45.33.20.5
This is what I did:

static (inside, outside) 45.33.20.5 10.1.1.5
conduit permit icmp host 45.33.20.5 any
conduit permit tcp host 45.33.20.5 eq www any

I cannot ping the inside machine from the internet with this config.
Please help.

Thanks.


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: pre-shared key for PIX

2000-11-02 Thread Plambeck, Todd 


The Pix only supports DHCP with Version 5.2(X)software. To create an IPSEC
tunnel using 2 Pix's and DHCP follow the example in the attached link, but
change the:

http://www.cisco.com/warp/public/110/38.html

Phase 1: ( Pix without DHCP )
isakmp key cisco123 address 171.70.24.6 netmask 255.255.255.255
TO
isakmp key cisco123 address 0.0.0.0 netmask 0.0.0.0

And in Phase 2:
remove this line of the configuration
crypto map newmap 10 set peer 171.70.24.6

I hope this helps.

Todd
CCNP/CCDP


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jim Bond
Sent: Wednesday, November 01, 2000 9:37 PM
To: [EMAIL PROTECTED]
Subject: pre-shared key for PIX


Hello,

I'm wondering if IPSEC can be set up this way: 2 PIX
using pre-shared key, one of them has static ip
address, the other one use DHCP.

I know some other vendor supports this function, but
couldn't find anything on CCO.

Thanks in advance.


Jim

__
Do You Yahoo!?
From homework help to love advice, Yahoo! Experts has your answer.
http://experts.yahoo.com/

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]