Re: Can't access PIX506 with Browser [7:39449]
in order for pdm to work properly every time you must have an enable password in your pix Timo Graser wrote: I did configure that all. And I am using IE 6.0 so it is MS VM. Georgescu, Aurelian wrote: First, you should enable your http server on the PIX, and then you should allow your workstation IP address to access the http server. Lastly, you should check your Java VM. Latest PDM only works with Microsoft VM (at least on my case!) Aurelian -Original Message- From: Timo Graser [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 2:34 PM To: [EMAIL PROTECTED] Subject: Can't access PIX506 with Browser [7:39449] I did a upgrade on my Pix506 from 5.2x to 6.1.2 after that I installed the pdm. I did a setup with the Ip address of my station. When I am connection to https://mystation I get first a signature window. I accept this with yes, then a login Window pops up I enter nothing and press return. Now I get from my browser page not found. I configured a enable password and tried to login with it--the same result. I am using IE 6.0. if I do a show ver I see Des is enabled, but I don't see anything about pdm. Could somebody please help me? Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39592t=39449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX commands help [7:39544]
allowing just one host to access the pix via pdm: http 10.1.10.200 255.255.255.255 inside if you are allowing networks (i.e. 10.1.10.0 255.255.255.0 inside) make sure to remove them. [EMAIL PROTECTED] wrote: Don't use the time and date, use the Cryptochecksum from the show config command. If the checksum changed from the old one, you know someone was there. Of course I'm assuming you have a backup copy some where to compare the cryptochecksum numbers! PIX# sh config ssh timeout 5 terminal width 80 Cryptochecksum:kjshfsjhfskjfhsfj 0928023482048240248 (this is the last line in the configuration file) PIX# HTH.Nabil John Green cc: Sent by: Subject: PIX commands help [7:39544] nobody@groups tudy.com 03/26/2002 12:11 PM Please respond to John Green PIX questions how to find the time/date when the config file was last modified. (to find if any one else has tampered with it) how to find who is telnetted into the pix or who is using the PDM into the pix how to configure a particular IP address to be allowed to manage pix via the PDM and no one else is allowed __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39587t=39544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: pix problem [7:33183]
you're ping_acl is only allowing icmp traffic. cage wrote: The following is my configure of pix 525, now the nodes in the dmz can not connect to the outside, why? and do i have to use the NAT command to the traffic from the dmz to the outside. It seem that the pix cant route the dmz traffic to the outside. help me! please! sh conf : Saved : PIX Version 6.0(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 nameif ethernet3 intf3 security15 nameif ethernet4 intf4 security20 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list acl_in permit tcp any host 202.99.33.69 eq smtp access-list acl_in permit tcp any host 202.99.33.72 eq www access-list acl_in permit tcp any host 202.99.33.66 eq domain access-list acl_in permit tcp any host 202.99.33.67 eq domain access-list acl_in permit icmp any any access-list ping_acl permit icmp any any pager lines 30 interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto interface ethernet3 auto shutdown interface ethernet4 auto shutdown mtu outside 1500 mtu inside 1500 mtu dmz 1500 mtu intf3 1500 mtu intf4 1500 ip address outside 210.82.34.29 255.255.255.0 ip address inside 192.168.4.1 255.255.255.0 ip address dmz 202.99.33.254 255.255.255.0 ip address intf3 127.0.0.1 255.255.255.255 ip address intf4 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address dmz 0.0.0.0 failover ip address intf3 0.0.0.0 failover ip address intf4 0.0.0.0 pdm history enable arp timeout 14400 global (dmz) 1 202.99.33.73 netmask 255.255.255.0 nat (inside) 1 0 0 nat (dmz) 0 202.99.33.0 255.255.255.0 0 0 static (dmz,outside) 202.99.33.69 202.99.33.69 netmask 255.255.255.255 0 0 static (dmz,outside) 202.99.33.72 202.99.33.72 netmask 255.255.255.255 0 0 static (dmz,outside) 202.99.33.66 202.99.33.66 netmask 255.255.255.255 0 0 static (dmz,outside) 202.99.33.67 202.99.33.67 netmask 255.255.255.255 0 0 access-group acl_in in interface outside access-group ping_acl in interface dmz route outside 0.0.0.0 0.0.0.0 210.82.34.25 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet timeout 5 ssh timeout 5 terminal width 80 Cryptochecksum:3be86ece2c90058e0c9190f986717d63 pixfirewall# Do You Yahoo!? Yahoo! Auctions Great stuff seeking new owners! Bid now! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33193t=33183 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can the Pix do this? [7:32320]
in addition...do not forget your static lines (if traffic is inbound)... =) Craig Columbus wrote: The pix can easily do this. Use one line for each outside address that you want the inside client to access. You don't say what port you're contacting on the outside, but you should also limit contact by port. For example: access-list 101 permit tcp host 192.168.1.1 host 1.1.1.1 eq www access-list 101 permit tcp host 192.168.1.1 host 1.1.1.2 eq www access-list 101 permit tcp host 192.168.1.1 host 1.1.1.3 eq www access-list 101 deny ip host 192.168.1.1 any Hope this helps. However, I recommend that you have your pix config reviewed by a security guru to verify that you haven't accidentally opened your network up. Craig At 12:45 PM 1/17/2002 -0500, you wrote: I have a Pix 515 running ver. 6.1. I have a host that will be made available to the public for a web-enabled product demonstration. Parts of the product are NOT located on my internal network, so host needs to cross the firewall to function properly. Can I add a line to my access list that will allow this particular host access ONLY to two or three different IP addresses, and deny it access to the rest of the www? Could someone give me a little help with the syntax? Would it be something like this: access-list 101 permit ip 255.255.0.0 255.255.255.0 Can I put all the addresses that I want to allow the host to access in one line? Do I need 3 separate lines? Should I put a deny statement at the end? Will this even work? Am I high? Just kidding, thanks in advance. Kris. Do You Yahoo!? Send FREE video emails in Yahoo! Mail. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32435t=32320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
syslog server [7:22117]
All, I'm looking to implement a syslog server on windows 2000, that logs pix and cisco router logs. it should be able to parse information. i know that a linux or bsd server would be better but i can't implement that platform in this case. any suggestions? we were looking at kiwi, but it doesn't seem to be a good solution for a big environment. thanks in advance for your help! - Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. Yahoo! by Phone. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=22117t=22117 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Firewall [7:21924]
pix cbt's are good...as good as taking a class John Kaberna wrote: That is a ridiculous amount of money to pay for CD's IMO. Let us know how interactive they are and how well it does when simulating commands. If it's a bunch of slides that's a rip off. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Robertson, Douglas wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Cisco have two CBT's in the Learning Store that you can purchase, I think they cost around $550-00 for the two. I am just starting to review them now so I can not say how good they are, but I got the recommendations from this list some time ago. Log on to Cisco CCO then go to certifications, then go to Cisco Learning Store, click on shop all items and then search for PIX this will give two results. Cisco Secure PIX Firewall Advanced (CSPFA)1.0 Cisco Secure PIX Firewall Fundamentals (CSPFF) 1.1 Doug -Original Message- From: Guy Russell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 03, 2001 3:42 PM To: [EMAIL PROTECTED] Subject: Pix Firewall [7:21924] I have been hitting every bookstore, looking for PIX books... I would like to get training guides, or admin guides, or whatever is available,... Anything out there anyone could recommend, and where to get it? Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. Yahoo! by Phone. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=22118t=21924 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ccnp study group
Does anybody know when the next ccnp study group will start? can anybody start a study group? Thanks! __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]