**Pix Firewall

2001-02-09 Thread Deepak Sharma 

does anyone have any prices on PIX firewalls?520, 525, and 535.

Im looking to buy, but I cant find prices on the cisco website.if
someone has them in Canadian dollors, that'll be awesome!

thanks
Deepak

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX firewall

2001-02-15 Thread Deepak Sharma 

quick question, and probably dumb question!!.

when I set up a pix firewall


user--56k dialup-->pix--nt server

to authenticate the user, does pix use NT auth. or another type of
auth.username/password has to be setup within pix...

thanks

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pix FireWall

2001-01-08 Thread Abro Toufic 

Dear Sir,
I have a small question about Pix Firewall and syslog,
what I am looking for any web browser reporting tools can I use it
and some thing like that
any comment
any help
thanks




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall

2001-04-09 Thread Vellaiyan, Manohar (CTS) 

Hi Everyone,

Has anyone undergone the Cisco Secure PIX Firewall Advanced
certification ? If so can you guide me on taking this certification in terms
of study materials etc. Thanks in advance. You can mail me at
[EMAIL PROTECTED]

Regards,
V.Manohar

This e-mail and any files transmitted with it are for the sole use of the intended 
recipient(s) and may contain confidential and privileged information.
If you are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message. 
Any unauthorised review, use, disclosure, dissemination, forwarding, printing or 
copying of this email or any action taken in reliance on this e-mail is strictly 
prohibited and may be unlawful.

Visit us at http://www.cognizant.com
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall

2000-05-10 Thread Harrell, ET3 

I'm trying to set up a Cisco PIX Firewall for my network and I'm having
trouble with the global command for the outside interface.  I'm not totally
understanding exactly which ip address or which range of ip addresses i'm
supposed to enter into that.  I do know that the global command statement
has to correspond with the NAT id for the inside.  Any help on this would be
greatly appreciated.  Thanx.
Nathan Harrell

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall

2000-06-23 Thread Farooq Ali 

Can some one please point me to a url or a book which helps
"administration of Firewalls". I am working on Pix firewalls, and need to
learn administration/.



Farooq Ali
Network Engineer
Global Network Operations

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pix Firewall Issue

2001-02-07 Thread exchange 

Hi Gang,

I have a Pix Firewall 520 and wondered if this was a feature or a
configuration issue on my firwall.  We have an entire class C address say
208.184.23.x to use for our network. We use the 192.168.1.x network for our
internal network.  I am having problems pinging a machine's Internet ip
address say 208.184.23.11 which I noticed is statically mapped to it's
internal address say 192.168.1.10 on the pix.  

For example, If I ping another box 208.184.23.12 and not statically mapped
to a internal ip address on the pix, I get a response.  

Any help or hints would be greatly appreciated.

Thanks!

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: **Pix Firewall

2001-02-10 Thread ML 

Try www.CDW.com, but I think a 525 runs about 14-20K but that is not with
redundany or additional Net cards..


Deepak Sharma <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> does anyone have any prices on PIX firewalls?520, 525, and 535.
>
> Im looking to buy, but I cant find prices on the cisco website.if
> someone has them in Canadian dollors, that'll be awesome!
>
> thanks
> Deepak
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: **Pix Firewall

2001-02-14 Thread Jason 

Cisco has a $2k off deal for the 525 going on right now:

"
PIX 525 Firewall $2000 Instant Rebate Available through March 31, 2001
Now through March 31, 2001, resellers can get a $2000 instant rebate through
US distribution on the Cisco Secure PIX 525 Firewall. The Cisco Secure PIX
525 Firewall is a robust security appliance delivering enhanced performance
in a streamlined, easy-access, rack-mounted chassis. The PIX 525 has a
throughput of 370 Mbps with the ability to handle as many as 280,000
simultaneous sessions. The 600 MHz CPU of the PIX 525 enables it to deliver
an additional 25-30% increased capacity for firewalling services. Built-in
IPsec encryption allows both site-to-site and remote access VPN deployments.
There is NO LIMIT to the number of PIX 525 Firewalls that can qualify for
this rebate.

Part Number PIX-525-UR-BUN

If you know someone who would like to SUBSCRIBE to this Newsletter, here's
how to do it:

Send an email to "[EMAIL PROTECTED]" and type "subscribe sam-resellers
yourname@yourcompany" in the body of the email.

"

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/


""ML"" <[EMAIL PROTECTED]> wrote in message
964lh1$5sl$[EMAIL PROTECTED]">news:964lh1$5sl$[EMAIL PROTECTED]...
> Try www.CDW.com, but I think a 525 runs about 14-20K but that is not with
> redundany or additional Net cards..
>
>
> Deepak Sharma <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > does anyone have any prices on PIX firewalls?520, 525, and 535.
> >
> > Im looking to buy, but I cant find prices on the cisco website.if
> > someone has them in Canadian dollors, that'll be awesome!
> >
> > thanks
> > Deepak
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX firewall

2001-02-15 Thread Jason 

The PIX can use internally stored pre-shared keys, or can use external
authentication such as TACACS+.

http://www.cisco.com/warp/public/700/configsec.html

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/


"Deepak Sharma" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> quick question, and probably dumb question!!.....
>
> when I set up a pix firewall
>
>
> user--56k dialup-->pix--nt server
>
> to authenticate the user, does pix use NT auth. or another type of
> auth.username/password has to be setup within pix...
>
> thanks
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX firewall

2001-02-16 Thread Hyman, Craig 

I have a question about the pix firewall..  I have a network with a couple
of devices on it.   Here is the network:

Frame >   router--->  netra t1----> PIX firewall--->  Switch-->   The
switch is where the netra t1 and the router and firewall are connected.
When I reboot my netra t1 the PIX firewall grabs the traffic instead of
sending back up stream through the Cisco firewall.   I remove the firewall
everything works okay.  Does pix have some type of proxy ARP that grabs the
traffic???

Please help
Craig Hyman
SUN SRS Implementation Team
Help Desk Tier 2
[EMAIL PROTECTED]
Broomfield Office 303-272-2661
Virtual Office Phone Number 925-777-0672
SkyPager Number 1-888-860-5913


 -Original Message-
From:   Deepak Sharma [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, February 15, 2001 9:57 PM
To: cisco
Subject:    PIX firewall

quick question, and probably dumb question!!.

when I set up a pix firewall


user--56k dialup-->pix--nt server

to authenticate the user, does pix use NT auth. or another type of
auth.username/password has to be setup within pix...

thanks

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX firewall

2001-02-16 Thread haroldnjoe 

Cisco told me that they have third party partners who have access servers
similar to TACACS+, but which use the NT user database.  I have yet to
squeeze the name of any of these partners out of them, but they are rumored
to exist anyway.  I hope it's true.  It would be nice to only have to deal
with one user database.

[EMAIL PROTECTED]

""Jason"" <[EMAIL PROTECTED]> wrote in message
96ikbs$uka$[EMAIL PROTECTED]">news:96ikbs$uka$[EMAIL PROTECTED]...
> The PIX can use internally stored pre-shared keys, or can use external
> authentication such as TACACS+.
>
> http://www.cisco.com/warp/public/700/configsec.html
>
> --
> Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> List email: [EMAIL PROTECTED]
> Homepage: http://jason.artoo.net/
> Cisco resources: http://r2cisco.artoo.net/
>
>
> "Deepak Sharma" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > quick question, and probably dumb question!!.
> >
> > when I set up a pix firewall
> >
> >
> > user--56k dialup-->pix--nt server
> >
> > to authenticate the user, does pix use NT auth. or another type of
> > auth.username/password has to be setup within pix...
> >
> > thanks
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX firewall

2001-02-16 Thread The.rock 

Their 3rd party partner is called Funk software ( http://www.funk.com) . The
product is called Steel Belt Radius and yes it works. Runs on NT platform
and performs authentication into NT domains.

""haroldnjoe"" <[EMAIL PROTECTED]> wrote in message
96kb43$3ev$[EMAIL PROTECTED]">news:96kb43$3ev$[EMAIL PROTECTED]...
> Cisco told me that they have third party partners who have access servers
> similar to TACACS+, but which use the NT user database.  I have yet to
> squeeze the name of any of these partners out of them, but they are
rumored
> to exist anyway.  I hope it's true.  It would be nice to only have to deal
> with one user database.
>
> [EMAIL PROTECTED]
>
> ""Jason"" <[EMAIL PROTECTED]> wrote in message
> 96ikbs$uka$[EMAIL PROTECTED]">news:96ikbs$uka$[EMAIL PROTECTED]...
> > The PIX can use internally stored pre-shared keys, or can use external
> > authentication such as TACACS+.
> >
> > http://www.cisco.com/warp/public/700/configsec.html
> >
> > --
> > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> > List email: [EMAIL PROTECTED]
> > Homepage: http://jason.artoo.net/
> > Cisco resources: http://r2cisco.artoo.net/
> >
> >
> > "Deepak Sharma" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > quick question, and probably dumb question!!.
> > >
> > > when I set up a pix firewall
> > >
> > >
> > > user--56k dialup-->pix--nt server
> > >
> > > to authenticate the user, does pix use NT auth. or another type of
> > > auth.username/password has to be setup within pix...
> > >
> > > thanks
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX firewall Configuration

2000-12-08 Thread Liwanag, Manolito 


I work for a small company with 5 branches.  I have a frame connection to
all the sites which connects to the central office where I am (hub and
spoke).  In the central office, I have set up a PIX firewall.  Behind the
firewall sits an exchange server and a new server which I plan on installing
next week.

I want to install a BDC that will have Symantec's I-gear/Mail-gear.  This is
an email and internet filtering product. I will place this behind the
firewall.  Here is what I want to do:

1) I want all the client PC to connect to the I-gear/Mail-gear server to
access the internet. Of course I will static my own address and those that
are nice to me to by-pass the proxy and go straight through the PIX.

2) I want to allow only certain traffic to go back in the pix from the
outside.

3) I will need an inside and outside IP address on this server.

Here is my proposed solution:

1) Install 2 network cards on the server and install the mentioned software.

2) Stop all traffic from being PATed across the PIX currently.
 Currently I have Nat (inside) 1 0.0.0.0 0.0.0.0

3) Add a new NAT to let out the BDC server machine.
   NAT (inside) 1 10.0.0.12 255.255.254.0
   NAT (inside) 2 10.0.1.1 255.255.254.0 (my own PC for example)

4) Let the BDC out of the PIX
 Static (inside,outside)193.236.234.88 10.0.0.12 netmask 255.255.255.255 0 0
 Conduit permit tcp host 193.236.234.88 eq smtp any
 Conduit permit tcp host 193.236.234.88 eq www any
 Conduit permit tcp host 193.236.234.88 eq pop3 any
 Conduit permit tcp host 193.236.234.88 eq 443 any

5) Change the gateway that they (the clients) are pointing (( right now it
is router (10.0.0.1) that connects to the pix)) to, to point to the BDC
server 10.0.0.12.

I think that will work but I am very green when it comes to configuring
these PIXes.  I got lucky a few months ago when I did an IPSec tunnel
between 2 PIXes and I would like to replicated that success.  I would
certainly appreciate some pointers before I go ahead and do this next week
with my heart in my mouth and as I experience shortness of breath... not a
good feeling :)

Any comments would surely be appreciated.

rgds,
Manolito 


This message, including any attachments, is privileged and may contain
confidential information intended only for the person(s) named above. Any
other distribution, copying or disclosure is strictly prohibited. If you are
not the intended recipient or have received this message in error, please
notify us immediately by reply email and permanently delete the original
transmission from us, including any attachments, without making a copy. 
Thank you. 
*** 

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

pix firewall setup

2000-12-20 Thread fsd afd 

Hi, Everyone:

  I have a client who uses 192.216.xxx.xxx/24 ip address, recently they
got another ip address block 64.xxx.xxx.xxx/24, they want to put in pix
firewall, but they still want to use all real ip address behind firewall.
Is there a way to setup firewall?

Thanks in advance.

~ml

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix FireWall

2001-01-08 Thread Tommy Mitchell 

Try pixlog at http://cs.calvin.edu/~mpost89/pixlog/
It's really just a perl script that sits on syslog and reads messages as
they come in.  There are some screen shots so you can actually see what
happens.
If you want something more robust (but not free) have a look at Private-I
from www.opensystems.com.  

Tommy

> -Original Message-
> From: Abro Toufic [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 08, 2001 4:57 AM
> To: [EMAIL PROTECTED]
> Subject: Pix FireWall
> 
> 
> Dear Sir,
> I have a small question about Pix Firewall and syslog,
> what I am looking for any web browser reporting tools can I use it
> and some thing like that
> any comment
> any help
> thanks
> 
> 
> 
> 
> _
> FAQ, list archives, and subscription info: 
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix FireWall

2001-01-08 Thread Aamir Lakhani 

Try WebTrends. I think it has what you might be looking for.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Abro Toufic
Sent: Monday, January 08, 2001 3:57 AM
To: [EMAIL PROTECTED]
Subject: Pix FireWall


Dear Sir,
I have a small question about Pix Firewall and syslog,
what I am looking for any web browser reporting tools can I use it
and some thing like that
any comment
any help
thanks




_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall manager

2000-09-19 Thread Wibowo Nur Susetio 

Dear Nathan,

Currently i am installing Pix Firewall Manager ver 4.3(2)e, it's not smooth
as i read in a CCO.
We have a problem when loading PIX configuration. It seems that the PIX
cannot send the config to  PFM server.
I have open the telnet for PIX manager. 

Hosts spec are:
Windows NT server with service pack 4
96 Mb Ram
IE browser  4.0 version 4.72.3110.8 updated version:SP1
Static IP address in inside PIX interface

After typing username and password to logon, there are several IO error

  -- IO exception error:This file,adm_admc.txt may not exist

There are about 10 or more txt file error notification that may not exist.

and when loading the configuration we have also error reported by PIX and
sent to PIX  manager (file Attached)

So due to this error the PIX configuration cannot be loaded by PFM.

Has anybody install PFM???

Please advise!!

1: 10.10.1.1: Unable to Show Interface (cmdCode = 1903).
2: 10.10.1.1: Unable to Show Global (cmdCode = 103).
3: 10.10.1.1: Unable to Show NAT (cmdCode = 203).
4: 10.10.1.1: Unable to Show No AT (cmdCode = 503).
5: 10.10.1.1: Unable to Show Static (cmdCode = 303).
6: 10.10.1.1: Unable to Show Conduit (cmdCode = 403).
7: 10.10.1.1: Unable to Show Outbound (cmdCode = 603).
8: 10.10.1.1: Unable to Show Apply (cmdCode = 703).
9: 10.10.1.1: Unable to Show Alias (cmdCode = 4803).
10: 10.10.1.1: Unable to Show Telnet (cmdCode = 1503).
11: 10.10.1.1: Unable to Show Telnet (cmdCode = 1503).
12: 10.10.1.1: Unable to Logging Message (cmdCode = 908).
13: 10.10.1.1: Unable to Show ARP (cmdCode = 1003).
14: 10.10.1.1: Unable to Show ARP Duration (cmdCode = 1103).
15: 10.10.1.1: Unable to Show AAA Authentication (cmdCode = 3203).
16: 10.10.1.1: Unable to Show AAA Accounting (cmdCode = 5803).
17: 10.10.1.1: Unable to Show AAA Authorization (cmdCode = 3903).
18: 10.10.1.1: Unable to Show Static Route (cmdCode = 1303).
19: 10.10.1.1: Unable to Show Default Route (cmdCode = 1203).
20: 10.10.1.1: Unable to Show SNMP Community (cmdCode = 5503).
21: 10.10.1.1: Unable to Show SNMP Host (cmdCode = 1603).
22: 10.10.1.1: Unable to Show SNMP Contact (cmdCode = 1703).
23: 10.10.1.1: Unable to Show SNMP Location (cmdCode = 1803).
24: 10.10.1.1: Unable to Show SNMP Traps (cmdCode = 6503).
25: 10.10.1.1: Unable to Show Syslog Output (cmdCode = 903).
26: 10.10.1.1: Unable to Show Syslog Output (cmdCode = 903).
27: 10.10.1.1: Unable to Show Url Filter Server (cmdCode = 6203).
28: 10.10.1.1: Unable to Show Filter (cmdCode = 6603).
29: 10.10.1.1: Unable to Show established (cmdCode = 4703).
30: 10.10.1.1: Unable to Show RIP (cmdCode = 2003).
31: 10.10.1.1: Unable to Show Failover (cmdCode = 2103).
32: 10.10.1.1: Unable to Show Fixup Protocol (cmdCode = 6003).
33: 10.10.1.1: Unable to Show RADIUS Server (cmdCode = 4003).
34: 10.10.1.1: Unable to Show TACACS Server (cmdCode = 4103).
35: 10.10.1.1: Unable to Show Timeout (cmdCode = 4903).
36: 10.10.1.1: Unable to Show Link (cmdCode = 4203).
37: 10.10.1.1: Unable to Show Linkpath (cmdCode = 4303).
38: 10.10.1.1: Unable to Show Uauth (cmdCode = 5003).
39: 10.10.1.1: Unable to Show Age Duration (cmdCode = 4403).
40: 10.10.1.1: Unable to Show TFTP Server (cmdCode = 6303).
41: 10.10.1.1: Unable to Show Virtual Server (cmdCode = 6103).
42: 10.10.1.1: Unable to Show Blocks (cmdCode = 2603).
43: 10.10.1.1: Unable to Show Memory (cmdCode = 2903).
44: 10.10.1.1: Unable to Show Connection (cmdCode = 2703).
45: 10.10.1.1: Unable to Show Checksum (cmdCode = 5903).
46: 10.10.1.1: Unable to Show Url Cache Stat (cmdCode = 6803).







**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall problem

2000-10-03 Thread Rajeev Karamchand 

 
 

=
Rajeev Karamchand
MCSE,MCSE+I,MCDBA,CCNA

__
Do You Yahoo!?
Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
http://photos.yahoo.com/

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pix Firewall Problem.

2000-10-03 Thread Rajeev Karamchand 

Hi All

I am facing a strange problem. I am losing my
connectivity to the pix firewall from inside. If I
power cycle the pix everything is ok. I would
appreciate help in this regards






=
Rajeev Karamchand
MCSE,MCSE+I,MCDBA,CCNA

__
Do You Yahoo!?
Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
http://photos.yahoo.com/

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX firewall resources....

2000-10-03 Thread Derrenbacker, L. Jonathan 

Hi,

Someone posted info about a cdrom from cisco about learning the PIX
firewall.
I can't seem to find it.
Does anyone know what the exact name of it is?
Also what are some other good resources to learn PIX.

Thanks,
Jon

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall information

2000-11-14 Thread Langa Kentane 

Hi.
I am looking for comprehensive reference material on the Cisco PIX firewall.
Where can I get such?   Do you know of any sites or books that might be
helpful?

Also, is there any Cisco PIX certification available out there?

Thanks in advance

Langa Kentane

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Firewall

2001-04-09 Thread Javier Contreras 

Hi

Yes, I took a month ago, The exam is based in the course CSPFA, which is
a little more advance course on firewalls, than the MCNS (which is more
a resume of severeal technologies)
You can take the CSPFA, or if you did the MCNS, try to investigate on
the
objetives published by cisco, and do with the CCO help. Just take care
that you need Websense experience (3.x version) take the demo version
install it, and be prepare to answer questions about it.

Regards.

"Vellaiyan, Manohar (CTS)" wrote:
> 
> Hi Everyone,
> 
> Has anyone undergone the Cisco Secure PIX Firewall Advanced
> certification ? If so can you guide me on taking this certification in terms
> of study materials etc. Thanks in advance. You can mail me at
> [EMAIL PROTECTED]
> 
> Regards,
> V.Manohar
> 
> This e-mail and any files transmitted with it are for the sole use of the intended 
>recipient(s) and may contain confidential and privileged information.
> If you are not the intended recipient, please contact the sender by reply e-mail and 
>destroy all copies of the original message.
> Any unauthorised review, use, disclosure, dissemination, forwarding, printing or 
>copying of this email or any action taken in reliance on this e-mail is strictly
> prohibited and may be unlawful.
> 
> Visit us at http://www.cognizant.com
-- 
---
Javier Contreras Albesa
Professional Trainer

PRO IN Training S.L.
PROfessional Information Networks
World Trade Center, Moll de Barcelona S/N
Edif Sur, Planta 4

Phone: (+34) 93-5088850 E-mail:
[EMAIL PROTECTED]
Fax:  (+34) 93-5088860 Internet:  http://www.proin.com

SHAPING THE FUTURE - BE PART OF IT!
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

cisco PIX firewall

2000-07-20 Thread Wong, Van 

Every sample configuration on PIX I see involves NAT with public addresses
on the outside interface and private on the inside.  What if you do not want
to use NAT?  Meaning desktop PCs have global IP addresses.  So both inside,
dmz, and outside interface will have valid global ip addresses, like a class
B address subnetted.  Will PIX support that or was it designed for NAT?

I am trying to understand PIX.  I don't have access to a PIX.

Best Regards,
Van

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall Question

2000-07-21 Thread Samuel Rey 

My pix firewall has the following in its current config

conduit permit icmp any any

Is there any security risks to our internal network with this configuration

Appreciate the help

Sam


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX firewall vulnerability

2000-07-26 Thread Atif Awan 


According to cisco :

The Cisco Secure PIX Firewall cannot distinguish between a forged TCP Reset
(RST) packet and a genuine TCP RST packet. Any TCP/IP connection established
through the Cisco Secure PIX Firewall can be terminated by a third party
from the untrusted network if the connection can be uniquely determined.
This vulnerability is independent of configuration. There is no workaround.
This vulnerability exists in all Cisco Secure PIX Firewall software releases
up to and including 4.2(5), 4.4(4), 5.0(3) and 5.1(1). The defect has been
assigned Cisco bug ID CSCdr11711.

This notice is posted at
http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml on Cisco's
Worldwide Web site.

Atif


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Firewall

2000-05-10 Thread Huy Tran 

Here are couple useful links explaining basic Pix firewall config.

http://www.cisco.com/warp/customer/110/20.html
http://www.cisco.com/warp/public/110/23.html


[EMAIL PROTECTED] ("Harrell, ET3") wrote in
<0D50C6BE69D0D311979100508B63A8861933AA@DESERT005>: 

>I'm trying to set up a Cisco PIX Firewall for my network and I'm having
>trouble with the global command for the outside interface.  I'm not
>totally understanding exactly which ip address or which range of ip
>addresses i'm supposed to enter into that.  I do know that the global
>command statement has to correspond with the NAT id for the inside.  Any
>help on this would be greatly appreciated.  Thanx.
>Nathan Harrell
>
>___
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>---
>

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Firewall

2000-06-24 Thread Rajeev Karamchand 


try 


http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v51/index.htm

--- Farooq Ali <[EMAIL PROTECTED]> wrote:
>   Can some one please point me to a url or a book
> which helps
> "administration of Firewalls". I am working on Pix
> firewalls, and need to
> learn administration/.
> 
> 
> 
> Farooq Ali
> Network Engineer
> Global Network Operations
> 
> ___
> UPDATED Posting Guidelines:
> http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

=
Rajeev Karamchand
MCSE,MCSE+I,MCDBA

__
Do You Yahoo!?
Send online invitations with Yahoo! Invites.
http://invites.yahoo.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall Manager

2000-06-27 Thread lee 

Hi all, has anyone familiar with PIX Firewall Manager 4.3(2)e ???
My PIX firewall is running ver 4.4(4) and my PFM is running 4.3(2)e. I
managed to add the PIX firewall into the PFM, but i don't know how to enable
the syslog & alarm feature of PFM.

Thanks in advance.

rgs,
lee


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

securemote through pix firewall

2001-01-30 Thread marius . holmsen 




HEI

I hope someone could help me with a big problem Ive got.
My client needs to use securemot ipsec program through a pix firewall to a
firewall1 at the remote sight.
theres no problem to get key exchange process, and I am beeing prompted for
password and username.
after this the program says the authentication is OK, but explorer comes up with
cannot find the page.
When I test the same procedure connected without the pix everything functions
OK.
Could anyone please give me a tip to solve this situation.

Thank you


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix Firewall Issue

2001-02-07 Thread Daniel Cotts 

You're not telling us from where you are pinging. From the PIX? From a host
behind the Firewall? From a host outside the Firewall?
Anyway this command is good to have in later versions if you want pings to
traverse the PIX.
conduit permit icmp any any
You may also want to modify that command or eliminate it, if you want to
enforce a stronger policy.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/con
fig.htm#xtocid1091627

> -Original Message-
> From: exchange [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 07, 2001 1:09 PM
> To: '[EMAIL PROTECTED]'
> Subject: Pix Firewall Issue
> 
> 
> Hi Gang,
> 
> I have a Pix Firewall 520 and wondered if this was a feature or a
> configuration issue on my firwall.  We have an entire class C 
> address say
> 208.184.23.x to use for our network. We use the 192.168.1.x 
> network for our
> internal network.  I am having problems pinging a machine's 
> Internet ip
> address say 208.184.23.11 which I noticed is statically mapped to it's
> internal address say 192.168.1.10 on the pix.  
> 
> For example, If I ping another box 208.184.23.12 and not 
> statically mapped
> to a internal ip address on the pix, I get a response.  
> 
> Any help or hints would be greatly appreciated.
> 
> Thanks!
> 
> _
> FAQ, list archives, and subscription info: 
> http://www.groupstudy.com/list/cisco.html
> Report misconduct 
> and Nondisclosure violations to [EMAIL PROTECTED]
> 

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Pix Firewall Issue

2001-02-07 Thread Kenny Sallee 

Actually it's not a good idea to do a 'conduit permit icmp any any'.  If you
want ping traffic to originate inside then do this:

conduit permit icmp 208.184.23.0 255.255.255.0 any echoreply

Think about the way ping works - your workstation sends an icmp echo - the
end station sends an icmp echo-reply - which from the PIX standpoint is a
new inbound packet ( cuz it's stateless ).  Therefore - let the echo-reply
in only.  Not all ICMP messages.

Kenny

"Daniel Cotts" <[EMAIL PROTECTED]> wrote in message
303479FA060CD211B893F805A88AA10F4C@EXCHANGE1">news:303479FA060CD211B893F805A88AA10F4C@EXCHANGE1...
> You're not telling us from where you are pinging. From the PIX? From a
host
> behind the Firewall? From a host outside the Firewall?
> Anyway this command is good to have in later versions if you want pings to
> traverse the PIX.
> conduit permit icmp any any
> You may also want to modify that command or eliminate it, if you want to
> enforce a stronger policy.
>
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/con
> fig.htm#xtocid1091627
>
> > -Original Message-
> > From: exchange [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, February 07, 2001 1:09 PM
> > To: '[EMAIL PROTECTED]'
> > Subject: Pix Firewall Issue
> >
> >
> > Hi Gang,
> >
> > I have a Pix Firewall 520 and wondered if this was a feature or a
> > configuration issue on my firwall.  We have an entire class C
> > address say
> > 208.184.23.x to use for our network. We use the 192.168.1.x
> > network for our
> > internal network.  I am having problems pinging a machine's
> > Internet ip
> > address say 208.184.23.11 which I noticed is statically mapped to it's
> > internal address say 192.168.1.10 on the pix.
> >
> > For example, If I ping another box 208.184.23.12 and not
> > statically mapped
> > to a internal ip address on the pix, I get a response.
> >
> > Any help or hints would be greatly appreciated.
> >
> > Thanks!
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct
> > and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Pix Firewall Issue

2001-02-09 Thread Kevin O'Gilvie 

Does anyone know of a vpn client for Windows 2000, I have Cisco Secure but 
it doesnt run on 2000, I need to implement a vpn solution for my company 
that will integrate with the PIX 515 that I just purchased..

Regards,

Kevin


>From: "Kenny Sallee" <[EMAIL PROTECTED]>
>Reply-To: "Kenny Sallee" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: Pix Firewall Issue
>Date: Wed, 7 Feb 2001 15:55:14 -0800
>
>Actually it's not a good idea to do a 'conduit permit icmp any any'.  If 
>you
>want ping traffic to originate inside then do this:
>
>conduit permit icmp 208.184.23.0 255.255.255.0 any echoreply
>
>Think about the way ping works - your workstation sends an icmp echo - the
>end station sends an icmp echo-reply - which from the PIX standpoint is a
>new inbound packet ( cuz it's stateless ).  Therefore - let the echo-reply
>in only.  Not all ICMP messages.
>
>Kenny
>
>"Daniel Cotts" <[EMAIL PROTECTED]> wrote in message
>303479FA060CD211B893F805A88AA10F4C@EXCHANGE1">news:303479FA060CD211B893F805A88AA10F4C@EXCHANGE1...
> > You're not telling us from where you are pinging. From the PIX? From a
>host
> > behind the Firewall? From a host outside the Firewall?
> > Anyway this command is good to have in later versions if you want pings 
>to
> > traverse the PIX.
> > conduit permit icmp any any
> > You may also want to modify that command or eliminate it, if you want to
> > enforce a stronger policy.
> >
>http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/con
> > fig.htm#xtocid1091627
> >
> > > -Original Message-
> > > From: exchange [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, February 07, 2001 1:09 PM
> > > To: '[EMAIL PROTECTED]'
> > > Subject: Pix Firewall Issue
> > >
> > >
> > > Hi Gang,
> > >
> > > I have a Pix Firewall 520 and wondered if this was a feature or a
> > > configuration issue on my firwall.  We have an entire class C
> > > address say
> > > 208.184.23.x to use for our network. We use the 192.168.1.x
> > > network for our
> > > internal network.  I am having problems pinging a machine's
> > > Internet ip
> > > address say 208.184.23.11 which I noticed is statically mapped to it's
> > > internal address say 192.168.1.10 on the pix.
> > >
> > > For example, If I ping another box 208.184.23.12 and not
> > > statically mapped
> > > to a internal ip address on the pix, I get a response.
> > >
> > > Any help or hints would be greatly appreciated.
> > >
> > > Thanks!
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct
> > > and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> > _
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Pix Firewall Issue

2001-02-09 Thread Kenny Sallee 

Right now there is no Win2k client available from Cisco.  There is a beta
out of the Altiga 3000 client - which can work with the PIX as well.  You
may be able to call TAC and request a copy.  Though if you are hiding behind
PAT and terminating on a PIX you are still SOL.  The alternative for win2k
clients is PPTP with MPPE.  Very simple to implement and is a hold over
until the 2k client is available.  You can either terminate on the PIX and
use Funk software radius server ( cisco secure ACS doesn't support MPPE ), a
local database created on the PIX, or put a beefy win2k server in a DMZ and
pass the PPTP traffic to that server.  It'll need to be dual homed and
secure as much as possible.  Good luck

Kenny

- Original Message -
From: "Kevin O'Gilvie" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, February 09, 2001 7:29 AM
Subject: Re: Pix Firewall Issue


> Does anyone know of a vpn client for Windows 2000, I have Cisco Secure but
> it doesnt run on 2000, I need to implement a vpn solution for my company
> that will integrate with the PIX 515 that I just purchased..
>
> Regards,
>
> Kevin
>
>
> >From: "Kenny Sallee" <[EMAIL PROTECTED]>
> >Reply-To: "Kenny Sallee" <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Re: Pix Firewall Issue
> >Date: Wed, 7 Feb 2001 15:55:14 -0800
> >
> >Actually it's not a good idea to do a 'conduit permit icmp any any'.  If
> >you
> >want ping traffic to originate inside then do this:
> >
> >conduit permit icmp 208.184.23.0 255.255.255.0 any echoreply
> >
> >Think about the way ping works - your workstation sends an icmp echo -
the
> >end station sends an icmp echo-reply - which from the PIX standpoint is a
> >new inbound packet ( cuz it's stateless ).  Therefore - let the
echo-reply
> >in only.  Not all ICMP messages.
> >
> >Kenny
> >
> >"Daniel Cotts" <[EMAIL PROTECTED]> wrote in message
> >303479FA060CD211B893F805A88AA10F4C@EXCHANGE1">news:303479FA060CD211B893F805A88AA10F4C@EXCHANGE1...
> > > You're not telling us from where you are pinging. From the PIX? From a
> >host
> > > behind the Firewall? From a host outside the Firewall?
> > > Anyway this command is good to have in later versions if you want
pings
> >to
> > > traverse the PIX.
> > > conduit permit icmp any any
> > > You may also want to modify that command or eliminate it, if you want
to
> > > enforce a stronger policy.
> > >
>
>http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/co
n
> > > fig.htm#xtocid1091627
> > >
> > > > -Original Message-
> > > > From: exchange [mailto:[EMAIL PROTECTED]]
> > > > Sent: Wednesday, February 07, 2001 1:09 PM
> > > > To: '[EMAIL PROTECTED]'
> > > > Subject: Pix Firewall Issue
> > > >
> > > >
> > > > Hi Gang,
> > > >
> > > > I have a Pix Firewall 520 and wondered if this was a feature or a
> > > > configuration issue on my firwall.  We have an entire class C
> > > > address say
> > > > 208.184.23.x to use for our network. We use the 192.168.1.x
> > > > network for our
> > > > internal network.  I am having problems pinging a machine's
> > > > Internet ip
> > > > address say 208.184.23.11 which I noticed is statically mapped to
it's
> > > > internal address say 192.168.1.10 on the pix.
> > > >
> > > > For example, If I ping another box 208.184.23.12 and not
> > > > statically mapped
> > > > to a internal ip address on the pix, I get a response.
> > > >
> > > > Any help or hints would be greatly appreciated.
> > > >
> > > > Thanks!
> > > >
> > > > _
> > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct
> > > > and Nondisclosure violations to [EMAIL PROTECTED]
> > > >
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> >_
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Pix Firewall Issue

2001-02-09 Thread Kevin O'Gilvie 

Can you point me in the right direction of where I can research the 
alternatives..

Regards,

Kevin


>From: "Kenny Sallee" <[EMAIL PROTECTED]>
>To: "Kevin O'Gilvie" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Subject: Re: Pix Firewall Issue
>Date: Fri, 9 Feb 2001 08:23:24 -0800
>
>Right now there is no Win2k client available from Cisco.  There is a beta
>out of the Altiga 3000 client - which can work with the PIX as well.  You
>may be able to call TAC and request a copy.  Though if you are hiding 
>behind
>PAT and terminating on a PIX you are still SOL.  The alternative for win2k
>clients is PPTP with MPPE.  Very simple to implement and is a hold over
>until the 2k client is available.  You can either terminate on the PIX and
>use Funk software radius server ( cisco secure ACS doesn't support MPPE ), 
>a
>local database created on the PIX, or put a beefy win2k server in a DMZ and
>pass the PPTP traffic to that server.  It'll need to be dual homed and
>secure as much as possible.  Good luck
>
>Kenny
>
>- Original Message -
>From: "Kevin O'Gilvie" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
>Sent: Friday, February 09, 2001 7:29 AM
>Subject: Re: Pix Firewall Issue
>
>
> > Does anyone know of a vpn client for Windows 2000, I have Cisco Secure 
>but
> > it doesnt run on 2000, I need to implement a vpn solution for my company
> > that will integrate with the PIX 515 that I just purchased..
> >
> > Regards,
> >
> > Kevin
> >
> >
> > >From: "Kenny Sallee" <[EMAIL PROTECTED]>
> > >Reply-To: "Kenny Sallee" <[EMAIL PROTECTED]>
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: Pix Firewall Issue
> > >Date: Wed, 7 Feb 2001 15:55:14 -0800
> > >
> > >Actually it's not a good idea to do a 'conduit permit icmp any any'.  
>If
> > >you
> > >want ping traffic to originate inside then do this:
> > >
> > >conduit permit icmp 208.184.23.0 255.255.255.0 any echoreply
> > >
> > >Think about the way ping works - your workstation sends an icmp echo -
>the
> > >end station sends an icmp echo-reply - which from the PIX standpoint is 
>a
> > >new inbound packet ( cuz it's stateless ).  Therefore - let the
>echo-reply
> > >in only.  Not all ICMP messages.
> > >
> > >Kenny
> > >
> > >"Daniel Cotts" <[EMAIL PROTECTED]> wrote in message
> > >303479FA060CD211B893F805A88AA10F4C@EXCHANGE1">news:303479FA060CD211B893F805A88AA10F4C@EXCHANGE1...
> > > > You're not telling us from where you are pinging. From the PIX? From 
>a
> > >host
> > > > behind the Firewall? From a host outside the Firewall?
> > > > Anyway this command is good to have in later versions if you want
>pings
> > >to
> > > > traverse the PIX.
> > > > conduit permit icmp any any
> > > > You may also want to modify that command or eliminate it, if you 
>want
>to
> > > > enforce a stronger policy.
> > > >
> >
> >http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/co
>n
> > > > fig.htm#xtocid1091627
> > > >
> > > > > -Original Message-
> > > > > From: exchange [mailto:[EMAIL PROTECTED]]
> > > > > Sent: Wednesday, February 07, 2001 1:09 PM
> > > > > To: '[EMAIL PROTECTED]'
> > > > > Subject: Pix Firewall Issue
> > > > >
> > > > >
> > > > > Hi Gang,
> > > > >
> > > > > I have a Pix Firewall 520 and wondered if this was a feature or a
> > > > > configuration issue on my firwall.  We have an entire class C
> > > > > address say
> > > > > 208.184.23.x to use for our network. We use the 192.168.1.x
> > > > > network for our
> > > > > internal network.  I am having problems pinging a machine's
> > > > > Internet ip
> > > > > address say 208.184.23.11 which I noticed is statically mapped to
>it's
> > > > > internal address say 192.168.1.10 on the pix.
> > > > >
> > > > > For example, If I ping another box 208.184.23.12 and not
> > > > > statically mapped
> > > > > to a internal ip address on the pix, I get a response.
> > > > >
> > > > > Any help or hints wo

Re: Pix Firewall Issue

2001-02-14 Thread Jason 

PPTP:
http://www.cisco.com/warp/public/110/pptppix.html

Or buy a license for every single Win2k box from IRE (which is where Cisco
OEMs their Win9x/NT VPN Client from.  I don't know what it takes for the IRE
VPN Client to work with the PIX):
http://www.soft-pk.com/

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/


""Kevin O'Gilvie"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Does anyone know of a vpn client for Windows 2000, I have Cisco Secure but
> it doesnt run on 2000, I need to implement a vpn solution for my company
> that will integrate with the PIX 515 that I just purchased..
>
> Regards,
>
> Kevin
>
>
> >From: "Kenny Sallee" <[EMAIL PROTECTED]>
> >Reply-To: "Kenny Sallee" <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Re: Pix Firewall Issue
> >Date: Wed, 7 Feb 2001 15:55:14 -0800
> >
> >Actually it's not a good idea to do a 'conduit permit icmp any any'.  If
> >you
> >want ping traffic to originate inside then do this:
> >
> >conduit permit icmp 208.184.23.0 255.255.255.0 any echoreply
> >
> >Think about the way ping works - your workstation sends an icmp echo -
the
> >end station sends an icmp echo-reply - which from the PIX standpoint is a
> >new inbound packet ( cuz it's stateless ).  Therefore - let the
echo-reply
> >in only.  Not all ICMP messages.
> >
> >Kenny
> >
> >"Daniel Cotts" <[EMAIL PROTECTED]> wrote in message
> >303479FA060CD211B893F805A88AA10F4C@EXCHANGE1">news:303479FA060CD211B893F805A88AA10F4C@EXCHANGE1...
> > > You're not telling us from where you are pinging. From the PIX? From a
> >host
> > > behind the Firewall? From a host outside the Firewall?
> > > Anyway this command is good to have in later versions if you want
pings
> >to
> > > traverse the PIX.
> > > conduit permit icmp any any
> > > You may also want to modify that command or eliminate it, if you want
to
> > > enforce a stronger policy.
> > >
>
>http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/co
n
> > > fig.htm#xtocid1091627
> > >
> > > > -Original Message-
> > > > From: exchange [mailto:[EMAIL PROTECTED]]
> > > > Sent: Wednesday, February 07, 2001 1:09 PM
> > > > To: '[EMAIL PROTECTED]'
> > > > Subject: Pix Firewall Issue
> > > >
> > > >
> > > > Hi Gang,
> > > >
> > > > I have a Pix Firewall 520 and wondered if this was a feature or a
> > > > configuration issue on my firwall.  We have an entire class C
> > > > address say
> > > > 208.184.23.x to use for our network. We use the 192.168.1.x
> > > > network for our
> > > > internal network.  I am having problems pinging a machine's
> > > > Internet ip
> > > > address say 208.184.23.11 which I noticed is statically mapped to
it's
> > > > internal address say 192.168.1.10 on the pix.
> > > >
> > > > For example, If I ping another box 208.184.23.12 and not
> > > > statically mapped
> > > > to a internal ip address on the pix, I get a response.
> > > >
> > > > Any help or hints would be greatly appreciated.
> > > >
> > > > Thanks!
> > > >
> > > > _
> > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct
> > > > and Nondisclosure violations to [EMAIL PROTECTED]
> > > >
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> >_
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Pix Firewall Issue

2001-02-15 Thread Tim O'Brien 

Kevin,

The newest Cisco VPN3000 client (I believe that it is 2.6b and should be on
CCO within a week or 2) that supports Win2000 will terminate to a PIX
running 5.2 (I believe) or newer. I would suggest loading your 515 with the
newest code (5.3.1). You should be getting another email from me with the
link to the code. Grab the VPN software when available.

Tim


 O'Gilvie"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Does anyone know of a vpn client for Windows 2000, I have Cisco Secure but
> it doesnt run on 2000, I need to implement a vpn solution for my company
> that will integrate with the PIX 515 that I just purchased..
>
> Regards,
>
> Kevin
>
>
> >From: "Kenny Sallee" <[EMAIL PROTECTED]>
> >Reply-To: "Kenny Sallee" <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Re: Pix Firewall Issue
> >Date: Wed, 7 Feb 2001 15:55:14 -0800
> >
> >Actually it's not a good idea to do a 'conduit permit icmp any any'.  If
> >you
> >want ping traffic to originate inside then do this:
> >
> >conduit permit icmp 208.184.23.0 255.255.255.0 any echoreply
> >
> >Think about the way ping works - your workstation sends an icmp echo -
the
> >end station sends an icmp echo-reply - which from the PIX standpoint is a
> >new inbound packet ( cuz it's stateless ).  Therefore - let the
echo-reply
> >in only.  Not all ICMP messages.
> >
> >Kenny
> >
> >"Daniel Cotts" <[EMAIL PROTECTED]> wrote in message
> >303479FA060CD211B893F805A88AA10F4C@EXCHANGE1">news:303479FA060CD211B893F805A88AA10F4C@EXCHANGE1...
> > > You're not telling us from where you are pinging. From the PIX? From a
> >host
> > > behind the Firewall? From a host outside the Firewall?
> > > Anyway this command is good to have in later versions if you want
pings
> >to
> > > traverse the PIX.
> > > conduit permit icmp any any
> > > You may also want to modify that command or eliminate it, if you want
to
> > > enforce a stronger policy.
> > >
>
>http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/co
n
> > > fig.htm#xtocid1091627
> > >
> > > > -Original Message-
> > > > From: exchange [mailto:[EMAIL PROTECTED]]
> > > > Sent: Wednesday, February 07, 2001 1:09 PM
> > > > To: '[EMAIL PROTECTED]'
> > > > Subject: Pix Firewall Issue
> > > >
> > > >
> > > > Hi Gang,
> > > >
> > > > I have a Pix Firewall 520 and wondered if this was a feature or a
> > > > configuration issue on my firwall.  We have an entire class C
> > > > address say
> > > > 208.184.23.x to use for our network. We use the 192.168.1.x
> > > > network for our
> > > > internal network.  I am having problems pinging a machine's
> > > > Internet ip
> > > > address say 208.184.23.11 which I noticed is statically mapped to
it's
> > > > internal address say 192.168.1.10 on the pix.
> > > >
> > > > For example, If I ping another box 208.184.23.12 and not
> > > > statically mapped
> > > > to a internal ip address on the pix, I get a response.
> > > >
> > > > Any help or hints would be greatly appreciated.
> > > >
> > > > Thanks!
> > > >
> > > > _
> > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct
> > > > and Nondisclosure violations to [EMAIL PROTECTED]
> > > >
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> >_
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Pix Firewall Issue

2001-02-15 Thread Jason 

Does anyone have a link to the VPN3000 Concentrator Win2k beta software?
I'm eager to try this out and ditch having to configure both IPSEC/ISAKMP
and PPTP each PIX I configure for VPNs.

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/


""Tim O'Brien"" <[EMAIL PROTECTED]> wrote in message
96glc8$lcf$[EMAIL PROTECTED]">news:96glc8$lcf$[EMAIL PROTECTED]...
> Kevin,
>
> The newest Cisco VPN3000 client (I believe that it is 2.6b and should be
on
> CCO within a week or 2) that supports Win2000 will terminate to a PIX
> running 5.2 (I believe) or newer. I would suggest loading your 515 with
the
> newest code (5.3.1). You should be getting another email from me with the
> link to the code. Grab the VPN software when available.
>
> Tim
>
>
>  O'Gilvie"" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Does anyone know of a vpn client for Windows 2000, I have Cisco Secure
but
> > it doesnt run on 2000, I need to implement a vpn solution for my company
> > that will integrate with the PIX 515 that I just purchased..
> >
> > Regards,
> >
> > Kevin
> >
> >
> > >From: "Kenny Sallee" <[EMAIL PROTECTED]>
> > >Reply-To: "Kenny Sallee" <[EMAIL PROTECTED]>
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: Pix Firewall Issue
> > >Date: Wed, 7 Feb 2001 15:55:14 -0800
> > >
> > >Actually it's not a good idea to do a 'conduit permit icmp any any'.
If
> > >you
> > >want ping traffic to originate inside then do this:
> > >
> > >conduit permit icmp 208.184.23.0 255.255.255.0 any echoreply
> > >
> > >Think about the way ping works - your workstation sends an icmp echo -
> the
> > >end station sends an icmp echo-reply - which from the PIX standpoint is
a
> > >new inbound packet ( cuz it's stateless ).  Therefore - let the
> echo-reply
> > >in only.  Not all ICMP messages.
> > >
> > >Kenny
> > >
> > >"Daniel Cotts" <[EMAIL PROTECTED]> wrote in message
> > >303479FA060CD211B893F805A88AA10F4C@EXCHANGE1">news:303479FA060CD211B893F805A88AA10F4C@EXCHANGE1...
> > > > You're not telling us from where you are pinging. From the PIX? From
a
> > >host
> > > > behind the Firewall? From a host outside the Firewall?
> > > > Anyway this command is good to have in later versions if you want
> pings
> > >to
> > > > traverse the PIX.
> > > > conduit permit icmp any any
> > > > You may also want to modify that command or eliminate it, if you
want
> to
> > > > enforce a stronger policy.
> > > >
> >
>
>http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/co
> n
> > > > fig.htm#xtocid1091627
> > > >
> > > > > -Original Message-
> > > > > From: exchange [mailto:[EMAIL PROTECTED]]
> > > > > Sent: Wednesday, February 07, 2001 1:09 PM
> > > > > To: '[EMAIL PROTECTED]'
> > > > > Subject: Pix Firewall Issue
> > > > >
> > > > >
> > > > > Hi Gang,
> > > > >
> > > > > I have a Pix Firewall 520 and wondered if this was a feature or a
> > > > > configuration issue on my firwall.  We have an entire class C
> > > > > address say
> > > > > 208.184.23.x to use for our network. We use the 192.168.1.x
> > > > > network for our
> > > > > internal network.  I am having problems pinging a machine's
> > > > > Internet ip
> > > > > address say 208.184.23.11 which I noticed is statically mapped to
> it's
> > > > > internal address say 192.168.1.10 on the pix.
> > > > >
> > > > > For example, If I ping another box 208.184.23.12 and not
> > > > > statically mapped
> > > > > to a internal ip address on the pix, I get a response.
> > > > >
> > > > > Any help or hints would be greatly appreciated.
> > > > >
> > > > > Thanks!
> > > > >
> > > > > _
> > > > > FAQ, list archives, and subscription info:
> > > > > http://www.groupstudy.com/list/cisco.html
> > > > >

CISCO PIX FIREWAll ----HELP

2001-02-21 Thread Hyman, Craig 

Has anybody come across when the pix firewall takes control of the static
arp table.   What commands in the PIX would cause something like this?//
Please help
Craig Hyman
SUN SRS Implementation Team
Help Desk Tier 2
[EMAIL PROTECTED]
Broomfield Office 303-272-2661
Virtual Office Phone Number 925-777-0672
SkyPager Number 1-888-860-5913


 -Original Message-
From:   Andy [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, February 15, 2001 11:09 PM
To: suaveguru
Cc: [EMAIL PROTECTED]
Subject:Re: automating monotonous tasks


If you have a unix box I would do this myself:

telnet cisco
show run | include Serial
copy and paste the results to a file
delete out any serials you don't want bandwidth statements for

create this script

#!/bin/bash
exec < serialsfile
while read serial
do
echo "$serial" >> serial.cfg
echo "bandwidth 56" >> serial.cfg
echo "exit" >> serial.cfg
done

run it, paste the results into your telnet session

andy

On Fri, 16 Feb 2001, suaveguru wrote:

> hi all 
> 
> I am in the process of automating adding in of
> bandwidth statements for all my customers' interfaces 
> 
> anyone know of a fast way of automating this tasks , I
> have about a few hundred interfaces to key in 
> 
> 
> regards,
> 
> suaveguru
> 
> __
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail - only $35 
> a year!  http://personal.mail.yahoo.com/
> 
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall Management Software

2000-11-28 Thread Fowler, Joey 
Title: PIX Firewall Management Software






After learning from OTJ experience and from another engineer, I've heard that instead of manually making changes line by line that there is some management software for the PIX. Does anyone know what it is called so I can get more info on it? 



Thanks,
Joey Fowler

Re: pix firewall setup

2000-12-20 Thread ItsMe 

Allow them in via conduit, and NAT 0 them. Or you can static route them to
theirselves, which takes priority over NAT/PAT.

""fsd afd"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi, Everyone:
>
>   I have a client who uses 192.216.xxx.xxx/24 ip address, recently they
> got another ip address block 64.xxx.xxx.xxx/24, they want to put in pix
> firewall, but they still want to use all real ip address behind firewall.
> Is there a way to setup firewall?
>
> Thanks in advance.
>
> ~ml
>
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: pix firewall setup

2000-12-21 Thread Liwanag, Manolito 

Not enough information here.

Would they consider adding another card on the PIX. A DMZ to use the 64 ip
addresses. Although I have never tried it, how about using it as a secondary
ip address. You could add 64.x.x.x addresses to your interfaces as secondary
IP addresses. 

Just a thought

Manolito

-Original Message-
From: fsd afd [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 20, 2000 8:39 PM
To: [EMAIL PROTECTED]
Subject: pix firewall setup


Hi, Everyone:

  I have a client who uses 192.216.xxx.xxx/24 ip address, recently they
got another ip address block 64.xxx.xxx.xxx/24, they want to put in pix
firewall, but they still want to use all real ip address behind firewall.
Is there a way to setup firewall?

Thanks in advance.

~ml

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco Pix Firewall 515

2001-01-23 Thread Kevin O'Gilvie 

Thanks for the overwhelming response to my Total Virus Solution, You guys 
are great!!

Now I have another issue we just purchased the Cisco Pix, I am a checkpoint 
guy that kinda walked into this situation. Now i have the 515 sitting here 
and with 2 ehternet interfaces. I need to set up VPN, IP Nat ( this company 
is currently using all public IP's dont ask me why), and a security policy. 
I am figuring that to complete my tasks I need another interface for my DMZ 
zone ( i.e exchange , DNS, and Web severs).

What steps do you think I should take to complete this task?


Best Regards,

Kevin
_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX Firewall manager

2000-09-20 Thread Omar Baceski 

you're right. i have had a lot of trouble last month because the manager
SAYs that it has sent some commands but looking at the pix, the config was
not complete. i suggest the old and kind telnet...

> -Mensaje original-
> De:   Wibowo Nur Susetio [SMTP:[EMAIL PROTECTED]]
> Enviado el:   Tuesday, September 19, 2000 10:27 PM
> Para: [EMAIL PROTECTED]
> Asunto:   PIX Firewall manager
> Importancia:  Alta
> 
> Dear Nathan,
> 
> Currently i am installing Pix Firewall Manager ver 4.3(2)e, it's not
> smooth
> as i read in a CCO.
> We have a problem when loading PIX configuration. It seems that the PIX
> cannot send the config to  PFM server.
> I have open the telnet for PIX manager. 
> 
> Hosts spec are:
> Windows NT server with service pack 4
> 96 Mb Ram
> IE browser  4.0 version 4.72.3110.8 updated version:SP1
> Static IP address in inside PIX interface
> 
> After typing username and password to logon, there are several IO error
> 
>   -- IO exception error:This file,adm_admc.txt may not exist
> 
> There are about 10 or more txt file error notification that may not exist.
> 
> and when loading the configuration we have also error reported by PIX and
> sent to PIX  manager (file Attached)
> 
> So due to this error the PIX configuration cannot be loaded by PFM.
> 
> Has anybody install PFM???
> 
> Please advise!!
> 
> 1: 10.10.1.1: Unable to Show Interface (cmdCode = 1903).
> 2: 10.10.1.1: Unable to Show Global (cmdCode = 103).
> 3: 10.10.1.1: Unable to Show NAT (cmdCode = 203).
> 4: 10.10.1.1: Unable to Show No AT (cmdCode = 503).
> 5: 10.10.1.1: Unable to Show Static (cmdCode = 303).
> 6: 10.10.1.1: Unable to Show Conduit (cmdCode = 403).
> 7: 10.10.1.1: Unable to Show Outbound (cmdCode = 603).
> 8: 10.10.1.1: Unable to Show Apply (cmdCode = 703).
> 9: 10.10.1.1: Unable to Show Alias (cmdCode = 4803).
> 10: 10.10.1.1: Unable to Show Telnet (cmdCode = 1503).
> 11: 10.10.1.1: Unable to Show Telnet (cmdCode = 1503).
> 12: 10.10.1.1: Unable to Logging Message (cmdCode = 908).
> 13: 10.10.1.1: Unable to Show ARP (cmdCode = 1003).
> 14: 10.10.1.1: Unable to Show ARP Duration (cmdCode = 1103).
> 15: 10.10.1.1: Unable to Show AAA Authentication (cmdCode = 3203).
> 16: 10.10.1.1: Unable to Show AAA Accounting (cmdCode = 5803).
> 17: 10.10.1.1: Unable to Show AAA Authorization (cmdCode = 3903).
> 18: 10.10.1.1: Unable to Show Static Route (cmdCode = 1303).
> 19: 10.10.1.1: Unable to Show Default Route (cmdCode = 1203).
> 20: 10.10.1.1: Unable to Show SNMP Community (cmdCode = 5503).
> 21: 10.10.1.1: Unable to Show SNMP Host (cmdCode = 1603).
> 22: 10.10.1.1: Unable to Show SNMP Contact (cmdCode = 1703).
> 23: 10.10.1.1: Unable to Show SNMP Location (cmdCode = 1803).
> 24: 10.10.1.1: Unable to Show SNMP Traps (cmdCode = 6503).
> 25: 10.10.1.1: Unable to Show Syslog Output (cmdCode = 903).
> 26: 10.10.1.1: Unable to Show Syslog Output (cmdCode = 903).
> 27: 10.10.1.1: Unable to Show Url Filter Server (cmdCode = 6203).
> 28: 10.10.1.1: Unable to Show Filter (cmdCode = 6603).
> 29: 10.10.1.1: Unable to Show established (cmdCode = 4703).
> 30: 10.10.1.1: Unable to Show RIP (cmdCode = 2003).
> 31: 10.10.1.1: Unable to Show Failover (cmdCode = 2103).
> 32: 10.10.1.1: Unable to Show Fixup Protocol (cmdCode = 6003).
> 33: 10.10.1.1: Unable to Show RADIUS Server (cmdCode = 4003).
> 34: 10.10.1.1: Unable to Show TACACS Server (cmdCode = 4103).
> 35: 10.10.1.1: Unable to Show Timeout (cmdCode = 4903).
> 36: 10.10.1.1: Unable to Show Link (cmdCode = 4203).
> 37: 10.10.1.1: Unable to Show Linkpath (cmdCode = 4303).
> 38: 10.10.1.1: Unable to Show Uauth (cmdCode = 5003).
> 39: 10.10.1.1: Unable to Show Age Duration (cmdCode = 4403).
> 40: 10.10.1.1: Unable to Show TFTP Server (cmdCode = 6303).
> 41: 10.10.1.1: Unable to Show Virtual Server (cmdCode = 6103).
> 42: 10.10.1.1: Unable to Show Blocks (cmdCode = 2603).
> 43: 10.10.1.1: Unable to Show Memory (cmdCode = 2903).
> 44: 10.10.1.1: Unable to Show Connection (cmdCode = 2703).
> 45: 10.10.1.1: Unable to Show Checksum (cmdCode = 5903).
> 46: 10.10.1.1: Unable to Show Url Cache Stat (cmdCode = 6803).
> 
> 
> 
> 
> 
> 
> 
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Pix Firewall Problem.

2000-10-03 Thread Russell Lusignan 

Hmm..  what versin of the IOS are you running?

Try upgrading your PIX to 5.2x and see if that helps.  If not post your
config for the list to look at..

Russ..


"Rajeev Karamchand" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All
>
> I am facing a strange problem. I am losing my
> connectivity to the pix firewall from inside. If I
> power cycle the pix everything is ok. I would
> appreciate help in this regards
>
>
>
>
>
>
> =
> Rajeev Karamchand
> MCSE,MCSE+I,MCDBA,CCNA
>
> __
> Do You Yahoo!?
> Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
> http://photos.yahoo.com/
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Pix Firewall Problem.

2000-10-03 Thread FRS 

You might want to sanitize your config before posting ... but I'm sure you
knew that :)
"Rajeev Karamchand" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi All
>
> I am facing a strange problem. I am losing my
> connectivity to the pix firewall from inside. If I
> power cycle the pix everything is ok. I would
> appreciate help in this regards
>
>
>
>
>
>
> =
> Rajeev Karamchand
> MCSE,MCSE+I,MCDBA,CCNA
>
> __
> Do You Yahoo!?
> Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
> http://photos.yahoo.com/
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Firewall information

2000-11-14 Thread Russell Lusignan 

Syngress (www.syngress.com) has a Security book coming out that has a
chapter dedicated to PIX, other chapters touch on subjects such as VPN etc..
Cisco Press (www.ciscopress.com) has their Security book due out in December
2000..  The PIX certification would fall under CCNP + Security.  PIX is a
part of that certification, but it doesn't revolve around it

Hope that helps
Russ..


"Langa Kentane" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED].
za...
> Hi.
> I am looking for comprehensive reference material on the Cisco PIX
firewall.
> Where can I get such?   Do you know of any sites or books that might be
> helpful?
>
> Also, is there any Cisco PIX certification available out there?
>
> Thanks in advance
>
> Langa Kentane
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall [7:9295]

2001-06-21 Thread sanjeev tyagi 

Dear All,

I am having PIX-515UR with 3-10/100 Ethernet ports, I have 2-ISP's which are
connected to 2-different 2500 series Routers.Can I terminate RJ-45
interfaces from Router on PIX Firewall, how will Pix decide on which Router
the packets are to be send.
Please Help.
Thanks in advance
Sanjeev Tyagi


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9295&t=9295
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall [7:31850]

2002-01-14 Thread Guenter Strasser 

does anyone know a good reporting tool for
the kiwi syslog logfiles ?



[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31850&t=31850
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: cisco PIX firewall

2000-07-20 Thread Kent Hundley 

PIX was designed from the beginning as a NAT gateway, but you can disable
the use of NAT for your internal address ranges with the 'nat 0' command.

Here's a link that shows an example using 'nat 0':

http://www.cisco.com/warp/public/110/19.html

-Kent

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Wong, Van
Sent: Thursday, July 20, 2000 11:58 AM
To: '[EMAIL PROTECTED]'
Subject: cisco PIX firewall


Every sample configuration on PIX I see involves NAT with public addresses
on the outside interface and private on the inside.  What if you do not want
to use NAT?  Meaning desktop PCs have global IP addresses.  So both inside,
dmz, and outside interface will have valid global ip addresses, like a class
B address subnetted.  Will PIX support that or was it designed for NAT?

I am trying to understand PIX.  I don't have access to a PIX.

Best Regards,
Van

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Another PIX firewall Question

2000-07-21 Thread Samuel Rey 

Occasionally, I have users complain that they no longer can access the
internet.  It seems to happen randomly with different users.
If I perform a
clear xlate
it immediately clears the problem.  Obviously, I don’t want to have to do
this every time.
Any ideas on what I could do to prevent this seemingly random problem.
Thanks



___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Firewall Question

2000-07-21 Thread Nimesh Vakharia 

well you could get an icmp flood but the problem is that you become a
security threath :)... you will becore a smurf relay... People from the
outisde world can spoof ping your broadcast addresss and all your host
will respond back...
I had to have an explicity deny to all my boradcast addresses before the
icmp any any... 
What i don't understand is when you have no ip directed-broadcast on your
routers pings to x.x.x.255 still get through..!!

Nimesh.

On Fri, 21 Jul 2000, Samuel Rey wrote:

> My pix firewall has the following in its current config
> 
> conduit permit icmp any any
> 
> Is there any security risks to our internal network with this configuration
> 
> Appreciate the help
> 
> Sam
> 
> 
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX firewall vulnerability

2000-07-27 Thread Marco Rodrigues 

You should go to www.securityfocus.com This was posted alsmost two weeks
ago in the bugtraq mailing list. It's a great resource for recent exploits
and Vulnerability information.


""Atif Awan"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> According to cisco :
>
> The Cisco Secure PIX Firewall cannot distinguish between a forged TCP
Reset
> (RST) packet and a genuine TCP RST packet. Any TCP/IP connection
established
> through the Cisco Secure PIX Firewall can be terminated by a third party
> from the untrusted network if the connection can be uniquely determined.
> This vulnerability is independent of configuration. There is no
workaround.
> This vulnerability exists in all Cisco Secure PIX Firewall software
releases
> up to and including 4.2(5), 4.4(4), 5.0(3) and 5.1(1). The defect has been
> assigned Cisco bug ID CSCdr11711.
>
> This notice is posted at
> http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml on Cisco's
> Worldwide Web site.
>
> Atif
>
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pix firewall and PAT

2000-08-09 Thread Travis Gamble 

Hi all,

Here's something I've been pondering.  How many external addresses do you
need with a PIX firewall to have your PIX, PAT for the internal clients and
to redirect port 80 to a web server?

On an IOS router, you can do something like: (where 1.1.1.1 is an external
IP and 10.x.x.x is internal)

interface ethernet 0/0
 ip address 1.1.1.1
 ip nat outside

interface ethernet 0/1
 ip address 10.1.1.1
 ip nat inside

ip nat inside source list DoTheNat interface e0 overload
ip nat inside source static tcp 1.1.1.1 80 10.1.1.2 80 extendable

Or something like that.  That would allow you to use 1 IP address for PAT,
access to an internal web server.


With a PIX, I can't seem to find the same functionality.  With a PIX (at
least one that's running 4.4) it seems to me that I need one IP address for
the PIX, one for PAT and another one for the web server to use.

Anyone know of a workaround for that, or do I need to start getting a block
of IPs?

Regards,
Travis Gamble

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pix Firewall Password Recovery

2000-08-28 Thread Fowler, Joey 
Title: Pix Firewall Password Recovery






I've been told be someone who attended the Cisco training course on PIX that to do a password recovery on one you have to send it to Cisco for them to do it. However looking on Cisco's Web site I found the Password Recovery Procedure for PIX. The only one I have access to is in production so I can't "test" this out. Comments will be appreciated.


Thanks,
Joey Fowler

PIX Firewall user connections

2000-08-29 Thread Hans Stout 

Hi colleagues,

I have a question regarding the PIX Firewall: when they mention the number 
of user connections, what does that actually mean ? Does e.g. the 520 model 
allow 250,000+ user to be connected simultaneously ?
Also, the new 506 PIX model does not specify the number of user connections 
allowed, does this mean that there is no limit ?
Thanks for your help in advance.

Georg Pauwen
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pix Firewall Syslog server

2000-06-09 Thread Mauro Conosciani 

Hi everybody!!! does anyone know where it's possible to download the
PFSS ??? I had a quick tour in the CCO but.no way to get it?? I know
It's a no charge sftwre.
Cheers

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

quick pix firewall question

2000-06-24 Thread Antonio Marfil 

what is the pix firewall 5.0 equivalent of hitting  +  on a
cisco router to break out of a long 'show' command?   +  does
not work.

thanks in advance for your help.

tony

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Firewall Manager

2000-06-28 Thread Russell Lusignan 

Hmm.. my experience with the PFM wasn't too great.  Wasn't happy with it at
all, stick with the CLI for configuration.  As for syslog analysis and
alarm, there are several products out there that do a much better job.  I
use PrivateI (www.4privatei.com), works very well for NT, there are others
but I can't remember what they are, others on the list should have some more
insight :)

Hope that helps.
Russ..

""lee"" <[EMAIL PROTECTED]> wrote in message
8jbtop$g0c$[EMAIL PROTECTED]">news:8jbtop$g0c$[EMAIL PROTECTED]...
> Hi all, has anyone familiar with PIX Firewall Manager 4.3(2)e ???
> My PIX firewall is running ver 4.4(4) and my PFM is running 4.3(2)e. I
> managed to add the PIX firewall into the PFM, but i don't know how to
enable
> the syslog & alarm feature of PFM.
>
> Thanks in advance.
>
> rgs,
> lee
>
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX firewall version 4.4

2000-07-05 Thread Shumake, Derrick 

Can anyone help me with a PIX 4.4 box.  I am trying to setup FTP through my
firewall.  What is the correct commands to use? As in the conduit command.
thanks in advance.


NETIGY
The World's premier Architect of eBusiness-Ready Networks
5445 DTC Parkway, Penthouse Four
Englewood, CO  80111
http://www.netigy.com



___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX firewall [7:62746]

2003-02-10 Thread hanan 
Hello

Could you please tell me in the PIX Cisco firewall their clients need to be
firewall clients or not?

Hanan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62746&t=62746
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX firewall [7:62761]

2003-02-10 Thread hanan 
Hello

Could you please tell me in the PIX Cisco firewall their clients need to be
firewall clients or not?

Hanan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62761&t=62761
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall [7:46423]

2002-06-12 Thread Tim Champion 

Does anyone know of a way to clear or tear-down individual connections on a
PIX Firewall? By using the "show conn" command I can see the connections I
want to clear but don't now how to.

Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=46423&t=46423
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall [7:19434]

2001-09-11 Thread Pierre-Alex 

For testing purpose I want to open all the ports of my firewall.

The firewall uses software version 4.07 and uses conduit statements.

I have tried many statements but nothing works.

Can you help?

Pierre-Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=19434&t=19434
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pix Firewall [7:21924]

2001-10-03 Thread Guy Russell 

I have been hitting every bookstore, looking for PIX books...

I would like to get training guides, or admin guides, or whatever is
available,... Anything out there anyone could recommend, and where to get
it?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=21924&t=21924
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: securemote through pix firewall

2001-01-30 Thread pat 

Well am too having the same problem. The issue seems
to be due to address translation the PIX does. The
actual address on the firewall interface(outside) is
different & the secure remote client uses different IP
(IP mapped by PIX) to establish the session. But I
don't understand why authentication fails.

 In my case topology dowload goes through, but
authentication fails. If i sit behind PIX everything
is fine. PIX is trnslating Public IP to Private IP.
Let me know if you get to know why this happens.

thanks.


--- [EMAIL PROTECTED] wrote:
> 
> 
> 
> HEI
> 
> I hope someone could help me with a big problem Ive
> got.
> My client needs to use securemot ipsec program
> through a pix firewall to a
> firewall1 at the remote sight.
> theres no problem to get key exchange process, and I
> am beeing prompted for
> password and username.
> after this the program says the authentication is
> OK, but explorer comes up with
> cannot find the page.
> When I test the same procedure connected without the
> pix everything functions
> OK.
> Could anyone please give me a tip to solve this
> situation.
> 
> Thank you
> 
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: securemote through pix firewall

2001-01-31 Thread Allen May 

Did you remember to put the nat statement in for the IP range that the
secureremote users are using and set up the access-list permits for them as
well?

Chapter 10 in the IPSec User Guide 5.3 covers this pretty well.

- Original Message -
From: "pat" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, January 30, 2001 10:27 PM
Subject: Re: securemote through pix firewall


> Well am too having the same problem. The issue seems
> to be due to address translation the PIX does. The
> actual address on the firewall interface(outside) is
> different & the secure remote client uses different IP
> (IP mapped by PIX) to establish the session. But I
> don't understand why authentication fails.
>
>  In my case topology dowload goes through, but
> authentication fails. If i sit behind PIX everything
> is fine. PIX is trnslating Public IP to Private IP.
> Let me know if you get to know why this happens.
>
> thanks.
>
>
> --- [EMAIL PROTECTED] wrote:
> >
> >
> >
> > HEI
> >
> > I hope someone could help me with a big problem Ive
> > got.
> > My client needs to use securemot ipsec program
> > through a pix firewall to a
> > firewall1 at the remote sight.
> > theres no problem to get key exchange process, and I
> > am beeing prompted for
> > password and username.
> > after this the program says the authentication is
> > OK, but explorer comes up with
> > cannot find the page.
> > When I test the same procedure connected without the
> > pix everything functions
> > OK.
> > Could anyone please give me a tip to solve this
> > situation.
> >
> > Thank you
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
>
>
> __
> Get personalized email addresses from Yahoo! Mail - only $35
> a year!  http://personal.mail.yahoo.com/
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: securemote through pix firewall

2001-02-01 Thread pat 

Friesnds,

Did lot of work on this issue. It may not work.
The reason:
 Secure remote first dowload topology info. Then it
writes the info to user.c file on client machine.
It writes the IP addr of fw1 interface rather than
real public IP.
For auth It trys to reach the interface IP on FW1
instead of public IP which is unreachable, hence the
auth fails.

HTH

pat
--- Allen May <[EMAIL PROTECTED]> wrote:
> Did you remember to put the nat statement in for the
> IP range that the
> secureremote users are using and set up the
> access-list permits for them as
> well?
> 
> Chapter 10 in the IPSec User Guide 5.3 covers this
> pretty well.
> 
> - Original Message -
> From: "pat" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>
> Sent: Tuesday, January 30, 2001 10:27 PM
> Subject: Re: securemote through pix firewall
> 
> 
> > Well am too having the same problem. The issue
> seems
> > to be due to address translation the PIX does. The
> > actual address on the firewall interface(outside)
> is
> > different & the secure remote client uses
> different IP
> > (IP mapped by PIX) to establish the session. But I
> > don't understand why authentication fails.
> >
> >  In my case topology dowload goes through, but
> > authentication fails. If i sit behind PIX
> everything
> > is fine. PIX is trnslating Public IP to Private
> IP.
> > Let me know if you get to know why this happens.
> >
> > thanks.
> >
> >
> > --- [EMAIL PROTECTED] wrote:
> > >
> > >
> > >
> > > HEI
> > >
> > > I hope someone could help me with a big problem
> Ive
> > > got.
> > > My client needs to use securemot ipsec program
> > > through a pix firewall to a
> > > firewall1 at the remote sight.
> > > theres no problem to get key exchange process,
> and I
> > > am beeing prompted for
> > > password and username.
> > > after this the program says the authentication
> is
> > > OK, but explorer comes up with
> > > cannot find the page.
> > > When I test the same procedure connected without
> the
> > > pix everything functions
> > > OK.
> > > Could anyone please give me a tip to solve this
> > > situation.
> > >
> > > Thank you
> > >
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations
> to
> > [EMAIL PROTECTED]
> >
> >
> > __
> > Get personalized email addresses from Yahoo! Mail
> - only $35
> > a year!  http://personal.mail.yahoo.com/
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> >
> 
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: securemote through pix firewall

2001-02-01 Thread Allen May 

Are you trying to set up a pool of IP addresses that are public IPs on the
external interface?  I've got it set up using a pool of IP addresses
matching the internal interface subnet, set up NAT for that pool, and tada!
You may have an ACL issue if it's assigning external IP's to the user.  I'm
not sure and haven't had my coffee yet, but it seems if it adds an external
IP that the remote station would have a new route added internally to route
traffic for the external interface of the PIX through the VPN tunnel...which
could possibly really mess with you being able to access the external
interface itself for the tunnel.  Let me think more on this before I
elaborate ;)  (going to get coffee right now!)

Allen
- Original Message -
From: "pat" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Wednesday, January 31, 2001 11:39 PM
Subject: Re: securemote through pix firewall


> Friesnds,
>
> Did lot of work on this issue. It may not work.
> The reason:
>  Secure remote first dowload topology info. Then it
> writes the info to user.c file on client machine.
> It writes the IP addr of fw1 interface rather than
> real public IP.
> For auth It trys to reach the interface IP on FW1
> instead of public IP which is unreachable, hence the
> auth fails.
>
> HTH
>
> pat
> --- Allen May <[EMAIL PROTECTED]> wrote:
> > Did you remember to put the nat statement in for the
> > IP range that the
> > secureremote users are using and set up the
> > access-list permits for them as
> > well?
> >
> > Chapter 10 in the IPSec User Guide 5.3 covers this
> > pretty well.
> >
> > - Original Message -----
> > From: "pat" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>;
> > <[EMAIL PROTECTED]>
> > Sent: Tuesday, January 30, 2001 10:27 PM
> > Subject: Re: securemote through pix firewall
> >
> >
> > > Well am too having the same problem. The issue
> > seems
> > > to be due to address translation the PIX does. The
> > > actual address on the firewall interface(outside)
> > is
> > > different & the secure remote client uses
> > different IP
> > > (IP mapped by PIX) to establish the session. But I
> > > don't understand why authentication fails.
> > >
> > >  In my case topology dowload goes through, but
> > > authentication fails. If i sit behind PIX
> > everything
> > > is fine. PIX is trnslating Public IP to Private
> > IP.
> > > Let me know if you get to know why this happens.
> > >
> > > thanks.
> > >
> > >
> > > --- [EMAIL PROTECTED] wrote:
> > > >
> > > >
> > > >
> > > > HEI
> > > >
> > > > I hope someone could help me with a big problem
> > Ive
> > > > got.
> > > > My client needs to use securemot ipsec program
> > > > through a pix firewall to a
> > > > firewall1 at the remote sight.
> > > > theres no problem to get key exchange process,
> > and I
> > > > am beeing prompted for
> > > > password and username.
> > > > after this the program says the authentication
> > is
> > > > OK, but explorer comes up with
> > > > cannot find the page.
> > > > When I test the same procedure connected without
> > the
> > > > pix everything functions
> > > > OK.
> > > > Could anyone please give me a tip to solve this
> > > > situation.
> > > >
> > > > Thank you
> > > >
> > > >
> > > > _
> > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations
> > to
> > > [EMAIL PROTECTED]
> > >
> > >
> > > __
> > > Get personalized email addresses from Yahoo! Mail
> > - only $35
> > > a year!  http://personal.mail.yahoo.com/
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to
> > [EMAIL PROTECTED]
> > >
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
>
>
> __
> Get personalized email addresses from Yahoo! Mail - only $35
> a year!  http://personal.mail.yahoo.com/
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Local Director aka Pix Firewall ??

2001-03-06 Thread Medley, Tim 

Here's a wierd question. I've seen a few listings on ebay for Pix Firewall /
Local Director's

Do they share the same hardware platform, with just different software
images?

Or is it just a typo?

tim




I hear and I forget
I see and I believe
I do and I understand
 -Confucius


Tim Medley - CCNA, CCDA
Network Architect
VoIP Group
704-943-3615 - Phone
704-525-9119 - Fax
877-6-iReady - Helpdesk


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Fw: PIX Firewall Management Software

2000-11-28 Thread rejected mail 
Title: PIX Firewall Management Software




 
-Original Message-From: 
Fowler, Joey <[EMAIL PROTECTED]>To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>Date: 
Tuesday, November 28, 2000 5:05 PMSubject: PIX Firewall 
Management Software
After learning from OTJ experience and from another 
engineer, I've heard that instead of manually making changes line by line that 
there is some management software for the PIX. Does anyone know what it is 
called so I can get more info on it? 
Thanks, Joey Fowler

RE: Cisco Pix Firewall 515

2001-01-23 Thread hao vu 

1st thing I would do is to hit Cisco web site and search for the PIX info.;
and understand the PIX functionality.
Cisco site also has a great deal of tech and config details.

HTH

HV



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kevin O'Gilvie
Sent: Tuesday, January 23, 2001 11:03 AM
To: [EMAIL PROTECTED]
Subject: Cisco Pix Firewall 515


Thanks for the overwhelming response to my Total Virus Solution, You guys
are great!!

Now I have another issue we just purchased the Cisco Pix, I am a checkpoint
guy that kinda walked into this situation. Now i have the 515 sitting here
and with 2 ehternet interfaces. I need to set up VPN, IP Nat ( this company
is currently using all public IP's dont ask me why), and a security policy.
I am figuring that to complete my tasks I need another interface for my DMZ
zone ( i.e exchange , DNS, and Web severs).

What steps do you think I should take to complete this task?


Best Regards,

Kevin
_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall 515 Software Upgradation

2000-10-09 Thread Saravanan Elango 

Hi ,

I have a PIX Firewall 515 with PIX Firewall Manager Software Version
4.4(4).I would like to upgrade it to the latest version of 5.2(3). What is
the upgrade path for this?
How can i go about it?

Thanks
Regards
Saravanan Elango


**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Amount of PIX FIrewall supported

2000-10-21 Thread Jacques Allison 

HI all,

Can someone please tell me where I can find more information on the total
amount of PIX Firewalls that can be managed from one PIX Firewall Manager
server, and which protocol is used between the PIX Firewall and the manager
for changing the PIX configuration.

thanks a lot!!
Jacques
CCNP


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall amnger support totals

2000-10-25 Thread Jacques Allison 

Hi All,

Previously I posted a question about the total PIX firewalls that could be
manged by the PIX Firewall Manager software, and at last I stuble apon the
answer somewhere on the cisco website, namely:
http://www.cisco.com/univercd/cc/td/doc/pcat/fw.htm#xtocid251785
The answer is 10!!

Thanks for your replies.
Jacques Allison
CCNP


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

pix firewall, UFP and CVP

2000-11-15 Thread Langa Kentane 

Can you please tell me which UFP & CVP servers you can recommed for use with
the Cisco PIX.

We are considering the a move from Checkpoint Firewall-1.  Our currenct UFP
server is Websense & our CVP is Trend Viruswall.  We are trying to weigh the
options and want to see if it will be worth our while to move from FW-1 to
PIX.

Also, where can I find a demo of what you can actually do with Cisco
Security Manager.  I am actually looking for a live demo and not the
information that is on the CCO website, it is not enough.

Thank you kindly for taking time to read my mail

Langa Kentane [CCSE and a whole lot of other worthless rubbish]
Security Administrator
Discovery Health.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CSPM and PIX Firewall Ambiguity

2001-04-02 Thread kaushik khakhar 

Hi All, Cisco Secure Policy Manager CSPM - Enables one to define a GUI
based policy/topology. The program then uploads this policies to PIX
firewall and there is hindreds of line of configuration in PIX FW.  PIX
Firewall - can also be configured manually via command line. But theres
no way this can be uploaded to CSPM and realize the policy/topology from
configuration on PIX. Ambiguity remains, one does not know which commands
are generated by CSPM program after defining the topology. One cannot
upload the manually configured policy to CSPM. Can any one provide some
insight, as to how this ambiguity can be removed and synchrinise both.
Ofcourse, someone who have worked with both multiple times will be able
to help me. Many Thanks in Aniticpation Regards, KaushikTechnical
Consultant



Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall 520 [7:2372]

2001-04-28 Thread Ahmed Malkawi 

hi all,

I have Cisco Pix fire wall 520 , running software 5.0 (3)
I finished the setting of MS VPN server .
But ...
1- I would like to enable the VPN on the firewall  but I don't know how and
the exact commands ?
2- I have Local and DMZ ,where should I put the VPN server ?

Regards For All




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2372&t=2372
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX FIREWALL UPGRADE [7:5976]

2001-05-25 Thread Jônatas Amorim 

I'd be grateful if someone could help me solve this problem:

I have a PIX 520 in a customer network with the following show version 
command results:

pix# sh versh har

PIX Version 4.4(4)

Compiled on Thu 06-Jan-00 16:07 by pixbuild

pix up 2 days 3 hours

Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 349 MHz

Flash strata @ base 0x300

0: ethernet0: address is 00d0.b785.4f86, irq 11

1: ethernet1: address is 00d0.b783.e78a, irq 10

Licensed Connections: 128

Serial Number: 18029118



Please I'd like to know if in the case of a PIX software upgrade from a 
4.4(4)  to a 5.2(1) version, I will need a activation Key.

Note: As you can see with the show version command, actually the device does 
not have a activation key.

Thank in advance,

_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=5976&t=5976
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pix Firewall 515 [7:6301]

2001-05-29 Thread Scott Dees 

Questions on configuring the Pix Firewall 515.

1

I have an internal network that is using nat 1 on the inside interface
to access the internet.  My understanding of the pix is you have to nat your
addresses in order for the pix to protect them.  Should I use Nat 0 to
protect my external or public address and if so how should I set it up.

2
   I have a machine on the internal network that needs to be accessed from
the outside.  I have static mapped the internal address to a public address
and set up a conduit for the address also.  Isn't that the solution or am I
forgetting something.  I still can not access the unit.

Please advise I am lost

If you have any advice please let me know.

Scott




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=6301&t=6301
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX firewall features [7:7525]

2001-06-07 Thread kathy_chen 

Hi, Does PIX has the feature that can block certain mail attachment like
.vbs, .exe?

Thanks

Kathy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7525&t=7525
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX Firewall [7:9295]

2001-06-21 Thread Nabil Fares 

You can use the route statement to force specific networks to go out
different interfaces.  You can't use the PIX to load-balance for you, I
wouldn't even go that route!  Let the pix do its job, protecting your
network!

HTH,

Nabil

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 21, 2001 6:17 AM
To: [EMAIL PROTECTED]
Subject: PIX Firewall [7:9295]


Dear All,

I am having PIX-515UR with 3-10/100 Ethernet ports, I have 2-ISP's which are
connected to 2-different 2500 series Routers.Can I terminate RJ-45
interfaces from Router on PIX Firewall, how will Pix decide on which Router
the packets are to be send.
Please Help.
Thanks in advance
Sanjeev Tyagi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9315&t=9295
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX Firewall [7:9295]

2001-06-21 Thread Kent Hundley 

Sanjeev,

Option #1 (recommended): Set up HSRP on the 2 2500 routers and point the
default route for the PIX to the HSRP IP address.  Setup BGP peering on each
2500 so that the routers peer with each respective provider and each other.

Caveats: The max RAM on a 2500 series router is 16MB, this is certainly not
enough to take full Internet routes from one peer, much less from multiple
peers.  You may be able to have your providers send you a set of routes
containing only their directly connected customers and a default route.

Depending on the provider, this may still be too many routes to hold in 16MB
of RAM.  If so, you will be stuck with simply receiving a default route from
each provider.  In this scenario, all  traffic leaving your site will exit
from the primary HSRP router, although it may return via the backup HSRP
router.

The 2500 series routers are really not a good choice for the scenario you
are describing.  If you want load-sharing of any type, you'll need routers
that will take more RAM to hold full BGP route tables.  At least a 2600
(64MB) or, preferably, a 3640 (128MB).

Option #2: Take full BGP routes from the providers as described in option#1
(with the caveat that you'll have to upgrade your routers) and then
redistribute your BGP routes into RIP and send the RIP routes to the PIX.

Caveats: Generally speaking, redistributing BGP routes into an IGP is not
considered to be a good idea.  The advantage of this approach is that
provided the PIX has enough memory for all of these routes, it will know
specifically which router it needs to go to for each destination on the
Internet.

I've never seen this done, and I only mention it for the sake of
completeness.  If it were my network, I would not do this although it is
theoretically possible and should work, I think some variation of option #1
is the much preferred way to go.

Please keep in mind my comments about the amount of RAM required for your
routers.  If you tell your provider to send you full BGP routes to your 2500
and your router crashes and your network is down, don't blame me. ;-)

HTH,
Kent



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 21, 2001 3:17 AM
To: [EMAIL PROTECTED]
Subject: PIX Firewall [7:9295]


Dear All,

I am having PIX-515UR with 3-10/100 Ethernet ports, I have 2-ISP's which are
connected to 2-different 2500 series Routers.Can I terminate RJ-45
interfaces from Router on PIX Firewall, how will Pix decide on which Router
the packets are to be send.
Please Help.
Thanks in advance
Sanjeev Tyagi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9394&t=9295
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Firewall [7:9295]

2001-06-21 Thread Rob Smyth 

I wouldn't recommend a direct termination with a cross-over.
They should be plugged into a switch.
I have had problems in the past with 7200 series Routers plugged directly
into the PIX, interfaces tend to go up and down.

If I am not mistaken you can have only one default gateway.

You can specify traffic to other networks using Routes on the interface, the
Pix is a Firewall, not a router or switch.

You could also get an ASN number and run BGP to your ISPs, do a little
subnetting and specify that traffic coming from the lower half goes out one
t-1 and the upper out the other.  This would be based on your static from
the Pix.

Something I have done in the past is set up 2 PIX and split the network out.
One out PIX1 and the other out Pix 2.

If anyone else has suggestion please let me know, I am very interested as
well.

Robert C. Smyth
- Original Message -
From: "sanjeev tyagi" 
To: 
Sent: Thursday, June 21, 2001 5:17 AM
Subject: PIX Firewall [7:9295]


> Dear All,
>
> I am having PIX-515UR with 3-10/100 Ethernet ports, I have 2-ISP's which
are
> connected to 2-different 2500 series Routers.Can I terminate RJ-45
> interfaces from Router on PIX Firewall, how will Pix decide on which
Router
> the packets are to be send.
> Please Help.
> Thanks in advance
> Sanjeev Tyagi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9337&t=9295
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall authentication [7:35947]

2002-02-20 Thread sajith nair 

Hi,
I have a customer with Proxy server and he want to
replace it with PIX.The customer want to authenticate
all users before they access internet.Whether the PIX
can support authentication thru a normal Windows NT
server than going thru a Radius/Tacacs server?I talked
with Cisco TAC and they told it is possible.But I am
confused.Can anyone of you can guide me please.
Thanks in advance.
Saj

__
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35947&t=35947
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Another PIX firewall Question

2000-07-21 Thread NoOneYouKnow 

Assuming you are using NAT, is your global (outside) address range large
enough to handle all of the users? If not, be sure to include a global
command, in the same NAT group, with a single address for overflow.

Check out the "Basic Two Interface Configuration" at
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v42/pix42cfg/p
ix42exs.htm

---JRE---



""Samuel Rey"" <[EMAIL PROTECTED]> wrote in message
8la3op$bi3$[EMAIL PROTECTED]">news:8la3op$bi3$[EMAIL PROTECTED]...
> Occasionally, I have users complain that they no longer can access the
> internet.  It seems to happen randomly with different users.
> If I perform a
> clear xlate
> it immediately clears the problem.  Obviously, I don't want to have to do
> this every time.
> Any ideas on what I could do to prevent this seemingly random problem.
> Thanks
>
>
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Pix Firewall Password Recovery

2000-08-28 Thread Art Davis 

I've had to use a special floppy for both LocalDirector and Pix password
recovery. You make the disk with a file in the Software Center.
If you crack the case open you'll see it's just a PII motherboard, with an AGP
slot!




"Fowler, Joey" <[EMAIL PROTECTED]> wrote:


I've been told be someone who attended the Cisco training course on PIX that
to do a password recovery on one you have to send it to Cisco for them to do
it. However looking on Cisco's Web site I found the Password Recovery
Procedure for PIX. The only one I have access to is in production so I can't
"test" this out. Comments will be appreciated.


Thanks,
Joey Fowler



Arthur Davis
Network Engineer
Altra Energy Technologies



Get free email and a permanent address at http://www.netaddress.com/?N=1

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix Firewall Password Recovery

2000-08-28 Thread Guyler, Rik [EESUS] 
Title: Pix Firewall Password Recovery



I have 
done the PIX password recovery per CCO and can confirm that it does indeed work 
as stated.  The only "gotcha" I can think would be a problem is knowing the 
correct PIX OS version running on the box.
 
Rik 
Guyler

  -Original Message-From: Fowler, Joey 
  [mailto:[EMAIL PROTECTED]]Sent: Monday, August 28, 2000 10:31 
  AMTo: [EMAIL PROTECTED]Subject: Pix Firewall Password 
  Recovery
  I've been told be someone who attended the Cisco 
  training course on PIX that to do a password recovery on one you have to send 
  it to Cisco for them to do it. However looking on Cisco's Web site I found the 
  Password Recovery Procedure for PIX. The only one I have access to is in 
  production so I can't "test" this out. Comments will be 
  appreciated.
  Thanks, Joey Fowler

RE: PIX Firewall user connections

2000-08-29 Thread Gils 

They mean the number of concurrent connection.


GIL
CCNA/CCDA

-Original Message-
From: Hans Stout [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 29, 2000 1:11 PM
To: [EMAIL PROTECTED]
Subject: PIX Firewall user connections


Hi colleagues,

I have a question regarding the PIX Firewall: when they mention the number 
of user connections, what does that actually mean ? Does e.g. the 520 model 
allow 250,000+ user to be connected simultaneously ?
Also, the new 506 PIX model does not specify the number of user connections 
allowed, does this mean that there is no limit ?
Thanks for your help in advance.

Georg Pauwen
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
This email was scanned using ESPG @ PubliCom Haifa.

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX Firewall user connections

2000-08-29 Thread Guyler, Rik [EESUS] 
Title: RE: PIX Firewall user connections





A connection does not equate to a single user.  Actually, a single user can spawn many connections depending on the application he/she is using to cross the firewall.  I have seen Internet Explorer spawn 5 or 6 connections to the Internet for example.  Definitely keep this in mind when ordering your PIX!

Rik Guyler


-Original Message-
From: Hans Stout [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 29, 2000 7:11 AM
To: [EMAIL PROTECTED]
Subject: PIX Firewall user connections



Hi colleagues,


I have a question regarding the PIX Firewall: when they mention the number 
of user connections, what does that actually mean ? Does e.g. the 520 model 
allow 250,000+ user to be connected simultaneously ?
Also, the new 506 PIX model does not specify the number of user connections 
allowed, does this mean that there is no limit ?
Thanks for your help in advance.


Georg Pauwen
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.


Share information about yourself, create your own public profile at 
http://profiles.msn.com.


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX firewall with VPN config

2000-05-09 Thread PK 

Does anyone have a sample config for a PIX firewall with client VPN running?
I'm trying to set up a test PIX with sw 5.03 and the Cisco Secure VPN client.
I need a config that works. Please just email it to me (please replace any IP
addresses and names with 's to protect the confidentiality). Thank you.

Paul




Get your own FREE, personal Netscape WebMail account today at 
http://webmail.netscape.com.

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Firewall show connection counters

2000-05-25 Thread Cisco Wave 

Hello There,

Is there any commands to clear the counters on a PIX ?
I amtrying to reset to 0 the numbers displayed by
"show connections".

It seems, the only way is a F/W reboot, to clear the
`show connections` counters in order to monitor max
number of TCP/IP connection through the PIX 

Does anybody have a clue on this one ?

Thank you,




=
We are NOT Cisco Inc.

__
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IPSEC through a PIX firewall

2000-06-06 Thread Stan Hoffman 

Hi, All,

  I recently had cause to connect a client inside our private
network(10.x.x.x) through a PIX with static NAT.  I already know of the
issues with PPTP (at least, the MPPC implementation) and NAT. However,
this instance was between an NT box running client software and a Nortel
Contivity (not our choice, client supplied gear).  The interesting point
was that the only way we could find to allow the IPSEC connection was to
open ALL IP traffic, between the two, at the PIX.

  This was apparently because (and I confirmed this with TAC) the PIX does
not allow the declaration of AH or ESP protocol permit statements. TCP,
UDP, GRE, ISAKMP,... but no joy with protocol 50 or 51 (not to mention
SKIP for the UNIX folks out there ).

  I was wondering if anyone else out tyhere has fought this dragon?  TAC
hinted that this "small oversight" might be corrected in a future release
of the IOS.

Thanks in Advance,

Stan M. Hoffman, MCSE, CCNA
Senior Network Engineer
Rare Medium
Houston, TX




 smime.p7s

Re: Pix Firewall Syslog server

2000-06-09 Thread Duncan Maccubbin 

http://www.cisco.com/cgi-bin/tablebuild.pl/pix

At 01:08 PM 6/9/00 +0200, Mauro Conosciani wrote:
>Hi everybody!!! does anyone know where it's possible to download the
>PFSS ??? I had a quick tour in the CCO but.no way to get it?? I know
>It's a no charge sftwre.
>Cheers
>
>___
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

===
Duncan Maccubbin | [EMAIL PROTECTED]
Senior Network Engineer
MCP+I,MCSE,CCNA,CCDA,CCNP
CapuNet, LLC - Corporate Internet Solutions
(301) 881-4900 x8039
=== 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Need help on PIX Firewall

2000-06-09 Thread lee 

Hi all, my pix firewall has 4 interfaces, 1st interface use for outside
(external), 2nd interface for inside (internal), 3rd interface for dmz1, 4nd
interface for dmz2. No NAT is necessary for this network design. the
security level for each of the interface is :

outside - security0
dmz1 - security10
dmz2 - security20
inside - security100

actually my customer only has one LAN need to be access by outside world
(internet) which is connected to inside interface of pix firewall. The rest
of LAN is not suppose to have connectivity to outside world. Am I configure
correctly for this network design ???

Another question, how to enable the rules for two different security level
network ??


rgs
lee


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: quick pix firewall question

2000-06-27 Thread gwakin 

try CTRL + Q... works in Hyperterm...

GWA

Antonio Marfil wrote:

> what is the pix firewall 5.0 equivalent of hitting  +  on a
> cisco router to break out of a long 'show' command?   +  does
> not work.
>
> thanks in advance for your help.
>
> tony
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX firewall version 4.4

2000-07-06 Thread Michael Losa 

If you want to keep your FTP server on the Inside
network of the PIX you need to do a few things.  I am
assuming you already have access through the PIX.

1) If your private network does not use valid Internet
addressing (i.e. an 10.0.0.0 or 192.168.0.0 subnet or
a non-registered address, AKA using Network Address
translation or NAT) then you must build a static
through the PIX.  This allows an Inside address to
have a specified Outside address.  
Syntax:

static (Inside, Outside) x.x.x.x y.y.y.y

where x.x.x.x is your registered outside address and
y.y.y.y is your unregistered Inside address.  The
syntax is confusing b/c you have the key words Inside,
Outside but then the addresses are outside then
inside.  This is why you here PIX people walking
around mumbling Inside, Outside Outside, Inside.  But
I digress.

2) Next you need to allow acces through the PIX box,
since PIX is a stateful box and will not let any
traffic through it unless it was asked for.  To do
this you need to build a Conduit.
Syntax:

conduit permit tcp host x.x.x.x eq ftp any

This will allow TCP connections on the FTP ports (20,
and 21) to access x.x.x.x.  Where x.x.x.x is your
registered OUTSIDE address.  The any at the end of the
statement allows any address through to your FTP
server.  You could filter access and allow only
certain address through, I don't know what use your
FTP server is for.


This should get the job done.  If you have any further
issues let me know, I would love to help.

Michael Losa
CCNA


--- "Shumake, Derrick" <[EMAIL PROTECTED]>
wrote:
> Can anyone help me with a PIX 4.4 box.  I am trying
> to setup FTP through my
> firewall.  What is the correct commands to use? As
> in the conduit command.
> thanks in advance.
> 
> 
> NETIGY
> The World's premier Architect of eBusiness-Ready
> Networks
> 5445 DTC Parkway, Penthouse Four
> Englewood, CO  80111
> http://www.netigy.com
> 
> 
> 
> ___
> UPDATED Posting Guidelines:
> http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX firewall version 4.4

2000-07-06 Thread NoOneYouKnow 

"Michael Losa" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
[snip]
> This is why you here PIX people walking
> around mumbling Inside, Outside Outside, Inside.  But
> I digress.

LOL.

You know, I distinctly remember mumbling this to myself after setting up my
first PIX and then trying for the next hour to figure out why the blasted
thing wouldn't let any traffic through - even though everything 'looked'
right, of course.

---JRE---



___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX firewall [7:62761]

2003-02-10 Thread Priscilla Oppenheimer 
hanan wrote:
> 
> Hello
> 
> Could you please tell me in the PIX Cisco firewall their
> clients need to be
> firewall clients or not?

PIX isn't a client/server architecture. Firewalls generally aren't. The term
"firewall client" isn't used usually.

PIX is a network firewall that protects an inside network from the outside.
It examines all TCP/IP traffic, in and out. It doesn't care who is sending
the traffic. It works on any ordinary network where the clients and servers
run a variety of operating systems.

Now, if you are concerned with VPNs, then the terms client and server do get
used.

I think it's still true, though, that PIX would work with a variety of VPN
clients. Someone correct me if I'm wrong. Thanks.

Priscilla

> 
> Hanan
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62768&t=62761
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Homebuilt Pix Firewall [7:42022]

2002-04-19 Thread netman 

Has anyone had any luck building a home built Pix Firewall?

I saw mention of this back in September, but never saw the instructions. I
have searched on Deja and found posts referring to the Franken-pix but they
don't contain very much information.

I have the Intel Nics that were mentioned in many posts (model 82557), the
Intel Motherboard suggested (on order) and the 2mb Pix flash card that I had
left over when I switched to a 16 meg flash.

Any help would be appreciated.

Thanks

Don




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42022&t=42022
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

  1   2   3   4   5   >