Isn't there an implicit deny at the end of your access list?
access-list acl_ping permit icmp any any
Should you add the following to permit http traffic at least. You will
probably need dns resolution as well.
access-list acl_ping permit tcp 80 any any
-Original Message-
From: Pierre
We have two remote offices that use Appletalk over a Frame-Relay line
currently. I will be installing Pt-2-Pt lines in each office giving them
each local ISP access to the Internet. I would like to use a Cisco PIX
in each office to establish an IPSEC tunnel between the two. The
clincher is how to
take advantage of the clients local ISP connection
for unknown IP requests that are not in our split tunneling list.
-Original Message-
From: John Chang [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 30, 2001 1:56 PM
To: Gibb, Jake; [EMAIL PROTECTED]
Subject: RE: VPN client, PIX
Don't enable split tunneling on the concentrator for that grop when
using the Cisco VPN client or simply route all traffic through the VPN
tunnel.
-Jake
-Original Message-
From: John Chang [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 30, 2001 1:29 PM
To: [EMAIL PROTECTED]
Subject:
er [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 29, 2001 3:46 PM
To: '[EMAIL PROTECTED]'
Cc: Gibb, Jake
Subject: RE: VPN back door
I recently installed a VPN at work (city goverment). You would be much
better off disabling split-tunneling at the concentrator level rather
than tryi
VPN could be considered a backdoor. If Joe User has a broadband
connection at home with no firewall or local client firewall installed
then when he/she connects to your VPN that is essentially a conduit for
attackers to potentially compromise. This is an issue that I am dealing
with now. Ciscos VP
You can also do "ca zeroize rsa" to clear the key then do "ca gen rsa
key 512" to generate a new one. Just make sure your souce IP your
connecting from is correct. Try turning on debug like "debug crypto
ipsec|isakmp|ca" to determine what is being rejected.
-Jake
-Original Message-
From
For example
ssh 1.1.1.1 255.255.255.255 outside
That should do it.
-Jake
-Original Message-
From: Hansraj Patil [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 16, 2001 12:21 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX 6.1(1) SSH to outside [7:26502]
Don't to have specify client IP
Has anyone used Ciscos VPN monitoring software? We have a handful of
tunnels that we need remote management for..
-Jake
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=26235&t=26235
--
FAQ, list archives, and subscription info:
Sorry...
-Jake
-Original Message-
From: Stephane Wantou Siantou [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 25, 2001 12:50 PM
To: [EMAIL PROTECTED]
Subject: Configuring hyperterminal to configure a Cisco router [7:24133]
Hi everybody,
I have a Cisco router and a hyperterminal.
Tried that. He heh
;)
-Original Message-
From: Ouellette, Tim [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 25, 2001 1:13 PM
To: Gibb, Jake
Cc: '[EMAIL PROTECTED]'
Subject: RE: IP database application [7:24128]
wordpad?
Sorry, couldn't resist.
> ---
This should get you started.
-Jake
-Original Message-
From: Stephane Wantou Siantou [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 25, 2001 12:50 PM
To: [EMAIL PROTECTED]
Subject: Configuring hyperterminal to configure a Cisco router [7:24133]
Hi everybody,
I have a Cisco router
Does anyone have a good app for maintaining IP address information
besides excel or notepad?
Jake Gibb
Kroll Senior Network Engineer
615.345.9880 (Office)
615.394.7887 (Cell)
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=24128&t=24128
---
That's great! Thanks!
-Jake
-Original Message-
From: Chris Theiss [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 25, 2001 9:17 AM
To: Gibb, Jake
Cc: [EMAIL PROTECTED]
Subject: Re: WIC-T1 crossover? [7:24095]
If you have the tools, you can make a T1 crossover cable pretty e
Is it possible to take a WIC-T1 card used in a Cisco 1600 and somehow
make a crossover cable to connect to another 1600 with a WIC-T1
simulating a serial link (PPP, Frame-Relay, etc.)
-Jake
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=24095&t=24095
15 matches
Mail list logo