VPN ProtocolPort
GRE Not usedNot used
PPTPTCP 1723
L2F UDP 1701
L2TPUDP 1701
IKE UDP 500
ESP 50
AH 51
Note that AH and ESP
I have set up an IPSec/GRE VPN with EIGRP and am having problems getting the
ISDN backup to work correctly. Has anyone been able to do this
successfully. Thanks, Rob
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72424t=72424
any one seen this before
Attempting to specify an Aggregate Group reservation [ 961150977 bps ] on
Group
[ 193.128.x.x] Interface [ 2 ] which is outside the range of a minimum of [
8000 bps ] to a maximum of [ 1 bps ] (note: the true max is
dependant u
pon the interface link rate to
maybe your trying to resv nearly a gbps on a 100mbps interface.
Its telling your smallest is 8kbps, largest is 100mbps.
Looks like nothing to do with MTU, just simple math. How can
I RESERVE more than I can possibly trasmit at once ?
Message Posted at:
Hi GS,
Does anyone know off hand whether you can authenticate a group on a Cisco
vpn concentrator (3030) with digital certificates and the user with Secure
ID?? So far I can do one or the other as it seems that the although the SDI
server authenticates a user it is configured at group level
I am getting ready to roll out the Cisco VPN client (3.6.4) and looking for
tips on the easiest way to do this. I currently have it on a FTP site and
setup as a self extracting file that extracts to c:\temp and then launches
setup.exe automatically.
Now for the profile I want people to use. I do
If you place the profile .pcf files in the same location as setup.exe, in
your temp directory, then setup will automatically install them. If you run
a silent install it makes it really easy.
Doug Korell wrote:
I am getting ready to roll out the Cisco VPN client (3.6.4) and
looking for tips
You can 'push' the .pcf file profile during the install with a
simple batch file, or via the .ini file utility that comes with
the client.
the best way, is setup a vpn package, with silent install. It will
install and reboot the clients.
The group user/name is encrypted in the pcf file, so I
I agree about either way of setting up the profile is not secure. My
thinking is if they know the group username and password, they can call up
their buddy and tell them it. But if I never give it to them, then they need
to know a little bit about the client and where that information is kept.
Hi,
Does anyone know if HSRP would be appropriate in the following scenario?
ROUTERA with T1 to corporate office
ROUTERB with IPSEC VPN to Corporate only used as a backup path in case the
T1 on ROUTERA fails
Is there any reason that this will not work or has anyone had experience
in the following scenario?
ROUTERA with T1 to corporate office
ROUTERB with IPSEC VPN to Corporate only used as a backup path in case
the
T1 on ROUTERA fails
Is there any reason that this will not work or has anyone had experience
with this type of situation?
--
David Madland
If router A anb B share an ethernet then sure HSRP was designed
exactly for this scenerio
Dave
Dain Deutschman wrote:
Hi,
Does anyone know if HSRP would be appropriate in the following scenario?
ROUTERA with T1 to corporate office
ROUTERB with IPSEC VPN to Corporate only used
Hi all,
I have a problem on an hub and spoke IPSEC VPN.
There are two 827H connected to a 1721 acting as an hub, configured to make
two VPN IPSEC tunnel. All seems to run correctly ( IPSEC SA are up, I can
ping from 827 to 1721 and from 827 to 827 ), except I have problem only with
some
]
Subject: MTU size on Hub and spoke IPSEC VPN [7:71978]
Hi all,
I have a problem on an hub and spoke IPSEC VPN.
There are two 827H connected to a 1721 acting as an hub, configured to make
two VPN IPSEC tunnel. All seems to run correctly ( IPSEC SA are up, I can
ping from 827 to 1721 and from 827 to 827
I have a cisco vpn client tunnel from my computer to a PIX Firewall. I
had set a pool of IP addresses in the PIX for all the remote vpn clients.
I would like to Print to my local printer that is connected to my PC and I
cannot.
has anybody got it working
Do you have the Local LAN access option checked under
properties?
Erick
--- johnman johnman wrote:
I have a cisco vpn client tunnel from my computer
to a PIX Firewall. I
had set a pool of IP addresses in the PIX for all
the remote vpn clients.
I would like to Print to my local
I also once played with the VPN client. I read something that the VPN client
doesn't support broadcasts. This may not be your problem, but just something
to remember.
Regards,
Janó
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71730t=71690
Spencer,
I asked our ANS rep and the Cisco NetPro group the same question back in
March. There were two things that I could have done.
You should be able to ask Cisco for the bin file. Check with your account
rep to see if they can get the file for you. If not there is a backout plan
authored
Does anyone have 3.5.5 software for a 3005. We are
trying to go to 4.01 and we need to have the bin file
for a backout.
Thanks.
=
Spencer Plantier
Internet Solutions Engineer
Cell 919-606-0049
__
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
Simple search via Cisco's home page for 'router to router vpn' yielded
the following:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_e
xample09186a008009448f.shtml
or
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_e
xample09186a00800949ef.shtml
Can anyone point me to some in depth but simple documentation on setting up
a point to point encrypted link between a 1603 and a 2514?
Justin
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70775t=70775
--
FAQ, list archives, and
to the Switch which connects to the DSL modem.
The PC has Cisco VPN client installed and can connect to the Head-office
where the VPN concentrator is. Now for the IP Phone, how will it connect,.
It will have a private IP address but , doesn't have a VPN client like the
PC has. What is the solution
and the IP
phone
connect to the Switch which connects to the DSL modem.
The PC has Cisco VPN client installed and can connect to the Head-office
where the VPN concentrator is. Now for the IP Phone, how will it connect,.
It will have a private IP address but , doesn't have a VPN client like the
PC has. What
The best solution for this would be a hardware VPN client so both devices
can take advantage of the VPN tunnel or use a router and terminate it on the
VPN concentrator, the hardware client is a no-brainer to setup.
Dave
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED
and the IP
phone connect to the Switch which connects to the DSL modem.
The PC has Cisco VPN client installed and can connect to the
Head-office where the VPN concentrator is. Now for the IP Phone, how
will it connect,. It will have a private IP address but , doesn't
have a VPN client like the PC
Can I ask a question, my VPN client 3.6.4 (Rel) and 3.6.x can't connect to
VPN3000 concentrator and only to my PIX515. I have to use VPN client
version 3.5.4 in order to connect to VPN3000 and PIX 515. Why??
FYI.. my VPN3000 info is
Cisco Systems, Inc./VPN 3000 Concentrator Version 4.0.1
how to set the access method? PPTP/IPSEC/L2TP? in the VPN client software
itself???
Have you typed in the group password correctly ?
Yes.. the password is correct, try many time
From: John Brandis
To: 'Richard Campbell'
Subject: RE: VPN clinet 3.6.X can't connect VPN3000? [7:70589]
Date: Fri
Hi,
I've got an existing vpn between a pix 515 and a netscreen box. the SA is
up and idle, i can ping across it no sweat but Im getting the following in
my log buffer...
identity doesn't match negotiated identity
any thoughts?
tia,
Rusty
Message Posted at:
http://www.groupstudy.com/form
so i found a reference to acl's not matching. the netscreen doesn't appear
to have one (but that's not confirmed yet). More news to follow.
-Original Message-
From: Wilmes, Rusty
Sent: Wednesday, June 11, 2003 4:01 PM
To: [EMAIL PROTECTED]
Subject: pix netscreen vpn [7:70547]
Hi
Hey Group
I have a Cisco 3005 series concentrator box configured to run between my
Externel router and Checkpoint firewall such that:
INTERNET Router --- VPN 3005 Checkpoint--LAN
This is one segment of my network. On another segment of the network I have
a Juniper M20 router
, but all
the study guides are focused on the old exam. For those who took the
beta, can you give me any guidance on these three topics - VPN, QoS and
Traffic Shaping. I'm not looking for anybody to break the NDA, I just
want to know how deep I need to go, and if there are any good links
Hi.. Group. Me again, I solved my no traffic pass thru problem but
PIX-PIX link hang problem still there. After I added my remote VPN client
config in my PIX, my PIX-PIX link to HK and Tokyo will hang after 10 hours.
Any one know what is the problem?
Below are my sh crypto isakmp sa result
Hi.. Daniel and Group.. Thanks a millions..!! I SOLVED the issue. It was
bcoz I installed Two different VPN clients in my PC. 1)VPN Systems VPN
client 3.6.4 2)Cisco Secure VPN client (Safenet). I uninstall both and
reinstalled # 1 only. I can connect to LAN now.
I have some extra questions
server but why no traffic
can pass to LAN after get connected? I saw the traffic statistic of VPN
client increase but I can't connect to any thing on the LAN. Why?
P/s: why you suggest to change from crypto map from 30 to 35 ?
David Tran II wrote:
After looking at your configuration, you need
question, you could remove it temporarily for testing.
2) Is the Client installed on a PC that has a software firewall or the PC is
behind a firewall? If so, check the settings there.
3) You are using VPN Client software 3.6 or thereabouts?
4) You mentioned that you changed your transform set
]
Sent: Thursday, June 05, 2003 4:05 PM
To: [EMAIL PROTECTED]
Subject: VPN authentication [7:70186]
Hi,
I hope that someone can help me with this, let me explain.
We have a remote site A with isdn dialup to the coporate vpn concentrator
we have a dumb box aka WYSE terminal ie thin client
I'm trying to get ready to take the new BCRAN when it comes out, but all
the study guides are focused on the old exam. For those who took the
beta, can you give me any guidance on these three topics - VPN, QoS and
Traffic Shaping. I'm not looking for anybody to break the NDA, I just
want to know
: =?iso-8859-1?q?maine=20dude?=
Subject: RE: VPN authentication [7:70186]
To: Bosco Sachanandani
In-Reply-To:
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
Content-Length: 1711
X-Converted-To-Plain-Text: from multipart/alternative by GroupStudy
X
Hi,
I hope that someone can help me with this, let me explain.
We have a remote site A with isdn dialup to the coporate vpn concentrator
we have a dumb box aka WYSE terminal ie thin client
this is connected to a switch
the switch is connected to a 1700 router with wic bri
we want
line when I send to u. It
was no-nat in my config not nonat
nat (inside) 0 access-list no-nat
Besides, I want to discussing about the PIX-PIX hang problem (not
immediately) after I add in additional config for remote VPN client. I
suspect it is caused by change the following line from
crypto
Firewalls by Richard Deal, Osborne McGraw Hill, ISBN 0072225238
I'd suggest you buy both.
-Original Message-
From: Steven shinnick [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 10:56 PM
To: Daniel Cotts; [EMAIL PROTECTED]
Subject: RE: VPN client can connect but no traffic can pass [7
I had installed a VPN client in home PC to connect to PIX in my company. It
can connect and get authenticated and login. But I can't ping and talk to
any PCs in my company. why?? I specify the IPPOOLS in my PIX config. It
means my VPN client will get these IP right? But how about subnet mask
I am always suspicious of mtu differences, or mtu discovery via icmp being
blocked..
Brian
The path to a desireable destination
is often more difficult than the path to stay where you are.
On Tue, 3 Jun 2003, Steven shinnick wrote:
I had installed a VPN client in home PC to connect
Hey!! Do you know where can I download older version VPN 3000 client (ver
2.5) ? I can't find it in cisco website anymore
Thanks!!
Greg
-
Do you Yahoo!?
Free online calendar with sync to Outlook(TM).
Message Posted at:
http://www.groupstudy.com/form
See inline below.
Richard Campbell wrote in message
news:[EMAIL PROTECTED]
Hi.. Group, I just successfully connect to home VPN client 3.X to my
VPN 3000 concentrator in my HQ in NY, but now I want to use it to connect
to my PIX 515 in my local branch as well. May I know
1)Whether I can use
to group 2 and hash md5 as well.
isakmp policy 10 hash md5
isakmp policy 10 group 2
From: Daniel Cotts
To: 'Richard Campbell' , [EMAIL PROTECTED]
Subject: RE: connect home VPN client to PIX 515 [7:69932]
Date: Sat, 31 May 2003 21:20:51 -0500
The following config works. If you have other VPNs
Hi.. Group, I just successfully connect to home VPN client 3.X to my
VPN 3000 concentrator in my HQ in NY, but now I want to use it to connect
to my PIX 515 in my local branch as well. May I know
1)Whether I can use the same VPN client (which connect to VPN3000 conc)
to connect to my PIX 515 ?
2
All,
I'd try this myself if I had a router at my fingertips...
1. I'd like to apply LLQ for my VoIP traffic over a site to site VPN using
Cisco's Modular QoS technique. Will the router bark if I try to apply my
output service policy to the tunnel interface? Or do I need to apply
I am having trouble tring to connect to our corp lan. I have a windows 2000
vpn server and have verified that it works internally. The problem I face
is setup on the cisco 2611. How do allow gre port 47 to pass through the
router. I believe this is the issue. The Cisco IOS Release is 12.1(5
]
Sent: Tuesday, May 27, 2003 5:18 PM
To: '[EMAIL PROTECTED]'
Subject: Easy VPN
Has anyone used a PIX and 1700 for Easy VPN configuration. I.E. PIX as the
server and 1700 as remote device
[GroupStudy removed an attachment of type text/x-vcard which had a name of
Greg Owens Jr ([EMAIL PROTECTED
try
access-list 124 permit gre any host 192.168.1.180
GRE is it's own protocol.
-Original Message-
From: Steve Collins [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 9:47 AM
To: [EMAIL PROTECTED]
Subject: Windows VPN through Cisco 2611 HELP!!! [7:69788]
I am having trouble
Some off-the-cuff comments.
1) I don't know all the ports that you should have open.
2) In ACL 124 you are permitting gre to your Ethernet interface address -
which in turn is NATed by port to several inside hosts. You are not being
specific enough about which box is the vpn server. Can you
PIX 515
PIX Version 6.3(1)
interface ethernet0 10full
interface ethernet1 10full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname HQ-PIX
domain-name xxx.org
fixup protocol ftp 21
fixup
I tried that and still no go. Thanks anyway. Any other ideas?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69830t=69788
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct
the reason i'm setting this up is to eliminate pc anywhere and the ip
addresses on the post are bogus. The inside nat address of the vpn server
is 192.168.1.180. I also have another nic with a public address. What is
the point of two nic cards? this may be a stupid question but should
Steve,
we have a public address that gets natted to the private address of our pptp
server. external users open a vpn session to the external address then the
pix nats it to the internal address. an inbound access list on the outside
interface permits gre and tcp 1723 hosts external address
Mary,
Ok I see your configs.
Can I ask how you have this set up?
PIX's, routers etc and how they are connected.
My initial concern is that some of your external ip's are private
(192.168.1.2) on PIX506.
Try this test first of all to ensure basic connectivity from the command
line of each PIX
Maximus wrote:
oops i meant gre.
replace esp with gre; should read:
access-list 124 permit gre host (insert external vpn nic IP
address) host 216.100.100.130
try:
access-list 124 permit gre host (insert external vpn nic IP
address) host
216.100.100.130
- Original Message
Hi.. Group
From the VPN concentrator Web interface--Administration--Software
Update--Clients page, I found a VPN clients upgrade page for various
groups.
But I don't understand what is mean. What I know the VPN client is the
software that we install at the client PCs at home, how do we
Richard,
It does seem a bit confusing at first. This is what I have found. There
are 2 different types of clients. The clients are, software client on a PC,
software upgrade to the hardware client VPN3002. The upgrade option
points at both of them but in different methods.
The VPN
Hi.. I am new to this VPN 3000 concentrator. I want to ask if I have a VPN
3000 concentrator device in NY. Can I connect my VPN client in London to
it? What info do I need? Just the external IP of the VPN server and VPN
client group name + password? Is the VPN client free for download
Trying to config PIX 506 to PIX 515 for basic VPN/IPSEC/LAN/LAN
connectivity. Took the configs straight off the Cisco site but I cannot
establish my tunnel at the ISAKMP level. Trying to ping from LAN to LAN.
Getting the following error message from debug crypto isakmp:
HQ-PIX#
ISAKMP (0
Trying to config PIX 506 to PIX 515 for basic VPN/IPSEC/LAN/LAN
connectivity. Took the configs straight off the Cisco site but I cannot
establish my tunnel at the ISAKMP level. Trying to ping from LAN to LAN.
Getting the following error message from debug crypto isakmp:
HQ-PIX#
ISAKMP (0
To the first part of your question, yes, that is it basically. If you are
using the Cisco VPN client, you will enter the group name and password under
the Authentication tab. You can also use the VPN client that is built
into Windows, in which case you do not need the group name and password
Hi,
Can you post your two configs (remove private info if required)?
Regards
Paul
Mary Kvitashvili wrote in message
news:[EMAIL PROTECTED]
Trying to config PIX 506 to PIX 515 for basic VPN/IPSEC/LAN/LAN
connectivity. Took the configs straight off the Cisco site but I cannot
establish my
Hello people,
I have problem with Client VPN Windows XP and NAT Cisco.
When I try connect to Server PPTP Windows 2000 Server, the client return an
ERROR 721.
The mysterious, if I use client vpn in Windows 98,ME,2000, there isn't
problem with connection.
Too If I use Windows XP and router 3com
Has anyone used a PIX and 1700 for Easy VPN configuration. I.E. PIX as the
server and 1700 as remote device
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69608t=69608
--
FAQ, list archives, and subscription info: http
I know it is the PIX. I really need a Server config. The Remote is simple.
Greg Owens
202-398-2552
fax 202-399-7690
-Original Message-
From: Elijah Savage [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 27, 2003 8:00 PM
To: Greg Owens Jr; [EMAIL PROTECTED]
Subject: RE: Easy VPN [7
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 27, 2003 5:18 PM
To: [EMAIL PROTECTED]
Subject: Easy VPN [7:69608]
Has anyone used a PIX and 1700 for Easy VPN configuration. I.E. PIX as
the
server and 1700 as remote device
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69617t=69608
I have found it easier, and perhaps easier to audit, if you have the VPN
box reside in parallel on the outside, but terminate the inside of the
VPN box in one of your firewalls' DMZ sections.
This allows you to place firewall rules on all traffic coming through
and report easily on them. It also
Hi Ed
Sure I answered 04-01:
Hi
We implemented with ActivCard's AvtivPack Server.
http://www.activcard.com
We have Novell NDS for User Database. Activcard is best integrated in NDS.
We also had a pilot with SecureID, but Integration in NDS (via LDAP) did not
fit.
Regards
Martin
You need a router when running them parrallel.
The router will determine internet traffic goes to the pix, remote
vpn lan's etc go to the vpn 3000.
Mine is like
VPN 3000 PIX
10.0.0.210.0.0.10
10.0.0.0/24
10.0.0.1
RTR
Joseph,
In this scenario all you had to do is specify the TUNNEL DEFAULT Gateway on
the Concentrator, Is that right.
Also In site to site VPN case, the remote site can get the DHCP addresses
from the servers if we define helper address on the remote site VPN
router...right ?
Thanks,
neil
are discussing is how servers with two possible next hops,
a pix and a vpn, will determine which to use for what subnets.
The servers (defaulted to the pix) have to bypass it to speak to
remote subnet (and use the concentrator instead).
A common workaround (one I used to employ) was NT route add
The Shiva client is pretty good, kicks off domain authentication after
the tunnel is up.
-Original Message-
From: Doug Korell [mailto:[EMAIL PROTECTED]
Sent: 02 April 2003 19:06
To: [EMAIL PROTECTED]
Subject: Re: NT domain access after connecting through VPN [7:66618]
Thanks for your
Sent this email out a while back but didn't get any response. Wasn't
sure if it didn't get through...Please help if you can...
I currently have the Cisco ACS and would like to implement a VPN 3000
series solution with a token server. If you have done or researched
2-factor authentication, which
All,
I am planning to put a VPN concentrator parallel with a Firewall.The problem
I am concerned about is the default gateway on the servers and other
workstations.
Since the concentrator is sitting parallel to the FW, The servers have a
router which is on the same subnet as the Firewall inside
Hello All: I'm looking into using Microsoft IAS and Windows NT4 PDC to
authenticate VPN client users who are accessinga VPN 3000 concentrator. I
want home VPN client users to utilize the NT4 PDC for their login
authentication. The VPN 3000 concentrator is located on the outside
interface
Thanks for your input. I'm looking around at other vendors to see what they
offer with this. One thing I don't like with the PIX vpn is the lack of
logging capabilites. I want to know when someone logged in, when the logged
out, where they went, etc. I'm looking at the concentrators but don't
OR
1812 RADIUS server
1813 RADIUS accounting
..on the PIX between the concentrator and the IAS box.
It would be more advisable to put the VPN Concentrator on the DMZ port
of the PIX if you have it; this is left to interpretation and opinion.
NOTE: I have no experience with the Concentrators, so
Hi
We implemented with ActivCard's AvtivPack Server.
http://www.activcard.com
We have Novell NDS for User Database. Activcard is best integrated in NDS.
We also had a pilot with SecureID, but Integration in NDS (via LDAP) did not
fit.
Regards
Martin
Message Posted at:
I am using a PIX and VPN client 3.6 and getting in works just fine. Problem
is I want to connect to NT domain resources across the board after logging
into VPN. I know you can connect to network shares using alternate username
and password but for things like remote event logs on the domain, you
From my experiences in deploying both pix and the 3000 series concentrators,
the question of 'seamless' authentication or access to network resources
once connected to the vpn is always an issue.
To get around this I have seen various methods utilized, each of which has
catches and possibly user's
I currently have the Cisco ACS and would like to implement a VPN 3000
series solution with a token server. If you have done or researched
2-factor authentication, which Token server product works best with
Cisco's ACS?
If possible, please respond directly to me.
Thanks,
Ed
Message Posted
Last time I looked you could not do NAT-T on a PIX with 6.3 software. Only
VPN Gateways can handle it. Next gen of software should be able to do it sez
the great god Cisco. I have been looking forward to this for some time as I
install both PIX and VPN all the time.
Cheers,
Steve
-Original
-Original Message-
From: Steve Wilson [mailto:[EMAIL PROTECTED]
Sent: 30 March 2003 21:21
To: [EMAIL PROTECTED]
Subject: RE: PIX Nat Traversal / VPN [7:66404]
Last time I looked you could not do NAT-T on a PIX with 6.3 software.
Only VPN Gateways can handle it. Next gen of software
A friend of mine and I had a discussion on this topic. 2 PIX LAN-LAN
VPN. He
said that by default, VPN will terminate in 24 hours if no traffic. When
bringing VPN up, the first packet always gets lost. Is this true?
Thanks.
Yoshi
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i
I have a requirement to configure a VPN tunnel on pix ver 6.3 using nat
traversal. I am wondering if I need to use any special commands and
which ports I need to forward from my router to the pix. I am assuming
udp port 500. Has anyone done this that could give me some advice?
regards
Chris
Hi Listers,
Router C has 2 sub-ifs: s0/0.1 has a PVC connected to
router A, and s0/0.2 has a PVC connected to router B.
I want to configure a shared-secret VPN/IPSEC tunnel
between C and A/B.
Ideas, sample configs or references would be
appreciated.
dayo
Hello,
The product overview for the Cisco SOHO 90 Series Secure Routers states it
will provide secure connectivity to small remote offices with up to five
users. What does this mean? Does it mean that if the 6th/7th/8th/etc. user
uses this SOHO router to a browse the Internet or use the VPN
to 1):
PIX 515 can terminate 1000 tunnels (SW) or 2000 (HW)at max 10Mps VPN
Performance.
to 2):
analog is no problem (same as ISDN). ISP gives you the physical address.
If connecting to your VPN site you will be given a tunnel address from your
central site. Both physical and tunnel IP's
The 515 is actually at my home and from my office, I VPN to it. Yeah I know
it is quirky, but I do have a legitimate excuse.
You asked what the ip address outside DHCP setroute command does. I have
DSL at home with no static IP address. That line in my PIX essentially lets
the PIX know that I
to 1):
PIX 515 can terminate 1000 tunnels (SW) or 2000 (HW)at max 10Mps VPN
Performance.
to 2):
analog is no problem (same as ISDN). ISP gives you the physical address.
If connecting to your VPN site you will be given a tunnel address from your
central site. Both physical and tunnel IP's
Hi..
1)I want to know can I can configure PIX 515 firewall
to be used as for internet access and allow VPN connection
from my home as well. FYI, I have only one outside interface
and one leased line. How many client can connect at the
same time?
2)And I am using analog modem from my home PC
Hi.. May I know whether your PIX 515 at your company is only for your VPN
access from home or it can be used for internet access for your company as
well.
If I have only one outside interface and one leased line, can it be used as
for the internet access and VPN access from home at the same
Hi...BJ Rice and Dear all,
Thanks for your help. But I need to ask whether your PIX 515 in your company
is only for the VPN home access? Or the PIX515 is used to access internet
for your company? If I have only one outside interface, can you use it for
internet access and incoming home VPN
The software is available at
http://www.cisco.com/kobayashi/sw-center/sw-vpn.shtml.
Once you have the VPN tunnel established, there should be no need for a dial
in line.
Here is a sample configuration for my VPN tunnel to my home 515 PIX - I use
DES, I would recommend 3DES.
PIX Version 6.2(2
Guys-
I have setup VPN (Site to Site Cisco VPN Client) on PIX, now we are moving
in off from the PIX and buying a Cisco VPN concentrator 3005.
I have heard that Cisco VPN concentrator is not a good choice for Site to
Site VPN connection.
Please tell me is it true and why a dedecated VPN device
I am trying to setup a site to site VPN between a PIX running 6.2.1 and
Symantec Firewall 7.0. It is not making it past IKE and just keeps looping
the IKE phase. It matches a policy and then loops over again. In the show
crypto isakmp sa output, I get hundreds of QM_IDLE and every few seconds
in an NAT environement you need to encapsulete the VPN traffic into UDP or
TCP (because ESP has no port#, has protocolnumber 50).Otherwise VPN traffic
after IKE will be dropped.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65276t=65239
101 - 200 of 1685 matches
Mail list logo
