checked duplex/speed, they were 10 half, set to full, didn't help. I'll post
my findings if I can find the problem.
Xueyan
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62581t=62461
--
FAQ, list archives, and subscription info:
finally found the problem. my end is configured for IKE replay protection
but the far end isn't so it drops packets. The interesting thing is that I
got some packes but not all, which made me think it's simply slow. found
this out by debug vpn.
Thanks all for your help.
Cheers.
Xueyan
Well, having worked with the Netscreen Firewall products, I find it
interesting that you feel its your bottle neck. Take a look at the
architecture you've outlined:
PC---NetScreen---Cable Modem VPN Gateway (what type of gateyway is
this?)Internet.
The short answer here is that anytime
of your traffic? Simply PC- FW- cable modem-
Internet OR
PC- FW( VPN gateway ) - cable modem - VPN gateway -
Internet?
BUT you mentioned 3DES, if NS is just using as a Firewall,
encryption (3DES and VPN) should not cause your problem.
rgds,
ivan
Message Posted at:
http
William,
I just pointed out the one of the possible architecture.
VPN gateway I mentioned may be other vendors that can work with netscreen
like checkpoint... Any problems on my thought?
Ivan
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62559t=62461
PROTECTED]]
Sent: Wednesday, February 05, 2003 10:49 PM
To: [EMAIL PROTECTED]
Subject: RE: OT-Netscreen 5xp VPN very slow [7:62461]
William,
I just pointed out the one of the possible architecture.
VPN gateway I mentioned may be other vendors that can work with netscreen
like checkpoint... Any
Do you think it is the LAN negotiation problem? As 5XP only have 10M
interface.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62564t=62461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Hi, Group
Can somebody help with this problem with a netscreen 5xp firewall running
VPN (3des)?
It's behind a cable modem. If I connect my pc directly to the modem, I can
surf the internet fine. As soon as I put my pc behind the firewall and try
to access intranet web page through vpn, it's very
Hi,
Did you check the NS-5XP log?
Also, if you place your PC behind the NS and access internet, what's the
path of your traffic? Simply PC- FW- cable modem- Internet OR
PC- FW( VPN gateway ) - cable modem - VPN gateway - Internet?
BUT you mentioned 3DES, if NS is just using as a Firewall
:
Assunto:Re: VPN with Cisco router and digital certificates [7:62213]
I guess no one has ever set this up before.
Sam Sneed wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I have a 3600 router that current supports PPTP win2K clients using win2K
client. I do not wnat to u
Hi all,
A have a Checkpoint FW-1 and a VPN concentrator in a new design.
Where is the best place to put the VPN concentrator related to firewall?
a) before the firewall (in the outside network)
b) after the firewall(in the inside network)
c) in parallel with the firewall
d
Inside the firewall. I haven;t worked with the concentrators before, but
have used Cisco rotuer for RAS VPN. All it needs is one interface for this
fucntion, real nice. Putting it behind FW ensures only stateful TCP sessions
are used and protects it from outsiders.
Paulo Roque wrote in message
You may want to consider the concentrator in a dual DMZ scenario. The
benefit of putting it in a dual DMZ scenario is not only can you control the
outside access, you can also control the resources a remote can see in the
inside once a tunnel is established. If you place it behind the firewall,
Hi All,
I am deploying Site-to-site VPN using Cisco IOS routers. I am wondering
what software package offering the management, connectivity monitoring of
tunnels, and content reporting available? How much it costs? Thanks!
Thomas
Message Posted at:
http://www.groupstudy.com/form/read.php
Thomas N. wrote in message ...
I am deploying Site-to-site VPN using Cisco IOS routers. I am
wondering what software package offering the management, connectivity
monitoring of tunnels, and content reporting available? How much
it costs? Thanks!
Most people roll-their-own (i.e. use a home
I guess no one has ever set this up before.
Sam Sneed wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I have a 3600 router that current supports PPTP win2K clients using win2K
client. I do not wnat to use Cisco client for VPN.
What I am trying to do is authenticate using
I have a 3600 router that current supports PPTP win2K clients using win2K
client. I do not wnat to use Cisco client for VPN.
What I am trying to do is authenticate using digital certificates. The Cert
server is Win2K certificate server. I used a MS machine as VPN server with
certificates
pc sort of and we all know how much of a security nightmare
that could be.
-Original Message-
From: Joseph Brunner [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 27, 2003 7:03 PM
To: [EMAIL PROTECTED]
Subject: RE: Internet Access Through Cisco VPN Concentrator? [7:61999]
Yes. Do it all
Hello
I need to implement VPN, which will be able to used by data transfers
and VoIP with server on public IP and clients, connected to internet by
xDSL router/modem/switch with real dynamic IP (allocated by DHCP).
As far as I understood, I need to setup IPSec tunnel from CO to each
client
If you have the DSL router just add this line
ip nat inside source static
that will allow your VPN clients through your NAT router to the VPN
termination point.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Michael Vasilenko
Sent: Tuesday, January 28
Just curious Does anybody know how well the default gateway setting in
the Cisco 3005 concentrator works? I want to make sure my VPN clients can
access the internet while on VPN by having the concentrator route all the
internet traffic through the default gateway. Thanks!
- Tim
Message
Yes. Do it all the time. I also use it as a remote office router
for other clients on the lan behind the 3005.
It has great built in nat functionality (PAT REALLY !). Along with
filter lists for security your set.
But for clients, just enable split tunneling. Let them get to
the internet
Will the new version be freely distributed?
Robert Raver @groupstudy.com em 22/01/2003 17:54:21
Favor responder a Robert Raver
Enviado Por: [EMAIL PROTECTED]
Para: [EMAIL PROTECTED]
cc:
Assunto:Re: Cisco VPN Client 4.0 -- BETA [7:61589]
Charles,
Some of the new features
a restricted VPN connection automatically at bootup. To do
this we have chosen to use win2k's built-in ipsec capability. We
administratively create an ipsec policy that will only allow the machine
to connect to the pix at the central site. The policy also restricts
traffic to http between the host
PROTECTED]">news:[EMAIL PROTECTED]...
Which do most of you use for Remote Access VPN?
Pro's and cons?
Thanks alot.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61506t=61500
--
FAQ, list archives, and subscription in
Hey,
For all those interested the 4.0 VPN Client(BETA) will be in March/April.
This VAN Client is totally rebuilt and has some very nice new features.
Thought I would just let everyone know.
Thanks,
Robert Raver
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61589t=61589
Robert,
What new features does it have,and what problems will it solve?
TIA,
Charles
Robert Raver wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hey,
For all those interested the 4.0 VPN Client(BETA) will be in March/April.
This VAN Client is totally rebuilt and
Charles,
Some of the new features will include:
-New SHIM Interface(This is the biggest)
-This will let it run with other VPN Clients on the machine
-This will let it work with DNS/WINS allot better.
-With the new SHIM interface it will support products such as NetMeeting
Which do most of you use for Remote Access VPN?
Pro's and cons?
Thanks alot.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61500t=61500
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
: woensdag 11 december 2002 18:16
Aan: [EMAIL PROTECTED]
Onderwerp: VPN Concetrator #3030 [7:58982]
Hi All,
Few questions regarding the VPN Concentrator
1. what do I do for Redundancy, ( VPN Redundant Bundle)
2. Load balancing
3. Where to put the Concentrator ( prefer putting the VPN Concetrator
and
then knows their own username and password to access the network.
Sam Sneed wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Which do most of you use for Remote Access VPN?
Pro's and cons?
Thanks alot.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7
have something you
know
authentication. the user has the group name and password on their pc
and
then knows their own username and password to access the network.
Sam Sneed wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Which do most of you use for Remote Ac
10.10.10.10
wins 10.10.10.20
domain cisco.com
pool ippool
I could not get it into my 2611 IOS router.
Has anybody gone through this already.
My objectives is to have vpnclients and some remote cisco routers create
VPN tunnels to my 2611 at my main site
try IOS Version 12.2(11)T3
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61260t=61256
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL
Well..well..well.. in a way I feel like idiot.. but in another it was a very
much a learning experience.
After checking over everything and recreating the 800mS to 2 second delays,
I found the problem.
When I first set up the lab, I spent some time working with the debugs for
ipsec, isakmp and
Basically it performs as per stated. We have VPN users that come into our
concentrator from all over North American and abroad. They have used a
variety of cable, dsl, dial-up providers and for the most part do not have
any issues. Split tunnelling has been enabled up until now.
As for private
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 16, 2003 5:57 AM
To: [EMAIL PROTECTED]
Subject: RE: Cisco VPN Question [7:61148]
Basically it performs as per stated. We have VPN users that come into
our
concentrator from all over North American and abroad. They have used a
variety of cable, dsl
IMHO - it is all a question of usability/functionality vs. security ...
Ideally (from a security perspective) - you would not split tunnel; as the
hosts are then, in effect, multi-homed. In fact, ideally, you wouldn't VPN
at all ;
However, in the real world, there are issues
Disabling split tunneling is being visited. As TJ has pointed out there are
several different reasons why it is/can be implemented in different
scenarios. This configuration was in place before I started. It is my job
to upgrade the concentrator at which time the security policies associated
What eric is refering to is a couple different items. One is the forward
lookup of the name given on the command prompt, which I don't recall any
traceroute implementations which cause high latency for that.
Secondly is the reverse lookup many traceroute's will do if you give an IP
address as the
Darrell-
I like the tidbit about reverse lookup with traceroute.. I always wondered
why the Sun boxes were so slow at times during pings . Now I need to fire up
the sniffer and the x86 Solaris and see what I can see :) It would be my
luck that the x86 Solaris is different ..
Anyways.. this
Just wondering... Does anybody know how reliable the Cisco VPN client is
with split-tunneling when paired with a Cisco 3005 concentrator. Is it
able to perform as advertised is almost every situation or does it have
problems with private networks and/or different service providers or cable
modems
Does anyone one know if PIX 501 supports user level VPN client for remote
access?
Thanks!!!
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61154t=61154
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list
Yes. Same as all the other PIX models.
-Original Message-
From: Sam Sneed [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 15, 2003 6:05 PM
To: [EMAIL PROTECTED]
Subject: PIX user level VPN [7:61154]
Does anyone one know if PIX 501 supports user level VPN client for remote
access
Hello group,
I'm looking to monitor VPNs via SNMP for up/down and traffic volume
monitoring (maybe even send to MRTG). I just wanted to know if the PIX IOS
MIB supports for this.
Thanks
Albert
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=60948t=60948
Hi Albert,
The following SNMP MIBs were created to support the Cisco VPN Device
Manager (VDM) product, however, you can interogate these and I have
attached a URL of a good document with an overview of how this is done.
CISCO-IPSEC-FLOW-MONITOR- MIB
CISCO-IPSEC-MIB
I just set up a back to back PIX firewall test. Using IKE and IPsec with a
laptop on either end. One is a 520 (6.2) and the other is a 501 (6.2) and
Win2K and Win98 as clients. Everything works as it should but.. isnt there
always a but? the traceroute response time is something like 800mS. When I
it has nothing with the VPN tunnel but everything to do with DNS. if you
specify the
IP address in the /etc/hosts file, that will speed it up very quickly. I
have the same
setup like yours with the exception that I have franken pixes (Pix520) on
both ends
By the way, use version 6.2(2
] [mailto:[EMAIL PROTECTED]] On Behalf Of
Mike Sweeney
Sent: Monday, January 13, 2003 11:40 AM
To: [EMAIL PROTECTED]
Subject: response time between PIX with VPN [7:60981]
I just set up a back to back PIX firewall test. Using IKE and IPsec with
a laptop on either end. One is a 520 (6.2
In answer to Eric, there is not any DNS involved as the traceroute is IP
only... no name resolution needed.
In answer Ed's comments, I have both plugged into a switch and so it's not
*back to back* in the normal sense of the word.
MikeS
Message Posted at:
Check for duplex and speed settings on switch as well as interface errors
and collisions.
Mike Sweeney wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
In answer to Eric, there is not any DNS involved as the traceroute is IP
only... no name resolution needed.
In answer Ed's
Is ping that slow too? What else did you try? FTP? TFTP? Traceroute and
Telnet are sort of weird ways of testing response time, but a good start.
Can you put a sniffer on one of the Windows machines and see where the
delays are actually occuring?
Try to distinguish between a slow network and
Yes I have looked at that and the client says it is just to much work.
-Original Message-
From: cebuano [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 09, 2003 1:09 AM
To: Elijah Savage III
Cc: [EMAIL PROTECTED]
Subject: RE: VPN dialup Outlook Exchange Do I need Help [7:60669
Are u using MD5 or SHA because the higher the encryption the more over head
you will have.
Greg Owens
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Elijah Savage III
Sent: Thursday, January 09, 2003 7:42 AM
To: [EMAIL PROTECTED]
Subject: RE: VPN
We are using MD5
-Original Message-
From: Greg Owens Jr [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 09, 2003 10:22 AM
To: [EMAIL PROTECTED]
Subject: RE: VPN dialup Outlook Exchange Do I need Help [7:60669]
Are u using MD5 or SHA because the higher the encryption the more over
Hi all
I have a question regarding VPN,
I want to configure a 827 router, so I can VPN into it with out using the
cisco VPN client, just use the Windows 2000 Client, i.e. use PPTP
I have done this with the PIX, and there are noproblems there, I also have
setup Ipsec and 3des with the 827, but I
I've got a remote location with two ADSL lines terminating on a 2620, each
line has a separate subnet of legal IPs. Connected to the 2620 is a PIX.
I'd like to setup a VPN from this location to our central location. I'd
also like to load balance the two DSL lines (I was thinking CEF).
Question
All,
I need some serious help for a serious problem. We have implemented a
vpn solution with 2 3030 concentrators. All work fine except for the
dialin users, everything is terribly slow I used dialin tonight and had
a 50.6 connection and it was creeping along like it was 9600 baud. I was
getting
08, 2003 9:00 PM
To: [EMAIL PROTECTED]
Subject: VPN dialup Outlook Exchange Do I need Help [7:60669]
All,
I need some serious help for a serious problem. We have implemented a
vpn solution with 2 3030 concentrators. All work fine except for the
dialin users, everything is terribly slow I used
If you terminate your VPN tunnels on the PIX, you will need to set up a
TACACS server if you want to use an external user database to authenticate.
Aurelian Georgescu
-Original Message-
From: Steiven Poh-(Linear Online MailBox) [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 06, 2003
Hello everybody,
My question is: Can I terminate IPSec VPN tunnel on PIX and translate my
addresses to net on second end of tunnel together?
I have got two networks with IP address schema 10.x.x.x and I have to link
them via Internet. An access firewall is PIX on first and second net. I
don't
If you have version 6.2 you can use the nat outside command. This command
does exactly what you are asking. It allows for networks that have the same
addressing scheme to connect to each other without having to do any
re-addressing. I have included some links from CCO. If you do not have an
Does anyone know the limit of VPN peers a PIX 501 with 3des is?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=60430t=60430
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct
I think the answer is 10. I am not sure if this corresponds to a 10 user
license (in which case a 50 user license may allow 50 tunnels, but I doubt
it).
Peter
--On 06 January 2003 15:33 + Sam Sneed wrote:
Does anyone know the limit of VPN peers a PIX 501 with 3des is?
Message Posted
t09186a0080091b18.html
You can support up to 5 SA's with the PIX 501, regardless of user
license.
Also need the PIX-501-VPN-3DES= license to run 3DES.
Frank Jimenez, CCIE #5738
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Sam
, January 06, 2003 11:47 AM
To: [EMAIL PROTECTED]
Subject: Re: PIX 501 VPN Peers limit [7:60430]
I think the answer is 10. I am not sure if this corresponds to a 10 user
license (in which case a 50 user license may allow 50 tunnels, but I doubt
it).
Peter
--On 06 January 2003 15:33 + Sam Sneed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
For example in
http://www.cisco.com/warp/public/707/ios_usr_rad.html
Is, like I said, ANOTHER ip range used than in the LAN.
Configuring Router to VPN Client, Mode-Config, Wild-Card Pre-Shared Key with
NAT
http://www.cisco.com/warp/public/707/25
Hi,
Just have a question over here. I would like use my domain account as a vpn
authentication login, how am I do that?
Thanks
Rgds,
Steiven
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=60480t=60480
--
FAQ, list archives
I know how to set MPLS VPN in a network with 7507 as the Core routers.
But what is necessary to integrate a 6500 switch with FlexWan module and
PA-HSSI/PA-ATM cards in the Core and keep the MPLS VPN service in the
location served by the switch?
The network is like that:
2500-vpn-A--7500
there.
I've included an example below, HTH.
Best Regards,
John
interface GE-WAN4/1.10
description 2500-MPLS-VPN-A
encapsulation dot1Q 10
ip vrf forwarding vpnA
ip address 10.1.2.3 255.255.255.252
mpls label protocol both
end
- Original Message -
From:
To:
Sent: Friday
And as a P router, can it? I do not have a OSM.
John Murphy @groupstudy.com em 03/01/2003
11:24:41
Favor responder a John Murphy
Enviado Por: [EMAIL PROTECTED]
Para: [EMAIL PROTECTED]
cc:
Assunto:Re: MPLS VPN [7:60205]
Currently the 6500/7600 can only function as a PE
Anyone using these concentrators? I am specifically looking at either
the 3060 or 3080. If you have any experience with these guys, please
let me know of any gotchas or recommended configurations.
I guess, specifically:
1. What is the recommended software client to go with these guys?
2. Where
Hi all
I have set up a VPN between a Checkpoint FW1 (v4.1 sp3) and a Cisco 827.
The tunnel installs correctly and I can connect from the FW1 subnet to the
Cisco subnet but not the other way around.
When I try to connect from the Cisco subnet I can see the packets enter
the access list
Hello everyone,
I usually try not to use this as my personal tech support forum, but since
TAC can't get off their but and provide the solution I thought I'd drop it
and see. I have a remote site that connects to our central site via a VPN
tunnel. The remote router is a Cisco 1710. We have
Check the statistics for in and out Bayts on the client side: if the OUT is
increasing without increasing in IN the problem would be either in routing
or access-lists.
JM wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hello
I am trying to run VPN beetwen VPN Clie
I have very simple network
--LAN--ROUTER--INternet--VPNClient
|
|
DMZ
IP pool for the vpn client is the same like in LAN (192.168.1.0/24)
mjans001 wrote:
Last time iot worked for me I used another private range (than i use in
the lan
Hello
I am trying to run VPN beetwen VPN Client 3.6.2.A and Cisco 2651.
On Cisco router I have:
Software with 3DES/IP PLus/FW/IDS - Version 12.2(11)T2
Router has 4 interfaces:
serial 0/1 - Internet here I gave cryptomap
fasteth 0/1 -DMZ
fasteth 0/0 -LAN ( here I want to be tgrough VPN)
I have
Can I have a VPN within my organization.my setup as follows
HostAin(PIX-A)dmz-out(Pix-B)dmz-HostB
Can I have a VPN established between dmz of PIX A and outside of PIX B.both
are in same segment (172.16.1.xxx)Let me know if u got any example.Just for
testing
The IP address that your VPN Client gets from the router, are you
advertising that route through your network?
JM wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hello
I am trying to run VPN beetwen VPN Client 3.6.2.A and Cisco 2651.
On Cisco router I have:
Software w
I have 4 interfaces:
Serial 0/1 - public IP for example 1.1.1.1
fast 0/1 -public IP for example 2.2.2.2
fast 0/0 -LAN IP : 192.168.1.1/24
My ip address pool for VPN : 192.168.1.170-192.168.1.190
On VPN padlock i haver Ip address from router for example 192.168.1.170
but I can't ping any address
yes..
given you have the proper routing in place,
security policies to support it, and your
IPSEC configs to allow it.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59320t=59284
--
FAQ, list archives, and subscription info:
Last time iot worked for me I used another private range (than i use in
the lan) for the vpn clients, and had to triple check my access-lists,
especially the one that encrypts from lan to vpn client. Make sure that
your vpn headend (2600) is the default gateway for that vpn client lan,
or give
The default route will work. When the packet reaches the PIX it will compare
the access-list. If it matches then it will look for the peer address and
send it to the peer.
regards
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59081t=59043
Guys
I am having a issue Site To Site VPN between PIX 515 and PIX 501. PIX 501 is
at our develper location, and he has DHCP Internet IP address from his ISP,
i am using Dynamic Map on PIX 515 for Site To Site VPN.
Develoer is complaing that his VPN connection goes down (although he sees a
vpn
Hi All,
Few questions regarding the VPN Concentrator
1. what do I do for Redundancy, ( VPN Redundant Bundle)
2. Load balancing
3. Where to put the Concentrator ( prefer putting the VPN Concetrator behind
Firewall).What are issues I will have to consider if I put the concentrator
behind Firewall
to put the concentrator behind a firewall make sure you pass all
appropriate vpn traffic without filtering, such as port 50 port 51 port
500 to the concentrator.
That should get you started in the right direction if you have any more
DIRECT questions please let us know and we will try to help you out
Responses in line
1. what do I do for Redundancy, ( VPN Redundant Bundle)
It runs VRRP for concentrator redundancy. For user sessions you
make a cluster using VCA under
Configuration | System | Load Balancing.
For redundancy on LAN to LAN tunnels its much harder..
They way the concentrator
PROTECTED]]
Sent: Wednesday, December 11, 2002 4:18 PM
To: [EMAIL PROTECTED]
Subject: RE: VPN Concetrator #3030 [7:58982]
I have just finished a project like this. You can only do one or the
other you can't do redundant and load balancing all at once on the 3030.
If you want to be redundant where
never was able to make it crash but cpu
gets high.
-Original Message-
From: Evans, TJ (BearingPoint) [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 11, 2002 7:33 PM
To: [EMAIL PROTECTED]
Subject: RE: VPN Concentrator #3030 [7:58982]
Minor comment - protocol 50 and 51, not port
Hi folks,
My set up as follows
Host A-(in)PixA(out)Internet---(out)PixB(in)HostB
I have a VPN using Ipsec between Pix A and Pix B.Do I need to have a Static
(inside,outside)to hostB for hostA to connect or Pix B would default route
the packet to hostb.
nat 0 access-list 80
access
Hi all,
Just finished the exam above and scored 954/1000.
Just IDS and this new SAFE exam to go..
Anyone have pointers for the IDS??
Thanks
Andrew Larkins
BCom, CCNP, CCDP
Bytes Technology Networks
A Division of the Bytes Technology Group
A Member of the Altron Group
www.btgroup.co.za
visit
: Monday, December 09, 2002 8:01 AM
To: [EMAIL PROTECTED]
Subject: Passed CS VPN - 9E0-570 - 2 more to go [7:58789]
Hi all,
Just finished the exam above and scored 954/1000.
Just IDS and this new SAFE exam to go..
Anyone have pointers for the IDS??
Thanks
Andrew Larkins
BCom, CCNP, CCDP
Bytes
anyone have any working configs of a PIX set up for a site-to-site IPSec
tunnel with another PIX (at a remote site), as well as set up for mobile
user VPN access (through dialup/dsl/cable/etc)? the client will user
secure VPN client 3.0 for windows.
i have the docs from CCO, but someone told me
: maandag 9 december 2002 21:44
Aan: [EMAIL PROTECTED]
Onderwerp: more VPN fun... [7:58818]
anyone have any working configs of a PIX set up for a site-to-site IPSec
tunnel with another PIX (at a remote site), as well as set up for mobile
user VPN access (through dialup/dsl/cable/etc)? the client
:[EMAIL PROTECTED]
-Original Message-
From: Edward Sohn [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 09, 2002 3:44 PM
To: [EMAIL PROTECTED]
Subject: more VPN fun... [7:58818]
anyone have any working configs of a PIX set up for a site-to-site IPSec
tunnel with another PIX
Share the knowledge I say...
OK, this has been edited to protect my information, but other than that its
directly off of a PIX that has 2 lan 2 Lan tunnels and also allows VPN
remote access...
I think I got all the leftover junk cleaned out as well...
!
access-list 100 permit ip m.y.h.o u.s.e
1:22 PM
To: Edward Sohn; [EMAIL PROTECTED]
Subject: RE: more VPN fun... [7:58818]
Just make sure that you use Group 2 in the isakmp policy, and the users
will connect.
Here is a great reference:
http://www.cisco.com/warp/customer/110/pixpixvpn.html
And it works...
Joshua R. Vince
MCSE MCP+I
, 2002 6:06 PM
To: Joshua Vince; [EMAIL PROTECTED]
Subject: RE: more VPN fun... [7:58818]
dude, good site.
i can't believe i couldn't find this doc. this is exactly what i want
to do...
anyway, i got the client connected and stuff, but i can't access
anything on the lan...thanks for the config i
forget it...i got it working...there is a weird router set up
internally...just putting statics to the vpn client pool worked.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Edward Sohn
Sent: Monday, December 09, 2002 3:09 PM
To: [EMAIL PROTECTED
hey guys,
i've got connectivity now. thanks a bunch for all the help.
however, per the diagram that josh sent the link for...
how can i now get the remote vpn client to go back out through the pix
for internet, if the PIX is the default gateway? how does the client
know *any* gateway
301 - 400 of 1685 matches
Mail list logo
