I need help quick-PIX 515e worm. 6.3 (5)

Similar Questions

• * Need help quickly please * fact the SL400 comes with europian or AC adapter / American CC?

  Im going to buy a Lenovo SL400 laptop I customized...

  I live in Israel, so for a problem, the AC adapter is eauropian or American?

  If not, how can I ask American replance europian AC adapter for Lenovo?

  I would appreciate any kind of help

  Have a nice week than ya'll, Gil

  Welcome to the forum!

  All laptops Lenovo come with automatic universal power adapter detects the voltage. You just need a plug appropriate (detachable) for outputs used in your country.

  I hope this helps.

• Network connectivity XP Guest crashes: need help quickly!

  I have troubleshooted of many problems of VMware workstation over the years on my own; However, this one has me baffled.

  The installation program:

  • Client: Windows XP SP3. 1.4 GB of RAM. 2 processors.

  • Host: Linux 2.6.25 (Gentoo). AMD X 2 5600 + 2.9 Ghz. 4 GB of RAM. VMware Workstation v. 6.05

  Behavior

  From some time last week, the guest started crashing on boot. After some troubleshooting, I discovered that the guest will begin and if the networks virtual Ethernet (NAT and host-only) are disconnected. To log in after that start immediately blocked the prompt. I have not tested extensively, I think that the client works fine if the Ethernet devices are disconnected.

  Corrections attempted

  • I'd say it's Needless to say, but I'll say. VMtools are installed and up-to-date.

  • I tried to uninstall devices ethernet comments, turn on/off the guest and then reinstalling the virtual devices in the virtual machine settings.

  • Both devices on the guest had been set with static IP (below the range assigned by DHCP); However, their DHCP definition made no difference.

  • I ran the vmware script - configures .pl.

  • I rebuilt and manually installed modules (vmblock.ko, vmmon.ko, vmnet.ko).

  • I ran the guest with the debugger; However, the newspaper produces no significant output.

  • I tried to start an installation that I had saved a few months ago. He has shown the same behavior.

  • Virtual devices host seem to work correctly:

  root@cruise vmware # ifconfig vmnet1
  vmnet1    Link encap:Ethernet  HWaddr 00:50:56:c0:00:01  
            inet addr:192.168.101.1  Bcast:192.168.101.255  Mask:255.255.255.0
            inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:0 errors:0 dropped:0 overruns:0 frame:0
            TX packets:67 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:1000 
            RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
  
  root@cruise vmware # ifconfig vmnet8
  vmnet8    Link encap:Ethernet  HWaddr 00:50:56:c0:00:08  
            inet addr:192.168.102.1  Bcast:192.168.102.255  Mask:255.255.255.0
            inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:0 errors:0 dropped:0 overruns:0 frame:0
            TX packets:110 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:1000 
            RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
  

  Both devices are the ping requests.

  I need this function comments in order to get the work done, and it is not very useful, if I can't do this network.

  Important update

  I've upgraded to VMware Workstation 6.5.1. I have the same behavior. Now, I have another problem. The upgrade of the workstation triggered XP to request reactivation. I have three days (until January 8) re - activate XP. Activate Windows without a network connection is a royal pain.

  burmashave wrote:

  From some time last week, the guest started crashing on boot.

  Has nothing changed last week?  The installation of updates on your host?  New kernel?

  Activate Windows without a network connection is a royal pain.

  It takes 6 minutes by telephone.

• BlackBerry smartphones need help quick pull does not

  I'll draw fire fast pro, but when I run it it comes up with this untrapped exception java.lang.IllegalargumentException how could I solve this problem.

  Hello!

  This will make no sense at all, but try this:

  Of Blackberryforums:

  "JayinJay of the user:

• Using PIX 515E configuration require

  Dear all,

  Hi.Actually I need help for PIX 515E.Pls. check out the scenario, design & suggest?

  Pls. find the details following and configuration of VLAN attached router.

  # I want to put as

  «Spend my LAN on CISCO 2900 (range 172.16.29.X IP...» (25 PCs) - VLAN router - CISCO PIX - ISP public IP.

  # Now it's

  "My LAN on CISCO 2900 - VLAN (external) router - ISP.

  Details of router & PIX:

  #Router inside the IP - 172.16.29.1 (inside property intellectual as it is very critical that cannot be changed)

  Outdoor #Router ip - what ip should I use? (I tried with 1.1.1.1 255.255.255.0)

  #PIX outside intellectual property - what ip should I use? (My ISP IP?-j' tried with 208.144.230.197 which is currently outside of my router)

  #PIX within the intellectual property - what ip should I use? (I tried with 1.1.1.2 255.255.255.0)

  Connection ISP #My is directly from the ISP GW to an ethernet cat 5 on my router VLAN

  #I would allow www, FTP, web-based like Yahoomail... etc... & Messenger services

  VLAN router Config:

  Current configuration: 1028 bytes

  !

  version 12.3

  horodateurs service debug datetime msec

  Log service timestamps datetime msec

  no password encryption service

  !

  hostname VLANRouter

  !

  boot-start-marker

  boot-end-marker

  !

  activate the gcsroot password

  !

  No aaa new-model

  IP subnet zero

  !

  !

  no record of conflict ip dhcp

  DHCP excluded-address IP 172.16.29.1 172.16.29.240

  DHCP excluded-address IP 172.16.29.250 172.16.29.254

  !

  IP dhcp pool dhcppool

  network 172.16.29.0 255.255.255.0

  DNS-server 208.144.230.1 208.144.230.2

  router by default - 172.16.29.1

  !

  !

  !

  !

  controller E1 0/0

  !

  controller E1 0/1

  !

  !

  interface FastEthernet0/0

  IP 208.144.230.197 255.255.255.224

  NAT outside IP

  automatic duplex

  automatic speed

  !

  interface FastEthernet0/1

  IP 172.16.29.1 255.255.255.0

  IP nat inside

  automatic duplex

  automatic speed

  !

  IP nat inside source list 7 interface FastEthernet0/0 overload

  IP http server

  IP classless

  IP route 0.0.0.0 0.0.0.0 208.144.230.200

  !

  !

  access-list 7 permit 172.16.29.0 0.0.0.255

  !

  Line con 0

  line to 0

  line vty 0 4

  opening of session

  !

  !

  !

  end

  All advice is appreciated.

  Kind regards

  Hiren s Mehta.

  ORG Informatics Ltd.

  Bamako, MALI

  AFRICA

  Hi hiren,.

  See the answers below:

  #Router inside the IP - 172.16.29.1 (inside property intellectual as it is very critical that cannot be changed)

  When you upgrade the PIX router inbetween and your switch, you must put the PIX inside IP like 172.16.29.1 and change the router within the subnet to someother pool. Do the PAT on the PIX, rather than the router.

  Outdoor #Router ip - what ip should I use? (I tried with 1.1.1.1 255.255.255.0)

  Router outside the property intellectual property will be that given by the ISP... The ISP would have given a public IP address for the WAN link. This cannot be changed.

  #PIX outside intellectual property - what ip should I use? (My ISP IP?-j' tried with 208.144.230.197 which is currently outside of my router)

  PIX outside IP must be comprehensive. ISP would have given you a LAN subnet. Use it. In this case, inside the interface of the router has an IP address from that subnet even...

  #PIX within the intellectual property - what ip should I use? (I tried with 1.1.1.2 255.255.255.0)

  PIX inside must be 172.16.29.1, which will be the default gateway for all PCs. If you change this subnet, then the PC should have an IP address on the same subnet that has decided.

  Connection ISP #My is directly from the ISP GW to an ethernet cat 5 on my router VLAN

  didn't get it... is that on the internet router or switch?

  #I would allow www, FTP, web-based like Yahoomail... etc... & Messenger services

  If all these must be permitted from inside to outside, you have not open anything... by default, all traffic to the inside outside is allowed (except if you put a list of access denied)...

• need help to remove kkash virsus

  Why can't, I need help to remove the worm kkash/Rodolphe that divert my laptop used I would even turn on windows I would think MS essentials would protect me

  Hello

  Scan of Malware in Safe Mode with network.

  http://www.bleepingcomputer.com/tutorials/how-to-start-Windows-in-safe-mode/#Vista

  Windows Vista

  Using the F8 method:

  1. Restart your computer.
  2. When the computer starts, you will see your computer hardware are listed. When you see this information begins to tap the F8 key repeatedly until you are presented with the Boot Options Advanced Windows Vista.
  3. Select the Safe Mode with networking with the arrow keys.
  4. Then press enter on your keyboard to start mode without failure of Vista.
  5. To start Windows, you'll be a typical logon screen. Connect to your computer and Vista goes into safe mode.
  6. Do whatever tasks you need and when you are done, reboot to return to normal mode.

  Once in Safe Mode with network, download and run RKill.

  RKill does NOT remove the malware; It stops the Malware process that gives you a chance to remove it with your security programs.

  http://www.bleepingcomputer.com/download/rkill/

  Then, download, install, update and scan your system with the free version of Malwarebytes AntiMalware in Mode safe mode with networking:

  http://www.Malwarebytes.org/products/malwarebytes_free

  See you soon.

• I need help deleting these accounts quickly because I'm not going to use the most.

  Cancel/delete email

  Hello look at these emails I created just a mess.

  I need help deleting these accounts quickly because I'm not going to use the most.

  I want just all my information wiped out of these emails

  & When they are removed and all of my information are wiped out, I want these emails to become available and new to others for their use.

  E-mail address is removed from the privacy *.

  E-mail address is removed from the privacy *.

  E-mail address is removed from the privacy *.

  E-mail address is removed from the privacy *.

  E-mail address is removed from the privacy *.

  E-mail address is removed from the privacy *.

  E-mail address is removed from the privacy *.

  E-mail address is removed from the privacy *.

  E-mail address is removed from the privacy *.

  E-mail address is removed from the privacy *.

  E-mail address is removed from the privacy *.

  E-mail address is removed from the privacy *.

  E-mail address is removed from the privacy *.

  E-mail address is removed from the privacy *.

  E-mail address is removed from the privacy *.

  Please thank you.

  It is just a JOKESTER, but you're talking about Hotmail accounts? If so, please ask here.

  Windows Live Solution Center Hotmail Forum
  http://windowslivehelp.com/forums.aspx?ProductID=1

• need help, there is a strange thing to pix!

  the diagram please see www.ciscofan.com/smbc.jpg

  now the router of the ebs has a NM-1CE1U & NM-30DM, then remote clients can dial in to the network, the router of the pboc has a wic - 2T module, connect to the remote site via ebs DDN.the ip address of the pix interface is x.x.45.2, the ebs, the ip address of the ethernet router is x.x.45.1, and the ip address of the remote client can get (the pool of ip addresses) is the ip address x.x.45.110-x.x.45.140.the of pix515E inside the interface is x.x.44.1.I using nat 0 0 0 to avoid any nat (image the pix as the router) then the strange thing happens, after configuration, router ebs, can not ping any address which is like x.x.44.x, after x.x.45.1 ping server1, then both dialer clients and the ebs router can ping Server1, but cannot ping server2, after x.x.45.1 (router ebs) ping server2 , the two Dialer clinets and ebs the router can average ping server2, etc.that computers inside must ping computers outside first, then the external computers can access (include ping) inside is server.and the thing even stanger, if there is any traffic between ebs and the remote client (or the router of the ebs) in some time (maybe a few hours, but I'm not sure) remote dialer clients or ebs router cannot ping (access) inside

  Servers.for instance, after one night, in the morning, customers remote dialer or ebs router cannot ping x.x.44.x.It seems there is a configuration of Time out, but how can I set it up?

  What follows is the pix (515e) configuration:

  PIX Version 6.1 (4)

  ethernet0 nameif outside security0

  nameif ethernet1 inside the security100

  nameif ethernet2 security10 intf2

  nameif ethernet3 intf3 security15

  nameif ethernet4 ebs security20

  nameif ethernet5 pboc security25

  activate n5vL encrypted password

  passwd 2KFQnencrypted

  pixfirewall hostname

  fixup protocol ftp 21

  fixup protocol http 80

  fixup protocol h323 1720

  fixup protocol rsh 514

  fixup protocol rtsp 554

  fixup protocol smtp 25

  fixup protocol sqlnet 1521

  fixup protocol sip 5060

  fixup protocol 2000 skinny

  names of

  pager lines 24

  Automatic stop of interface ethernet0

  Auto interface ethernet1

  Automatic stop of interface ethernet2

  Automatic stop of interface ethernet3

  Auto interface ethernet4

  Auto ethernet5 interface

  Outside 1500 MTU

  Within 1500 MTU

  intf2 MTU 1500

  intf3 MTU 1500

  MTU 1500 ebs

  PBoC MTU 1500

  external IP 127.0.0.1 address 255.0.0.0

  IP address x.x.44.1 255.255.255.0 inside

  IP address intf2 129.0.0.1 255.255.255.0

  intf3 IP address 127.0.0.1 255.255.255.255

  IP address ebs x.x.. 45.2 255.255.255.0

  IP address x.x.46.2 255.255.255.0 pboc

  alarm action IP verification of information

  alarm action attack IP audit

  no failover

  failover timeout 0:00:00

  failover poll 15

  failover outside 0.0.0.0 ip address

  IP Failover inside 0.0.0.0

  failover ip address 0.0.0.0 intf3

  failover ip address 0.0.0.0 ebs

  failover ip address 0.0.0.0 pboc

  history of PDM activate

  ARP timeout 14400

  NAT (inside) 0 0.0.0.0 0.0.0.0 0 0

  allow icmp a conduit

  allow ip a conduit

  Route the pboc 10.24.15.0 255.255.255.0 x.x.46.1 1

  Timeout xlate 03:00

  Timeout conn 0 half-closed 01:00:10: 00 udp 0:02:00 CPP 0: h323 from 10:00 0:05:00 TR

  p 0:30:00 sip_media 0:02:00

  Timeout, uauth 0:05:00 absolute

  GANYMEDE + Protocol Ganymede + AAA-server

  RADIUS Protocol RADIUS AAA server

  No snmp server location

  No snmp Server contact

  SNMP-Server Community public

  No trap to activate snmp Server

  enable floodguard

  No sysopt route dnat

  You have no static command to create the static translation slots. Thus, you need outbound to create temporary translation locations, but these are not permanent, you will have problems.

  public static x.x.44.0 (Interior, exterior) x.x.44.0 netmask 255.255.255.0

  You must bring happiness

• PIX 515E v7 VPN config help

  Hello

  I have a PIX 515E current of execution to 7.

  Is it possible to use VPN with only 1 static IP address from the ISP (no gateway or the ip address of the ISP router is provided).

  I can set up routing on the ADSL modem, but then the PIX does not have a valid Internet IP address?

  I think that v7 does not support PPPOE? so I can't set the mode on the bridged adsl modem?

  Is there a way to fix this?

  Any help appreciated gratefully.

  apply the commands below:

  ISAKMP identity address

  ISAKMP nat-traversal 20

  If the problem persists, then please post the entire config with ip hidden public.

• PIX 515E config help

  I am a new user and I'm trying to configure a PIX 515e Ver 6.3 (3). How can I give my users inside access to my webfarm located on dmz1. I am able to access the test sites inside and outside dzm1. I can't access the Web inside dmz1 sites. Here is my current config:

  6.3 (3) version PIX

  interface ethernet0 100full

  interface ethernet1 100full

  interface ethernet2 100full

  Automatic stop of interface ethernet3

  Automatic stop of interface ethernet4

  Automatic stop of interface ethernet5

  ethernet0 nameif outside security0

  nameif ethernet1 inside the security100

  nameif ethernet2 dmz1 security50

  nameif ethernet3 intf3 securite6

  nameif ethernet4 intf4 security8

  ethernet5 intf5 security10 nameif

  enable password xxxx

  passwd xxxx

  hostname pix1

  apprendrefacile.com domain name

  fixup protocol dns-length maximum 512

  fixup protocol ftp 21

  fixup protocol h323 h225 1720

  fixup protocol h323 ras 1718-1719

  fixup protocol http 80

  fixup protocol rsh 514

  fixup protocol rtsp 554

  fixup protocol sip 5060

  fixup protocol sip udp 5060

  fixup protocol 2000 skinny

  fixup protocol smtp 25

  fixup protocol sqlnet 1521

  fixup protocol tftp 69

  names of

  aetest name 10.10.10.1

  name 10.10.10.2 aetest1

  name 13.13.13.3 aetestdmz

  name 13.13.13.4 aetestdmz1

  access-list from-out-to allow tcp any any eq www

  pager lines 24

  opening of session

  debug logging in buffered memory

  Outside 1500 MTU

  Within 1500 MTU

  dmz1 MTU 1500

  intf3 MTU 1500

  intf4 MTU 1500

  intf5 MTU 1500

  IP address outside the 12.x.x.x.255.255.0

  IP address inside 10.10.10.2 255.255.255.0

  IP address dmz1 13.x.x.x.255.255.0

  No intf3 ip address

  No intf4 ip address

  No intf5 ip address

  alarm action IP verification of information

  alarm action attack IP audit

  no failover

  failover timeout 0:00:00

  failover poll 15

  No IP failover outdoors

  No IP failover inside

  no failover ip address dmz1

  no failover ip address intf3

  no failover ip address intf4

  no failover ip address intf5

  history of PDM activate

  ARP timeout 14400

  public static 12.12.12.15 (inside, outside) aetest netmask 255.255.255.255 0 0

  public static 12.12.12.16 (inside, outside) aetest1 netmask 255.255.255.255 0 0

  (dmz1, external) 12.12.12.17 static aetestdmz netmask 255.255.255.255 0 0

  (dmz1, external) 12.12.12.18 static aetestdmz1 netmask 255.255.255.255 0 0

  Access-group from-out-to external interface

  Route outside 0.0.0.0 0.0.0.0 12.12.12.1 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225

  H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00

  Timeout, uauth 0:05:00 absolute

  GANYMEDE + Protocol Ganymede + AAA-server

  RADIUS Protocol RADIUS AAA server

  AAA-server local LOCAL Protocol

  Enable http server

  http 10.10.10.207 255.255.255.255 inside

  No snmp server location

  No snmp Server contact

  SNMP-Server Community public

  No trap to activate snmp Server

  enable floodguard

  Telnet 10.10.10.0 255.255.255.0 inside

  Telnet timeout 20

  SSH timeout 5

  Console timeout 0

  Terminal width 80

  Cryptochecksum:XXXXX

  : end

  Thank you... Jay

  with pix v6.x, nat/global or static is a must do before the pix will start to transfer packets between two interfaces.

  the current static instructions do not cover the translation between the inside and the dmz. as the traffic between pix inside the net and dmz is private, I suggest you to set up no. - nat between the two.

  for example

  static (inside, dmz1) 10.10.10.0 10.10.10.0 netmask 255.255.255.0

  clear xlate

  in the above example, pix inside the host must be able to access the dmz Server pointing to the private ip address of dmz Web server.

  If you prefer the pix inside the host to access the dmz by name server, then "alias" command should be applied.

  for example

  alias (inside) 13.13.13.3 12.12.12.17 255.255.255.255

  the need for the command "alias" is due to the fact that when pix inside the host tries to access the server dmz by name, the public dns will point to the public IP address of the dmz Web server. now, as the static electricity created for the dmz Web server is directional i.e. public ip will be accessible from the outside, not the pix inside the net. so the 'alias' command will allow the PIX to manipulate the dns response and point the name to the private ip of Web server dmz for the pix inside the host.

• All my photos are displayed such as BW because somehow I saved a preset to quickly develop and it records in BW.  This is for all of my photos.  Individually, I can cancel their but did need help how to get rid of the pre-selection, so he's going to defau

  All my photos are displayed such as BW because somehow I saved a preset to quickly develop and it records in BW.  This is for all of my photos.  Individually, I can cancel their but need help how to get rid of the preset then all photos of goes to Default or in the shot. Thank you

  Go to the develop module and highlight all the images in the film at the bottom of the screen. Enable automatic synchronization, and then click the reset button. To reset all the images in your camera default settings.

• Cisco VPN Client Authentication - PIX 515E-UR

  Hi all

  I need your expert help on the following issues I have:

  1. I would like to create more than 1 client VPN on my PIX-515E groups. This is so that I can give a different part of the internal network access to different type of VPN connection. For example, I want a group to have no XAUTH, while the other group must use RADIUS XAUTH. Is it possible for me to do this? I see the PIX automatically enable RADIUS on both groups of VPN clients.

  2. the RADIUS server is a Microsoft ISA with IAS server and it is located on the PIX inside interface. The VPN endpoint is external interface of the PIX. Is there a problem with this Setup? Do I need to have the RADIUS server that is located on the external interface?

  3 can. what command I use to debug RADIUS authentication?

  Thanks in advance for your help.

  Hi vincent,.

  (1) you can use the vpngroup *-authentication server ipaddress to specify the IP address of the Radius Server on a particular group... If you do not specify this, the authentication of the user is made locally... also check for vpngroup * order of user authentication

  (2) there should be no problem with the installation of your... should work fine... If the RADIUS is outdoors, it is subject to many attacks... so have it inside...

  (3) use the "RADIUS session debug" or "debug aaa authentication..."

  I hope this helps... all the best... the rate of responses if found useful

  REDA

• Need help to understand political static with Nat No.

  Hi all

  I have a Pix 515e with 6 interfaces. 5 interfaces are considered as internal that we don't want any translation NAT occur between them. We want only NAT between the 5 and the external interface.

  I created a No_Nat ACL successfully to not manage any portion of nat.

  What I have trouble understanding is the static command to allow traffic between higher levels to lower levels and vice versa.

  I understand the

  public static inside_address outside_address (indoor, outdoor)

  for the part of NAT translation.

  What I do not understand, this is when the inside address and address outside are the same, what order are going. For example, my inner interface (192.168.1.0/24) (sec100) is where the live servers, and I have another interface named accounting (192.168.2.0/24) (sec75).

  If I don't want no nat occurs between these two, I have the following

  No_Nat of the 192.168.1.0/24 192.168.2.0/24 ip access list permit

  No_Nat of the 192.168.1.0/24 192.168.2.0/24 ip access list permit

  NAT (inside) 0-list of access No_Nat

  NAT (accounting) 0-list of access No_Nat

  Now how can I enter the static command?

  Maybe

  static (inside, accounting) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

  or

  static (inside, accounting) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

  or

  static (accounting, inside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

  or

  static (accounting, inside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

  I do not understand the prescription for it and why it would be used one verses the other way. Is the security level determines the order? Do I need two static command, one for each direction?

  Thank you

  Denny

  Hello denny

  static can be defined in any way... its only traffic that determines what it... for example, if accounting dmz is access to any server on your inside interface, you normally want the accounting servers see the original on its public IP server inside... so, you will end up as static

  static (inside, accounting) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

  only the above static command is sufficient to establish connectivity between inside and dmz accounting. u don't need 2 static on any sense...

  Similarly, if you want to inside users to access a server on the dmz accounting, you can write a static type

  static (accounting, inside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

  hope you understand. Let us know if you need help... but normally a statement nat 0 is more than enough for the inside / dmz communication

  Kind regards

  REDA

• VPN with ASA 5500 VPN with PIX 515E vs

  I wonder what are the differences between the use of an exisitng PIX 515E for VPN remote users as appossed to acquire an ASA 5500 VPN remote users? Information or advice are appreciated to help me lean toward one or the other.

  Craig

  According to the version of the code that you run on the PIX on the PIX or ASA VPN features must be the same. So if the choice is not based on differences in features, what else would help guide the choice? You can consider if the existing PIX has sufficient resources to add the extra processing VPN load or if you should put that on another box. You might consider that the PIX is an older product range, and his end is near, while the ASA is the product that is the strategic replacement for the PIX. Given a choice I probably prefer to use a technology newer than the old technology. I also believe that the ASA will give you more choice of technology to go forward (a way of better growth) while the PIX provides current capacity but no path of growth.

  On the other hand, there is the aspect of consider that using the existing PIX does not need not to buy something new and ASA would be an expense you have to cover in the budget. And for some people the budget constraint is an important consideration.

  HTH

  Rick

• PIX 515E failover recover

  I have two PIX 515E firewall v7.01 configured in a failover scenario.

  The two units were operating without problem. Primary worked very well and the configuration changes have been transferred to secondary school.

  By TAC support, the only thing needed to test the failover was to issue a command to 'reload' in the primary and the secondary, take on main. Then, "active failover" question on the once rebooted device it was up in the secondary role.

  Failover to the secondary unit worked without problem, it is a smooth transition to the secondary unit.

  The problem came in that the original primary unit is stuck in a loop when you try to reload with what looks like now configuration errors. It will not properly start upward.

  Is not a valid procedure to test the failover?

  It seems that in the real world, this could actually happen that failover should work?

  Among what is shown:

  Config ERROR: invalid journal / level keyword specified; level must be emergencies (0) - debugging (7)

  Config error - acl_in list extended access permit tcp any newspaper SMTP host 208.13.32.36 eq

  Out of config line 359, "access-list acl_in exten...". »

  Config sync error: Suite not command could be executed in standby mode

  Platform

  acl_in list access permit tcp any host 208.13.32.36 eq smtp log inactive

  Use BREAK or ESC to interrupt boot.ridge/vlan/modify flash): m

  e inactivea VLAN

  REPLICATION OF CONFIGURATION OF ACTIVE TOWARDS THE RESCUE UNIT IS INCOMPLETE,

  Reading of 115200 bytes of the image of the flash.

  TO AVOID THE EVE OF TAKING OVER AS ACTIVE WITH A PARTIAL CONFIGURATION UNIT, THE EMERGENCY UNIT WILL NOW RESTART *.

  You're not going to like this answer.

  It seems that commands typed in and abstract by cisco in the configuration are not valid when copied/pasted in or when the firewall is rebooted or receives an active firewall configuration.

  I don't know exactly what you did, but here's what I did to reproduce your problem:

  I typed in the command:

  acl_in list access permit tcp any host 208.13.32.36 eq smtp interval 300 inactive information newspaper

  Given that "interval 300 ft newspaper is the default, it is actually saved in the running-config like:"

  acl_in list access permit tcp any host 208.13.32.36 eq smtp log inactive

  It's * not * a command invalid (the word "journal" following address must be a logging level), if you try to kick it. When you restarted the firewall, he tried to shoot the active configuration of the device (because it is now pending), received this line and since he can't run it (because it is not a valid command), it keeps restarting itself so that it cannot take over and be the active firewall.

  Best way to do is to hold this line (and other lines like him) outside the firewall active now - the line is marked "inactive" in any case, this should not affect you. The other way would be to change that line to something by default (the recording level change may be easier). In this way when the primary/secondary itself restarts again, the order received will have a valid log level (or if you take the lines out, they will not be a problem) and will allow the rest of the configuration process.

  You can also report to cisco as a bug, if they are not combing these forums already.

  -Jason

  This rate if this can help.