PIX 501 - issues with Telnet
I'm currently pre configuration of the firewall, so I had to build a small network to test the configuration. I am able to telnet system when I plug my laptop into the hub inside the firewall. However, when I plug on the external interface and the external address of the box telnet it seems to connect but I get no feedback eventually, he abandoned the connection. I'm trying to telnet on port 25 (to mimic the smtp traffic), the telnet server has been configured to listen on this port. When I try to telnet on 23 he refuses the connection almost immediately. Its almost like the PIX meets the demand of telnet instead of the destination system. I am able to get responses from the system with various icmp traffic.
I have a static (inside, outside) mapping for the system I want to telnet to port 25.
Any ideas?
Thanks in advance.
I would say that. The correction prevents would-be hackers to get HELP and your server smtp VRFY. You will also see:
220 * 0 * 200 * 0 * 0200, instead of what type of server, etc.
Glad to be of service.
Byron
Tags: Cisco Security
Similar Questions
-
PIX 501 problems with the web server internal.
I want to open for my internal Web server, so it can be accessed from outside and I read about it here and how to do it and I do what I think of his right, but I can´t operate.
Now I just tried to open the http port standard 80 but later I want to open a specific port and also use SSL on the web server for added security.
Then I would like my setup now get help and also how to do when using other ports and SSL later.
Thanks Thomas!
6.3 (1) version PIX
interface ethernet0 10baset
interface ethernet1 100full
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
alfta hostname
domain ciscopix.com
names of
name 192.168.1.16 TerminalPC
name 192.168.3.0 Lager
permit 192.168.1.0 ip access list inside_nat0_outbound 255.255.255.0 192.168.2.0 255.255.255.0
permit 192.168.1.0 ip access list inside_nat0_outbound 255.255.255.0 255.255.255.0 Lager
permit 192.168.1.0 ip access list outside_cryptomap_20 255.255.255.0 192.168.2.0 255.255.255.0
permit 192.168.1.0 ip access list outside_cryptomap_40 255.255.255.0 255.255.255.0 Lager
outside_cryptomap_60 ip access list allow
192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
outside_access_in tcp allowed access list all eq www
host 62.108.197.90 eq www
IP outdoor 62.108.197.90 255.255.255.192
IP address inside 192.168.1.254 255.255.255.0
alarm action IP verification of information
alarm action attack IP audit
location of PDM 62.108.197.10 255.255.255.255 outside
location of PDM 62.108.197.11 255.255.255.255 outside
location of PDM 192.168.1.0 255.255.255.255 inside
location of PDM TerminalPC 255.255.255.255 inside
location of PDM 192.168.2.0 255.255.255.0 outside
location of PDM Lager 255.255.255.0 outside
location of PDM 192.168.2.0 255.255.255.0 inside
location of PDM 62.108.197.137 255.255.255.255 outside
location of PDM 62.108.197.137 255.255.255.255 inside
location of PDM 195.67.210.72 255.255.255.255 outside
location of PDM 62.108.197.90 255.255.255.255 inside
PDM logging 100 information
Global 1 interface (outside)
NAT (inside) 0-list of access inside_nat0_outbound
NAT (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside, outside) tcp 62.108.197.90 www TerminalPC www netmask 255.255.255.255 0 0
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 62.108.197.65 1
Enable http server
http 62.108.197.10 255.255.255.255 outside
http 62.108.197.11 255.255.255.255 outside
http 195.67.210.72 255.255.255.255 outside
http 192.168.1.0 255.255.255.0 inside
http 62.108.197.137 255.255.255.255 inside
enable floodguard
Permitted connection ipsec sysopt
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set esp strong - esp-sha-hmac
outside_map 20 ipsec-isakmp crypto map
card crypto outside_map 20 match address outside_cryptomap_20
peer set card crypto outside_map 20 195.198.46.88
outside_map card crypto 20 the transform-set ESP-DES-MD5 value
outside_map 40 ipsec-isakmp crypto map
card crypto outside_map 40 correspondence address outside_cryptomap_40
peer set card crypto outside_map 40 62.108.197.137
outside_map card crypto 40 the transform-set ESP-DES-MD5 value
outside_map 60 ipsec-isakmp crypto map
card crypto outside_map 60 match address outside_cryptomap_60
peer set card crypto outside_map 60 195.198.46.88
card crypto outside_map 60 the transform-set ESP-DES-MD5 value
outside_map interface card crypto outside
ISAKMP allows outside
ISAKMP key * address 62.108.197.137 netmask 255.255.255.255
ISAKMP key * address 195.198.46.88 netmask 255.255.255.255
part of pre authentication ISAKMP policy 10
encryption of ISAKMP policy 10
ISAKMP policy 10 sha hash
10 1 ISAKMP policy group
ISAKMP life duration strategy 10 86400
part of pre authentication ISAKMP policy 20
encryption of ISAKMP policy 20
ISAKMP policy 20 md5 hash
20 2 ISAKMP policy group
ISAKMP duration strategy of life 20 86400
Telnet 192.168.1.0 255.255.255.255 inside
Get out your ACL - access-list outside_access_in permit tcp any host 62.108.197.90 eq www
And a new application:
outside_access_in list access permit tcp any host 62.108.197.90 eq www
Access-group outside_access_in in interface outside
* You have the group-access above on your original configuration message, BUT not on the above post.
Don't forget to issue clear xlate after the change and also record with write mem.
Try to do this in the pix CLI instead of using PDM.
Hope this helps and let me know how you go.
Jay
-
Hello.. I am beginner in this kind of things cisco...
I'm trying to set up multiple VPN on a Cisco PIX 501 firewall with routers Linksys BEFVP41...
Since not very familiar with the CLI, I use the PDM utility and it was very easy for the first... Unfortunately, I get this error when I try to add the second VPN using the VPN Wizard:
Outside_map map (ERR) crypto set peer 200.20.10.3
WARNING: This encryption card is incomplete
To remedy the situation even and a list of valid to add this encryption card
Hi garcia
for each vpn/peer, you need to a separate instance of crypto card, the card will have the same name, but different sequence... numbers one map encryption can be attributed to an interface, but you can have several instance of cards inside a main...
for configuration, you can go through the URL below... It has all the details on IPSEC config:
http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/PIX/pix_sw/v_63/config/ipsecint.htm
I hope this helps... all the best... the rate of responses if deemed useful...
REDA
-
I try to get my PIX 501 to forward traffic on port 1412 with TCP and UDP to use Direct Connect, and the problem I have is I can connect to a DC hub, but cannot establish connections with users.
I added the following to the default configuration from the factory with a partial success:
outside access list permit tcp any host 192.168.100.20 eq 1412
access-list outside permit udp any host 192.168.100.20 eq 1412
public static tcp (indoor, outdoor) interface 1412 192.168.100.20 1412 netmask 255.255.255.255 0 0
public static tcp (indoor, outdoor) interface 1412 192.168.100.20 1412 netmask 255.255.255.255 0 0
In the debug log set to the access list I rule this type of errors:
Deny tcp src outside other.users.ip.addr/3099 dst within the my.public.ip.addr/1412 by access-group "access_outside_in".
TCP request discarded outside my.public.ip.addr/45961 other.users.ip.addr/2362
I'm quite lost as to why it does not work when I think it should. I tried several ways, opening of port ranges and no chance for a transfer of the port sucsessful.
You can change you, outside the ACL to the following:
outside access list permit tcp any host eq 1412
access-list outside permit udp any host eq 1412
outside access-group in external interface
Save again with: write mem and also issue: clear xlate
I would like to know if it works.
Jay
-
PIX 501 will ios ver 6.2 come to him, with only 16ram 8flash? Thank you
Wanted to load pdm 2.1.1 firewall and VPN. Found 501 takes ver 6.2 but not to enother ram.
Thank you
Phil
From http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/relnotes/pixrn622.htm#xtocid4 :
"The PIX 501 has 16 MB of RAM and will work correctly with Version 6.2, while all other PIX firewall platforms continue to require at least 32 MB of RAM (and are therefore also compatible with Version 6.2 or newer).
In addition, all units except the PIX 501 and PIX 506/506E require 16 MB of Flash memory to boot. (The 501 PIX and PIX 506/506E have 8 MB of Flash memory, which works correctly with Version 6.2) »
PIX firewall model... Flash memory required in point 6.2
PIX 501 .......................... 8 MB
Steve
-
My PIX 501 switch stopped working or has failed. The PIX is 10 months old. This is the second time I've seen that happen. The first time I sent it fixed by repair out of warranty, but they couldn't fix it. They said it was a chip owner they could not get from Cisco.
In any case, the unit has power. I am able to connect through the console and the WAN via SSH port. It is fully operational with the exception of the portion of the switch of the device.
Has anyone seen this kind of problem before? I've never seen a switch or a hub spoil. It's the second PIX to go wrong in the same local area network installed. PCs and servers all continue networking function wise, so connected to another switch.
Is that what I can do about this problem?
Thank you
Vince
Vince,
It depends on what type contract you have. You can open a TAC case and they will let you know the track.
Let me know if you have any questions.
Please mark this topic as resolved, so that others can benefit from.
Kind regards
-
VPN between cisco unified customer 3.6.3 and Pix 501 6.2 (1) with the MS CA server
Hello
I have Microsoft CA server with the latest support CEP and pix 501 that gets the digital certificate. I also have the client certificate of Cisco, but VPN doesn't work
In the IPSec Log Viewer, I constantly "CM_IKE_ESTABLISH_FAIL."
It worked well prior to Win2k server has been completely updated with the latest patches.
The pix configuration is identical to that of article http://www.cisco.com/warp/public/471/configipsecsmart.html
I reinstall the stand-alone CA and support CEP server but not had any luck.
What could be wrong?
It looks like IKE implementation problem. Make DH group 2 policy ISAKMP.
Visit this link:
http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/PIX/pix_v53/IPSec/exvpncl.htm
-
Problems with PIX 501 and Server MS Cert
Hi all
I have two problems with my PIX 501:
1. registration works well. The pix has a certificate and use it with SSL and VPN connections. But after a refill, the pix certificate is lost and it has regenerated again self-signed certificate!
Yes, I wrote mem and ca records all!
2. at the request of ca CRL
, I get the following debugging: Crypto CA thread wakes!
CRYPTO_PKI: Cannot be named County ava
CRYPTO_PKI: transaction GetCRL completed
Crypto CA thread sleeps!
CI thread wakes!
And the CRL is empty.
Does anyone have any idea?
Bert Koelewijn
Not sure about 1, but 2 is usually caused by the COP (Point of Distribution of CRL, basically the situation where the PIX can download the Revocation list from) listed in cert CA is in a format the PIX does not, generally an LDAP URL.
Check the following prayer:
Open the administration tool of CA (Certification Authority) then
(1) right click on the name of CA and choose 'properties '.
2) click on the tab "Policy Module".
3) click on the button "configure."
4) click on the tab "X.509 extensions".
> From there, it can display the list of the "CRL Distribution Points".
Turn off everything that isn't HTTP.
You need to reinstall the CERT in the PIX, I think, but then it should be able to download the CRL through HTTP instead of LDAP.
-
VPN site-to-site between two PIX 501 with Client VPN access
Site A and site B are connected with VPN Site to Site between two PIX 501.
Also, site A is configured for remote access VPN client. If a remote client connects to Site A, it can only get access to the LAN of Site A, it cannot access anything whatsoever behind PIX on Site B.
How is that possible for a VPN client connected to Site A to Site B?
Thank you very much.
Alex
Bad and worse news:
Bad: Not running the 7.0 series PIX cannot route traffic on the same interface, the traffic is recived. Version 7.0 solves this ipsec traffic.
Even worse: PIX 501 can not be upgraded to 7.0...
A couple of things to think about would be the upgrade to hardware that can run the new IOS or allowing a VPN R.A. on site B.
HTH Please assess whether this is the case.
Thank you
-
PIX 501 NAT and PAT with a single IP address
Using the following configuration, on my first PIX 501, I am unable to provide a server of mail to the outside world and allows inside customers to browse the Internet. :
6.3 (5) PIX version
interface ethernet0 car
interface ethernet1 100full
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
enable password xxxx
passwd xxx
hostname fw-sam-01
SAM domain name
fixup protocol dns-length maximum 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol 2000 skinny
No fixup not protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names of
outside access list permit tcp any host 62.x.x.109 eq smtp
access the inside to allow tcp a whole list
pager lines 24
Outside 1500 MTU
Within 1500 MTU
IP address outside the 62.177.x.x.x.255.248
IP address inside 192.168.45.1 255.255.255.0
alarm action IP verification of information
alarm action attack IP audit
location of PDM 192.168.45.2 255.255.255.255 inside
PDM logging 100 information
history of PDM activate
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 1 0.0.0.0 0.0.0.0 0 0
public static 62.177.x.x.x.45.2 (Interior, exterior) mask subnet 255.255.255.255 0 0
outside access-group in external interface
group-access to the Interior in the interface inside
Route outside 0.0.0.0 0.x.x.x.177.208.105 1
Timeout xlate 0:05:00
Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
Sip timeout - disconnect 0:02:00 prompt Protocol sip-0: 03:00
Timeout, uauth 0:05:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
AAA-server GANYMEDE + 3 max-failed-attempts
AAA-server GANYMEDE + deadtime 10
RADIUS Protocol RADIUS AAA server
AAA-server RADIUS 3 max-failed-attempts
AAA-RADIUS deadtime 10 Server
AAA-server local LOCAL Protocol
Enable http server
http 192.168.45.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
SNMP-Server Community public
No trap to activate snmp Server
enable floodguard
Telnet 192.168.45.0 255.255.255.0 inside
Telnet timeout 5
SSH timeout 5
Console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
: end
It is I'am using access list and groups wrong or am I wrong in PAT/NAT configuration.
Please advise...
Hello
I went through the ongoing discussion. The pix configuration should be fine for now according to suggestions. The problems seems to be on the server. If it is a new installation of windows, then there is an option not to accept requests that are not local network.
If you want to check if pix allows connections and then when you telnet to port 25 of the outside, just run the xlates control.
SH xlate and it should show you a translation for the inside host. More than a quick test if pix allows traffic is to check 'sho-outdoor access list' and see if the counters are increasing.
Hopefully this should help you.
Arun S.
-
I'm setting up a cisco pix 501 vpn tunnel but will have questions. The Firewall works although I am able to get out of the internet, but the VPN does not work. On the primary side, I see that the tunnel is up and the traffic is sent but not received.
Currently I'm sitting at the secondary location but don't know what the problem maybe. Anyone know what I have wrong which could prevent the data to send from this device?
Here is my config
Here's my config if it would help
See the race
: Saved
:
6.3 (5) PIX version
interface ethernet0 car
interface ethernet1 100full
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
activate 2KFQnbNIdI.2KYOU encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
hostname ciscofirewall
domain hillsanddales.com
fixup protocol dns-length maximum 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 5
fixup protocol rtsp 55
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol 2000 skinny
fixup protocol smtp 25fixup protocol sqlnet 1521
fixup protocol tftp 69
names of
access-list 101 permit ip 192.168.80.0 255.255.255.0 192.168.50.0 255.255.255.0
192.168.80.0 IP Access-list sheep 255.255.255.0 allow 192.168.50.0 255.255.255.0
in_outside list access permit tcp any host 192.168.50.240
in_outside list access permit tcp any host 64.90.xxx.xx
pager lines 24
Outside 1500 MTU
Within 1500 MTU
IP address outside 66.84.xxx.xx 255.255.255.252
IP address inside 192.168.80.1 255.255.255.0
alarm action IP verification of information
alarm action attack IP audit
location of PDM 192.168.50.0 255.255.255.0 outside
location of PDM 192.168.80.2 255.255.255.255 inside
location of PDM 192.168.50.0 255.255.255.0 inside
location of PDM 182.168.80.0 255.255.255.255 inside
location of PDM 0.0.0.0 255.255.255.0 inside
location of PDM 0.0.0.0 255.255.255.255 inside
location of PDM 192.168.80.5 255.255.255.255 inside
location of PDM 192.168.80.7 255.255.255.255 inside
PDM logging 100 information
history of PDM activateARP timeout 14400
Global 1 interface (outside)
NAT (inside) 1 0.0.0.0 0.0.0.0 0 0
Route outside 0.0.0.0 0.0.0.0 66.84.xxx.x
Route inside 192.168.50.0 255.255.255.0 192.168.50.240 1
Timeout xlate 0:05:00
Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
Sip timeout - disconnect 0:02:00 prompt Protocol sip-0: 03:00
Timeout, uauth 0:05:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
AAA-server GANYMEDE + 3 max-failed-attempts
AAA-server GANYMEDE + deadtime 10
RADIUS Protocol RADIUS AAA server
AAA-server RADIUS 3 max-failed-attempts
AAA-RADIUS deadtime 10 Server
AAA-server local LOCAL Protocol
Enable http server
http 192.168.80.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
SNMP-Server Community public
No trap to activate snmp Server
enable floodguard
<--- more="" ---="">Permitted connection ipsec sysopt
Crypto ipsec transform-set esp-3des esp-md5-hmac aptset
aptmap 10 ipsec-isakmp crypto map
correspondence address card crypto aptmap 10 101
card crypto aptmap 10 peers set 64.90.xxx.xx
card crypto aptmap 10 transform-set aptset
aptmap interface card crypto outside
ISAKMP allows outside
ISAKMP key * address 64.90.xxx.xx netmask 255.255.255.255
ISAKMP identity address
ISAKMP nat-traversal 20
part of pre authentication ISAKMP policy 10
ISAKMP policy 10 3des encryption
ISAKMP policy 10 md5 hash
10 2 ISAKMP policy group
ISAKMP life duration strategy 10 86400
Telnet 192.168.80.2 255.255.255.255 inside
Telnet 182.168.80.0 255.255.255.255 inside
Telnet 192.168.80.5 255.255.255.255 inside
Telnet 192.168.80.0 255.255.255.0 inside
Telnet 192.168.80.7 255.255.255.255 inside
Telnet timeout 5
SSH timeout 5
management-access insideConsole timeout 0
dhcpd address 192.168.80.2 - 192.168.80.33 inside
dhcpd dns 64.90.xxx.xx 64.90.xxx.xx
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd outside auto_config
dhcpd allow inside
Terminal width 80
Cryptochecksum:01532689fac9491fae8f86e91e2bd4c0
: endHello
At least the NAT0 ACL is not in use
You should have this added to the configuration
NAT (inside) 0 access-list sheep
-Jouni
-
Help!
I'm trying to set up VPN on my PIX 501. I have no experience of the PIX and have no idea where to start!
Any help will be greatly appreciated.
Thank you
Bennie
access list allow accord a
where is the name of the access list that you applied the entrants to your external interface. You may also allow accord coming out, if you have a list of incoming configured access to your inside interface.
-
PIX 501 DNS resolution with static route
I use a pix 501.
I have an internal DNS server behind the pix that uses my DNS of the ISP servers to resolve external domains.
Now, I want to host a web site on the same server.
To allow external access to the web server, I add the following:
outside_in_http list access permit tcp any host A.B.C.D eq www
static (inside, outside) A.B.C.D L.M.N.O netmask 255.255.255.255 0 0
Access-group outside_in_http in interface outside
It is very good and allows web access. The problem is that the server is able to resolve DNS queries.
How can I allow my server to resolve DNS again securely. I guess it's pretty simple to do, but I'm having a lot of trouble to find the solution.
Thanks in advance
Dylan
On your IP set dns to 67.38.230.69, then ping www.yahoo.com server from guest... what resovle?
-
Connectivity random Cisco Pix 501
Hello. I'm having some trouble with my CISCO PIX 501 Setup.
A few months I started having random disconnects on my network (from inside to outside). The machines can ping the DC or the Pix, but impossible to surf the internet. The only way to make them go outside is a reboot of Pix.
My configuration is:
-----------
See the ACE - pix config (config) #.
: Saved
: Written by enable_15 at 09:23:07.033 UTC Tuesday, June 3, 2014
6.3 (3) version PIX
interface ethernet0 car
interface ethernet1 100full
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
activate 8Ry34retyt7RR564 encrypted password
2fvbbfgdI.2KUOU encrypted passwd
hostname as pix
domain as.local
fixup protocol dns-length maximum 512
fixup protocol esp-ike
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol 2000 skinny
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names of
access-list acl_out permit icmp any one
ip access list acl_out permit a whole
access-list acl_out permit tcp any one
Allow Access-list outside_access_in esp a whole
outside_access_in list access permit udp any eq isakmp everything
outside_access_in list of access permit udp any eq 1701 all
outside_access_in list of access permit udp any eq 4500 all
outside_access_in ip access list allow a whole
pager lines 24
Outside 1500 MTU
Within 1500 MTU
outside 10.10.10.2 IP address 255.255.255.0
IP address inside 192.168.100.1 255.255.255.0
alarm action IP verification of information
alarm action attack IP audit
history of PDM activate
ARP timeout 14400
Global 1 10.10.10.8 - 10.10.10.254 (outside)
NAT (inside) 1 0.0.0.0 0.0.0.0 0 0
Access-group outside_access_in in interface outside
access to the interface inside group acl_out
Route outside 0.0.0.0 0.0.0.0 10.10.10.1 0
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
Timeout, uauth 0:05:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
RADIUS Protocol RADIUS AAA server
AAA-server local LOCAL Protocol
Enable http server
http 192.168.10.2 255.255.255.255 inside
http 192.168.10.101 255.255.255.255 inside
http 192.168.100.2 255.255.255.255 inside
No snmp server location
No snmp Server contact
SNMP-Server Community public
No trap to activate snmp Server
enable floodguard
Permitted connection ipsec sysopt
ISAKMP nat-traversal 20
Telnet timeout 5
SSH 192.168.10.101 255.255.255.255 inside
SSH timeout 60
Console timeout 0
dhcpd dns 8.8.8.8 8.8.4.4
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd outside auto_config
Terminal width 80
Cryptochecksum:7f9bda5e534eaeb1328ab08a3c4d28a
------------Do you have any advice? I don't get what's wrong with my setup.
My DC is 192.168.100.2 and the network mask is 255.255.255.0
The network configuration is configured to set the IP of the gateway to 192.168.100.1 (i.e. the PIX 501).
I have about 50 + peers on the internal network.
Any help is apprecciate.
Hello
You have a license for 50 users +?
After the release of - Show version
RES
Paul
-
On PIX 501 6.3 intermittent Internet access (5)
Hello
I have a problem of access to the Internet from the local network behind a PIX 501. It worked for months, but suddenly, I discovered that Internet access is intermittent. Internet access works for about 10-15 minutes and then goes down. When I reboot the firewall or disable ARP Internet works again. I turn on debugging with 'debug arp' and I get an error message "arp-in: Dropping request outside the unsolicited nonadjacent ROUTEOUTSIDE 0002.cf69.50cf for 82.x.137.x 0000.0000.0000»
Any ideas on what could be the problem?
Thank you for your help.
Kind regards.
Hello, Couple of things to check.
You have ICMP permitted on the external interface of the PIX. If so, can ask you someone to ping from the internet to the external IP address.
When they ping, can you unplug the external interface and see if they receive a response in return.
If so, then there is a problem with the access provider. They could give your IP address to another person.
If this isn't the issue, then you open a TAC case and resolve this problem.
See you soon,.
Gilbert
The rate of this post, if that helps.
Maybe you are looking for
-
When opening Firefox, browser my Yahoo homepage is loading properly. It opens but data on the Yahoo page are all the cloged on the left side of the screen and do not see the data nor the icons of work, and I can not access any information or sites, d
-
Toshiba Stor.e ALU 2 s 3.5 "does not work with my XBOX
Hi all, first timer here Just got a Toshiba external hard drive as a gift. Wanted one for a while, mainly to use with my XBOX 360 to watch movies and listen to music on. However the xbox does not pick up the hardrive (connected via USB), but he'll be
-
Where can I get the recovery for Satellite P200-113 disc
Hello Someone can tell me where I can buy a recovery disc for my satellite P200-113 formatting, or is there a place to buy in South Africa? Thank you and waiting for a quick response
-
Measure voltage across the thermistor outwardly excited
Hello I'm looking to collect temperature data by measuring the voltage on an input temperature of a piece of industrial equipment terminal. A thermistor is currently connected to a Terminal, and my USB-6212 analog input terminal is connected in paral
-
having truble with windows\system32\DRIVERS\tunnel.sys