PIX 515 (7.02) and the translation of static port

Similar Questions

• PIX 515 does not recognize the DIMM 128 MB

  PIX 515 does not recognize the DIMM 128 MB. Won't recognize only 32 MB. Also when the upgrade to 7.0, I get an error message that it has not enough flash, but I have 16 MB of flash needed.

  PIX 515 not recognizing 128 MB may be due to, in my opinion, pix-515 supports 64 MB. PIX-515e can support 128 MB. Now error Pix by reading not enough flash I got the same message when I tried to load 7.0 release using the tftp with padding interface configured to the local network with an attached TFTP server segment. I then tried the interruption during the startup control method, once the PIX reached ROMMON > issue 'auto of e1 interface', 'address 10.0.0.1', server 10.0.0.2, there are a few other commands. You may be familiar with them, otherwise use find under cisco.

  HTH

• PIX 515 no traffic on the new IP address don't block

  We have received a new range of ips 213.x.x.x/28 from our ISP. They are routed through our existing entry door 92.x.x.146.

  The problem:
  We can not all traffic to the pix on the new 213.x.x.x/28 range.
  -If we try to ping 213.x.x.61, we get the lifetime exceeded.
  -ISP Gets the same thing of their router.
  -ISP tries ssh and gets no route to host.

  The ISP has ticked then double the Routing and the MAC address of our external interface. They are correct.

  The strange thing is that we cannot see THE log messages about the new range of incoming connection attempts. The Pix is running at the level of the journal 7.

  Does anyone have an idea what could be the problem? or suggestions for debugging the issue?

  Excerpt from config:
  7.0 (7) independent running Pix 515
  outside 92.x.x.146 255.255.255.240
  inside 192.168.101.1 255.255.255.0
  Global 1 interface (outside)
  NAT (inside) 1 0.0.0.0 0.0.0.0
  Route outside 0.0.0.0 0.0.0.0 92.x.x.145 1
  Access-group acl_out in interface outside
  acl_out list extended access permit tcp any host 213.x.x.x eq www
  acl_out list extended access permit tcp any host 213.x.x.x eq ssh
  static (inside, outside) 213.x.x.61 192.168.101.99 netmask 255.255.255.255
  ICMP allow any inaccessible State

  192.168.101.99 is a test with http and ssh linux server

  Any help much appreciated.

  PM

  dsc_tech_1 wrote:
  I have spoken to the ISP and confirmed the MAC address of the outside interface Ethernet0
  
      ISP says
  
      ...we are sending this correctly to your pix, you should see any traffic destined for a 213.x.x.0/28 address hit your interface at 92.x.x.146/32
  
  Yes 217.x.x.81 and 217.x.x.82 are routers owned by our ISP.
  Is there anything else I can ask the ISP in terms of testing/debugging? I've run out of ideas.
  

  If the routers are owned by your ISP, then the fault lies with them. They have a routing loop in their network and that's why packages are not your firewall. You have them shown the traceroute?

  They must focus on the routeurs.81 et.82 to establish why the packets are looped between these 2 routers. Until they fix this packet will never get your firewall.

  Jon

• How to set up * application and the workspace of static files after upgrade from 4.2 to 5.0?

  Hello.

  I just upgraded from 4.6 to 5.0 on Windows 7 64 bit.  ADR 2 and Tomcat running.  The APEX and my app runs.  Images of the APEX are OK.

  Problem: Application and do not display images of working space.

  Here are the different paths:

  • C:\apache-Tomcat-7.0.59\webapps\i
  • C:\APEX\images

  I copied the content of the APEX webapps\i images directory to the tomcat directory.

  I ran the two flavors of the loading image script, and each completed without error.

  • SQL > @apxldimg.sql c:
  • SQL > @apex_epg_config.sql c:

  I am able to log in administrator mode or developer APEX, and everything looks very good and works well.

  I can't connect to my request and it works, but the images, for example, the logo is not displayed.  The application CSS file is not currently in use.

  The source of the page shows that in the head of <>, where "pva" is the name of workspace:

  "" < link rel= "shortcut icon" href= "pva/static-files-not-configured/files/static/v4Y/eprentise_favicon-32x.png" type= "image/x-icon" / > "

  < link rel =" style sheet " href =" PVA/static-files-not-configured/Files/static/v4Y/epr_4_6.CSS " type of =" text/css " />

  This is the logo of the hgroup > < body > <

  "" "< a href="f? p = 520:1:1212525121720" id="uLogo"> < img src="pva/static-files-not-configured/files/static/v4Y/eprentise_default-logo.png" alt="eprentise demo" title= 'eprentise demo" height= "50" / > < /a > "

  #WORKSPACE_IMAGES # = pva/static-files-non-configured/files/static/v4Y /, which is considered in the places above.

  
  

  #APP_IMAGES # = pva/static-files-non-configured/520/files/static/v2Y /, where the application_id is 520.  These images are not either

  
  

  My understanding is that the images of the workspace and the app are not stored in the file system in the results directory.
  

  
  

  Advice or a pointer to the documentation on how to configure static files for application and space images of work and for the application CSS file?

  
  

  Thank you

  Skip
  

  Hi Skip,

  If you are using ADR the next chapter in the ADR of the installation guide part is important to you. https://docs.Oracle.com/CD/E59726_01/install.50/e39144/listener.htm#HTMIG29472

  In particular, the following note in "on the configuration of the RESTful Services.

  RESTful services ask Oracle 2.0 or subsequent REST Data Services. RESTful Services configuration is necessary when upgrading to Oracle Application Express version 5.0 and RESTful Services were not configured in a previous version.

  Concerning

  Patrick

  Member of the APEX development team

• Display and the translation of the codes

  This is an easy question for someone. I'm store values of code ("Y", "N"), in a column of Mysql database and when I display the field in Dreamweaver, I would like to appear as 'Yes' or 'No', not only the letter, as the case warrants. The only way I think to do that is with a menu or a list but that generates a select menu drop-down list and I want to display only, no entry. Surely there is an easy way to do that is simply eluding me.
  
  Any thoughts?

  Murray * ACE * has written:
  >

  You have your citations badly mixed up.

  --
  Adobe Community Expert David Powers
  Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
  Author, "PHP Solutions" (friends of ED)
  http://foundationphp.com/

• Use cases and the disadvantages of static display objects

  Hello
  I am currently working on JDEV 11.1.1.6.0 and currently in prototype phase. We use placeholders to the prototype, the elements of selectOneChoice etc, I came across a few articles and think to use instead of static VO because it the VO to stay in place later during the actual evolution. Disadvantages of this particular approach? And no specific usage encountered cases would be useful.
  
  Thanks in advance.

  I don't see any downside to this. I have to do this a lot. The only thing you need to keep in mind is that data have to be static.
  I wrote a blog on this http://tompeez.wordpress.com/2012/09/02/jdeveloper-using-static-viewobjects-for-lookup-data/

  Timo

• How to open a port and limit the range of addresses that use it on PIX 515?

  I have a Pix 515 v6.3 and a new piece of software that I'm getting soon need aura 5080 open port for incoming & outgoing HTTP traffic. The server will be in my DMZ to 10.0.0.1

  I would like to restrict inbound access to this port so that it can be used in 4 specific IP adderess foreign xxx.xxx.xxx.24 through xxx.xxx.xxx.27 and also, if possible, limit the outbound destination using this port to a single specific foreign IP address xxx.xxx.xxx.30.

  Could you please tell me the best way to do it.

  Thank you in advance for a relative novice to PIX.

  PIX (config) # access list acl-outside permit tcp host xxx.xxx.xxx.24 host MyWWWPublicIP eq 5080

  PIX (config) # access list acl-outside permit tcp host xxx.xxx.xxx.25 host MyWWWPublicIP eq 5080

  PIX (config) # access list acl-outside permit tcp host MyWWWPublicIP eq xxx.xxx.xxx.26 host 5080

  PIX (config) # access list acl-outside permit tcp host MyWWWPublicIP eq xxx.xxx.xxx.27 host 5080

  PIX (config) # access - group acl-outside in interface outside

  PIX (config) # access list acl - dmx permit tcp host 10.0.0.1 xxx.xxx.xxx.30 eq 5080

  PIX (config) # access - group acl - dmz dmz interface

  static (inside, outside) MyWWWPublicIP 10.0.0.1 netmask 255.255.255.255 0 0

  See also:

  PIX 500 series firewall

  http://www.Cisco.com/pcgi-bin/support/browse/psp_view.pl?p=hardware:PIX & s = Software_Configuration

  Configuration of the PIX Firewall with access to the Mail Server on the DMZ network

  http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_configuration_example09186a008015efa9.shtml

  sincerely

  Patrick

• termination of VPN client 4.0 on pix 515

  I am trying to connect the cisco 4.0 vpn client to a worm of pix 515 6.1 and receive as a result of errors that I guess are the related hashing algorithm but am not sure. Only DES is not enabled 3DES. Config output Cisco post interprets but apparently no error in config.

  Journal of VPN client:

  Cisco Systems VPN Client Version 4.0 (Rel)

  Copyright (C) 1998-2003 Cisco Systems, Inc. All rights reserved.

  Customer type: Windows, Windows NT

  Running: 5.0.2195

  1 10:58:34.890 25/09/03 Sev = Info/4 CM / 0 x 63100002

  Start the login process

  2 10:58:34.906 25/09/03 Sev = Info/4 CVPND/0xE3400001

  Microsoft's IPSec Policy Agent service stopped successfully

  3 10:58:34.906 25/09/03 Sev = Info/4 CM / 0 x 63100004

  Establish a connection using Ethernet

  4 10:58:34.906 25/09/03 Sev = Info/4 CM / 0 x 63100024

  Attempt to connect with the server "x.x.x.226".

  5 10:58:35.953 25/09/03 Sev = Info/6 IKE/0x6300003B

  Attempts to establish a connection with x.x.x.226.

  6 10:58:36.000 25/09/03 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK AG (SA, KE, NO, ID, VID (Xauth), VID (dpd), VID (Nat - T), VID (Frag), VID (Unity)) at x.x.x.226

  7 10:58:36.000 25/09/03 Sev = Info/4 IPSEC / 0 x 63700008

  IPSec driver started successfully

  8 10:58:36.000 25/09/03 Sev = Info/4 IPSEC / 0 x 63700014

  Remove all keys

  9 10:58:41.093 25/09/03 Sev = Info/4 IKE / 0 x 63000021

  Retransmit the last package!

  10 10:58:41.093 25/09/03 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK AG (Retransmission) to x.x.x.226

  11 10:58:46.093 25/09/03 Sev = Info/4 IKE / 0 x 63000021

  Retransmit the last package!

  12 10:58:46.093 25/09/03 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK AG (Retransmission) to x.x.x.226

  13 10:58:51.093 25/09/03 Sev = Info/4 IKE / 0 x 63000021

  Retransmit the last package!

  14 10:58:51.093 25/09/03 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK AG (Retransmission) to x.x.x.226

  15 10:58:56.093 25/09/03 Sev = Info/4 IKE / 0 x 63000017

  Marking of IKE SA delete (I_Cookie = 20FC277498A5D2DC R_Cookie = 0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

  16 10:58:56.593 25/09/03 Sev = Info/4 IKE/0x6300004A

  IKE negotiation to throw HIS (I_Cookie = 20FC277498A5D2DC R_Cookie = 0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

  17 10:58:56.593 25/09/03 Sev = Info/4 CM / 0 x 63100014

  Could not establish the Phase 1 SA with the server 'x.x.x.226' due to the 'DEL_REASON_PEER_NOT_RESPONDING '.

  18 10:58:56.593 25/09/03 Sev = Info/5 CM / 0 x 63100025

  Initializing CVPNDrv

  19 10:58:56.593 25/09/03 Sev = Info/4 IKE / 0 x 63000001

  Signal received IKE to complete the VPN connection

  20 10:58:56.625 25/09/03 Sev = critique/1 CVPND/0xE3400001

  Service Microsoft's IPSec Policy Agent started successfully

  21 10:58:57.093 25/09/03 Sev = Info/4 IPSEC / 0 x 63700014

  Remove all keys

  22 10:58:57.093 25/09/03 Sev = Info/4 IPSEC / 0 x 63700014

  Remove all keys

  23 10:58:57.093 25/09/03 Sev = Info/4 IPSEC / 0 x 63700014

  Remove all keys

  24 10:58:57.093 25/09/03 Sev = Info/4 IPSEC/0x6370000A

  IPSec driver successfully stopped

  Journal of Pix:

  crypto_isakmp_process_block: CBC x.x.x.194, dest x.x.x.226

  Peer VPN: ISAKMP: approved new addition: ip:x.x.x.194 Total VPN peer: 1

  Peer VPN: ISAKMP: ip:x.x.x.194 Ref cnt is incremented to peers: 1 Total VPN EEP

  RS: 1

  Exchange OAK_AG

  ISAKMP (0): treatment ITS payload. Message ID = 0

  ISAKMP (0): audit ISAKMP transform 1 against the policy of priority 1

  ISAKMP: encryption... What? 7?

  ISAKMP: hash SHA

  ISAKMP: default group 2

  ISAKMP: preshared extended auth

  ISAKMP: type of life in seconds

  ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b

  ISAKMP: attribute 3584

  ISAKMP (0): atts are not acceptable. Next payload is 3

  ISAKMP (0): audit ISAKMP transform against the policy of priority 1 2

  ISAKMP: encryption... What? 7?

  ISAKMP: MD5 hash

  ISAKMP: default group 2

  ISAKMP: preshared extended auth

  ISAKMP: type of life in seconds

  ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b

  ISAKMP: attribute 3584

  ISAKMP (0): atts are not acceptable. Next payload is 3

  ISAKMP (0): audit ISAKMP transform 3 against the policy of priority 1

  ISAKMP: encryption... What? 7?

  ISAKMP: hash SHA

  ISAKMP: default group 2

  ISAKMP: preshared auth

  ISAKMP: type of life in seconds

  ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b

  ISAKMP: attribute 3584

  ISAKMP (0): atts are not acceptable. Next payload is 3

  ISAKMP (0): audit ISAKMP transform 4 against the policy of priority 1

  ISAKMP: encryption... What? 7?

  ISAKMP: MD5 hash

  ISAKMP: default group 2

  ISAKMP: preshared auth

  ISAKMP: type of life in seconds

  ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b

  ISAKMP: attribute 3584

  ISAKMP (0): atts are not acceptable. Next payload is 3

  ISAKMP (0): audit ISAKMP transform 5 against the policy of priority 1

  ISAKMP: encryption... What? 7?

  ISAKMP: hash SHA

  ISAKMP: default group 2

  ISAKMP: preshared extended auth

  ISAKMP: type of life in seconds

  ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b

  ISAKMP: attribute 3584

  ISAKMP (0): atts are not acceptable. Next payload is 3

  ISAKMP (0): audit ISAKMP transform 6 against the policy of priority 1

  ISAKMP: encryption... What? 7?

  ISAKMP: MD5 hash

  ISAKMP: default group 2

  ISAKMP: preshared extended auth

  ISAKMP: type of life in seconds

  ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b

  ISAKMP: attribute 3584

  ISAKMP (0): atts are not acceptable. Next payload is 3

  ISAKMP (0): audit ISAKMP transform 7 against the policy of priority 1

  ISAKMP: encryption... What? 7?

  ISAKMP: hash SHA

  ISAKMP: default group 2

  ISAKMP: preshared auth

  ISAKMP: type of life in seconds

  ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b

  ISAKMP: attribute 3584

  ISAKMP (0): atts are not acceptable. Next payload is 3

  ISAKMP (0): audit ISAKMP transform 8 against the policy of priority 1

  ISAKMP: encryption... What? 7?

  ISAKMP: MD5 hash

  ISAKMP: default group 2

  ISAKMP: preshared auth

  ISAKMP: type of life in seconds

  ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b

  ISAKMP: attribute 3584

  ISAKMP (0): atts are not acceptable. Next payload is 3

  ISAKMP (0): audit ISAKMP transform 9 against the policy of priority 1

  ISAKMP: 3DES-CBC encryption

  ISAKMP: hash SHA

  ISAKMP: default group 2

  ISAKMP: preshared extended auth

  ISAKMP: type of life in seconds

  ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4

  crypto_isakmp_process_block: CBC x.x.x.194, dest x.x.x.226

  Peer VPN: ISAKMP: ip:x.x.x.194 Ref cnt is incremented to peers: 2 Total VPN EEP

  RS: 1

  Peer VPN: ISAKMP: ip:x.x.x.194 Ref cnt decremented to peers: 1 Total VPN EEP

  RS: 1

  crypto_isakmp_process_block: CBC x.x.x.194, dest x.x.x.226

  Peer VPN: ISAKMP: ip:x.x.x.194 Ref cnt is incremented to peers: 2 Total VPN EEP

  RS: 1

  Peer VPN: ISAKMP: ip:x.x.x.194 Ref cnt decremented to peers: 1 Total VPN EEP

  RS: 1

  ISAKMP (0): retransmission of phase 1...

  ISAKMP (0): retransmission of phase 1...

  ISAKMP (0): delete SA: src x.x.x.194 dst x.x.x.226

  ISADB: Reaper checking HIS 0x80db91c8, id_conn = 0 DELETE IT!

  Peer VPN: ISAKMP: ip:x.x.x.194 Ref cnt decremented to peers: 0 Total of VPN EEP

  RS: 1

  Peer VPN: ISAKMP: deleted peer: ip:x.x.x.194 VPN peer Total: 0

  ISAKMP: Remove the peer node for x.x.x.194

  Thanks for any help

  Hello

  Pix isakmp policy should have DES, MD5, and group 2 for the 4.x to connect Cisco VPN client, these are proposals that the client sends to the server...

  http://www.Cisco.com/univercd/CC/TD/doc/product/VPN/client/rel4_0/admin_gd/vcach6.htm#1157757

  This link will show you IKE proposals be configured on the PIX (VPN server)

  Arthur

• Computer do not normally sleep wake up and the computer hang when external USB devices are connected

  Hello

  I have a Windows 7 Home Premium 64-bit desktop CyberPowerPC, and there are currently two problems with it:

  1.), I have two USB ports in the front of my case. I am connected to my computer. Then I tried to connect my external hard drive using the USB cable supplied with it, but just at the moment where the end of the USB cable touched the port, the screen is black and automatically rebooted and froze when the display shows the brand CPU that is before the login screen. I actually press the restart on my case button to restart the computer with the hard drive already plugged. Then everything should work normally.

  It's the same thing when I tried to connect my iTouch 2nd generation.

  This problem occurs sometimes, however, but I wonder if someone always has a solution to this?

  2.) whenever I put the computer to sleep and he remains asleep for a while and I turn it on it once again, powers for about 2 seconds then it turns off. I have to turn the power supply and light in the order so he could get out of mode 'sleep'.

  I was wondering if you have solutions to this problem, as well.

  Thank you.

  Original title: new Windows 7 problem

  Ok.. I'll try again...

  The problem is caused by a bad 'ground' between the USB ports of the case and the motherboard. Static electricity is originally the USB device to short on the USB port which is originally the motherboard restart mode.

  I had the same problem and got my computer case exchanged. The problem has not entirely disappeared, and I use the USB port on the front on the card reader, just in case.

  It can also be a problem with the power supply or even the motherboard. It is very difficult to locate the failure without replacing in turn, a process that happens to be a bit expensive.

  The above is the reason why I recommend that you contact the MANUFACTURER. Don't take no for an answer off the manufacturer or supplier. It is a problem annoying which can eventually damage your operating system if it is enough...

• increase the UCS blade server port

  Hello world

  I have a client with the following UCS environment:

  2 FI 6120

  2 chassis 5108

  6 B200M2

  Each chassis 5108 have 2 Fex 2104 and each 2104 a 2 10 G (cable Twinaxial) a link to each fabric Inteconnect 6120.

  If we increase the number of Serverport for each chassis 5108 from 4 to 8 (each fex will be 4 uplink), could we destroy the traffic to the blade?

  Is there a better procedure for this activity?

  Concerning

  Dino

  Hi Dino,

  I'm not sure what you mean exactly by destory traffic towards the blades? Are you talking about any loss (eth and fc) connectivity for the blades for this upgrade activity? If so yes there will be. You can connect the cables between the FI and the IOM and the same brand, that ports are srever ports having no impact, but you can use the new links you will need to re - emphasize the chassis which is a disruptive process and trigger a restart of the blades.

  As for the procedure:

  (1) connect the ports between IOM and YEW,

  (2) mark ports on the FI as ports on the server,

  (3) re - ack frame that has these new ports configured (as mentioned, make sure that the blades on the frame are closed before you re - ack)

  I hope this helps!

  . / Afonso

• Translation problem group on PIX 515

  Hi can someone help me with this?

  I'm trying to configure a PIX 515 to pass messages icmp from the interface vlan dmz configured on interface (Vlan 3) PIX inside interface.

  setting it up like this

  interface ethernet0 100full

  interface ethernet1 100full

  interface ethernet2 100full

  physical interface ethernet2 vlan2

  logical interface ethernet2 vlan3

  ethernet0 nameif outside security0

  nameif ethernet1 inside the security100

  nameif ethernet2 msx interieure4

  nameif dmz security7 vlan3

  SH nat

  NAT (inside) 1 0.0.0.0 0.0.0.0 0 0

  NAT (dmz) 1 0.0.0.0 0.0.0.0 0 0

  NAT (msx) 1 0.0.0.0 0.0.0.0 0 0

  Global HS

  Global (inside) 1 interface

  Global interface (dmz) 1

  Global (msx) 1 interface

  At this stage I am not concerened with access lists that I get the error message is as follows

  155:-echo request ICMP dmz:192.168.3.1 to 10.240.2.2 ID = 512 seq = 11520 length = 40

  305005: no translation not found for icmp src dmz:192.168.3.1 dst domestic group: 10.240.2.2 (type 8, code 0)

  I'm not an expert when it comes to the PIX can someone help. Two other things can help shed light on the problem, there is no configuration of routing between Vlan interfaces, this could be a problem? I tried a static command and still have the same error that the order was... static (dmz, inside) 192.168.3.1 192.168.3.1

  Hi David:

  As you try to allow host from an interface for low security to a high security interface, you must have

  static (high, low) high high

  In this case, you must:

  static (inside, dmz) 10.240.2.2 10.240.2.2 netmask 255.255.255.255 0 0

  I assume that you already have an access list to allow the icmp message of echo applied to the DMZ interface. If it is not already there, just add an ACE to allow the icmp message to echo that you should be good to go.

  Sincerely,

  Binh

• PIX 515 and software version 6.3 (4)

  We have a PIX 515 (not 515E). Currently, we are running software version 6.2 (2). I was wondering if we can improve the software to version 6.3 (3) or 6.3 (4), or do we need to replace the hardware with PIX 515E?

  Also what should I do on my current PDM version 2.0 (2) if it is possible to upgrade the PIX to a 6.3 version?

  Thank you.

  You can run on the Pix515 6.34. It takes at least 16 MB of flash and 32 MB of RAM.

  If you use PDM, you will need to be updated also.

  Josh

• Limit the number of users for a pix 515 uauth

  I have a PIX 515 authenticate and authorize against a Cisco Secure ACS server for outbound internet connections (using the web prompt). For the purposes of scale, I need to know the maximum number of sessions competitor for these types of users. I know there is a limit of 16 reviews on simultaneous approval process (the process of logging in first), but once they are connected, is there a limit?

  Once connected, the number of connections is limited by the number of concurrent connections that can handle a PIX. For example, the PIX 515 E can handle a maximum of 130 000 concurrent connections.

• A question about the old Pix 515

  Hi Experts.

  My client needs additional interfaces of FE and do not want to migrate the chassis 515E.

  Can the data sheet of the former 515 Pix no longer available due to the declaration of the EOS, you please confirm that the Pix 515 supports 1FE - PIX and PIX - 4FE cards before ordering one of them?

  Thank you

  The 515 supports 4 interface cards. Make sure they are running a UR pix license if - 515R takes only supported 3 interfaces.

• MM, pix 515 and mac filtering

  I have an application called MeetingMaker, located at the back of my pix 515 that is used off site by 5 users. Since accessing this program on the internet, and users can have dynamic addresses, it is possible to filter by mac address somehow to allow access through the firewall to the app? Thank you.

  MAC addresses not browse the limits of layer 3. In others, your MAC address of clients cannot be seen or known once the traffic passes through the default router for that subnet. So the answer to your question is 'no '.

  You can use AAA to handle this. How your clients connect to the server? (port/application)? If its HTTP/S, the Pix can check this name of user and password before allowing access. If it is a part on request/port, you can still use authentication by requiring them to connect to the web server out there first. This will cause the Pix to authenticate by using the challenge of browser, and the Pix can be configured to allow connections to the hosts authentiated.