PIX and ACS ACL downloadable Question

Similar Questions

• VPN site to Site between 6.3 (3) PIX and PIX 7.0 (1)

  Hi all

  I am configuring a VPN site-to site between my office and a new site. This is my first time doing a real VPN site to site, in the past we have always just used MS PPTP VPN.

  My office firewall is a 6.3 (3) 506th PIX running, and unfortunately this can not be upgraded to 7.0.

  My new site has a pair of PIX 525 in a failover configuration, running version 7.0 (1).

  The only documentation that I could find on this subject is a http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml, which corresponds to an even earlier version of the software firewall (although orders seemed to be valid on the 6.3 software).

  I ran through the VPN Wizard in the ASDM on the new firewall of sites, and the output produced in the firewall rules is not really what I expected. Commands like 'ISAKMP key' have been depreciated and replaced by "tunnel-group.

  What I'm really after a pointer in the right direction for certain documents which covers this type of scenario, I can't be the only one trying the link between the different versions of PIX.

  Hi M8,

  In quick words, more of the config is always the same (sets of transform, ISAKMP policy, Crypto Maps and Crypto ACL).

  The only thing that changes is the:

  ISAKMP key * address x.x.x.x

  and it is replaced by the tunnel-group command:

  tunnel-group x.x.x.x type ipsec-l2l

  tunnel-group ipsec-attributes x.x.x.x

  pre-shared-key *.

  you put the IP peer under the name of tunnel and as you can see, you will write the key in ipsec-attributes sub-mode.

  I see straight forward and I think that you will find it easy once you get used to the question of the tunnel-group.

  Hope that helps.

  Salem.

• Page App Store download question

  Hi all

  Small question. I recently bought a new Macbook Air and wanted to download Pages as my word processor. I saw that it was $ 19.99 in the Mac App Store, and I was OK with it, so I downloaded. Now, when I click on 'Bought' applications in the App Store, it mentions Keynote, iMovie, GarageBand, and numbers and download Pages. From then on, I only installed the list Pages because it was everything I wanted in the first place. I get charged for all of these applications? I checked for an e-mail confirmation or a charge on my card and nothing arises again. I get all free?

  Any help at all in the matter is greatly appreciated. Thank you!

  Pages and other applications are pre installed in your Mac > http://www.apple.com/macbook-pro/built-in-apps-retina/

• money more sunset "files needed to run the Planner missing or corrupted" then program encounters problem and closes. Downloaded multiple times on multiple computers

  money more sunset "files needed to run the Planner missing or corrupted" then program encounters problem and closes. Downloaded multiple times on multiple computers

  Hello

  I suggest you post the same question in Microsoft Technet forum for Microsoft Money Plus Sunset related issues. We have a dedicated team to help you with the problems of Microsoft Money Plus sunset.

  Microsoft Money:

  http://social.Microsoft.com/forums/is/category/money

  Hope this information is useful.

• Photo Gallery will not play the new game camera video. I don't get colors type screensaver, drawings and models, after downloading the pictures.

  My system is Vista.  Game camera is a Bushnell HD and I can download from an SD card or a direct cable to the photo gallery.  However when I play the video all that can be seen is the same type of screen saver of colors and of protections in motion seen when playing music.  The sound of the segment can be heard clearly, but you don't see nothing recorded.

  Hello

  Thanks for posting your query in Microsoft Community.

  I understand from the information you have provided to us, that you are facing problems during playback of videos in the Windows vista photo gallery. I will certainly help you in this matter.

  What is the format of the file?

  If Windows Movie Maker is installed, photo library will play videos in these types of files

  ASF, AVI, MPEG and WMV. Not all editions of Windows Vista come with Windows Movie Maker installed.

  See the link.

  http://Windows.Microsoft.com/en-in/Windows-Vista/Windows-Photo-Gallery-frequently-asked-questions

  If you face problems more when working with Windows Mail on the Microsoft Community Forum.

• I can't download attachments in Windows Live, although I can view online when the link is there and can also download zip.

  Cannot download attachments in windows live, although can view online when the link is there and can also download zip. What has happened recently. I was always able to do until recently.

  original title: Windows Live Mail

  Hello

  The best place to ask your question of Windows Live is inside Windows Live help forums. Experts specialize in all things, Windows Live, and would be delighted to help you with your questions. Please choose a product below to be redirected to the appropriate community:

  Windows Live Mail

  Windows Live Hotmail

  Windows Live Messenger

  Looking for a different product to Windows Live? Visit the home page Windows Live Help for the complete list of Windows Live forums at www.windowslivehelp.com.

• Installation of ISE and ACS

  Hi all

  I have a problem to install ISE and ACS on VM server. Linux Redhat Enterprise is detected by the system when the iso file is selected.

  But some dependencies of the package are noticed as openssl kernel-devel or cisco...

  The installation will stop from print virtual daemon.

  Any help!

  OK, I recommend:

  1. check that all the VM gusts are configured to meet the required specifications (RAM, CPU, disk space, etc.)

  2 re - download the ISO file and try the installation again

  3. download and try OVA

  Let us know how it goes :)

  Thank you for evaluating useful messages!

• PIX and ASA static, dynamic and RA VPN does not

  Hello

  I am facing a very interesting problem between a PIX 515 and an ASA 5510.

  The PIX is in HQ and has several dynamic VPN connections (around 130) and IPsec vpn remote works very well. I had to add a PIX to ASA L2L VPN static and it does not work as it is supposed to be. The ASA 5510, at the remote end, connects and rest for a small period of time, however, all other VPN connections stop working.

  The most interesting thing is that ASA is associated with the dynamic map and not the static map that I created (check by sh crypto ipsec his counterpart x.x.x.x). However, if I make any changes in the ACL 'ACL-Remote' it affects the tunnel between the PIX and ASA.

  Someone saw something like that?

  Here is more detailed information:

  HQ - IOS 8.0 (3) - PIX 515

  ASA 5510 - IOS 7.2 (3) - remote provider

  Several Huawei and Cisco routers dynamically connected via ADSL

  Several users remote access IPsec

  A VPN site-to site static between PIX and ASA - does not.

  Here is the config on the PIX:

  Crypto ipsec transform-set ESP-3DES-ESP-SHA-HMAC-IPSec esp-3des esp-sha-hmac

  Dyn - VPN game 100 Dynamics-card crypto transform-set ESP-3DES-ESP-SHA-HMAC-IPSec

  Crypto dynamic-map Dyn - VPN 100 the value reverse-road

  VPN - card 30 crypto card matches the ACL address / remote

  card crypto VPN-card 30 peers set 20 x. XX. XX. XX

  card crypto VPN-card 30 the transform-set ESP-3DES-ESP-SHA-HMAC-IPSec value

  VPN crypto card - 100 - isakmp dynamic Dyn - VPN ipsec

  interface card crypto VPN-card outside

  crypto ISAKMP allow outside

  crypto ISAKMP policy 10

  preshared authentication

  3des encryption

  md5 hash

  Group 2

  life 86400

  crypto ISAKMP policy 65535

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  access list ACL-remote ext ip 10.0.0.0 allow 255.255.255.0 192.168.1.0 255.255.255.0

  Thank you.

  Marcelo Pinheiro

  The problem is that the ASA has a crypto acl defined between host and network, while the remote end has to the network.

  Make sure that the acl is reversed.

• VPN between PIX and ASA

  I have a vpn beteen two sites, which works very well. traffic is launched from site A and can connect to the site B ok.

  I just tried to set up traffic from site B to site A, but its failure the vpn encrypt point. I checked the acl and they match:

  site A (PIX)

  Crypto acl

  access-list site_a permit tcp host 10.51.3.32 10.0.0.0 255.0.0.0 eq 3389

  no nat

  no_nat list of allowed access host ip 10.51.3.32 10.0.0.0 255.0.0.0

  site B (ASA)

  Crypto acl

  Site_B list extended access permitted tcp 10.0.0.0 255.0.0.0 host 10.51.3.32 eq 3389

  no nat

  access-list extended sheep allowed ip 10.0.0.0 255.0.0.0 10.51.3.32 host

  the only difference I see is the extended acl, but it works well in one direction?

  Thank you

  Hello

  Using port-based ACLs for crypto card is not recommended, use IP access lists and configure VPN filters to implement port restrictions.

  http://www.Cisco.com/c/en/us/support/docs/security/ASA-5500-x-series-NEX...

  Kind regards

  Averroès

• PIX and NAT - T

  Hi all

  I have a small question. I have a couple of users who use routers to connect by VPN to our pix that authenticates by a RAY for L2TP connections. I enabled the NAT - T on our PIX and they may not always connect. Is there anything I might have missed. I checked most of the posts in this forum do not see anything else, I should have activated.

  Can anyone help?

  Thanks in advance.

  Michael

  A tunnel of Lan-to-Lan of a router in a PIX does not NAT - T, unless there is NAT devices between two end points. If this is the case, you must ensure that both the software both from the end of rehbeh points devices support this capability. An example of a router to tunnel PIX IPSec configuration is available at http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml

  Another example that deals with the same configuration with NAT is available at

  http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a0080094a87.shtml

• PIX 501 ICMP access list Question

  According to the book, I have the pix and firewall that I know of dealing with routers and switches access lists define what traffic is allowed outside the network. With pix access lists can only be applied one way, to the interface they enter, not leaving. It's my understanding, but when I do an ICMP command:

  PIX1 (config) # access - list ethernet1 permit icmp any any echo response

  PIX1 (config) # access - list icmp permitted ethernet1 everything all inaccessible

  Access-group ethernet1 PIX1 (config) # interface inside

  This does not work, but if I apply the access group to the external interface it works. I understand why it is like that.

  Thank you

  This works because the pix is not aware of session state for the way icmp traffic that it does for tcp and udp.

  By default, less access to a high to an interface is allowed, unless you have an acl applies to the interface of higer - then only what the acl permits will be allowed. So you can send outbound icmp echo request. However, for the response to be returned, you must allow that explicitly in an acl that is applied on the external interface, because the pix won't allow any outside traffic by default.

  Even for icmp unreachable, although I want to put in custody to be part of the config. Allow only the unattainable due to the ttl expired to facilitate detection of mtu path, not all unachievable.

  Let me know if it helps.

• Slow access to Internet and can not download

  I can download on the Internet, but cannot download.  Simple example: I can receive email, but not send.  I tested ping, download and upload performance at speedtest.net - results were very slow ping time. Download de.22 mbps and failed.  I restarted the pc, as well as the time of mutiple cable modem and the router.  I tried to disable the TrendMicro antivirus with no impact.  I have another computer on the same network that works well.  I also VoIP phone service without problem, so it seems that the problems are related to this PC (Dell running Windows 7).  I had the pc for 2 years and this problem appeared just today afternoon EDT.  The anti-virus scans have not picked up anything whatsoever. Any thoughts?

  Hi Bruce,

  1. you receive an error code or message?

  2. did you of recent changes made to your computer before the show?

  3. what type of file you are trying to download? 4. what web browser do you use?

  Please follow the methods below if you use Internet Explorer and check the number:

  Method 1:

  How to optimize Internet Explorer? :

  http://support.Microsoft.com/kb/936213/no

  Note: Reset the Internet Explorer settings can reset security settings or privacy settings that you have added to the list of Trusted Sites. Reset the Internet Explorer settings can also reset parental control settings. We recommend that you note these sites before you use the reset Internet Explorer settings.

  Method 2:

  You need perform a clean boot to prevent any third party conflicting application from interfering with your computer.

  To put the computer in a clean boot State, you must follow the steps in the article mentioned below and check with the question.

  How to troubleshoot a problem by performing a clean boot in Windows Vista or Windows 7:
  http://support.Microsoft.com/kb/929135

  Note: You must follow step 7 of the article mentioned above to recover your computer to a Normal startup after you complete all the steps.

  Method 3:

  Cycle power to the router:

  a. unplug both the modem and the router, if you have a. Most modems and routers do not include a power button, the easiest way is to restart them by unplugging the unit.

  b. wait 30 seconds. This allows devices short-term memory to erase completely. Plug in the modem first.

  c. wait 10 to 20 seconds for the modem to connect before you turn on the router. The "Internet" or "WAN" on the modem led should be green to indicate that it is connected. Plug the power cord from the router.

  d. wait for the router to connect to the modem. If your computer still does not connect, try restarting the computer.

  Method 4:

  Why is my Internet connection so slow? :

  http://Windows.Microsoft.com/en-us/Windows7/why-is-my-Internet-connection-so-slow

  Note: The data files that are infected must be cleaned only by removing the file completely, which means that there is a risk of data loss.

  Note: Reset the Internet Explorer settings can reset security settings or privacy settings that you have added to the list of Trusted Sites. Reset the Internet Explorer settings can also reset parental control settings. We recommend that you note these sites before you use the reset Internet Explorer settings.

  I hope this helps.

• Pass music Xbox has some songs/albums only with a 'buy' option and not a download option

  Original title: Xbox Music

  I have a Xbox Music Pass but some songs/albums offer only an option 'buy' and not a download option, Unapologetic of Rihanna is $16.99 no "Download" option, while diamonds offers me the download option... what gives?

  Hi Karen,.

  Thanks for posting the question on the Microsoft Community Forums.

  
  According to the description, it looks like you are faced with a problem when downloading music on Xbox store.
  
  The question you posted would be better suited in the Xbox Forums; We recommend that you post your question in the Xbox Forums to get help:
  
  Music of the Xbox and the Xbox Music Store: http://support.xbox.com/en-US/music-and-video/music/music-info
  
  Xbox forums: http://forums.xbox.com/xbox_forums/xbox_support/default.aspx
  If you need Windows guru, do not hesitate to post your questions and we will be happy to help you.

• I have some serious issues update to existing and new to download applications.

  Hello

  I just bought a laptop with w8
  I have some serious issues update to existing and new to download applications.
  When I click to download an app it still works but does not settle anything.
  at this point, I can't click the back (arrow) button to return to the main image of the store
  the windows button works and I can continue to use my computer
  the new application (or the update for an existing one) is not installed.
  Here are some useful points:
  -No installation other than Mc. provided McAfee antivirus preinstalled.
  -computer is not in a proxy connection
  -windows update does not work, when I click it works forever without doing anything
  -J' have tried to run the troubleshooter, but it fixes all the time the same 2 questions and that solves nothing
  -J' I reset the cache to store without change
  -without any logical explanation, some updates and downloads have managed at the beginning. then, when the problem started I have reset the cache and I could download a couple more. now everything is blocked and no solution found on this forum does not work.
  Please help me
  thanx
   
  Original title: problem with store windows

  Hello

  I suggest to run the following command and check to see if it helps.

  To fix Windows Update errors, use Deployment Image Servicing and Management.

  1. open an elevated command prompt. To do this, click Start, click programs, accessories principally made, right-click Guest, and then click Run as administrator. If you are prompted for an administrator password or a confirmation, type the password, or click on allow.

  2 type the following commands. Press ENTER after each command.

  o DISM.exe / Online/Cleanup-image /Scanhealth

  o DISM.exe / Online/Cleanup-image /Restorehealth

  3. close the command prompt, and then run Windows Update again.

• Switched to Mac and need to download Lightroom.

  I bought Lightroom 4 years ago and have been using it on my Windows laptop. I just bought a Macbook Pro and need to download Lightroom. May be a stupid question but I just download (which I can't understand) or should I buy it? Thank you

  You can download Lightroom 5.7 and earlier versions here:

  Adobe - Lightroom: For Macintosh