PIX to PIX VPN using Ipsec Tunnel. Need help please.
Hello everyone,
I have a connection of two sites using 506th PIX and PIX 501. The one on the central site (WATBCINX1 - 506th PIX) sends the packet correctly and one on the remote site (CTXPOINX1 - PIX 501) receives (checked using icmp backtrace on the two PIX). The problem is that PIX 501 at remote site return packages. I have to say that the two PIX hace a 3com OfficeConnect ADSL router as gateway Internet 812. If someone could help me I would appreciate it a lot. Thank you!
PIX 506th Configuration (central site):
WATBCINX1 # sh conf
: Saved
: Written by enable_15 to the CEDT 08:36:50.090 Friday, June 20, 2003
6.2 (2) version PIX
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
activate qU51Wrx8ggFHLusK encrypted password
qU51Wrx8ggFHLusK encrypted passwd
hostname WATBCINX1
NEOKEM domain name. LAN
clock timezone THATS 1
clock to summer time CEDT recurring last Sun Mar 02:00 last Sun Oct 03:00
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol they 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol 2000 skinny
no names
name 80.37.246.195 POLINYÀ
access-list outside_access_in allow accord any host 10.0.0.10
outside_access_in list access permit tcp any host 10.0.0.10 eq 1723
outside_access_in list access permit tcp any host 10.0.0.10 eq smtp
outside_access_in list access permit tcp any host 10.0.0.10 eq pop3
access-list outside_access_in allow icmp a whole
inside_access_in ip access list allow a whole
access-list inside_access_in allow a tcp
access-list inside_access_in allow icmp a whole
Allow Access-list inside_access_in a whole udp
access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.11.0 255.255.255.0
pager lines 24
opening of session
interface ethernet0 10full
interface ethernet1 10full
Outside 1500 MTU
Within 1500 MTU
outdoor IP 10.0.0.3 255.0.0.0
IP address inside 192.168.0.1 255.255.255.0
alarm action IP verification of information
alarm action attack IP audit
location of PDM 192.168.0.100 255.255.255.255 inside
location of PDM 192.168.0.0 255.255.0.0 inside
location of PDM 192.168.0.128 255.255.255.255 inside
location of PDM 192.168.0.135 255.255.255.255 inside
location of PDM 192.168.11.0 255.255.255.0 outside
location of PDM 192.168.11.0 255.255.255.0 inside
location of PDM 80.37.246.195 255.255.255.255 outside
location of PDM 192.168.0.254 255.255.255.255 outside
PDM 100 debug logging
history of PDM activate
ARP timeout 14400
Global 1 interface (outside)
(Inside) NAT 0-list of access 101
NAT (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside, outside) 10.0.0.10 192.168.0.100 netmask 255.255.255.255 0 0
Access-group outside_access_in in interface outside
inside_access_in access to the interface inside group
Route outside 0.0.0.0 0.0.0.0 10.0.0.2 1
Timeout xlate 0:05:00
Conn Timeout 0:00:00 half closed 0: 10:00 udp 0:02:00 CPP 0: h323 from 10:00 0: 05:00 sip 0:30:00
sip_media 0:02:00
Timeout, uauth 0:00:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
RADIUS Protocol RADIUS AAA server
AAA-server local LOCAL Protocol
authenticate the NTP
NTP server 192.43.244.18 source outdoors
NTP server 128.118.25.3 prefer external source
Enable http server
http 192.168.0.100 255.255.255.255 inside
http 192.168.0.128 255.255.255.255 inside
http 192.168.0.135 255.255.255.255 inside
http 192.168.11.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
SNMP-Server Community public
No trap to activate snmp Server
enable floodguard
Permitted connection ipsec sysopt
No sysopt route dnat
Crypto ipsec transform-set esp - esp-md5-hmac COMUN_BCN
Polinyà 1 ipsec-isakmp crypto map
correspondence address 1 card crypto Polinyà 101
card crypto Polinyà 1 set peer 80.37.246.195
card crypto Polinyà 1 the transform-set COMUN_BCN value
interface to crypto map outdoors Polinyà
ISAKMP allows outside
ISAKMP key * address 80.37.246.195 netmask 255.255.255.255
ISAKMP identity address
part of pre authentication ISAKMP policy 1
of ISAKMP policy 1 encryption
ISAKMP policy 1 md5 hash
1 1 ISAKMP policy group
ISAKMP policy 1 lifetime 1000
Telnet 192.168.0.128 255.255.255.255 inside
Telnet 192.168.0.135 255.255.255.255 inside
Telnet 192.168.11.0 255.255.255.0 inside
Telnet timeout 10
SSH timeout 5
username password QSECOFR privilege ELFfg8t/K5UMO89z encrypted 15
Terminal width 80
Cryptochecksum:74cd0cf16ef2c35804dffaeee924efdf
WATBCINX1 #.
PIX 501 Setup (remote site):
CTXPOINX1 # sh conf
: Saved
: Written by enable_15 to the CEDT 09:27:14.439 Friday, June 20, 2003
6.2 (2) version PIX
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
activate qU51Wrx8ggFHLusK encrypted password
qU51Wrx8ggFHLusK encrypted passwd
hostname CTXPOINX1
NEOKEM domain name. LAN
clock timezone THATS 1
clock to summer time CEDT recurring last Sun Mar 02:00 last Sun Oct 03:00
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol they 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol 2000 skinny
no names
name 80.32.132.188 BCN
access-list inside_access_in allow a tcp
Allow Access-list inside_access_in a whole udp
access-list inside_access_in allow icmp a whole
inside_access_in ip access list allow a whole
access-list outside_access_in allow icmp a whole
access-list 101 permit ip 192.168.11.0 255.255.255.0 192.168.0.0 255.255.255.0
pager lines 24
opening of session
interface ethernet0 10baset
interface ethernet1 10full
Outside 1500 MTU
Within 1500 MTU
IP 10.0.0.1 address outside 255.0.0.0
IP address inside 192.168.11.2 255.255.255.0
alarm action IP verification of information
alarm action attack IP audit
location of PDM 192.168.0.0 255.255.0.0 inside
location of PDM 192.168.11.0 255.255.255.255 inside
PDM 100 debug logging
history of PDM activate
ARP timeout 14400
Global 1 interface (outside)
(Inside) NAT 0-list of access 101
NAT (inside) 1 0.0.0.0 0.0.0.0 0 0
Access-group outside_access_in in interface outside
inside_access_in access to the interface inside group
Route outside 0.0.0.0 0.0.0.0 10.0.0.2 1
Timeout xlate 0:05:00
Conn Timeout 0:00:00 half closed 0: 10:00 udp 0:02:00 CPP 0: h323 from 10:00 0: 05:00 sip 0:30:00
sip_media 0:02:00
Timeout, uauth 0:00:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
RADIUS Protocol RADIUS AAA server
AAA-server local LOCAL Protocol
authenticate the NTP
NTP server 192.5.41.209 prefer external source
Enable http server
HTTP 80.32.132.188 255.255.255.255 outside
http 192.168.0.0 255.255.0.0 inside
http 192.168.11.0 255.255.255.255 inside
No snmp server location
No snmp Server contact
SNMP-Server Community public
No trap to activate snmp Server
enable floodguard
Permitted connection ipsec sysopt
No sysopt route dnat
Crypto ipsec transform-set esp - esp-md5-hmac COMUN
BCN 1 ipsec-isakmp crypto map
card crypto bcn 1 set peer 80.32.132.188
card crypto bcn 1 the transform-set COMMON value
bcn outside crypto map interface
ISAKMP allows outside
ISAKMP key * address 80.32.132.188 netmask 255.255.255.255
ISAKMP identity address
part of pre authentication ISAKMP policy 1
of ISAKMP policy 1 encryption
ISAKMP policy 1 md5 hash
1 1 ISAKMP policy group
ISAKMP policy 1 lifetime 1000
Telnet 80.32.132.188 255.255.255.255 outside
Telnet 192.168.0.0 255.255.0.0 inside
Telnet timeout 10
SSH timeout 5
username password QSECOFR privilege ELFfg8t/K5UMO89z encrypted 15
Terminal width 80
Cryptochecksum:dc8d08655d07886b74d867228e84f70f
CTXPOINX1 #.
Hello
You left out of your config VPN 501 correspondence address... put this in...
correspondence address 1 card crypto bcn 101
Hope that helps...
Tags: Cisco Security
Similar Questions
-
I need to change my apple user ID e-mail address. Since I will be withdrawn and used my personal E-mail address instead of company e-mail. I need help please on how to do it. I now use IPhone 6
Launch Safari on your iPhone, iPad or Mac and go to appleid.apple.com.
To an iOS device, tap on manage your Apple ID. If requested, please check your identity after the connection.
Click or tap on change in section Apple ID and primary e-mail address.
Edit with your new email address.
-
The guys that I need help please,
Last night I tried to install the update to alcapitan to my macbook pro, but it does not work it makes me a message (your installation cannot be finshed) and many many things and when I try to strt my macbook still keeps it install the updat and then get the message again...
I need help please
Hello, check if the mac you can use El Capitan. See the information update of OS X El Capitan - Apple Support here
-
I have Windows XP 32-bit with IE8 Add ons. I mainly use Firefox Mozilla for my browser and Yahoo as my home page. Anyway, I have tried all the support and help guide and technicians told me to do to get add ons to open and activate but in vain. This computer was given to me as a profession, and it was used in a Bank, so I think that the system administrator has disabled the add ons. I myself as an administrator and use the tips and tricks given windows and Microsoft, but I always run up a wall. I need help, please.
I also need to know how to uninstall Windows antivirus software. I can't find anywhere on my computer. I feel really stupid and he is probably right in front of my face, but I can't find it to uninstall. I have McAfee that I paid dearly for if I want to use it until it expires.This "Microsoft antivirus' witness (AKA Trojan W32/FakeAlert) hijackware infection!
If you manage to somehow move to Win7, you will always have an infected computer.
The ONLY way to solve the problem is by formatting the current hard drive and do a clean installation of Windows, whether it is WinXP or Win7.
The ONLY way you can do a clean install of Windows XP if you have disks that came with the computer or if by chance, there is a hidden partition restore (not to be confused with the system restore).
If your kids er - well & their spouses are going to spend money on a new HARD drive, they'be be better spend on a low-end Windows 7 computer and brand-new (for example, a netbook or a mini).
NB: Any data on your Windows XP computer must be considered 100% reliable! (This includes all of your usernames and passwords, for example, those used for online banking, etc.) You do NOT want to put ALL the data from Windows XP to a new computer or HARD disk.
Good luck, Grandma. Hope that your grandchildren will treat you better than their parents.
PS: Time wounds all heels.
~ Robear Dyer (PA Bear) ~ MS MVP (that is to say, mail, security, Windows & Update Services) since 2002 ~ WARNING: MS MVPs represent or work for Microsoft
-
I want to return a plug-in, I accidentally deleted.i to play online snooker.can someone at - it need help please?
Hello
1. What plugin you are talking about?
2. on which site Web you are trying to play the game of billiards online?
3. what web browser do you use?
4. how exactly did you uninstall the plug?
Plug-ins are provided by third-party providers, you can try to load the game of billiards and verification that branch is needed.
Please come back with more information on the issue so that we can help you better.
You can also visit the link of the article of Microsoft that will guide you on how to ask questions below.
Suggestions for a question on the help forums
-
worked very well and when was time to save I get the cyclic redundancy check, I try several times and made the same thing I need help please
Hello Hans,.
Thanks for choosing Microsoft Community!
According to the description of the problem, you have problems when you use the backup on Windows 8 feature.
Please answer these questions to better understand the issue and help you:
1. are - what you're talking to backup and restore functionality on Windows 7?
2 have you made any changes to the computer before the show?
It is perhaps to cause bad sectors on the hard drive, run the disk check to repair bad sectors
Check your hard drive for errors:
http://Windows.Microsoft.com/en-us/Windows7/check-your-hard-disk-for-errors
Important: Running chkdsk on the drive if bad sectors are found on the disk hard when chkdsk attempts to repair this area if all available on which data can be lost.
For more information:
Backup and restore: frequently asked questions
http://Windows.Microsoft.com/en-us/Windows7/back-up-and-restore-frequently-asked-questions
Hope the helps of information. Don't answer if you need assistance, we will be happy to help you.
-
NEED HELP Please im having a problem to forget my password and when I plug it it says its locked with a password he tried to put the itunes thing but it says enter password I put in what I rember, then said lokced for five minutes help me pls
Without knowing the password for your iPhone, there is no way to unlock it, bring even you to the Genius Bar. If you continue to enter the wrong password, you will be locked out of your iPhone, and your data will be unaccessable.
-
Compaq cq10: need help please code error: CNU0015RN9 on compaq cq10 150ev
Need help please code error: CNU0015RN9
Thank you in advance!
Hello
No problem. Did you do a hard reset and try again?
For the error code, check again a time-
Try:
e9l11f3zv7
all lowercase letters
first letter is a small suitcase E
second is number Nine
third letter is small case L
fourth & fifth is number one
Sixth letter is small box F
seventh is number three
eighth letter is small suitcase Z
ninth letter is small case V
the last is number seven
Concerning
Visruth -
I'm trying to upgrade my vista to the next operating system or even 10 if possible and I can do what I need help please
Hello
There is no free upgrade Vista to 7, 8.1, or 10.
Follow these steps before you buy Windows 7.
Microsoft sells more than 7; Try Amazon.com.
Go to your computer / computer laptop manufacturer Web site and see if Windows 7 drivers are available for your make and model computer / laptop.
If this is not available, Windows 7 will not properly work for you.
Run the "Windows 7 Upgrade Advisor.
http://www.Microsoft.com/en-US/Download/details.aspx?ID=20
Check if your specifications are compatible for Windows 7:
"Windows 7 system requirements"
http://Windows.Microsoft.com/en-us/Windows7/products/system-requirements
"Windows 7 Compatibility Center" for software and hardware:
http://www.Microsoft.com/Windows/compatibility/Windows-7/en-us/default.aspx
Windows 7 upgrade paths:
http://TechNet.Microsoft.com/en-us/library/dd772579 (v = ws.10) .aspx
«Installation and reinstallation of Windows 7»
http://Windows.Microsoft.com/en-us/Windows7/installing-and-reinstalling-Windows-7
@@@@@@@@@@@@@@@@@@@@@@@@
Follow these steps before buy you and upgrade (new installation) of Windows 8.1.
Check if the manufacturer of your computer/laptop has Windows 8.1 drivers available for your model.
If this is not available, Windows 8.1 not install and work properly for you.
There is a lot of information in this first link from Microsoft:
Download and run the Windows Upgrade Assistant 8.1 of to see if your machine is compatible Windows 8.1 and read the update for Windows 8.1: FAQ here
"Update to Windows 8.1: FAQ".
http://Windows.Microsoft.com/en-us/Windows-8/upgrade-to-Windows-8
"8.1 for Windows system requirements.
http://Windows.Microsoft.com/en-us/Windows-8/system-requirements
@@@@@@@@@@@@@@@@@@@@@@@
How to buy Windows 10:
http://www.microsoftstore.com/store/msusa/en_US/cat/Windows/CategoryID.70036700
But first make sure that you have the correct configuration and your computer manufacturer provides the right drivers for 10.
https://www.Microsoft.com/en-us/Windows/Windows-10-specifications#sysreqs
" System requirements Windows 10"
https://www.Thurrott.com/Windows/Windows-10/3884/Windows-10-system-requirements
Microsoft deploys Windows 10 available as free upgrade to Windows 7 features, Windows and Windows Phone 8.1 8.1 qualified. It will be available from July 29, 2015
"FAQ Windows 10.
http://www.Microsoft.com/en-us/Windows/Windows-10-FAQ
See you soon.
-
Hi, I reinstalled vista windows several times on my pc during the past three years, but now he he isaying my activation key is already in use. Can anyone help please
Use the phone activation, do not meet all the prompts until the opportunity to talk to a real person
-
Hello. I warned to creative cloud, but not what I was looking for. I want to cancel, but I can't find where I can do. I need help please. Thank you
Hello
Please see: -.
In order to cancel the order, please contact customer service
You can check: http://helpx.adobe.com/x-productkb/global/phone-support-orders.html
For more information on cancellation: cancel your creative cloud membership
-
Cannot open a form and read the document using ACROBAT DC - need help ASAP!
Hello
I tried to open a document from the Embassy of the Canada and after that, I open it shows (see the picture below). I click on the link given to upgrade the software adobe reader but invites that I have already installed the program already. Help, please! I thank very you much for your kind cooperation.
Hi carlat51081980,
Right click on the given link & choose "save link as", save the PDF on your desktop & now try opening the PDF downloaded using player application.
Let me know if you are still having a problem.
Kind regards
Nicos -
HP Mini Bios Reset needed help please
Hello
I have a HP Mini and I need the password bios reset. I get a fatal error CNU9273NV5.
Help, please
Big welcome. Try.
e9lo7xf96q
Third letter lowercase l.
I must inform you that these services are not endorsed by HP, and that HP is not responsible for any damages that may occur to your system using these services. Please be aware that you do so at your own risk.
-
Windows - WDS deployment services. Need help please for password of mystery problem
Hello
Just need help or advice about a problem that's been here recently. I'll give you the sequence of events so that you can better understand.
An audit has been ordered here where I work and as I had just started working here 3 months ago, I decided to lock the network and make sure that everything was safe.
There is no service account, and the administrator account was used to run all 3rd party applications, so you can imagine what happened when I changed the admin password.
Before I did I created service accounts and exchanged them one by one, but the only problem that remains is WDS. When we PXE boot and deploy the image it is the language selection screen and also ask the domain credentials of junction. I have setup a DomainOverlord service account, checked and done so he could join machines to the domain and replaced the old administrator username and password in the AutoUnattend.xml file but it seems not to pick up the password.
Is there something that I am missing? Is it possible to check which file AutoUnattend.xml using the WIM file? The person who told of course establish a bit messy and I can see at 8-9 AutoUnattend.xml in random places on the server. I changed the details in each one, but it is not always the image itself.
Any help would be great, the guy in front of me got me fired, I begin to understand why!
Thank you
Luke Bayley
Ask in the forum Windows Server:
http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer -
Spool under app system turns off. Printers are gone from equipment. Cannot print. Is there a way this can be fixed remotely? Help, please.
Thanks,-Jane
Hello
1. If it works well before?
2. don't you make changes to the computer until the problem occurred?
3. could you give us the exact error message?
I suggest you to try the steps below and check if it helps.
You cannot print and you receive the error message "Spooler subsystem app has encountered a problem and needs to close":http://support.microsoft.com/kb/810894
Registry warning: This section, method, or task contains steps that tell you how to modify the registry. However, serious problems can occur if you modify the registry incorrectly. Therefore, make sure that you proceed with caution. For added protection, back up the registry before you edit it. Then you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click on the number below to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
http://support.Microsoft.com/kb/322756For your reference: If the problem persists, please try the steps from the link below.
Printer in Windows problems:http://windows.microsoft.com/en-us/windows/help/printer-problems-in-windows
Resources for the resolution of the printer in Windows XP problems: http://support.microsoft.com/kb/308028
Hope this information is useful.
Maybe you are looking for
-
Firefox 6 will allow Norton 360 to AutoFill password
I have currently time Firefox and/or Norton 360 autofill passes when requested by a site. Firefox 4 does not allow this feature. Firefox 6 will allow Norton autofill filed passwords?
-
HP 15-f272wm: Please help
When I turn on my computer it keeps going to a blue screen, asking an administrator password. After that I tried three entries he's headed a system off screen. The serial number is 5CD5374GWM and the product number is 5N0Y05UA #ABA. The code that app
-
My iPad with Retina display (wi - fi model) to pair it with my iPhone 6 + Bluetooth is no longer visible to my iPhone and will not pair. I have reset settings network, restart hard iPad, iPad are erased and recondition. The iPad is visible and pairs
-
How to open my Satellite A75-S229
Hello! I am trying to open my computer toshiba satellite A75-S229 laptop, and I can't.Please help me to know how to openThank you
-
Indicators of compensation each running program
I know there are a lot of suggestions offered on this forum about how clear the flags whenever a program runs. I tried everything I found on this forum site. I really need help here. I thought go on Preferences VI, then running, then clear indicators