How would one go about allowing ICMP (IP type 1) to clients running CSA? I know how to create a policy for tcp/udp traffic using the tcp/port udp/port syntax when creating rules. I'm confused about what to do with non tcp/udp traffic such as ICMP and...
My question to the forum is what type of options do I have for backing up my existing IPSEC tunnel devices? For example I have a bunch of PIX 506 firewalls connected via DSL to the Internet. The Hub Site is a Cisco PIX 515 firewall with T1 access. W...
Question, We’ve all heard talk in this discussion group about bidding farewell to conduits and adopting access lists for PIX version 6.0 and the PIX Device Manager (PDM). The question churning in my brain is, what happens if I just put version 6....
I have a question about the universal VPN client. I’ve used the Safenet IRE client in the past to connect to the PIX FW and 1700 series VPN devices. My question is can you change the address range the universal client encrypts data for. You will noti...
The only way you can make this work is to add weighed static routes that point to the VPN boxes on each side of the link. For example lets assume that the Ethernet address on Ethernet 0 is 10.1.1.1/24. Lets again assume that we have a point to point ...
I was also a little concerned after browsing the 6.0 documentation. So I decided install the PDM (PIX Device Manager) on a set of 515's in the lab. It turns out that you use a secure HTTPS connection to connect to the PIX. You also have to tell the P...
Tariq, You are on the right track. You have configured the secondary address on the router, but the underlying question is how the PIX going to treat the new addresses. Again, I don’t claim to be a PIX product engineer or even work for Cisco, howeve...
Vern, I’m going under the assumption that each of the firewalls currently installed are Cisco PIX firewalls. If they are PIX firewalls it’s pretty simple to implement a 3DES secure VPN from each site to each other. Before you start there are going ...
