Oracle 8i through CISCO PIX Firewall

HI all,
I Need some help here with CISCO PIX Firewall 506e series. The ORACLE Server 8i on Windows NT.4, placed at the inside interface of PIX Firewall.
The Firewall has been configured to allow all the port to come from outside interface (this is where the Oracle client reside). When the client from outside try the oracle client application (where the login promt for username and password) when pressed enter the error msg
=============================
oracle error con 440
unable to make connection oracle - 12514 tns.couldn't resolve service name
the menu was not connectable with oracle. a menu is ended
==============================
Many thanks for PIX and Oracle config.
HATO

Varun,
Thank you for your help.
I have one quick question, this pix is not in failover, it is standalone but it has Unrestricted license. It only has 64Mb of Ram. Will I have any problems based on your link recommendation?
Memory Requirements:
If you are using a PIX 515/515E running PIX Version 6.2/6.3, you must increase your memory before upgrading to PIX Version 8.0(2). This version requires at least 64 MB of RAM for Restricted (R) licenses and 128 MB of RAM for Unrestricted (UR) and Failover (FO) licenses
What is the difference between the restricted Licenses and the Unrestricted Licenses?
Thanks!

Similar Messages

  • I am behind a Cisco PIX Firewall. What addresses and ports do I need to permit through to allow Firefox updates?

    I want to be able to upgrade my Firefox installations that are located behind a Cisco PIX Firewall. What are the TCP/IP addresses and ports required to be opened for updating to occur?

    This is less likely to be a firefox problem, as it appears something bad has happened to your network. Can you access the internet with other programs? Try email/ IRC/ Skype or even updating your computer.
    What operating system are you using?
    Ian.

  • Problem Packet Flow through Cisco ASA Firewall

    I have a Cisco ASA 5540 8.2(1), with permit ip any any rules
    packet-tracer input inside tcp 10.56.149.129 871 10.40.170.10 3003
    show
    Phase: 1
    Type: FLOW-LOOKUP
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Found flow with id 1374599592, using existing flow
    Result:
    input-interface: inside
    input-status: up
    input-line-status: up
    Action: drop
    Drop-reason: (acl-drop) Flow is denied by configured rule
    if you change the source or destination port, the packet is successfully
    clear conn did not help
    please tell me how to solve the problem?

    Hi,
    I would suggest sharing the firewall configuration (except for any sensitive information they might have) so troubleshooting this would be easier.
    It would seem to me that during your "packet-tracer" test there is already an existing traffic flow through the ASA with the same information that you entered in the command.
    I don't know however why the connection would be blocked according to the "packet-tracer". In my own test this seemed to work. Output was otherwise the same but the "connection" wasnt dropped.
    - Jouni

  • Trouble connecting Cisco PIX FIrewall to Airport

    I've tried to config the default host (DMZ) and I'm unable to establish a connection???

    Jason, Welcome to the discussion area!
    I've tried to config the default host (DMZ) and I'm unable to establish a connection???
    What are you trying to configure? The Cisco device or the AirPort Extreme base station (AEBS)?

  • PIX Firewall 525 can not start

    Hi,
    Today my colleague add 2 lines of access-list to our PIX 525.  After 10 minutes, my firewall was rebooted and until now can't start.  The booting process as listed below.
    The questions are :
    1. What is my OS version? Flash?
    2. How to remove those 2 lines (reset the config to default)?
    3. How to solve the issue?
    Thanks,
    Andy
    Booting process
    ================
    Rebooting..þ
    Wait.....
    PCI Device Table.
    Bus Dev Func VendID DevID Class              Irq
    00  00  00   8086   7192  Host Bridge
    00  07  00   8086   7110  ISA Bridge
    00  07  01   8086   7111  IDE Controller
    00  07  02   8086   7112  Serial Bus         9
    00  07  03   8086   7113  PCI Bridge
    00  0D  00   8086   1209  Ethernet           11
    00  0E  00   8086   1209  Ethernet           10
    Cisco Secure PIX Firewall Embedded BIOS Version 4.3
    Wait...ndeavor Board, Boot Block BIOS
    +------------------------------------------------------------------------------+
    |          System BIOS Configuration, (C) 2000 General Software, Inc.          |
    +---------------------------------------+--------------------------------------+
    | System CPU           : Pentium III    | Low Memory           : 638KB         |
    | Coprocessor          : Enabled        | Extended Memory      : 255MB         |
    | Embedded BIOS Date   : 08/25/00       | Serial Ports 1-2     : 03F8 02F8     |
    +---------------------------------------+--------------------------------------+
    Cisco Secure PIX Firewall BIOS (4.0) #39: Tue Nov 28 18:44:51 PST 2000
    Platform PIX-525
    System Flash=E28F128J3 @ 0xfff00000
    Use BREAK or ESC to interrupt flash boot.
    Use SPACE to begin flash boot immediately.
    Reading 1528320 bytes of image from flash.
    256MB RAM
    System Flash=E28F128J3 @ 0xfff00000
    BIOS Flash=am29f400b @ 0xd8000
    mcwa i82559 Ethernet at irq 11  MAC: 0006.5336.8129
    mcwa i82559 Ethernet at irq 10  MAC: 0006.5336.8128
                                   ||        ||
                                   ||        ||
                                  ||||      ||||
                              ..:||||||:..:||||||:..
                             c i s c o S y s t e m s
                            Private Internet eXchange
                            Cisco PIX Firewall
    Cisco PIX Firewall Version 6.2(1)
    Licensed Features:
    Failover:           Enabled
    VPN-DES:            Enabled
    VPN-3DES:           Disabled
    Maximum Interfaces: 8
    Cut-through Proxy:  Enabled
    Guards:             Enabled
    URL-filtering:      Enabled
    Inside Hosts:       Unlimited
    Throughput:         Unlimited
    IKE peers:          Unlimited
    An internal error occurred.  Specifically, a programming assertion was
    violated.  Copy the error message exactly as it appears, and get the
    output of the show version command and the contents of the configuration
    file.  Then call your technical support representative.
    assertion "addr < sfmm_chip_size" failed: file "sfmm.c", line 254
    No thread name
    Traceback:
    0: 802decd5
    1: 8007a8ce
    2: 800769bb
    3: 80078223
    4: 8007635e
    5: 800017d5
    6: 800758ab
    7: 80120ed6
        vector 0x00000003 (breakpoint)
           edi 0x8007a887
           esi 0x000000fe
           ebp 0x7ffffcb8
           esp 0x7ffffcac
           ebx 0x8007a5a3
           edx 0x000003fd
           ecx 0x0000000a
           eax 0x00000042
    error code n/a
           eip 0x802dffac
            cs 0x00000008
        eflags 0x00000046
           CR2 0x00000000
    Stack dump: base:0x7ffffc2c size:64, active:64
    0x7ffffd2c: 0x00020000
    0x7ffffd28: 0x807f2828
    0x7ffffd24: 0xfffe0000
    0x7ffffd20: 0x00000300
    0x7ffffd1c: 0x800769bb
    0x7ffffd18: 0x7ffffd48
    0x7ffffd14: 0x00000001
    0x7ffffd10: 0x00000002
    0x7ffffd0c: 0x800762f4
    0x7ffffd08: 0x804a849c
    0x7ffffd04: 0x00000020
    0x7ffffd00: 0x805100c0
    0x7ffffcfc: 0x7ffffd48
    0x7ffffcf8: 0x8007a887
    0x7ffffcf4: 0x000000fe
    0x7ffffcf0: 0x8007a5a3
    0x7ffffcec: 0x8007a8ce
    0x7ffffce8: 0x7ffffd18
    0x7ffffce4: 0x80317cd4
    0x7ffffce0: 0xffffffff
    0x7ffffcdc: 0x80078163
    0x7ffffcd8: 0x807f2828
    0x7ffffcd4: 0xfffe0000
    0x7ffffcd0: 0x805100c0
    0x7ffffccc: 0x000000fe
    0x7ffffcc8: 0x8007a5a3
    0x7ffffcc4: 0x8007a887
    0x7ffffcc0: 0x802dec68
    0x7ffffcbc: 0x802decd5
    0x7ffffcb8: 0x7ffffce8
    0x7ffffcb4: 0x00000046
    0x7ffffcb0: 0x00000008
    0x7ffffcac: 0x802dffac *
    0x7ffffca8: 0x00000042
    0x7ffffca4: 0x0000000a
    0x7ffffca0: 0x000003fd
    0x7ffffc9c: 0x8007a5a3
    0x7ffffc98: 0x7ffffcac
    0x7ffffc94: 0x7ffffcb8
    0x7ffffc90: 0x000000fe
    0x7ffffc8c: 0x8007a887
    0x7ffffc88: 0x00000003
    0x7ffffc84: 0x80004779
    0x7ffffc80: 0x7ffffcb8
    0x7ffffc7c: 0x802c4deb
    0x7ffffc78: 0x7ffffc98
    0x7ffffc74: 0x7ffffd48
    0x7ffffc70: 0x00000001
    0x7ffffc6c: 0x000000fe
    0x7ffffc68: 0x8007a5a3
    0x7ffffc64: 0x7ffffd48
    0x7ffffc60: 0x80120ed6
    0x7ffffc5c: 0x00000007
    0x7ffffc58: 0x7ffffcac
    0x7ffffc54: 0x80002d70
    0x7ffffc50: 0x7ffffc80
    0x7ffffc4c: 0x7ffffcac
    0x7ffffc48: 0x80002ab0
    0x7ffffc44: 0x00000040
    0x7ffffc40: 0x7ffffc80
    0x7ffffc3c: 0x74656720
    0x7ffffc38: 0x7ffffe28
    0x7ffffc34: 0x2c737261
    0x7ffffc30: 0x8007a887
    Nested traceback attempted via interrupt.
    Traceback output aborted.
    Rebooting..þ

    Urgent help!!!

  • Cisco PIX Device Manager Version 3.0(2)

    Hi
    I have a PIX 515E:
    Cisco PIX Firewall Version 6.3(4)
    Cisco PIX Device Manager Version 3.0(2)
    Compiled on Fri 02-Jul-04 00:07 by morlee
    CCP-Firewall001 up 2 years 65 days
    Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz
    Flash E28F128J3 @ 0x300, 16MB
    BIOS Flash AM29F400B @ 0xfffd8000, 32KB
    0: ethernet0: address is 0012.80be.450d, irq 10
    1: ethernet1: address is 0012.80be.450e, irq 11
    Licensed Features:
    Failover: Disabled
    VPN-DES: Enabled
    VPN-3DES-AES: Disabled
    Maximum Physical Interfaces: 3
    Maximum Interfaces: 5
    Cut-through Proxy: Enabled
    Guards: Enabled
    URL-filtering: Enabled
    Inside Hosts: Unlimited
    <--- More ---> Throughput: Unlimited
    IKE peers: Unlimited
    This PIX has a Restricted (R) license.
    Serial Number: 808480455 (0x30306ec7)
    Running Activation Key: 0xac646fed 0xf8b86795 0xc3951ec2 0xb32aed09
    It's operate with Java plug in 1.4.1 y I have a PC with IE 7 and Plug in 1.6.0 y doesn't download the PDM.
    Are there a solution for it?

    Try Disable Java on Internet Options. This issue oculd be releated to Java version also.

  • Cisco Pix Syslog - details of traffic flow

    Hi
    We are logging to a syslog server on level informational. I see a byte count logged with each connection and I'm trying to understand what it means.
    Is it the sum of in+out traffic for the connection? Or is it only one direction? Is there a way to determine bytes counts for both directions (like netflow)?
    We are using version 6.3, but are in a position to upgrade if that will help meet our above requirements.
    Thanks

    Go through this Cisco PIX Firewall System Log Messages, Version 6.3. It will clear your doubts.
    http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/63syslog.html

  • Cisco PIX SIP Issue

    Hello All,
    I am having an issue with running SIP through my Cisco Pix. A VOIP solution has just been installed, and softphones from the outside are trying to call in using SIP and are failing. The configuration is below. and the code is 6.3 (5). You'll see below that I have the no fixup protocol for sip, as the fixup wasn't working either. Is there something that needs to be configured that I'm missing or could this be a bug in the code? Any other show commands or debug commands I can provide if needed. The call manager server in the below config is 1.2.3.4. Thanks in advance for all your help, you guys are always so helpful.
    XXXt# show ver
    Cisco PIX Firewall Version 6.3(5)
    Cisco PIX Device Manager Version 3.0(4)
    Compiled on Thu 04-Aug-05 21:40 by morlee
    XXX up 1 hour 45 mins
    Hardware:   PIX-506E, 32 MB RAM, CPU Pentium II 300 MHz
    Flash E28F640J3 @ 0x300, 8MB
    BIOS Flash AM29F400B @ 0xfffd8000, 32KB
    0: ethernet0: address is 001c.582b.3c65, irq 10
    1: ethernet1: address is 001c.582b.3c66, irq 11
    Licensed Features:
    Failover:                    Disabled
    VPN-DES:                     Enabled
    VPN-3DES-AES:                Enabled
    Maximum Physical Interfaces: 2
    Maximum Interfaces:          4
    Cut-through Proxy:           Enabled
    Guards:                      Enabled
    URL-filtering:               Enabled
    Inside Hosts:                Unlimited
    Throughput:                  Unlimited
    IKE peers:                   Unlimited
    This PIX has a Restricted (R) license.
    XXXt# show run
    : Saved
    PIX Version 6.3(5)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password vQ0/erypfvYyzFoc encrypted
    passwd vQ0/erypfvYyzFoc encrypted
    hostname DTPIX35thst
    domain-name digitaltransitions.com
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    no fixup protocol sip 5060
    no fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    access-list out_in permit udp any host 1.2.3.4 eq 5060
    access-list out_in permit tcp any host 1.2.3.43 eq 5060
    pager lines 24
    logging on
    logging buffered informational
    logging trap informational
    logging queue 2048
    mtu outside 1500
    mtu inside 1500
    ip address outside 4.34.119.130 255.255.255.248
    ip address inside 192.168.1.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool vpn_pool 192.168.100.50-192.168.100.75
    pdm location 192.168.1.250 255.255.255.255 inside
    pdm location 192.168.1.252 255.255.255.255 inside
    pdm location 65.215.8.100 255.255.255.255 inside
    pdm location 192.168.100.0 255.255.255.0 outside
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list nonat
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) 1.2.3.4 172.20.1.2 netmask 255.255.255.255 0 0
    access-group out_in in interface outside
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:00:00 sip_media 0:00:00
    timeout sip-disconnect 0:02:00 sip-invite 0:03:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    aaa authentication ssh console LOCAL
    http server enable
    http 199.96.104.108 255.255.255.255 outside
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable

    Hi Jumora,
    No need to troubleshoot this direct issue anymore. The client will be upgrading to an ASA 5505. Is there anything you may know of before I configure the ASA that I need to do to allow SIP through with no issues? Thanks again Jumora

  • Contribute pix firewall

    Hi, have Contribute Publishing Server behind cisco pix
    firewall. What ports do i need open to allow the client to publish
    web sites.
    i have a problem when a user tries to publish a website the
    program hangs.

    If you have not already, please check out the latest TechNote
    http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=fc1a435a
    to follow udpating the NetIOFTP file for your client's machine.
    From the LiveDoc information here are the port numbers to be
    aware of for CPS in regards which J2EE app server you are using:
    Java Application Server
    Port number
    BEA Weblogic
    7001
    IBM Websphere
    9080
    Macromedia JRUN
    8900
    JBoss
    8080

  • Pix firewall issue

    Hello,
    I'm trying to configure some firewall rules and a nat in our pix 525 and I'm having some issue with the connection
    Here are the details:
    172.40.40.40 destination host.
    1.- I configured an ACL
    ACL test 172.80.0.0 255.255.0.0 destination 172.40.40.40
    ACL test 172.90.0.0 255.255.255.0 destination 172.40.40.40
    inside interface IP 172.20.20.20
    outside inteface IP 192.169.1.2
    interfaces inside outside (ping and icmp are allow)
    static (outside, inside) 172.40.40.40 172.40.40.40
    nat (outside)  5 access-list test
    global (inside) 5 interface
    route inside 172.40.40.40 255.255.255.255 172.30.30.30
    route outside 172.80.0.0 255.255.0.0 192.168.1.1
    route outside 172.90.0.0 255.255.0.0 192.168.1.1
    I'm trying to nat the traffic comming from the outside interface because we want to avoid interal ip conflicts, I'm seeing the hits on the ACL
    but can not telnet from 172.80.0.1 to 172.40.40.40 , there are routes and porta enable for that connection
    and my flag logs shown me SaAB from the destination host, what could be the problem?
    We can ping between the destination host and the pix inside interface and the icmp is allow in all the interfaces.

    Hello Thank you for your help, we will try to apply that command in our test .
    About our test the incoming connection from 172.90.0.0 are telnet session to 172.40.40.40
    So we are doing a PAT for those connection (172.90.0.0 PAT to 172.30.30.29) my question is that kind of scheme and configuration is supported on Pix Firewall?
    Here is the version: PIX 525
    Cisco PIX Firewall Version 6.3(5)
    This is the path
                                     MPLS                                    PIX                                              Destination HOST
    subnet 172.90.0.0/16 ---- ------------------------- ACL TEST -PAT(172.30.30.29 inside inteface) --------  172.40.40.40 port 25

  • Linksys WRT600N vs CISCO PIX 506E.... Firewall / Routing Performance

    Hi:
    I am new to the forum and was hoping to tap into some of your expertise. I have a Linksys WRT600N version 1.1 and I recently acquired a CISCO PIX 506E firewall. My question is what should I use as a firewall? Both have SPI etc. Should I:
    a) Use the 506E as a firewall and use the 600 as a wireless access point, or
    b) Use the 600 as a firewall and wireless access point.
    Do both routers have the same firewall routing performance? I want to use the storage feautre on the 600N, but if I do that and use it as a wireless access point the 600 can't get the proper time from the Internet, so my time for newly created folders and files shows they are 10 years old.
    Anyway, just thought I would post and find out what some of the experts thought and maybe someone from Linksys or CISCO. I know the 506E is discontinued and was manufactured around 2001 and the 600N is a new model.
    (Edited subject to keep threads from stretching. Thanks!)
    Message Edited by JOHNDOE_06 on 05-06-2008 10:41 AM

    The PIX is a real firewall. The WRT has a firewall which mostly protects the router itself. People prefer to buy a "SPI firewall router" instead of a simple "router" even though the router firewall does nothing or little to protect the LAN. The only firewall configurations on the WRTs you can usually do is on the Access Restrictions tab. But that's usually all. The LAN itself is not protected by the firewall. You would notice this if you had a public IP subnet and ran it through the WRT: the LAN would be fully exposed to the internet. Some routers have a few functions like protection against denial of service attacks or similar. But even then this often filters only the traffic targeted at the router and not the LAN.
    The common protection of your LAN you have on the WRT is because you use private IP addresses inside your LAN and the router does NAT. However, NAT is not a security mechanism but a mechanism to solve the problem that you can only have a single public IP address but want to use multiple computers, which is why you have to use private IP addresses. Current NAT implementations usually drop unsolicited incoming traffic because they don't know to which IP address in the LAN to send it to. But the notion of NAT is to deliver and to allow connectivity. This has nothing to do with security or a firewall.
    Thus, if you want to use a real firewall use the PIX. On the PIX you can configure the traffic which is allowed to enter the LAN and which not. It is far superior in this respect to the WRT. However, as it is a older model, I cannot tell how fast the PIX is. You should be able to find the old data sheets of the PIX somewhere on the cisco website. They should mention the possible throughput. I guess it won't be an issue.
    To me another point for the PIX are the VPN capabilities which allow you to securely access your LAN while you are on the road.
    Of course, you must know how to configure the PIX correctly. It is a complex device and can be configured pretty much for anything you like. This means of course if you do it wrong you may end up with little or no security.
    BTW, there are no people from linksys in this forums except the moderators (which may be from lithium). To hear from Linksys you have to contact Linksys support.

  • Cisco Pix 501 - Need help with VPN passthrough

    Greetings!
    Currently I have a Cisco Pix 501 version 6.3(1) which is in front of my Windows Server 2008 box. I am fairly new to firewalling, especially with the Cisco Pix; I have been able to accomplish some port forwarding for CCTV camera software, etc. but am coming to a standstill attempting to connect a company laptop (Windows 7 Professional) to the server via VPN.
    Previously we had another facility which was able to connect through VPN but it has since been removed (and always seemed to not be very stable to begin with - though it was connecting to a Server 2003 box rather than 2008).
    I have been through several articles both here and other forums and have attempted several of the proposed fixes. I'm almost sure at this point I've probably opened up more of my firewall then necessary and may have duplicate information attempted to complete this passthrough. My Server 2008 resides at 192.168.1.15, below is what I have thus far. The "crypto map" sections were all completed long before I took over, I believe this is how the old VPN was set up. What I have added since beginning this endevour is the "fixup protocol pptp 1723", the "access-list" entries relating to both pptp and gre, and the "static (inside, outside)" relating to the pptp.
    I am still continuously getting an error on the laptop of "800" whenever I try to connect to the VPN. Any help would be greatly appreciated as I am rapidly losing hair attempting to get this situated.
    : Saved
    PIX Version 6.3(1)
    interface ethernet0 auto
    interface ethernet1 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password RysZD25GpRAOMhF. encrypted
    passwd 0I6TSwviLDtVwaTr encrypted
    hostname Lorway-PIX
    domain-name lorwayco.com
    fixup protocol ftp 21
    fixup protocol ftp 22
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol pptp 1723
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    no fixup protocol smtp 25
    fixup protocol sqlnet 1521
    names
    access-list 80 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
    access-list 80 permit ip 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0
    access-list outside_access_in permit icmp any any
    access-list outside_access_in permit tcp any any eq 50000
    access-list outside_access_in permit udp any any eq 50000
    access-list outside_access_in permit tcp any any eq smtp
    access-list outside_access_in permit tcp any any eq www
    access-list outside_access_in permit tcp host 66.242.236.26 any eq smtp
    access-list outside_access_in permit tcp host 208.21.46.12 any eq smtp
    access-list outside_access_in permit tcp host 68.59.232.176 any eq smtp
    access-list outside_access_in permit tcp any any eq pop3
    access-list outside_access_in permit tcp any any eq https
    access-list outside_access_in permit tcp any any eq ftp
    access-list outside_access_in permit tcp host 68.53.192.139 any eq smtp
    access-list outside_access_in permit tcp any any eq ftp-data
    access-list outside_access_in permit tcp any any eq 1009
    access-list outside_access_in permit tcp any host 192.168.1.122 eq 7000
    access-list outside_access_in permit tcp host 192.168.1.122 any eq 7000
    access-list outside_access_in permit tcp any any eq 7000
    access-list outside_access_in permit tcp any any eq pptp
    access-list outside_access_in permit gre any any
    access-list 10 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
    access-list 20 permit ip 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0
    access-list 30 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside 74.221.188.249 255.255.255.0
    ip address inside 192.168.1.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list 80
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) tcp interface 3389 192.168.1.15 3389 netmask 255.255.255.255 0 0
    static (inside,outside) tcp interface 50000 192.168.1.160 50000 netmask 255.255.255.255 0 0
    static (inside,outside) udp interface 50000 192.168.1.160 50000 netmask 255.255.255.255 0 0
    static (inside,outside) tcp interface smtp 192.168.1.15 smtp netmask 255.255.255.255 0 0
    static (inside,outside) tcp interface https 192.168.1.15 https netmask 255.255.255.255 0 0
    static (inside,outside) tcp interface www 192.168.1.15 www netmask 255.255.255.255 0 0
    static (inside,outside) tcp interface pop3 192.168.1.15 pop3 netmask 255.255.255.255 0 0
    static (inside,outside) tcp interface 7000 192.168.1.122 7000 netmask 255.255.255.255 0 0
    static (inside,outside) tcp interface pptp 192.168.1.15 pptp netmask 255.255.255.255 0 0
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 74.221.188.1 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    snmp-server host inside 192.168.1.118
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    sysopt connection permit-pptp
    sysopt connection permit-l2tp
    crypto ipsec transform-set lorway1 esp-3des esp-sha-hmac
    crypto map lorwayvpn 30 ipsec-isakmp
    crypto map lorwayvpn 30 match address 30
    crypto map lorwayvpn 30 set peer 66.18.55.250
    crypto map lorwayvpn 30 set transform-set lorway1
    crypto map lorwayvpn interface outside
    isakmp enable outside
    isakmp key ******** address 66.18.50.178 netmask 255.255.255.255
    isakmp key ******** address 66.18.55.250 netmask 255.255.255.255
    isakmp identity address
    isakmp nat-traversal 20
    isakmp policy 9 authentication pre-share
    isakmp policy 9 encryption 3des
    isakmp policy 9 hash sha
    isakmp policy 9 group 2
    isakmp policy 9 lifetime 86400
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 outside
    ssh 0.0.0.0 0.0.0.0 inside
    ssh timeout 60
    console timeout 0
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd auto_config outside
    terminal width 80
    Cryptochecksum:5c7b250c008519fe970262aa3bc28bb5
    : end

    Config looks good to me.
    I would actually upgrade your PIX to the latest version of 6.3.x if you still have access to the software center as this PIX is on its EOL and you are running an extremely old version of code.
    If you place your Windows server bypassing the PIX temporarily, I assume you are able to connect to the VPN?

  • IPIPGW and PIX firewall

    I am trying to make an IPIPGW accessible through a PIX 6.3(5) firewall. The H.323 ras and H225 fixups are enabled, but connections to the IPIPGW are not established; the firewall generates an error "call proceeding before setup". The workaround appears to be to disable both fixups and open >1024 ports, which is less than ideal. What generates the "call proceeding before setup" and can it be worked around on the IPIPGW; I've tried both slow- and fast-start connections.

    Hi,
    this is really an odd issue. The Q.931 sequence of call setup is:
    A SETUP --> B
    (optionally B can reply with "SETUP->ACK", or if it is an overlapped number, but this does not count for H.323)
    B CALL PROCEEDING / PROGRESS / ALERT --> A
    B CONNECT --> A
    It is very basic, but in general that is the procedure. Cisco says that a SETUP message has arrived after the CALL PROCEEDING one, which is incorrect. An H.323 (H225) debug would bring some light to the issue.
    We have a network of Cisco voice gateways, Call managers, thirf party gatekeepers and gateways, calling each other through a Cisco 6.4 PIX and it works (however we had some nasty troubles with path mtu discovery).

  • Cisco PIX-515e reset to factory defaults

    Hi,
    I have a cisco PIX-515e which i have connected to a emulator through the console port, and im having trouble erasing data from it.
    I can get into 'pixfirewall' mode and 'monitor' mode but thats as far as i get. i have tried 'write erase' and 'configure factory-default' in both modes to no success.
    Any help would be much appreciated.
    thanks,

    this is a little late over a year, you probably alreay figured it out. in monitor mode.
    set your interface
    monitor> int 0          (this doesnt matter much as long as the interface is valid)
    next set the ip address of our pix
    monitor> add 192.168.1.50     (this just sets the pix int 0 to this ip address)
    now set the tftp server
    monitor> server 192.168.1.79     (this is the ip address of my pc with a tftp server)
    set the gateway
    monitor> gateway 0.0.0.0      (i had much trouble with this but until i set the gateway to this it didnt work)
    now back to your pc assuming you have a tftp server installed.
    download the necessary recover tool at (subject to change probably) make sure you put it in your default directory of your tftp server.
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml
    this is key probably
    if you have the wrong tool the image will download successfully to your pix but it will not do anything just stop
    after the file has been received.
    so if your unsure try all the images.
    now back to the pix
    to initiate a file download you have to declare it so
    monitor> file np62.bin
    and then to start the download
    monitor> tftp
    see below.... (entire session via console cable)
    monitor> int 0
    0: i8255X @ PCI(bus:0 dev:14 irq:10)
    1: i8255X @ PCI(bus:0 dev:13 irq:11)
    Using 0: i82557 @ PCI(bus:0 dev:14 irq:10), MAC:
    monitor> add 192.168.1.50
    address 192.168.1.50
    monitor> server 192.168.1.79
    server 192.168.1.79
    monitor> gateway 0.0.0.0
    gateway 0.0.0.0
    monitor> file np62.bin
    file np62.bin
    monitor> tftp
    tftp [email protected].....................................................
    Received 73728 bytes
    Cisco Secure PIX Firewall password tool (3.0) #0: Wed Mar 27 11:02:16 PST 2002
    System Flash=E28F128J3 @ 0xfff00000
    BIOS Flash=am29f400b @ 0xd8000
    Do you wish to erase the passwords? [yn]
    if that doesnt work im not sure just try the other images.

  • Cisco PIX-515e reset to factory defaults *Expert Advice Only Please*

    Hi,
    I have a cisco PIX-515e which i have connected to a emulator through the console port, and im having trouble erasing data from it.
    I can get into 'pixfirewall' mode and 'monitor' mode but thats as far as i get. i have tried 'write erase' and 'configure factory-default' in both modes to no success.
    When i last posted this i had alot of replies mentioning ROMMON mode but i want to stress the PIX 515e does not have ROMMON mode it has MONITOR mode however the commands are not the same as ROMMON commands.
    Any help would be much appreciated.
    thanks,

    8 MB RAM
    PCI Device Table.
    Bus Dev Func VendID DevID Class              Irq
    00  00  00   8086   7192  Host Bridge
    00  07  00   8086   7110  ISA Bridge
    00  07  01   8086   7111  IDE Controller
    00  07  02   8086   7112  Serial Bus         9
    00  07  03   8086   7113  PCI Bridge
    00  0D  00   8086   1209  Ethernet           11
    00  0E  00   8086   1209  Ethernet           10
    00  11  00   14E4   5823  Co-Processor       11
    00  13  00   8086   B154  PCI-to-PCI Bridge
    01  04  00   8086   1229  Ethernet           11
    01  05  00   8086   1229  Ethernet           10
    01  06  00   8086   1229  Ethernet           9
    01  07  00   8086   1229  Ethernet           5
    Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001
    Platform PIX-515E
    System Flash=E28F128J3 @ 0xfff00000
    Use BREAK or ESC to interrupt flash boot.
    Use SPACE to begin flash boot immediately.
    Reading 123392 bytes of image from flash.
    PIX Flash Load Helper
    Initializing flashfs...
    flashfs[0]: 8 files, 3 directories
    flashfs[0]: 0 orphaned files, 0 orphaned directories
    flashfs[0]: Total bytes: 16128000
    flashfs[0]: Bytes used: 13963264
    flashfs[0]: Bytes available: 2164736
    flashfs[0]: Initialization complete.
    Booting first image in flash
    Launching image flash:/pix722.bin
    128MB RAM
    Total NICs found: 6
    mcwa i82559 Ethernet at irq 10  MAC: 0016.9da2.5907
    mcwa i82559 Ethernet at irq 11  MAC: 0016.9da2.5908
    mcwa i82559 Ethernet at irq 11  MAC: 000d.8810.d91c
    mcwa i82559 Ethernet at irq 10  MAC: 000d.8810.d91d
    mcwa i82559 Ethernet at irq  9  MAC: 000d.8810.d91e
    BIOS Flash=am29f400b @ 0xd8000  MAC: 000d.8810.d91f
    Initializing flashfs...
    flashfs[7]: 8 files, 3 directories
    flashfs[7]: 0 orphaned files, 0 orphaned directories
    flashfs[7]: Total bytes: 16128000
    flashfs[7]: Bytes used: 13963264
    flashfs[7]: Bytes available: 2164736
    flashfs[7]: flashfs fsck took 15 seconds.
    flashfs[7]: Initialization complete.
    Licensed features for this platform:
    Maximum Physical Interfaces : 6
    Maximum VLANs               : 25
    Inside Hosts                : Unlimited
    Failover                    : Active/Active
    VPN-DES                     : Enabled
    VPN-3DES-AES                : Enabled
    Cut-through Proxy           : Enabled
    Guards                      : Enabled
    URL Filtering               : Enabled
    Security Contexts           : 2
    GTP/GPRS                    : Disabled
    VPN Peers                   : Unlimited
    This platform has an Unrestricted (UR) license.
    Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
                                     |            |
                                    |||          |||
                                  .|| ||.      .|| ||.
                               .:||| | |||:..:||| | |||:.
                                C i s c o  S y s t e m s
    Cisco PIX Security Appliance Software Version 7.2(2)
      ****************************** Warning *******************************
      This product contains cryptographic features and is
      subject to United States and local country laws
      governing, import, export, transfer, and use.
      Delivery of Cisco cryptographic products does not
      imply third-party authority to import, export,
      distribute, or use encryption. Importers, exporters,
      distributors and users are responsible for compliance
      with U.S. and local country laws. By using this
      product you agree to comply with applicable laws and
      regulations. If you are unable to comply with U.S.
      and local laws, return the enclosed items immediately.
      A summary of U.S. laws governing Cisco cryptographic
      products may be found at:
      http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
      If you require further assistance please contact us by
      sending email to [email protected].
      ******************************* Warning *******************************
    Copyright (c) 1996-2006 by Cisco Systems, Inc.
                    Restricted Rights Legend
    Use, duplication, or disclosure by the Government is
    subject to restrictions as set forth in subparagraph
    (c) of the Commercial Computer Software - Restricted
    Rights clause at FAR sec. 52.227-19 and subparagraph
    (c) (1) (ii) of the Rights in Technical Data and Computer
    Software clause at DFARS sec. 252.227-7013.
                    Cisco Systems, Inc.
                    170 West Tasman Drive
                    San Jose, California 95134-1706
    Cryptochecksum (unchanged): 43dccc97 2fb4bfec 15a33bef dad78b7e
    Type help or '?' for a list of available commands.
    pixfirewall>
    I am unable to get onto enable mode because i do not no the password? any idea of a way round, i need to get into that enable mode.

Maybe you are looking for

  • Laserjet CP1025nw color black and magenta lights blinking

    Both the black and magenta cartridge lights are blinking even after replacing both with brand new genuine HP cartridges.  Printer will not print configuration page or status page.  It is completely unresponsive.   I've tried a full power reset - unpl

  • How do I get from A to B? (Photo Example)

    I'm currently working on making my Game of Thrones Risk Board Map. I've got to clean it up quite a bit before it's done, though. I'm not quite sure how I would do the following: Make the smooth black lines used for the internal borders Thicken the al

  • Odd Behavior with Segmented Control (iPhone OS 3.1)

    I have this method, which is supposed to change the color that a shape is to be drawn in when I change the value of a segmented control: - (IBAction)changeColor: (id)sender { UISegmentedControl *control = sender; NSInteger index = [control selectedSe

  • Help required :BAPI_LEAD_CHANGEMULTI

    Hi Experts,   I have created a Lead from T-code CRMD_BUS2000108. The status of the LEAD is Open. I want to change the status of lead from Open to Closed with the help of BAPI :BAPI_LEAD_CHANGEMULTI but the lead is not getting updated. Please provide

  • Hyperlinks not working in  Acrobat  5

    Greetings -- When using the link tool to create a link in a PDF doc, it all seems to work fine but when I click on the newly embedded link, it goes nowhere. It's a WWW hyperlink and the hand points and a small w appears on the back of the hand but do