Oracle 8i through CISCO PIX Firewall
HI all,
I Need some help here with CISCO PIX Firewall 506e series. The ORACLE Server 8i on Windows NT.4, placed at the inside interface of PIX Firewall.
The Firewall has been configured to allow all the port to come from outside interface (this is where the Oracle client reside). When the client from outside try the oracle client application (where the login promt for username and password) when pressed enter the error msg
=============================
oracle error con 440
unable to make connection oracle - 12514 tns.couldn't resolve service name
the menu was not connectable with oracle. a menu is ended
==============================
Many thanks for PIX and Oracle config.
HATO
Varun,
Thank you for your help.
I have one quick question, this pix is not in failover, it is standalone but it has Unrestricted license. It only has 64Mb of Ram. Will I have any problems based on your link recommendation?
Memory Requirements:
If you are using a PIX 515/515E running PIX Version 6.2/6.3, you must increase your memory before upgrading to PIX Version 8.0(2). This version requires at least 64 MB of RAM for Restricted (R) licenses and 128 MB of RAM for Unrestricted (UR) and Failover (FO) licenses
What is the difference between the restricted Licenses and the Unrestricted Licenses?
Thanks!
Similar Messages
-
I want to be able to upgrade my Firefox installations that are located behind a Cisco PIX Firewall. What are the TCP/IP addresses and ports required to be opened for updating to occur?
This is less likely to be a firefox problem, as it appears something bad has happened to your network. Can you access the internet with other programs? Try email/ IRC/ Skype or even updating your computer.
What operating system are you using?
Ian. -
Problem Packet Flow through Cisco ASA Firewall
I have a Cisco ASA 5540 8.2(1), with permit ip any any rules
packet-tracer input inside tcp 10.56.149.129 871 10.40.170.10 3003
show
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found flow with id 1374599592, using existing flow
Result:
input-interface: inside
input-status: up
input-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
if you change the source or destination port, the packet is successfully
clear conn did not help
please tell me how to solve the problem?Hi,
I would suggest sharing the firewall configuration (except for any sensitive information they might have) so troubleshooting this would be easier.
It would seem to me that during your "packet-tracer" test there is already an existing traffic flow through the ASA with the same information that you entered in the command.
I don't know however why the connection would be blocked according to the "packet-tracer". In my own test this seemed to work. Output was otherwise the same but the "connection" wasnt dropped.
- Jouni -
Trouble connecting Cisco PIX FIrewall to Airport
I've tried to config the default host (DMZ) and I'm unable to establish a connection???
Jason, Welcome to the discussion area!
I've tried to config the default host (DMZ) and I'm unable to establish a connection???
What are you trying to configure? The Cisco device or the AirPort Extreme base station (AEBS)? -
PIX Firewall 525 can not start
Hi,
Today my colleague add 2 lines of access-list to our PIX 525. After 10 minutes, my firewall was rebooted and until now can't start. The booting process as listed below.
The questions are :
1. What is my OS version? Flash?
2. How to remove those 2 lines (reset the config to default)?
3. How to solve the issue?
Thanks,
Andy
Booting process
================
Rebooting..þ
Wait.....
PCI Device Table.
Bus Dev Func VendID DevID Class Irq
00 00 00 8086 7192 Host Bridge
00 07 00 8086 7110 ISA Bridge
00 07 01 8086 7111 IDE Controller
00 07 02 8086 7112 Serial Bus 9
00 07 03 8086 7113 PCI Bridge
00 0D 00 8086 1209 Ethernet 11
00 0E 00 8086 1209 Ethernet 10
Cisco Secure PIX Firewall Embedded BIOS Version 4.3
Wait...ndeavor Board, Boot Block BIOS
+------------------------------------------------------------------------------+
| System BIOS Configuration, (C) 2000 General Software, Inc. |
+---------------------------------------+--------------------------------------+
| System CPU : Pentium III | Low Memory : 638KB |
| Coprocessor : Enabled | Extended Memory : 255MB |
| Embedded BIOS Date : 08/25/00 | Serial Ports 1-2 : 03F8 02F8 |
+---------------------------------------+--------------------------------------+
Cisco Secure PIX Firewall BIOS (4.0) #39: Tue Nov 28 18:44:51 PST 2000
Platform PIX-525
System Flash=E28F128J3 @ 0xfff00000
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Reading 1528320 bytes of image from flash.
256MB RAM
System Flash=E28F128J3 @ 0xfff00000
BIOS Flash=am29f400b @ 0xd8000
mcwa i82559 Ethernet at irq 11 MAC: 0006.5336.8129
mcwa i82559 Ethernet at irq 10 MAC: 0006.5336.8128
|| ||
|| ||
|||| ||||
..:||||||:..:||||||:..
c i s c o S y s t e m s
Private Internet eXchange
Cisco PIX Firewall
Cisco PIX Firewall Version 6.2(1)
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES: Disabled
Maximum Interfaces: 8
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
An internal error occurred. Specifically, a programming assertion was
violated. Copy the error message exactly as it appears, and get the
output of the show version command and the contents of the configuration
file. Then call your technical support representative.
assertion "addr < sfmm_chip_size" failed: file "sfmm.c", line 254
No thread name
Traceback:
0: 802decd5
1: 8007a8ce
2: 800769bb
3: 80078223
4: 8007635e
5: 800017d5
6: 800758ab
7: 80120ed6
vector 0x00000003 (breakpoint)
edi 0x8007a887
esi 0x000000fe
ebp 0x7ffffcb8
esp 0x7ffffcac
ebx 0x8007a5a3
edx 0x000003fd
ecx 0x0000000a
eax 0x00000042
error code n/a
eip 0x802dffac
cs 0x00000008
eflags 0x00000046
CR2 0x00000000
Stack dump: base:0x7ffffc2c size:64, active:64
0x7ffffd2c: 0x00020000
0x7ffffd28: 0x807f2828
0x7ffffd24: 0xfffe0000
0x7ffffd20: 0x00000300
0x7ffffd1c: 0x800769bb
0x7ffffd18: 0x7ffffd48
0x7ffffd14: 0x00000001
0x7ffffd10: 0x00000002
0x7ffffd0c: 0x800762f4
0x7ffffd08: 0x804a849c
0x7ffffd04: 0x00000020
0x7ffffd00: 0x805100c0
0x7ffffcfc: 0x7ffffd48
0x7ffffcf8: 0x8007a887
0x7ffffcf4: 0x000000fe
0x7ffffcf0: 0x8007a5a3
0x7ffffcec: 0x8007a8ce
0x7ffffce8: 0x7ffffd18
0x7ffffce4: 0x80317cd4
0x7ffffce0: 0xffffffff
0x7ffffcdc: 0x80078163
0x7ffffcd8: 0x807f2828
0x7ffffcd4: 0xfffe0000
0x7ffffcd0: 0x805100c0
0x7ffffccc: 0x000000fe
0x7ffffcc8: 0x8007a5a3
0x7ffffcc4: 0x8007a887
0x7ffffcc0: 0x802dec68
0x7ffffcbc: 0x802decd5
0x7ffffcb8: 0x7ffffce8
0x7ffffcb4: 0x00000046
0x7ffffcb0: 0x00000008
0x7ffffcac: 0x802dffac *
0x7ffffca8: 0x00000042
0x7ffffca4: 0x0000000a
0x7ffffca0: 0x000003fd
0x7ffffc9c: 0x8007a5a3
0x7ffffc98: 0x7ffffcac
0x7ffffc94: 0x7ffffcb8
0x7ffffc90: 0x000000fe
0x7ffffc8c: 0x8007a887
0x7ffffc88: 0x00000003
0x7ffffc84: 0x80004779
0x7ffffc80: 0x7ffffcb8
0x7ffffc7c: 0x802c4deb
0x7ffffc78: 0x7ffffc98
0x7ffffc74: 0x7ffffd48
0x7ffffc70: 0x00000001
0x7ffffc6c: 0x000000fe
0x7ffffc68: 0x8007a5a3
0x7ffffc64: 0x7ffffd48
0x7ffffc60: 0x80120ed6
0x7ffffc5c: 0x00000007
0x7ffffc58: 0x7ffffcac
0x7ffffc54: 0x80002d70
0x7ffffc50: 0x7ffffc80
0x7ffffc4c: 0x7ffffcac
0x7ffffc48: 0x80002ab0
0x7ffffc44: 0x00000040
0x7ffffc40: 0x7ffffc80
0x7ffffc3c: 0x74656720
0x7ffffc38: 0x7ffffe28
0x7ffffc34: 0x2c737261
0x7ffffc30: 0x8007a887
Nested traceback attempted via interrupt.
Traceback output aborted.
Rebooting..þUrgent help!!!
-
Cisco PIX Device Manager Version 3.0(2)
Hi
I have a PIX 515E:
Cisco PIX Firewall Version 6.3(4)
Cisco PIX Device Manager Version 3.0(2)
Compiled on Fri 02-Jul-04 00:07 by morlee
CCP-Firewall001 up 2 years 65 days
Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0x300, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: ethernet0: address is 0012.80be.450d, irq 10
1: ethernet1: address is 0012.80be.450e, irq 11
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Disabled
Maximum Physical Interfaces: 3
Maximum Interfaces: 5
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
<--- More ---> Throughput: Unlimited
IKE peers: Unlimited
This PIX has a Restricted (R) license.
Serial Number: 808480455 (0x30306ec7)
Running Activation Key: 0xac646fed 0xf8b86795 0xc3951ec2 0xb32aed09
It's operate with Java plug in 1.4.1 y I have a PC with IE 7 and Plug in 1.6.0 y doesn't download the PDM.
Are there a solution for it?Try Disable Java on Internet Options. This issue oculd be releated to Java version also.
-
Cisco Pix Syslog - details of traffic flow
Hi
We are logging to a syslog server on level informational. I see a byte count logged with each connection and I'm trying to understand what it means.
Is it the sum of in+out traffic for the connection? Or is it only one direction? Is there a way to determine bytes counts for both directions (like netflow)?
We are using version 6.3, but are in a position to upgrade if that will help meet our above requirements.
ThanksGo through this Cisco PIX Firewall System Log Messages, Version 6.3. It will clear your doubts.
http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/63syslog.html -
Hello All,
I am having an issue with running SIP through my Cisco Pix. A VOIP solution has just been installed, and softphones from the outside are trying to call in using SIP and are failing. The configuration is below. and the code is 6.3 (5). You'll see below that I have the no fixup protocol for sip, as the fixup wasn't working either. Is there something that needs to be configured that I'm missing or could this be a bug in the code? Any other show commands or debug commands I can provide if needed. The call manager server in the below config is 1.2.3.4. Thanks in advance for all your help, you guys are always so helpful.
XXXt# show ver
Cisco PIX Firewall Version 6.3(5)
Cisco PIX Device Manager Version 3.0(4)
Compiled on Thu 04-Aug-05 21:40 by morlee
XXX up 1 hour 45 mins
Hardware: PIX-506E, 32 MB RAM, CPU Pentium II 300 MHz
Flash E28F640J3 @ 0x300, 8MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: ethernet0: address is 001c.582b.3c65, irq 10
1: ethernet1: address is 001c.582b.3c66, irq 11
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces: 4
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has a Restricted (R) license.
XXXt# show run
: Saved
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password vQ0/erypfvYyzFoc encrypted
passwd vQ0/erypfvYyzFoc encrypted
hostname DTPIX35thst
domain-name digitaltransitions.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
no fixup protocol sip 5060
no fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list out_in permit udp any host 1.2.3.4 eq 5060
access-list out_in permit tcp any host 1.2.3.43 eq 5060
pager lines 24
logging on
logging buffered informational
logging trap informational
logging queue 2048
mtu outside 1500
mtu inside 1500
ip address outside 4.34.119.130 255.255.255.248
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpn_pool 192.168.100.50-192.168.100.75
pdm location 192.168.1.250 255.255.255.255 inside
pdm location 192.168.1.252 255.255.255.255 inside
pdm location 65.215.8.100 255.255.255.255 inside
pdm location 192.168.100.0 255.255.255.0 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 1.2.3.4 172.20.1.2 netmask 255.255.255.255 0 0
access-group out_in in interface outside
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:00:00 sip_media 0:00:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication ssh console LOCAL
http server enable
http 199.96.104.108 255.255.255.255 outside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enableHi Jumora,
No need to troubleshoot this direct issue anymore. The client will be upgrading to an ASA 5505. Is there anything you may know of before I configure the ASA that I need to do to allow SIP through with no issues? Thanks again Jumora -
Hi, have Contribute Publishing Server behind cisco pix
firewall. What ports do i need open to allow the client to publish
web sites.
i have a problem when a user tries to publish a website the
program hangs.If you have not already, please check out the latest TechNote
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=fc1a435a
to follow udpating the NetIOFTP file for your client's machine.
From the LiveDoc information here are the port numbers to be
aware of for CPS in regards which J2EE app server you are using:
Java Application Server
Port number
BEA Weblogic
7001
IBM Websphere
9080
Macromedia JRUN
8900
JBoss
8080 -
Hello,
I'm trying to configure some firewall rules and a nat in our pix 525 and I'm having some issue with the connection
Here are the details:
172.40.40.40 destination host.
1.- I configured an ACL
ACL test 172.80.0.0 255.255.0.0 destination 172.40.40.40
ACL test 172.90.0.0 255.255.255.0 destination 172.40.40.40
inside interface IP 172.20.20.20
outside inteface IP 192.169.1.2
interfaces inside outside (ping and icmp are allow)
static (outside, inside) 172.40.40.40 172.40.40.40
nat (outside) 5 access-list test
global (inside) 5 interface
route inside 172.40.40.40 255.255.255.255 172.30.30.30
route outside 172.80.0.0 255.255.0.0 192.168.1.1
route outside 172.90.0.0 255.255.0.0 192.168.1.1
I'm trying to nat the traffic comming from the outside interface because we want to avoid interal ip conflicts, I'm seeing the hits on the ACL
but can not telnet from 172.80.0.1 to 172.40.40.40 , there are routes and porta enable for that connection
and my flag logs shown me SaAB from the destination host, what could be the problem?
We can ping between the destination host and the pix inside interface and the icmp is allow in all the interfaces.Hello Thank you for your help, we will try to apply that command in our test .
About our test the incoming connection from 172.90.0.0 are telnet session to 172.40.40.40
So we are doing a PAT for those connection (172.90.0.0 PAT to 172.30.30.29) my question is that kind of scheme and configuration is supported on Pix Firewall?
Here is the version: PIX 525
Cisco PIX Firewall Version 6.3(5)
This is the path
MPLS PIX Destination HOST
subnet 172.90.0.0/16 ---- ------------------------- ACL TEST -PAT(172.30.30.29 inside inteface) -------- 172.40.40.40 port 25 -
Linksys WRT600N vs CISCO PIX 506E.... Firewall / Routing Performance
Hi:
I am new to the forum and was hoping to tap into some of your expertise. I have a Linksys WRT600N version 1.1 and I recently acquired a CISCO PIX 506E firewall. My question is what should I use as a firewall? Both have SPI etc. Should I:
a) Use the 506E as a firewall and use the 600 as a wireless access point, or
b) Use the 600 as a firewall and wireless access point.
Do both routers have the same firewall routing performance? I want to use the storage feautre on the 600N, but if I do that and use it as a wireless access point the 600 can't get the proper time from the Internet, so my time for newly created folders and files shows they are 10 years old.
Anyway, just thought I would post and find out what some of the experts thought and maybe someone from Linksys or CISCO. I know the 506E is discontinued and was manufactured around 2001 and the 600N is a new model.
(Edited subject to keep threads from stretching. Thanks!)
Message Edited by JOHNDOE_06 on 05-06-2008 10:41 AMThe PIX is a real firewall. The WRT has a firewall which mostly protects the router itself. People prefer to buy a "SPI firewall router" instead of a simple "router" even though the router firewall does nothing or little to protect the LAN. The only firewall configurations on the WRTs you can usually do is on the Access Restrictions tab. But that's usually all. The LAN itself is not protected by the firewall. You would notice this if you had a public IP subnet and ran it through the WRT: the LAN would be fully exposed to the internet. Some routers have a few functions like protection against denial of service attacks or similar. But even then this often filters only the traffic targeted at the router and not the LAN.
The common protection of your LAN you have on the WRT is because you use private IP addresses inside your LAN and the router does NAT. However, NAT is not a security mechanism but a mechanism to solve the problem that you can only have a single public IP address but want to use multiple computers, which is why you have to use private IP addresses. Current NAT implementations usually drop unsolicited incoming traffic because they don't know to which IP address in the LAN to send it to. But the notion of NAT is to deliver and to allow connectivity. This has nothing to do with security or a firewall.
Thus, if you want to use a real firewall use the PIX. On the PIX you can configure the traffic which is allowed to enter the LAN and which not. It is far superior in this respect to the WRT. However, as it is a older model, I cannot tell how fast the PIX is. You should be able to find the old data sheets of the PIX somewhere on the cisco website. They should mention the possible throughput. I guess it won't be an issue.
To me another point for the PIX are the VPN capabilities which allow you to securely access your LAN while you are on the road.
Of course, you must know how to configure the PIX correctly. It is a complex device and can be configured pretty much for anything you like. This means of course if you do it wrong you may end up with little or no security.
BTW, there are no people from linksys in this forums except the moderators (which may be from lithium). To hear from Linksys you have to contact Linksys support. -
Cisco Pix 501 - Need help with VPN passthrough
Greetings!
Currently I have a Cisco Pix 501 version 6.3(1) which is in front of my Windows Server 2008 box. I am fairly new to firewalling, especially with the Cisco Pix; I have been able to accomplish some port forwarding for CCTV camera software, etc. but am coming to a standstill attempting to connect a company laptop (Windows 7 Professional) to the server via VPN.
Previously we had another facility which was able to connect through VPN but it has since been removed (and always seemed to not be very stable to begin with - though it was connecting to a Server 2003 box rather than 2008).
I have been through several articles both here and other forums and have attempted several of the proposed fixes. I'm almost sure at this point I've probably opened up more of my firewall then necessary and may have duplicate information attempted to complete this passthrough. My Server 2008 resides at 192.168.1.15, below is what I have thus far. The "crypto map" sections were all completed long before I took over, I believe this is how the old VPN was set up. What I have added since beginning this endevour is the "fixup protocol pptp 1723", the "access-list" entries relating to both pptp and gre, and the "static (inside, outside)" relating to the pptp.
I am still continuously getting an error on the laptop of "800" whenever I try to connect to the VPN. Any help would be greatly appreciated as I am rapidly losing hair attempting to get this situated.
: Saved
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password RysZD25GpRAOMhF. encrypted
passwd 0I6TSwviLDtVwaTr encrypted
hostname Lorway-PIX
domain-name lorwayco.com
fixup protocol ftp 21
fixup protocol ftp 22
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list 80 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 80 permit ip 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list outside_access_in permit icmp any any
access-list outside_access_in permit tcp any any eq 50000
access-list outside_access_in permit udp any any eq 50000
access-list outside_access_in permit tcp any any eq smtp
access-list outside_access_in permit tcp any any eq www
access-list outside_access_in permit tcp host 66.242.236.26 any eq smtp
access-list outside_access_in permit tcp host 208.21.46.12 any eq smtp
access-list outside_access_in permit tcp host 68.59.232.176 any eq smtp
access-list outside_access_in permit tcp any any eq pop3
access-list outside_access_in permit tcp any any eq https
access-list outside_access_in permit tcp any any eq ftp
access-list outside_access_in permit tcp host 68.53.192.139 any eq smtp
access-list outside_access_in permit tcp any any eq ftp-data
access-list outside_access_in permit tcp any any eq 1009
access-list outside_access_in permit tcp any host 192.168.1.122 eq 7000
access-list outside_access_in permit tcp host 192.168.1.122 any eq 7000
access-list outside_access_in permit tcp any any eq 7000
access-list outside_access_in permit tcp any any eq pptp
access-list outside_access_in permit gre any any
access-list 10 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 20 permit ip 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list 30 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 74.221.188.249 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 80
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3389 192.168.1.15 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 50000 192.168.1.160 50000 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 50000 192.168.1.160 50000 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface smtp 192.168.1.15 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https 192.168.1.15 https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 192.168.1.15 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pop3 192.168.1.15 pop3 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 7000 192.168.1.122 7000 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pptp 192.168.1.15 pptp netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 74.221.188.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
snmp-server host inside 192.168.1.118
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
sysopt connection permit-l2tp
crypto ipsec transform-set lorway1 esp-3des esp-sha-hmac
crypto map lorwayvpn 30 ipsec-isakmp
crypto map lorwayvpn 30 match address 30
crypto map lorwayvpn 30 set peer 66.18.55.250
crypto map lorwayvpn 30 set transform-set lorway1
crypto map lorwayvpn interface outside
isakmp enable outside
isakmp key ******** address 66.18.50.178 netmask 255.255.255.255
isakmp key ******** address 66.18.55.250 netmask 255.255.255.255
isakmp identity address
isakmp nat-traversal 20
isakmp policy 9 authentication pre-share
isakmp policy 9 encryption 3des
isakmp policy 9 hash sha
isakmp policy 9 group 2
isakmp policy 9 lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 60
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:5c7b250c008519fe970262aa3bc28bb5
: endConfig looks good to me.
I would actually upgrade your PIX to the latest version of 6.3.x if you still have access to the software center as this PIX is on its EOL and you are running an extremely old version of code.
If you place your Windows server bypassing the PIX temporarily, I assume you are able to connect to the VPN? -
I am trying to make an IPIPGW accessible through a PIX 6.3(5) firewall. The H.323 ras and H225 fixups are enabled, but connections to the IPIPGW are not established; the firewall generates an error "call proceeding before setup". The workaround appears to be to disable both fixups and open >1024 ports, which is less than ideal. What generates the "call proceeding before setup" and can it be worked around on the IPIPGW; I've tried both slow- and fast-start connections.
Hi,
this is really an odd issue. The Q.931 sequence of call setup is:
A SETUP --> B
(optionally B can reply with "SETUP->ACK", or if it is an overlapped number, but this does not count for H.323)
B CALL PROCEEDING / PROGRESS / ALERT --> A
B CONNECT --> A
It is very basic, but in general that is the procedure. Cisco says that a SETUP message has arrived after the CALL PROCEEDING one, which is incorrect. An H.323 (H225) debug would bring some light to the issue.
We have a network of Cisco voice gateways, Call managers, thirf party gatekeepers and gateways, calling each other through a Cisco 6.4 PIX and it works (however we had some nasty troubles with path mtu discovery). -
Cisco PIX-515e reset to factory defaults
Hi,
I have a cisco PIX-515e which i have connected to a emulator through the console port, and im having trouble erasing data from it.
I can get into 'pixfirewall' mode and 'monitor' mode but thats as far as i get. i have tried 'write erase' and 'configure factory-default' in both modes to no success.
Any help would be much appreciated.
thanks,this is a little late over a year, you probably alreay figured it out. in monitor mode.
set your interface
monitor> int 0 (this doesnt matter much as long as the interface is valid)
next set the ip address of our pix
monitor> add 192.168.1.50 (this just sets the pix int 0 to this ip address)
now set the tftp server
monitor> server 192.168.1.79 (this is the ip address of my pc with a tftp server)
set the gateway
monitor> gateway 0.0.0.0 (i had much trouble with this but until i set the gateway to this it didnt work)
now back to your pc assuming you have a tftp server installed.
download the necessary recover tool at (subject to change probably) make sure you put it in your default directory of your tftp server.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml
this is key probably
if you have the wrong tool the image will download successfully to your pix but it will not do anything just stop
after the file has been received.
so if your unsure try all the images.
now back to the pix
to initiate a file download you have to declare it so
monitor> file np62.bin
and then to start the download
monitor> tftp
see below.... (entire session via console cable)
monitor> int 0
0: i8255X @ PCI(bus:0 dev:14 irq:10)
1: i8255X @ PCI(bus:0 dev:13 irq:11)
Using 0: i82557 @ PCI(bus:0 dev:14 irq:10), MAC:
monitor> add 192.168.1.50
address 192.168.1.50
monitor> server 192.168.1.79
server 192.168.1.79
monitor> gateway 0.0.0.0
gateway 0.0.0.0
monitor> file np62.bin
file np62.bin
monitor> tftp
tftp [email protected].....................................................
Received 73728 bytes
Cisco Secure PIX Firewall password tool (3.0) #0: Wed Mar 27 11:02:16 PST 2002
System Flash=E28F128J3 @ 0xfff00000
BIOS Flash=am29f400b @ 0xd8000
Do you wish to erase the passwords? [yn]
if that doesnt work im not sure just try the other images. -
Cisco PIX-515e reset to factory defaults *Expert Advice Only Please*
Hi,
I have a cisco PIX-515e which i have connected to a emulator through the console port, and im having trouble erasing data from it.
I can get into 'pixfirewall' mode and 'monitor' mode but thats as far as i get. i have tried 'write erase' and 'configure factory-default' in both modes to no success.
When i last posted this i had alot of replies mentioning ROMMON mode but i want to stress the PIX 515e does not have ROMMON mode it has MONITOR mode however the commands are not the same as ROMMON commands.
Any help would be much appreciated.
thanks,8 MB RAM
PCI Device Table.
Bus Dev Func VendID DevID Class Irq
00 00 00 8086 7192 Host Bridge
00 07 00 8086 7110 ISA Bridge
00 07 01 8086 7111 IDE Controller
00 07 02 8086 7112 Serial Bus 9
00 07 03 8086 7113 PCI Bridge
00 0D 00 8086 1209 Ethernet 11
00 0E 00 8086 1209 Ethernet 10
00 11 00 14E4 5823 Co-Processor 11
00 13 00 8086 B154 PCI-to-PCI Bridge
01 04 00 8086 1229 Ethernet 11
01 05 00 8086 1229 Ethernet 10
01 06 00 8086 1229 Ethernet 9
01 07 00 8086 1229 Ethernet 5
Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001
Platform PIX-515E
System Flash=E28F128J3 @ 0xfff00000
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Reading 123392 bytes of image from flash.
PIX Flash Load Helper
Initializing flashfs...
flashfs[0]: 8 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 16128000
flashfs[0]: Bytes used: 13963264
flashfs[0]: Bytes available: 2164736
flashfs[0]: Initialization complete.
Booting first image in flash
Launching image flash:/pix722.bin
128MB RAM
Total NICs found: 6
mcwa i82559 Ethernet at irq 10 MAC: 0016.9da2.5907
mcwa i82559 Ethernet at irq 11 MAC: 0016.9da2.5908
mcwa i82559 Ethernet at irq 11 MAC: 000d.8810.d91c
mcwa i82559 Ethernet at irq 10 MAC: 000d.8810.d91d
mcwa i82559 Ethernet at irq 9 MAC: 000d.8810.d91e
BIOS Flash=am29f400b @ 0xd8000 MAC: 000d.8810.d91f
Initializing flashfs...
flashfs[7]: 8 files, 3 directories
flashfs[7]: 0 orphaned files, 0 orphaned directories
flashfs[7]: Total bytes: 16128000
flashfs[7]: Bytes used: 13963264
flashfs[7]: Bytes available: 2164736
flashfs[7]: flashfs fsck took 15 seconds.
flashfs[7]: Initialization complete.
Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.
Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
| |
||| |||
.|| ||. .|| ||.
.:||| | |||:..:||| | |||:.
C i s c o S y s t e m s
Cisco PIX Security Appliance Software Version 7.2(2)
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to [email protected].
******************************* Warning *******************************
Copyright (c) 1996-2006 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cryptochecksum (unchanged): 43dccc97 2fb4bfec 15a33bef dad78b7e
Type help or '?' for a list of available commands.
pixfirewall>
I am unable to get onto enable mode because i do not no the password? any idea of a way round, i need to get into that enable mode.
Maybe you are looking for
-
Laserjet CP1025nw color black and magenta lights blinking
Both the black and magenta cartridge lights are blinking even after replacing both with brand new genuine HP cartridges. Printer will not print configuration page or status page. It is completely unresponsive. I've tried a full power reset - unpl
-
How do I get from A to B? (Photo Example)
I'm currently working on making my Game of Thrones Risk Board Map. I've got to clean it up quite a bit before it's done, though. I'm not quite sure how I would do the following: Make the smooth black lines used for the internal borders Thicken the al
-
Odd Behavior with Segmented Control (iPhone OS 3.1)
I have this method, which is supposed to change the color that a shape is to be drawn in when I change the value of a segmented control: - (IBAction)changeColor: (id)sender { UISegmentedControl *control = sender; NSInteger index = [control selectedSe
-
Help required :BAPI_LEAD_CHANGEMULTI
Hi Experts, I have created a Lead from T-code CRMD_BUS2000108. The status of the LEAD is Open. I want to change the status of lead from Open to Closed with the help of BAPI :BAPI_LEAD_CHANGEMULTI but the lead is not getting updated. Please provide
-
Hyperlinks not working in Acrobat 5
Greetings -- When using the link tool to create a link in a PDF doc, it all seems to work fine but when I click on the newly embedded link, it goes nowhere. It's a WWW hyperlink and the hand points and a small w appears on the back of the hand but do