PIX 506 (6.3) configuration query

Similar Messages

• PIX 506 & 3000 Concentrator

  I have a site to site VPN from my PIX to a clients VPN 3000 concentrator. The tunnel drops when there is no traffic and only comes back up when they ping or generate trafic from the VPN concentrator 3000, Till then trafic through the PIX 506 does not go through. Please help??

  DPD or dead peer detection which is enabled by default should prevent this. Guess, you are running an older version of the OS that does not support DPD. Support for DPD on Cisco VPN 3000 Concentrator starts with software version 3.0 and on the PIX Firewall with software version 6.0(1). You will need to upgrade to these versions.

• PIX 506 - Limited Throughput ?

  Hi
  I recently found a use for an old PIX 506 that I found in our store cupboard.
  After doing a 'show ver' I noticed that although the number of internal hosts was unrestricted, the throughout is 'limited'. The outside ethernet is registering as 10/half.
  Can anyone please tell me what the limitation is ? Is it just the difference between 10 and 100 Mbps ?
  Rgrds

  Hi,
  Concerning the last post by Vibhor which appears to be incorrect as I have a PIX 506e here which is limited to 10Mb Full
  as the below show ver indicates.
  Hardware:   PIX-506E, 32 MB RAM, CPU Pentium II 300 MHz
  Flash E28F640J3 @ 0x300, 8MB
  BIOS Flash AM29F400B @ 0xfffd8000, 32KB
  0: ethernet0: address is 0009.7c48.c0db, irq 10
  1: ethernet1: address is 0009.7c48.c0dc, irq 11
  Licensed Features:
  Failover:           Disabled
  VPN-DES:            Enabled
  VPN-3DES:           Enabled
  Maximum Interfaces: 2
  Cut-through Proxy:  Enabled
  Guards:             Enabled
  URL-filtering:      Enabled
  Inside Hosts:       Unlimited
  Throughput:         Limited
  IKE peers:          Unlimited
  Is this a licensing limitation?
  Thanks
  DGW

• Pix 506 E with cable modem

  Im trying to get a dhcp address from my cable modem to my pix 506 e but it fails
  "ip address outside dchp setroute"
  somebody know how to get this working?

  Try decreasing the MTU size to 1370. You can do that via the GUI.

• Cisco Pix 506 Blocks certain websites in Win 7/Vista but not XP

  We have been using a Pix 506E with Websense for many years and it has worked fine.  We recently got rid of Websense, deleted all references to it in our configuration, and now on Win 7/Vista machines, certain websites are not accessible, yet are accessible on XP machines.  When the Win 7 machine is taken off site, the websites are accessible.  How do we correct this?  If I have to post my configuration, what should not be shown?

  We have been using a Pix 506E with Websense for many years and it has worked fine.  We recently got rid of Websense, deleted all references to it in our configuration, and now on Win 7/Vista machines, certain websites are not accessible, yet are accessible on XP machines.  When the Win 7 machine is taken off site, the websites are accessible.  How do we correct this?  If I have to post my configuration, what should not be shown?

• Configure "Query Builder" for Theta-Style Joins over ANSI-Style Joins

  Can SQL Developer be configured to auto generate theta-style joins instead of ANSI-style joins when building queries? This happens when I generate a query using the Query Builder and then switch over to the Worksheet tab to see the SQL code.
  Sample code:
  Theta-style join syntax uses commas to separate multiple table names and creates the joins in the Where clause:
  SELECT c.name
  FROM instructors i, courses c
  WHERE i.firstname = 'Mary' AND i.lastname = 'Williams'
  AND i.course_id = c.course_id;
  ANSI syntax uses the JOIN and ON keywords instead:
  SELECT c.name
  FROM instructors i JOIN courses c
  ON i.course_id = c.course_id
  WHERE i.firstname = 'Mary' AND i.lastname = 'Williams';

  Hi Wes,
  There is no preference for configuring this that I know of, but Query Builder is fairly clever about detecting your flavor of SQL from the worksheet then sticking with it. If you design it graphically, the default flavor is ANSI, but QB seems to respect any worksheet edits that switch it to another flavor. I wouldn't vouch for that absolutely, but perhaps it's behavior you can take advantage of.
  Regards,
  Gary
  SQL Developer Team

• URL Filtering w/ PIX 506

  A customer called me to ask about URL filtering. He bought a 506 a little over a year ago. I haven't been on site to see exactly what IOS he has, but he wants to know if he can filter certain web sites from certain PCs. Of course the answer is yes, but I need to know more about the capabilities of the 506 URL filtering capabilities. Can I create a "White list" for certain PCs in an address range and allow full access to other PCs?
  The real problem is on 3 PCs that midnight shift users like to use for porn surfing!
  If the 506 can't do the filtering, then I may just add a local piece of software on the 3 problem PCs.
  Any advice on the 506 capabilities would be appreciated.

  hi
  You can use websense in addition to PIX F/W to filter the traffic based on the URL,which is most widely deployed,but again u need to decide the cost factor involved in doing so.
  regds

• PIX 506 vs. 1812?

  I have the following situation:
  1 secure employee network (no Internet Connection, only terminal sessions to OPEN
  network)
  1 open employee network (with Internet Connection)
  1 guest WLAN (Internet Connection ONLY - no local access)
  I've been recommended to use either a PIX 506E or a 1812 router.
  Which is the better for this task?
  Approx. 30 users and 10Mbps WAN connection, secure/open network placed in separate VLANs on Catalyst 2950.

  PIX 506E should be best suitable for the task. check out the following link for information on configuring PIX 506E :
  http://www.cisco.com/application/pdf/en/us/guest/products/ps2030/c1616/ccmigration_09186a0080177097.pdf

• ESS/MSS configuration query

  Hi
  DO we have mention  system alias like 'SAP_ECC_Common' while configuring ESS/MSS package on Portal 7.0 for any of the system that has been created on Portal.
  Regards
  Nidhideep Bhandari

  Hi,
  Please go through these links:
  ESS/MSS Customization – Make it Simple
  ESS & MSS Config Guides
  ESS: <http://help.sap.com/saphelp_erp2005vp/helpdata/en/1d/3a554056bd1f24e10000000a1550b0/frameset.htm>
  MSS: http://help.sap.com/saphelp_erp2005vp/helpdata/en/31/3a1665fe7741d5b6501cd505a6bd82/frameset.htm
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/21eb036a-0a01-0010-25a3-b2224432640a
  https://www.sdn.sap.com/irj/sdn/developerareas/contentportfolio
  Hope this helps....
  Regards,
  Mona
  Edited by: Mona Kapur on Jan 11, 2008 11:53 AM
  Edited by: Mona Kapur on Jan 11, 2008 12:10 PM

• WLC 5508 Configuration Query

  Hi Team,
  Just i want to know below configuration are possible with WLC 5508.
  Can  we define specific timing to keep an account enabled. For e.g. 9:00AM to 9:00 PM  from <x> date to <y> date?
  -          Can  we authenticate the “lobby admin” user through TACACS?
  -          Can  we enforce password change for guest user when he login for the first  time?
  Regards,
  Jana

  You can do this with Cisco's ISE, but not all just using the WLC lobby admin feature
  Can  we define specific timing to keep an account enabled. For e.g. 9:00AM to 9:00 PM  from date to date?
  > No... the lobby admin can create only from the start of the guest credential creation and can set how many days, hours, minutes, seconds, until that credential expires.
  -          Can  we authenticate the “lobby admin” user through TACACS?
  > Yes
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080851f7c.shtml
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080871921.shtml
  -          Can  we enforce password change for guest user when he login for the first  time?
  > No you can't
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Re: CCMS Configuration Query

  Hi,
  I have dought in configuration of CCMS. We need to define RFC Designation in CEN. Is there any configuration to be made in remote system(ABAP system).
  Regards,
  vivek

  Hi,
  Plese check the link below
  http://help.sap.com/saphelp_nw70/helpdata/EN/76/e670375fbf307ee10000009b38f8cf/frameset.htm
  Hope it helps you.
  Rgds,
  Suman

• Airport Configuration Query

  Not schooled with Apple products but would want to add a configuration for the Apple Time Capsule which I believe to contain the Airport wireless connectivity. How does one connect to the configuration interface in order to allow additional users internet access through the MAC address? I have tried to connect to the device through its IP address with no success. Is an ethernet cable required? Seeking guidance

  Hi,
  I've just set a bunch of these up. You want to hide the IP address an use MAC address instead? If so, I can't advise you. But, if you just want other users to see and connect to your Extreme wirelessly, go to manual setup, wireless tab, and in "wireless mode" select "create a wireless network" from the drop-down. Leave everything else automatic. If you are in a situation where you need security, on same tab (wireless mode)select WPA/WPA2 from the wireless security drop-down and create a password. then give it to your other authorized users. I don't know about MAC address manipulation or control, so I just avoided it, leaving the Access Control tab (MAC address access control) as "not enabled."
  This scheme worked for me, and I have 5 units set up for a roaming network, with no problems (except the one in the previous post) on any of it. People can be anywhere at my property and they can log in with no problems and have full access to all resources.
  Good luck!

• PIX 506 Config

  Hello;
  I would like to edit the config to open up a FTP port, but need to know the exact steps/procedures.
  1.) I can remote in via the LAN with Hyperterm.
  2.) Can probably use a system to console in if necessary.
  Here's part of the config for the ACL I would like to update:
  access-list outside_in permit tcp any host <public IP> eq www
  access-list outside_in permit tcp any host <public IP> eq https
  Would this be the correct access list entry for ftp to this system?
  access-list outside_in permit tcp any host <public IP> eq ftp
  I just need to know:
  1.) Once I remote in, can I somehow place this acl line right below the https one?
  2.) Can I use a TFTP program and move a text file config onto the PIX?
  3.) If I need to revert back or erase the line, would I just type:
  no access-list outside_in permit tcp any host <public IP> eq ftp
  Thanks, Steve

  That's correct:
  access-list outside_in permit tcp any host eq ftp
  To insert it you can do:
  access-list outside_in line 3 permit tcp any host eq ftp
  The "line 3" will insert ABOVE the existing line 3. It will make the current line 3, line 4.
  You can use tftp by using write net.
  And to remote your line, you do exactly like you have it.
  Don't forget your statics though.
  static (inside, outside) netmask 255.255.255.255
  clear xlate
  --John

• ADFS Deployment and Configuration Query

  Hi All, 
  I have 2 questions that I am hoping you can help me with:-
  1. Can I install the ADFS Proxy Server Role on a Server that is already a federation server?
  2. When adding a manual relying party trust, this article mentions the importing of a certificate. http://technet.microsoft.com/en-us/library/dn486828.aspx. What certificate is it referring too?
  kind regards
  Hendy

  Hello,
  please follow
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/195399e6-b5dd-46cf-a351-228bd62b24d8/adfs-specific-question-post-on-the-adfs-forum?forum=winserverDS to ask AD FS related questions.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Order By in Named Query

  Hello,
  is it possible to set ORDER BY in a Named Query Expression build through the Expression Builder?
  Or is it possible to trigger this while executing the Named Query in the UnitOfWork?
  Thanks,
  Thomas

  Nemata,
  The mapping editor in JDeveloper does not yet allow you to configure query ordering. To do this you will need to write a piece of code called an after-load or ammendment method that customizes descriptor configuration when being loaded from the XML representation. In this method you will look up the query you defined and customize any additional settings, such as ordering.
  An example after-load method would be placed on any arbitrary helper class and would look like:
      public static void afterLoadEmployee(ClassDescriptor descriptor) {
          ReadAllQuery raq = (ReadAllQuery)descriptor.getDescriptorQueryManager().getQuery("findAllEmployee");
          raq.addAscendingOrdering("lastName");
      }To have this method invoked you will need to configure it on the descriptor in the JDeveloper mapping editor.
  1. In the structure pane when the map is selected go to the descriptor for the class you wish to customize its query.
  2. Using the right mouse menu on the descriptor select the advanced properties sub-menu and select 'after-load'. This will enable the additional after-load tab on the descriptor's editor.
  3. In this after-load panel you will need to specify the helper class where the static after-load method is written as well as the signature for the method wanted.
  Now, the next time the application is run this method will be invoked and you ordering customizations will be applied.
  This may sound a little complex but is a very useful technique for configuration or customization of descriptor, mapping, or query parameters that are not visible in the mapping editor or are more easily accomplished through code.
  Doug