PIX 525 UR With 1 4-Port FE, 1 VPN Accel Card

Similar Messages

• Cisco pix 525 and 515 cannot archieve configuration in LMS 3.0.1

  Hi,
  we have several cisco pix 525 and 515 cannot archieve configuration in LMS 3.0.1
  Any help would be greatly appriciated.
  Thanks in advance
  Samir

  Hi,
  Here is the output.
  *** Device Details for  ***
  Protocol ==> Unknown / Not Applicable
  Selected Protocols with order ==> TFTP,SSH,HTTPS
  Execution Result:
  RUNNING
  CM0151 PRIMARY RUNNING Config fetch failed for ********* Cause: SSH: Failed to establish SSH connection to 10.192.18.10 - Cause: Authentication failed on device 3 times.
  Action: Check if protocol is supported by device and required device package is installed. Check device credentials. Increase timeout value, if required.
  But when I do mangement station to Device  it gives me following results:
  Interface Found:  10.192.18.10
  Status:  UP
  Test Results
  UDP     Failed
        sent: 5 recvd: 0 min: 0 max: 0 avg: 0 timeout: 2 size: 64 protocol: udp port: 7
  TCP     Failed
        sent: 0 recvd: 0 min: 0 max: 0 avg: 0 timeout: 0 size: 0 protocol: tcp port: 7
  HTTP     Failed
        sent: 0 recvd: 0 min: 0 max: 0 avg: 0 timeout: 2 size: 33 protocol: http port: 80
  TFTP     Failed
        sent: 5 recvd: 0 min: 0 max: 0 avg: 0 timeout: 2 size: 25 protocol: tftp port: 69
  SNMPRv2c(Read)     Okay
       sent: 5 recvd: 5 min: 0 max: 0 avg: 0 timeout: 2 min_size: 1472 protocol: snmpv3_get port: 0
  SNMPWv2c(Write)     Failed
        sent: 5 recvd: 0 min: 0 max: 0 avg: 0 timeout: 2 min_size: 1472 protocol: snmpv3_set port: 0
  SSHv2     Failed
  TELNET     Okay
  Waiting for your reply.
  Samir

• PIX 525 Cluster

  We currently had to RMA both PIX 525s due to increasing crc errors. After swapping the old ones with the new we are still seeing crc errors on all gig interfaces. We have swapped the gig nic's and the sfp's and the fiber patch cables, yet still the crc errors continue to climb. Another thing that's interesting is that when we disconnect the secondary we see an increase in throughput. Any insight as to what else could be causing the errors would be appreciated.
  Sent from Cisco Technical Support iPhone App

  Hello,
  First, double check the speed/duplex configuration and make sure they match on both ends of each cable. Also, CRC errors are usually caused by the transmitter, but they show up as errors on the receiver side. Therefore, if you're only seeing CRC errors on the PIX and the switch ports look clean, I would focus on why the switch is corrupting the packets. You might try moving the cables to a different unused switch port and see if that helps.
  -Mike

• Pix 525 6.2 Mac control

  Hello, I'm trying to configure a pix 525 with 6.2 firmware version, usually I would try this:
  mac access-list extended (name)
  permit host (mac) any
  int f0/0
  mac access-group (name) in
  but this pix doesn't have mac commands. Can someone help me?
  Thanks
  Mario Silva

  Hello;
  That does not work unless u are running in transparent mode.
  Hope it helps.
  Mike
  Sent from Cisco Technical Support Android App

• Pix 525 I need erasedisk.bin

  hey ,
  i have PIX 525 can any one provide me with  erasedisk.bin  to erase my flash memory
  thnx in advance ,

  From the cisco.com terms and conditions:
  "You may not post, modify, distribute, or reproduce in any way copyrighted or other proprietary materials without obtaining the prior written consent of the copyright owner of such materials. We may terminate an account, deny access to a site or service, or terminate any user who is alleged to have infringed the copyright or proprietary rights of another."
  This is further reinforced in the CSC-specific Acceptable Use Agreement.
  You need to ask the TAC (or your reseller) for binaries.

• Two aaa-server TACACS+ in PIX 525

  I have a PIX 525 with two aaa-server for TACACS+; My aaa comands are configured by default.
  I understand that my aaa-server TACACS+max-failed-attempts "number" have a "3" times to declare my aaa-server unresponsive and move on to try the next server in the list.
  Once it happens, how long does the aaa requests are send to the secundary aaa-server?
  Can somebody of you can help me? I want to keep my first aaa-server as primary and just in case of failure use the second aaa-server.
  Thanks a lot.

  The timeout interval also has to be configured for the request. This is the time after which the PIX Firewall gives up on the request to the primary AAA server. If there is a standby AAA server, the PIX Firewall will send the request to the backup server. The retransmit timeout is currently set to 10 seconds and is not user configurable.

• Cisco Pix 525 VPN - iPhone/iPad won't connect

  hi,
  i have one of the most basic configurations on a PIX 525 with remote access enabled. i am able to connect from a desktop machine running the cisco vpn client but for some reason i cant get my iphone or ipad to connect to my vpn. i get the error message stating 'the server did not respond'.
  i am running ios 8.0.4 and i have a 3DES license which is required from what i understand.
  im starting to think that this really is in the configuration. could it be the transform set specification?
  can some one shed some light on this subject?
  below is close to the current configuration, but its not exact, some things in it were corrected, so ignore them. it is the best i have, since i am away for the holiday. it should give insight into any areas that might be part of the problem.
  thcvpn01(config)# show config
  : Saved
  : Written by enable_15 at 07:33:33.113 UTC Fri Nov 8 2013
  PIX Version 8.0(4)
  hostname thcvpn01
  domain-name somewhere.net
  enable password* encrypted
  passwd * encrypted
  names
  interface Ethernet0
  nameif outside
  security-level 0
  ip address dhcp setroute
  interface Ethernet1
  nameif inside
  security-level 100
  ip address 10.1.1.1 255.255.255.0
  interface Ethernet2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet4
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet5
  shutdown
  no nameif
  no security-level
  no ip address
  ftp mode passive
  dns domain-lookup outside
  dns domain-lookup inside
  dns server-group DefaultDNS
  name-server 208.67.222.222
  name-server 208.67.222.220
  domain-name somewhere.net
  same-security-traffic permit intra-interface
  object-group icmp-type ICMPObject
  icmp-object echo-reply
  icmp-object source-quench
  icmp-object time-exceeded
  icmp-object unreachable
  access-list outside_access_in extended permit icmp any any object-group ICMPObje
  ct
  access-list inside-nat0 extended permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.2
  55.255.0
  access-list SPLIT-TUNNEL standard permit 10.1.1.0 255.255.255.0
  pager lines 24
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  ip local pool ThcIPPool 10.1.2.1-10.1.2.50 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  nat-control
  global (outside) 101 interface
  nat (outside) 101 10.1.2.0 255.255.255.0 outside
  nat (inside) 0 access-list inside-nat0
  nat (inside) 101 10.0.0.0 255.0.0.0
  access-group outside_access_in in interface outside
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 10.1.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set THCTransformSet esp-3des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map THCDynamicMap 1 set transform-set THCTransformSet
  crypto dynamic-map THCDynamicMap 1 set security-association lifetime seconds 288
  00
  crypto dynamic-map THCDynamicMap 1 set security-association lifetime kilobytes 4
  608000
  crypto dynamic-map THCDynamicMap 1 set reverse-route
  crypto map THCCryptoMap 1 ipsec-isakmp dynamic THCDynamicMap
  crypto map THCCryptoMap interface outside
  crypto isakmp enable outside
  crypto isakmp policy 1
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 43200
  crypto isakmp policy 65535
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp nat-traversal 30
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 outside
  ssh timeout 5
  ssh version 2
  console timeout 0
  dhcpd address 10.1.1.50-10.1.1.254 inside
  dhcpd dns 208.67.222.222 208.67.222.220 interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  group-policy THCVpnGroup internal
  group-policy THCVpnGroup attributes
  dns-server value 208.67.222.222 208.67.222.220
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelall
  username [username] password [password] encrypted
  tunnel-group THCVpnGroup type remote-access
  tunnel-group THCVpnGroup general-attributes
  address-pool ThcIPPool
  default-group-policy THCVpnGroup
  tunnel-group THCVpnGroup ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
  message-length maximum 512
  policy-map global_policy
  class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect icmp
  inspect icmp error
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:d57ad5e7f32936cf000c4be69d4385cb
  thcvpn01(config)#
  thcvpn01(config)#
  thcvpn01(config)#
  jeff

  hi,
  as a primary note, the people at apple's genius bar are not genious. they do not know that the following, so if you found your way here. awesome.
  the correct answer is that the iphone and ipad only supports aes. you have to modify the crypto map to use aes as well as modify the isakmp service to use aes. i believe it supports all aes options, aes, aes 192 and aes 256.
  in all of the frustration, do not, as i did, forget that your username is case sensitive.
  jeff

• I have a MBPro mid 2013 with 1 Thunderbolt port. Just bought a Mac monitor and want to daisy chain a PC monitor to it. Use a Mini DVI to VGA adapter from MBP to PC monitor. How do I daisy chain the 2 monitors?

  I have a MBPro mid 2013 with 1 Thunderbolt port. Just bought a Mac monitor and want to daisy chain a PC monitor to it. Use a Mini DVI to VGA adapter from MBP to PC monitor. How do I daisy chain the 2 monitors?

  Hall Palm Desert,
  if your Mac monitor has Thunderbolt ports, and the PC monitor is on the end of the daisy chain, then you might be able to do it by connecting your PC monitor’s VGA cable to a Mini DisplayPort-to-VGA adapter (e.g. Apple, NewerTech), connecting that cable’s Mini DisplayPort end to one of the Mac monitor’s Thunderbolt ports, and then connecting a Thunderbolt cable between the other port on the Mac monitor and your MacBook Pro.

• Connectivity Issues with USB 3 ports on macbook pro

  Hi,  I have a zoom r24 which is no longer working as an audio interface with my new macbook pro.  I have read a lot about issues with USB 2 devices not being compatible with USB 3 ports on the macs. This seems to be midi as well as audio devices.  Can anyone recommend or point me to a list of supported devices for both audio and midi which are guaranteed to work with a late 2013 macbook pro retina display.  I cant afford a thunderbolt device.  Thanks steve

  Just a wild thought here, but have you tried inserting a powered USB 2.0 hub between the MacBook and the interface?

• How to connect my stack to my wireless access router(with hard connection ports)

  Ok, here is the story. I have my cisco stack of routers and switches in my living room and my fiancee is getting on my case to move it. I can not go downstairs since she keeps the temp in the house at 58 degrees upstairs so I want a way to connect my stack to the access router network so I can access my stack from anywhere in the house. I have a 3640 with a 32 port async module in it for my access server to connect to the other devices. The devices are a 2 3550 24 port switches, a 48 port 3750 with poe, a 24 port 3560, and a 2950g 24 port switch. For the routers I have the 3640 for the access server, a 3745, 3725, 3825, 2620xm and 2 1841 ISR Routers. I believe I need to connect it to the hard ethernet port with another ethernet port on one of the routers but which one and whether it has to be a router or if a switch port would work if it was trunking. I would appreciate any documentation or actual help if possible asap so I can not get yelled at when I am training. 
  Thanks everyone,
  Jamie

  Hi there, these instructions should work best for you.
  Can I use my wireless or an extra router along with the Verizon provided router?

• I am trying to connect a 24" cinema display with mini display port cable to a 24" imac with a displayport - is there a cable for this as these two connections are two different sizes

  I am trying to connect a 24" cinema display with mini display port cable to a 24" imac with a displayport - is there a cable for this as these two connections are two different sizes

  Hi Gilly,
  I have no proof, but I think it will not work with an adapter, only Mini Display Port or Thunderbolt.

• I have an Apple MacBook Pro with 2 USB ports and a MiniDisplay Port. I also have an HDTV with a HDMI port. How can I use the TV as a display without any tethering wires between my computer and the TV?

  I have an Apple MacBook Pro with 2 USB ports and a MiniDisplay Port. I also have an HDTV with a HDMI port. How can I use the TV as a display without any tethering wires between my computer and the TV? I have a MiniDisplay Port to VGA adapter, but there are two issues with it: The new display doesn't have a VGA port, and even if it did, I wouldn't want to have my mac constantly attached to the display by a cable. I was looking for a way to use the TV as a display without any wires. Is there some type of bluetooth setup I could use? Please let me know if you have any suggestions.

  As I wrote above, I think you should look into the Apple TV yourself. The best place to find information about what it can and can't do and to ask your own specific questions is probably in the Apple TV forum, here:
  https://discussions.apple.com/community/appletv/appletv

• I have an Retina display MacBook Pro with HMDI out port. I also have an HDMI to Component cable with Audio Plugs. How can I get HDMI out to work with this cable when plugged into the Component and Audio ports on my TV?

  I have an Retina display MacBook Pro with HMDI out port. I also have an HDMI to Component cable with Audio Plugs. How can I get HDMI out to work with this cable when plugged into the MacBook Pro and connected to the TVs Component and Audio in ports.

  Will not work.  To my knowledge, dual converting like that isn't supported.  The Mac must detect the connected video output device and that sort of info cannot be done across an analog component uni-directional connection.

• Is anyone else experiencing problems with the thunderbolt port on their Mac Mini's regarding using it to connect a second monitor? I've got the Mini Display Port to DVI-D adapter along with a DVI-D cable and I can't get an image on the second monitor.

  I had an dual display image / setup working twice for a few seconds, but then it cut out. I think there may be a problem with the thunderbolt port.

  As far as I can tell you have only listed that you have a DVI monitor connected to the Mini Displayport socket (i.e. the Thunderbolt socket) via presumably the Apple Mini Displayport to DVI adapter and a DVI to DVI cable.
  You don't appear to have listed what the second monitor is and how it is connected (even though not working). As such I cannot tell what may be wrong.

• Can I connect a USB 2 sound card to a Macbook equipped only with USB 3 ports?

  Hello,
  I just learned I might have to purchase a new Macbook because my USB ports are fried and I was looking at purchasing a refurbished Macbook pro from 2012:
  http://store.apple.com/ca/product/FD101LL/A/refurbished-133-inch-macBook-pro-25g hz-dual-core-intel-i5
  the only trouble is I make music with a MOTU Audio Express sound card, and it only has a USB 2 port and a bus-powered Firewire (which I don't like using since it hasn't been too reliable in the past).
  http://www.motu.com/products/motuaudio/audio-express/summary.html
  Unfortunately, it seems that the Macbook I'm looking into purchasing only has USB 3 ports, and I looked for info on USB 3->USB 2 adapters online and this simply doesn't seem to exist. The only info I managed to find on this subject was this little bit on the Apple website:
  Can a USB 2 cable be used to connect a USB 3 device to my computer?
  If the device end of the cable fits into the connector on the device, yes. However, because it has fewer wires, you won't get USB 3 speed and power may be limited to 500 mA.
  does this mean that I can connect a USB 2 cable from the USB 2 port of the MOTU sound card to the USB 3 port on the Macbook? I'm OK with the power and the speed being limited to USB 2 power, I just want to make sure I can actually use my sound card with this new Macbook.
  Thanks!

  I think I'm understanding this a bit more now.
  Here is the cable that I use:
  http://www.amazon.ca/USB-Cable-Type-Male-Black/dp/B00183I7EE
  The Type A part is the one that I'm currently putting into the Macbook and the Type B part goes in the sound card.
  Would this work with a USB 3.0 port on the Macbook?
  Thanks for your time and patience...