STP and PIX
Can a PIX 515e participate in STP?
Where two switches are used to interconnect the same two computer network segments, STP is a protocol that allows the switches to exchange information so that only one of them will handle a given message that is being sent between two computers within the network. The spanning tree protocol prevents loops.
The Pix is not a switch, hence it doesn't participate in STP. You might say that the Pix 501 has a built-in switch, but that too doesn't run STP.
Hope that helps! If so, please rate.
Thanks
Similar Messages
-
Problem with VPN by ASA 5505 and PIX 501
Hi
I have this scenario: Firewall ASA 5505, Firewall Pix 501 (with CatOS 6.3(5) ).
I have configured this appliance for Easy VPN (server is ASA) and PIX, and remote Access with Cisco client vpn (for internal lan ASA).
When i configure the ASA i have this problem, when i configure nat for easy vpn.
This is my nat configuration:
nat (inside) 0 access-list 100
nat (inside) 1 192.168.1.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
nat (inside) 0 0.0.0.0 0.0.0.0 outside
when i put this command:
nat (inside) 0 access-list no-nat
this command is necessary for configuration of easy vpn, but the previous nat:
nat (inside) 0 access-list 100
is replace with the latest command.To identify addresses on one interface that are translated to mapped addresses on another interface, use the nat command in global configuration mode. This command configures dynamic NAT or PAT, where an address is translated to one of a pool of mapped addresses. To remove the nat command, use the no form of this command.
For regular dynamic NAT:
nat (real_ifc) nat_id real_ip [mask [dns] [outside] [udp udp_max_conns] [norandomseq]]
no nat (real_ifc) nat_id real_ip [mask [dns] [outside] [udp udp_max_conns] [norandomseq]]
For policy dynamic NAT and NAT exemption:
nat (real_ifc) nat_id access-list access_list_name [dns] [outside] [udp udp_max_conns] [norandomseq]
no nat (real_ifc) nat_id access-list access_list_name [dns] [outside] [udp udp_max_conns] [norandomseq] -
Photoshop Elements 8 Mac - All fonts look jagged and pixely
HI,
I have the problem that all fonts look jagged and pixely when using Photoshop Elements 8 on Mac OS X 10.6.3. I am using the right image size 300dpi and so forth. Interestingly enough this only happens in Photoshop. If I repeat the procedure in Pixelmator everything is normal.
I would really appreciate any suggestions.Are you simplifying the font layer and then making it larger? Can you explain exactly, step by step, what you're doing?
-
Problems sending audio to and from STP and then back into FCP
I am having problems getting audio clips back into FCPro 5 after sending them to STP and editing them.
This is my process: "Send" mono file to STP as new audio project file.
Save it in the dialog that opens with "sent" at the end...then it opens in STP.
Edit it.
Save it and select include audio source files.
Switch back to FCPRo and I have a warning "Some Files Went offline", namely the one I just sent to Soundtrack. The clip is now apparently offline and white colored but now has the file name with "sent" included.
Where did I go wrong? This was working for me previously.
Dave Beaty all the latest SW versions ect...
imacs Dual G5's, G4's Other OSHi Blearyeyes,
I was just relaying what I've heard about the media going offline--I didn't claim that it made sense to me in these sorts of workflows where you know you are changing the media in STP, because you've just sent it to STP to be modified.
I've since dug through the FCP manuals, and it looks like it's the FCP rules about when a clip is considered to be offline that we're hitting--in the User Manual Part 2, on pages 79-80 there are some details about what causes the clip to go offline.
Here is one of the key statements from page 80--a clip is considered offline, "when a media file is modified, moved, or deleted, the modification date of the media file is changed, or the scratch disk becomes unavailable." -
Recommanded reboot of cisco routers and pix
is it recommanded to reboot all networking equipents which are on for 24 hours once in six month time ?
is there any documentation related to this please let us kow
regards
pushpakNope. You can have the devices on for years if you are not seeing any issues and have no need for an IOS upgrade. That being said you may not want to go for years without doing any sort of IOS upgrade. Keep a check on security advisories. I personally have seen 6500's and PIX's with over 1000 days of uptime. These are not your average MS Server.
-
Logic Studio: Anyone using STP and WaveBurner to "master" L8 material?
Prior to Studio, I would mastering right in DP, burn in Toast. Or use DSP-Quattro if I needed the playlist function.
Since STP and WB are included in Studio, I was curious if people are using them to master Logic audio projects? Both interfaces look clean and easy to work with.
User impressions???hi
I compose music and create sound design for TV commercials & short film projects.
I also use Logic Pro for all my music composition, but bounce into STP for mastering.
I don't use WaveBurner as most my work does not end up on CD.
gavin little
echolab
dublin, ireland
http://www.echo-lab.com
http://www.imdb.com/name/nm1962022/ -
Problem with VPN Client and PIX 7.0(5)
Hi, i have a problem configuring my pix 525 7.0(5) as a remote vpn server. I already configure the pix
sollowing this instructions (http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml)
and i can establish a vpn using CISCO VPN Client; but i can't reach any resource from my inside network or any network define in the PIX.
I think that could be a missing nat or an acl; but i have do a lot of research but i can figure out the solution.
This is the configuration i apply
access-list cryptomap-scada extended permit ip any 172.10.0.0 255.255.255.0
access-list acl-vpn-sap-remoto extended permit ip any 172.16.42.64 255.255.255.224
access-list acl-vpn-sap-remoto extended permit icmp any 172.16.42.64 255.255.255.224
access-list acl-vpn-sap-remoto extended permit ip any any
access-list acl-vpn-sap-remoto extended permit icmp any any
ip local pool pool_vpn_sap 172.*.*.1-172.10.0.254 mask 255.255.255.0
nat (inside) 0 access-list cryptomap-scada
group-policy VPN_SAP_PED internal
group-policy VPN_SAP_PED attributes
vpn-filter value acl-vpn-sap-remoto
vpn-tunnel-protocol IPSec
username vpnuser password **** encrypted
username vpnuser attributes
vpn-group-policy VPN_SAP_PED
crypto ipsec transform-set vpn-cliente-remoto esp-3des esp-md5-hmac
crypto dynamic-map vpn-remoto-dymap 7 set transform-set vpn-cliente-remoto
crypto dynamic-map vpn-remoto-dymap 7 set reverse-route
crypto map siemens-scada-map 7 ipsec-isakmp dynamic vpn-remoto-dymap
isakmp policy 7 authentication pre-share
isakmp policy 7 encryption 3des
isakmp policy 7 hash sha
isakmp policy 7 group 2
isakmp policy 7 lifetime 43200
tunnel-group VPN_SAP_PED type ipsec-ra
tunnel-group VPN_SAP_PED general-attributes
address-pool pool_vpn_sap
default-group-policy VPN_SAP_PED
tunnel-group VPN_SAP_PED ipsec-attributes
pre-shared-key clavevpnsap
Thanks in AdvancedHi, thanks for you response, if i remove the acl form de vpn filter, i get the same problem (i can't reach any host). This is the output from the command that you ask for.
PIX-Principal(config)# show running-config nat
nat (inside) 0 access-list cryptomap-scada
nat (inside) 9 JOsorioPC 255.255.255.255
nat (inside) 9 GColinaPC 255.255.255.255
nat (inside) 9 AlfonsoPC 255.255.255.255
nat (inside) 9 AngelPC 255.255.255.255
nat (inside) 9 JerryPC 255.255.255.255
nat (inside) 9 EstebanPC 255.255.255.255
nat (inside) 9 GiancarloPC 255.255.255.255
nat (inside) 9 WilliamsPC 255.255.255.255
nat (inside) 9 PerniaPC 255.255.255.255
nat (inside) 9 ElvisDomPC 255.255.255.255
nat (inside) 8 LBermudezPC 255.255.255.255
nat (inside) 9 HelpDeskPC 255.255.255.255
nat (inside) 9 OscarOPC 255.255.255.255
nat (inside) 9 AnaPC 255.255.255.255
nat (inside) 9 RobertoPC 255.255.255.255
nat (inside) 9 MarthaPC 255.255.255.255
nat (inside) 9 NOCPc5-I 255.255.255.255
nat (inside) 9 NOCPc6-I 255.255.255.255
nat (inside) 9 CiraPC 255.255.255.255
nat (inside) 9 JaimePC 255.255.255.255
nat (inside) 9 EugemarPC 255.255.255.255
nat (inside) 9 JosePC 255.255.255.255
nat (inside) 9 RixioPC 255.255.255.255
nat (inside) 9 DaniellePC 255.255.255.255
nat (inside) 9 NorimarPC 255.255.255.255
nat (inside) 9 NNavaPC 255.255.255.255
nat (inside) 8 ManriquePC 255.255.255.255
nat (inside) 8 MarcialPC 255.255.255.255
nat (inside) 8 JAlbornozPC 255.255.255.255
nat (inside) 9 GUrdanetaPC 255.255.255.255
nat (inside) 9 RVegaPC 255.255.255.255
nat (inside) 9 LLabarcaPC 255.255.255.255
nat (inside) 9 Torondoy-I 255.255.255.255
nat (inside) 9 Escuque-I 255.255.255.255
nat (inside) 9 Turbio-I 255.255.255.255
nat (inside) 9 JoseMora 255.255.255.255
nat (inside) 8 San-Juan-I 255.255.255.255
nat (inside) 8 Router7507 255.255.255.255
nat (inside) 8 NOCPc4-I 255.255.255.255
nat (InterfaceSAN) 8 MonitorHITACHI-I 255.255.255.255 -
Music all in cloud and pix gone
GRRRR.... I have an iphone 5s. Until downloading the new IOS or maybe it was when I paid for that music match thing, everything changed.
I had that music match thing (I'm sorry I can't remember what its called) since they offered it. I don't even know why I got it because I have no idea what it does. I think my daughter told me to get it. At any rate when I initially paid for it nothing changed on my phone or anywhere as far as I could tell.
Then it came up for the yearly renewal and renewed automatically. I wouldn't have renewed it because again I'm not sure what the heck it does.
Then I noticed my ios on my phone updated as well. So I'm not sure what changed on my phone but something did. I listen to all my thousands of songs when I'm in my car. Well I can't do that any more because the music is no longer on my phone it has a cloud symbol by it. So now unless I use the data on my ATT plan I don't have any music. How do I get my music back to my phone and off the cloud?
Secondly, I think my photos changed when the IOS recently updated (or maybe it was that match thing I have no idea). Now all of a sudden my phone has all 5,000 photos on it from Aperture. I never had that before and I don't want them there. But how did that happen??? Other then the Match and an IOS update nothing changed.
But worse the photos that I use to have on my phone are gone. Not the ones I took with my phone but photo back when I had Mobile me... I made an album and transfered those pix (somehow) to my phone. They were all there until last week. Now they are gone and as far as I know I don't have them anywhere. They are not in aperture because they were not taken with my Nikon.
Some were old pix that I scanned in a few years ago. Some were sent to me and I moved to my older phones and each time I got a new phone I moved the pix. Again they were on my new iphone 5s as recently as January cuz I was showing them to a friend. Now they are gone.
To sum it up, 2 questions:
How do I get my music back into my iphone?
Any suggestions on where to find my old ipod album?
SusanThere are two ways to sync music across your computers and devices (e.g., iPads, iPhones).
One (the "traditional" method) is to connect a cable between the PC or Mac and the device, open iTunes, and sync all or some of your music.
The cloud method requires an iTunes Match subscription ($25/year in the US, £22/year in UK). With this method, you sign up, and all your iTunes music is copied up to the cloud, where it then becomes available on all devices. If you stop the subscription you lose cloud access to the music - however, you should keep a copy of the music in its original location (e.g., the PC you started with), or download everything from the cloud to another authorized computer, to keep a local copy just in case. If you're not sure whether or not you have an iTunes Match subscription active, check your emails from Apple, or just try to sign into iTunes Match on the iPad (Settings - iTunes - iTunes Match) and see if it lets you.
"Device backup" is a separate thing from "syncing". You can back up an iPad to a computer or to iCloud. Much of your information is backed up - however, it does NOT include music. If the Apple representative told you that an iCloud backup would restore your music, he was mistaken.
I don't know if that helps you
Matt -
I have a SOHO currently using cable modem connected to the outside interface of a PIX 501. The inside interface of the PIX connects to a hub with 8 ports.I have 2 PC's and a LinkSys AP plugged into the hub. I have been looking at using Vonage VoIP. My questions are:
1) Is it possible?
2) Do I need to use a special fixup protocol or config?
3) Has anyone used Vonage VoIP and how is it working?
Thanks,
Paul LanePaul,
I have been using Vonage succesfully with a very similar configuration. You don't neet any fixups or special configurations to make this work.
My only suggestion is to connect your ATA to a switch port behind the PIX, as opposed to the hub.
Have fun!
Fernando Macias -
AT&T Pre Plus and Pixi Reception are lacking
I had an iphone and I use to think that phone had bad signal. Now my pre plus gets barely 1 bar when iphones around me are getting 4bars of 3g. Its killing my battery switching between edge and 3g. I didn't want to make a big deal but my friend just bought a pixi and asked "Why do I always have low reception on this phone?" he was comparing to his old nokia 71x. But I do agree the reception I get is far below average, and worse than iphones.
Can this be fixed through software? I love my pre but I never had so many problems with signal before.I've never had an iPhone to compare (though one of my kids has), but I am trying out an AT&T Pre Plus for awhile before deciding whether to keep it and pay Sprint's early termination fee. I live in a borderline area and still find that my signal strength on the AT&T Pre Plus here at the house seems to be as good as it was on my Moto Razr and Palm Centro. OTOH, one of my kids who used to have an iPhone before it died about a month out of warranty, used to routinely complain that it would drop calls and lose signal in places where I never used to experience problems.
Anecdotal, I know. But my experience seems to be different than yours.
smkranz
I am a volunteer, and not an HP employee.
Palm OS ∙ webOS ∙ Android -
Why there is a difference between Router and PIX ACL
Hi,
I have a very basic question about the differences beween ACL behaviour in PIX and Router.
In Router if we put an extended acl entry and want to remove an mid entry then either we have to clear the entire ACL or remove the entries all the below.
Whereas in case of PIX we can remove any of the entry.
Why this difference is there.
Would appreciate your quick answers.
Thanks
IrshadThe PIX OS is designed such a way. Anyway, even in routers you can remove a mid entry by configuring named access-lists. You need not clear the entire ACL in this case.
ip access-list extended ROUTER-ACL
permit ip host x.x.x.x host y.y.y.y any -
Only sync does is backup. Can't add vids and pix from my desktop
I cannot ad pix and vids to my ipad2 since new system. It backs up all the time but does not allow me to ad photos and vids
Have you made any permissions changes to your Home folder or its other folders? Are you transferring documents that are owned by another user than yourself?
What are the permissions for your Home, Desktop, and Documents folders? Select a folder. Press COMMAND-I to open the Get Info window. In the bottom section you will find the information for Owner, Group, and Everyone. What are they?
Aha! Got it. Thanks -
Has anyone had problems implementing a CE560 that sits behind a PIX? I am installing a CE560 that is speaking WCCP2 with a Catalyst 6509. All web traffic travels from the clients to the 6509, to the CE560, back to the 6509, through a PIX and on to the web (assumimg that the page was not cached). The problem I have is that the when the cache engine is used the Firewall logs increase from 10MB daily to 80MB daily. All of the PIX syslogs are Deny TCP connection due to no matching entry in the state table. All of the messages are to or from the CE560. Web traffic itself does not seem to be affected. It just causes the PIX logs to grow so large that they are unmanageable.
Thanks,
Kevindoes the cache have a public to private static translation in the pix? might be better if it does.
but, the problem you see may be related to the way the pix closes sessions once a FIN packet is seen. you can alter this behavior with the pix command "sysopt connection timewait", so try adding or removing this command and see if it stops the deny messages. -
BorderManager and Pix Firewall
Hello,
Just implemented NSBS6.5 for a small bank with Pix firewall's inner IP
address as my next router on hop.Was able to send mails out but could not
receive inbound mails.Also the Bank's web site could no longer be
assesible from within the bank but could be connected to from any where
outside the bank's network.Could ping from the BorderManager proxy with
public IP of 172.16.1.2 to the Pix private with IP of 172.16.1.1
Moreover,a MaCafe Antivirus appliance was brought in and connected btw
the BorderManager Proxy server and the Pix firewall with a bridged
connection and an assigned IP address of 172.16.1.3 and 172.16.1.4 At
this
instance,could no longer ping the Pix 172.16.1.1, but could ping both
interface of the MaCafe appliance.Could not also send nor receive mails
via the mail proxy.
I intend bringing the MaCafe appliance before the BorderManager Proxy
and
assign a LAN address to it since it has a bridged config,so as to isolate
the problem of this appliance.
I need to get the mail server running perfectly and the website
assesible.Pls kindly help my case.
Regards,
Sesan.you need to go ask this in the support.bordermanager.install-setup
group as this group is for the client firewall product only.
Cheers!
Richard Beels
http://www.dsi-consulting.com
Collaboration without complication -
Trying to create VPN between a Fortigate and Pix
Here is the Pix config:
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set fortinet esp-3des esp-sha-hmac
crypto map outside_map 10 ipsec-isakmp
crypto map outside_map 10 match address 85
crypto map outside_map 10 set peer 10.48.4.6
crypto map outside_map 10 set transform-set fortinet
crypto map outside_map 10 set security-association lifetime seconds 86400 kilobytes 4608000
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address 90
crypto map outside_map 20 set peer 10.x.x.x
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map interface EPORT
isakmp enable EPORT
isakmp key ******** address 10.48.4.6 netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address 10.x.x.x netmask 255.255.255.255 no-xauth no-config-mode
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 28800
Here is the output of debug crypto on the Pix:
ISAKMP (0): atts are acceptable.IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= 10.48.5.94, src= 10.48.4.6,
dest_proxy= 10.74.33.0/255.255.255.0/0/0 (type=4),
src_proxy= 199.38.8.0/255.255.248.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
IPSEC(validate_transform_proposal): peer address 10.48.4.6 not found
IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= 10.48.5.94, src= 10.48.4.6,
dest_proxy= 199.38.8.0/255.255.248.0/0/0 (type=4),
src_proxy= 10.74.33.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
IPSEC(validate_transform_proposal): peer address 10.48.5.94 not found
ISAKMP: IPSec policy invalidated proposal
ISAKMP (0): SA not acceptable!
I'm having trouble understanding the debug message and what might be wrong in the settings.Jon,
Can you verify the cryto accees list on fortinet? I can see that you have configured crypto acees list as subnet. Fortinet should also be subnet and not range type
dest_proxy= 10.74.33.0/255.255.255.0/0/0 (type=4),
src_proxy= 199.38.8.0/255.255.248.0/0/0 (type=4)
type 4 is type subnet
let me know
Maybe you are looking for
-
Senario: Need to manage 500 Enterprise iPads Requirements; 1) Trackable via Find my iOS device (we have 500 iPads and with the 100 device limit per iCloud account for Find my iOS device limit we have 5+ iCloud accounts). 2) Individually named iPads
-
Export XMP Files + DNG?
If I currently have all of the RAW images within my Lightroom database in the DNG format, do I have to worry about exporting the XMP data to the files (using the 'Export .XMP Metadata to File' menu option)? What about the Preference setting to 'Autom
-
Do I have malware on my macbook?
Using Firefox 13.0 and 13.01 Have a vague recollection of doing an update of Flash or Java but am not certain. I've been reading a lot of info around this problem - none of it describes the exact problem I am having. 1. Suddenly I am unable to get
-
i created a slide show in photoshop elements 10, can i burn it to a dvd or send it to a friend?
-
What happened to the stuff in the trashcan when iMovie crashed?
I was editing my movie last night and had just finished my final cuts when iMovie crashed and closed. Right before this happened I had about 8 GB worth of material in the iMovie trashcan. I restarted iMovie and found that my clips were still on the s