2 Table of Contents...1 Questions...1 Hardware...1 Software...1 Hardware...2 Software...4 Tools Information...11 Related Information...11 i
3 Cisco Secure PIX Firewall Frequently Asked Questions This document contains frequently asked questions (FAQs) about the Cisco Secure PIX Firewall. Questions Hardware I am installing a new interface card in my Cisco Secure PIX Firewall. Which slot should I install it in? I am trying to install a new interface card in my Cisco Secure PIX Firewall. The card appears to be too big for any of the slots. Do I have the wrong part? My Cisco Secure PIX Firewall shipped with two Ethernet cards. I am adding additional interfaces and now it won't boot to the command prompt. I need to establish a console connection with my Cisco Secure PIX Firewall. What kind of cable should I use? Where is the floppy drive on the PIX 520 model? My Cisco Secure PIX Firewall is directly connected to a router, but the link lights won't come on and neither device can ping the other. What's wrong? How can I tell the processor speed difference on Gigabit Ethernet cards in the PIX? For example, how can I tell the difference between the PIX 1GE 66 and the PIX 1GE cards? If I purchase network cards from a source other than Cisco and use them in the PIX, will they be supported? Software Installation and Upgrades Failover I'm trying to TFTP pixnnn.exe to my PIX. I keep getting errors saying "bad magic number." What am I doing wrong? I am trying to upgrade my software from a floppy and the Cisco Secure PIX Firewall keeps going in a loop every time it tries to read the disk. I am installing a new Cisco Secure PIX Firewall that appears to be configured correctly. My LAN used to be connected directly to my Internet router. Now with the PIX in place, my users on the LAN cannot get out. What is wrong? I recently added an inside router to connect a second inside network to my Cisco Secure PIX Firewall. Users between the Cisco Secure PIX Firewall and inside router can get to the Internet just fine, but they cannot talk to this new, inside network. Users on the new network can't get past the inside router. What's wrong? How do I determine how much flash memory my PIX has? When do I need to use a new activation key for the PIX? I have two Cisco Secure PIX Firewalls configured in a failover topology. The Cisco Secure PIX Firewalls keep failing over, back and forth throughout the day. Why is this happening? How long is the PIX failover cable and can I use a longer cable?
4 Other Software Questions Is there a way to filter packets on the Cisco Secure PIX Firewall? For instance, can I have the Cisco Secure PIX Firewall filter the "I luv you" virus? I am trying to use Network Address Translation (NAT) on my Cisco Secure PIX Firewall using the NAT/GLOBAL statements and I'm having problems with outside users not being able to access internal hosts consistently. What's wrong? I have my web server on the inside statically translated to the outside. Outside users cannot get in. What causes this? I have a web server on the inside interface of the Cisco Secure PIX Firewall. It is mapped to an outside public address. I want my inside users to be able to access this server by its DNS name or outside address. How can this be done? Does the Cisco Secure PIX Firewall support port mapping? Can I map a single, inside address to more than one outside address? Can I connect two different ISPs to my Cisco Secure PIX Firewall (for load balancing)? How many PAT addresses can I have on my Cisco Secure PIX Firewall? Is there a way to tell the Cisco Secure PIX Firewall to grant more bandwidth to certain users? I need to allow my users access to shared folders on my NT Domain from remote locations. How do I do this? I'm on the console/telnet of the PIX and I see an error like "201008: The PIX is disallowing new connections." My PIX will not pass any inbound or outbound traffic. What is wrong? When I execute certain commands on the PIX that access the configuration in flash (show config command), I get an error stating "The flash device is in use by another task." What does this mean? Can I operate the PIX in a "one armed" configuration? Will a PIX operate correctly if plugged into a trunk port on a switch? Can I set a timeout on the console port of the PIX? I know the PIX can do NAT based on the source address, but can the PIX do NAT based on destination? I can't get Network File System (NFS) mounts to work across the PIX. What am I doing wrong? Tools Information Related Information Hardware Q. I am installing a new interface card in my Cisco Secure PIX Firewall. Which slot should I install it in? A. Each PIX model is different. Go to the PIX documentation and select your software version. From that page, select Installation Guide, and then select Installing a Circuit Board for detailed diagrams and instructions. Q. I am trying to install a new interface card in my Cisco Secure PIX Firewall. The card appears to be too big for any of the slots. Do I have the wrong part? A. It is normal for some of the gold teeth on the card to extend past the edge of the socket. Q. My Cisco Secure PIX Firewall shipped with two Ethernet cards. I am adding additional interfaces and now it won't boot to the command prompt. A. The number of interfaces supported depends on the PIX model, software version, and licensing. The following chart shows the maximum number of interfaces supported in PIX Software version 6.0:
5 Platform Interfaces (embedded) 515 R UR conn 6 (connection based license 128, 1K, UR) 520 UR 6 (feature based license) 525 R UR R UR 10 Issue a show version command to determine the R (restricted) or UR (unrestricted) licensing status. Q. I need to establish a console connection with my Cisco Secure PIX Firewall. What kind of cable should I use? A. Use a DB9 to DB9 null modem cable, available from most computer shops. Sometimes the Cisco Secure PIX Firewall will ship with two DB9 to RJ 45 adapters. If you have these adapters, connect one to the Cisco Secure PIX Firewall, and the other to your PC's serial port. Use a rollover cable (not a crossover cable) to connect between the two RJ 45 adapters. Set your HyperTerminal settings to N81, no flow control, 9600 baud. If you are still having trouble, check your PC COM port configuration and verify it is setup and working properly. If you're confident everything else is setup properly, test it on a router or switch and see if you get a prompt there. For more information, go to the PIX documentation for your PIX software version. From that page, select Installation Guide, and then select Installing Interface Cables for detailed diagrams and instructions. Q. Where is the floppy drive on the PIX 520 model? A. It is located behind a small metal plate on the front in the upper left corner. Remove the two finger tight screws to gain access. For more directions, see Installing a PIX Firewall and click the link to Installing a PIX 520 or Earlier Model. Q. My Cisco Secure PIX Firewall is directly connected to a router, but the link lights won't come on and neither device can ping the other. What's wrong? A. Make sure you are using a good crossover cable to connect the PIX directly to a router. If you are connecting the PIX to a hub or switch, use a straight through Ethernet cable. Q. How can I tell the processor speed difference on Gigabit Ethernet cards in the PIX? For example, how can I tell the difference between the PIX 1GE 66 and the PIX 1GE cards? A. Type show interface and look at the following line: Hardware is i82542 rev03 gigabit ethernet, address is XXXX.XXXX.XXXX or
6 Hardware is i82543 rev02 gigabit ethernet, address is XXXX.XXXX.XXXX The i82542 represents 33MHz; the i82543 represents 66MHz. Q. If I purchase network cards from a source other than Cisco and use them in the PIX, will they be supported? A. No. Software Installation and Upgrades Q. I'm trying to TFTP pixnnn.exe to my PIX. I keep getting errors saying "bad magic number." What am I doing wrong? A. You should be loading the.bin file, not the.exe. The.exe is a self extracting archive containing the bin file (among other things). Note: The bin file is used only for PIX Software versions 5.0.x and earlier. Copy the.exe file to a temporary directory on your PC hard drive, then run the program to extract the files. Then copy the pixnnn.bin file over to your TFTP server. Q. I am trying to upgrade my software from a floppy and the Cisco Secure PIX Firewall keeps going in a loop every time it tries to read the disk. A. Make sure the disk has been properly formatted with "format A:" and then rawrite used to put the image on the floppy. Try the operation from another PC. Note: Upgrade from floppy is valid only for PIX Software versions 5.0.x and earlier. Q. I am installing a new Cisco Secure PIX Firewall that appears to be configured correctly. My LAN used to be connected directly to my Internet router. Now with the PIX in place, my users on the LAN cannot get out. What is wrong? A. There are a few different possibilities. Most commonly, this is caused by corrupt Address Resolution Protocol (ARP) tables in the outside or surrounding routers. Remember that routers route to physical MAC addresses, not IP addresses, and they usually cache these layer 2 addresses for several hours. To clear the ARP tables on Cisco equipment, issue the clear arp cache command, or reboot your device. You might also be using the same network IP addresses around your network, the PIX's interfaces and the outside router. While this is acceptable if you never need to directly access your outside router, (that is, you don't need to Telnet to it from inside) it is not practical. If you are unable to use Network Address Translation (NAT) and renumber your network right away, then use an RFC 1918 network scheme on the OUTSIDE segment and set up the routing between the two devices accordingly. You could have inadvertently set up the PIX with an IP address already in use on your network. Check by disconnecting the PIX and ping the addresses you used. You should not get a response since the PIX is out of the network. Check your configuration as well. Make sure the Cisco Secure PIX Firewall has a route outside statement directing all unknown
7 traffic to the directly connected Ethernet port of your outside router. Also make sure all inside workstations have the correct gateway (usually the inside interface of the Cisco Secure PIX Firewall, unless there is an inside router involved). If your network is routed on the inside, make sure you have a static gateway route pointed at the PIX. Finally, make sure the PIX has only one default route set. Multiple default routes are no longer supported and will cause inconsistent and undesirable results. Q. I recently added an inside router to connect a second inside network to my Cisco Secure PIX Firewall. Users between the Cisco Secure PIX Firewall and inside router can get to the Internet just fine, but they cannot talk to this new, inside network. Users on the new network can't get past the inside router. What's wrong? A. You must either enter a specific route inside statement into the PIX for this new network through the new router, or better yet, enter a specific route inside statement for the major network through this router, which allows for future growth. Let's say your existing network is /24 and your new network is /24. The Ethernet port of your internal router is The PIX's route configuration would look like this: or (the major network): route inside route inside Workstations between the Cisco Secure PIX Firewall and router should have their gateway pointing to the router, not the PIX. Even though they are directly connected, they will have problems accessing the new internal network if their gateway does not point to the router. The router should have a default gateway directing all unknown traffic to the inside interface of the Cisco Secure PIX Firewall. Installing a route for this new network in the PIX will not work either. The PIX does not route or redirect off the interface it received the packet. Also, make sure your nat statement includes the new network or the major net you are adding. Q. How do I determine how much flash memory my PIX has? A. If you perform a show version command on your PIX, and the flash size is not given in MB, then use the table below to see how much flash your PIX has. i28f KB AT29C040A 2 MB atmel i28f640j5 strata 2 MB 8 MB PIX MB all other PIXes 16 MB
8 For example, suppose your show version command output looked like this: Cisco Secure PIX Firewall Version 5.1(1) Compiled on Fri 01 Oct 99 13:56 by pixbuild pix515 up 4 days 22 hours 10 mins 42 secs Hardware: PIX 515, 64 MB RAM, CPU Pentium 200 MHz Flash 0x300 BIOS Flash 0xfffd8000 0: ethernet0: address is 00aa , irq 11 1: ethernet1: address is 00aa , irq 10 2: ethernet2: address is 00a0.c92a.f029, irq 9 3: ethernet3: address is 00a0.c948.45f9, irq 7 Licensed Features: Failover: Enabled VPN DES: Enabled VPN 3DES: Disabled Maximum Interfaces: 6 Serial Number: 123 (0x7b) Activation Key: 0xc xb429f6d0 0xda93739a 0xe15cdf51 The amount of flash memory would be 16 MB. Q. When do I need to use a new activation key for the PIX? A. You need a new activation key when you upgrade a PIX from a restricted software bundle to a bundle which supports additional features, such as more connections, failover, IPSec, or additional interfaces. Also, a new activation key is sometimes necessary after a flash upgrade on a PIX. To request a non 56 bit activation key, send an to and provide the following information: The PIX serial number (or, if you are doing a flash upgrade, the serial number on the flash card) The result of a show version command issued on the PIX To request a 56 bit activation key, if you are a registered CCO user and you have logged in, you can request a new activation key for 56 bit encryption by completing the form at the following location. Note: A 56 bit activation key is required for encryption using IPSec. Failover Q. I have two Cisco Secure PIX Firewalls configured in a failover topology. The Cisco Secure PIX Firewalls keep failing over, back and forth throughout the day. Why is this happening? A. For failover to work correctly, it must be properly configured. All interfaces must be configured with an IP address that is unique on each respective subnet, and all interfaces must be physically connected. This includes interfaces you are not currently using. Failover sends a "Hello" packet out each interface, even if they are "shutdown." It expects to get a reply back. If it receives no reply after so many tries, failover activates. You may use crossover cables between the active and standby ports that are not going to be used. Do not use the "shutdown" option when using failover.
9 Q. How long is the PIX failover cable and can I use a longer cable? The serial cable Cisco ships is 6 feet long. The pin out is in the PIX documentation for your PIX software version. Longer cables have not been tested; use of a longer cable is not unsupported. In PIX 6.2 there is a new feature called "LAN failover" that allows the use of a dedicated interface on the PIX as the failover cable. See the PIX 6.2 documentation for more information. Other Software Questions Q. Is there a way to filter packets on the Cisco Secure PIX Firewall? For instance, can I have the Cisco Secure PIX Firewall filter the "I luv you" virus? A. The Cisco Secure PIX Firewall does not perform content filtering at the Application layer. In other words, we don't inspect the data portion of the TCP packet. Therefore, we cannot filter content. Most modern day mail servers can filter at the application layer. Q. I am trying to use Network Address Translation (NAT) on my Cisco Secure PIX Firewall using the NAT/GLOBAL statements and I'm having problems with outside users not being able to access internal hosts consistently. What's wrong? A. Dynamic NAT using the nat and global commands creates a temporary connection/translation state that is ALWAYS built from a higher security level interface to a lower security level interface (inside to outside). The conduits on these dynamically built translations only apply when the connection state is built. Any inside host that the outside needs to initiate a connection into without the inside host first establishing a connection out, must be translated using the static command. By statically translating the host, this connection state is permanently mapped and all conduits applied to this static translation remain open at all times. With this in place, IP connections can be initiated from the Internet without fail. With PIX Software versions 5.0.x and later, you can use access lists instead of conduits. Q. I have my web server on the inside statically translated to the outside. Outside users cannot get in. What causes this? A. Static mapping makes the translation/connection possible, but by default, the Cisco Secure PIX Firewall denies ALL inbound connection attempts unless explicitly permitted. This "permission" is granted by applying a conduit to the static translation. Conduit statements tell the Cisco Secure PIX Firewall whom on the Internet you want to permit where and on what protocol and port. With PIX Software versions 5.0.x and later, you can use access lists instead of conduits. Q. I have a web server on the inside interface of the Cisco Secure PIX Firewall. It is mapped to an outside public address. I want my inside users to be able to access this server by its DNS name or outside address. How can this be done? A. The rules of TCP do not allow you to do this, but there are good workarounds. For example, let's imagine that your web server's real IP address is and public address is DNS resolves to If your inside host (say ) attempts to go to the browser will resolve that to Then the browser sends that packet off to the PIX, which in turn sends it off to the Internet router. The Internet router already has a directly connected subnet of x, so it assumes that packet is not intended for it but instead a directly connected host and drops this packet. To get around this issue your inside host either must resolve to its real address or you must take the outside segment off the x network so the router can be configured to route this packet back to the PIX. If your DNS resides outside the PIX (or across one of its DMZs) you may use the alias command on
10 the Cisco Secure PIX Firewall to fix the DNS packet to make it resolve to the address. Make sure you reboot your PCs to flush the DNS cache after making this change. (Test by pinging before and after the alias command is applied to make sure the resolution changes from the to address.) If you have your own DNS server inside your network, this obviously won't work because the DNS lookup never transverses the PIX, so there's nothing to fix. In this case, configure you local DNS accordingly or use local 'hosts' files on your PC's to resolve this name. The other option is actually better because it is more reliable. Take the x subnet off the PIX and router. Choose an RFC1918 numbering scheme not being used internally (or on any perimeter PIX interface). Then put a route statement back to the PIX for this network and remember to change your PIX default route outside to the new IP address on the router. The outside router will receive this packet and route it back to the PIX based on its routing table. The router will no longer ignore this packet, because it has no interfaces configured on that network. For more information on the alias command, see Understanding the alias Command for the Cisco Secure PIX Firewall. Q. Does the Cisco Secure PIX Firewall support port mapping? A. The PIX supports inbound port redirection with PIX Software version 6.0. Earlier PIX Software versions do not support port mapping. Q. Can I map a single, inside address to more than one outside address? A. The Cisco Secure PIX Firewall only allows a single one to one translation for a local (inside) host. If you have more than two interfaces on the Cisco Secure PIX Firewall, you can translate a local address to different addresses on each respective interface but only one translation per interface is allowed for each address. Likewise, you cannot do a static mapping of a single outside address to multiple local addresses. Q. Can I connect two different ISPs to my Cisco Secure PIX Firewall (for load balancing)? A. No, you cannot load balance on the PIX. The Cisco Secure PIX Firewall is designed to handle only one default route. Connecting two ISPs to a single PIX means that the the firewall would need to make routing decisions at a much more intelligent level. Instead, use a gateway router outside the PIX so that the PIX continues to send all of its traffic to one router. That router can then route/load balance between the two ISPs. An alternative is to have two routers outside the PIX using Hot Standby Router Protocol (HSRP) and set the default gateway of the PIX to be the virtual HSRP address. Q. How many PAT addresses can I have on my Cisco Secure PIX Firewall? A. Beginning with PIX Software release 5.2, you can have multiple PAT addresses per interface. Earlier PIX Software releases do not support multiple PAT addresses per interface. Q. Is there a way to tell the Cisco Secure PIX Firewall to grant more bandwidth to certain users? A. No. Q. I need to allow my users access to shared folders on my NT Domain from remote locations. How do I do this?
11 A. Microsoft's NetBios protocol allows file and printer sharing. Enabling NetBios across the Internet does not meet the security requirements of most networks. Further, NetBios is difficult to configure using NAT. While Microsoft makes this more secure using encrypted technologies, which work seamlessly with the PIX, it is possible to open the necessary ports. In brief, you will need to set static translations for ALL hosts requiring access and conduits (or access lists in PIX Software 5.0.x and later) for TCP ports 135 and 139 and UDP ports 137 and 138. You must either use a WINS server to resolve the translated addresses to NetBios names or local properly configured LMHOSTS file on all your remote client machines. If using WINS, each and every host must have a static WINS entry for BOTH the local and translated addresses of the hosts being accessed. Using LMHOSTS should have both as well, unless your remote users are never connected to your inside network (for example, laptop computers). Your WINS server must be accessible to the Internet with the static and conduit commands and your remote hosts must be configured to point at this WINS server. Finally, Dynamic Host Configuration Protocol (DHCP) leases must be set to never expire, or better yet, statically configure the IP addresses on the hosts needing to be accessed from the Internet. A safer and more secure way to do this is to configure either Point to Point Tunneling Protocol (PPTP) or IPSec encryption. Consult with your network security and design specialists for further details on the security ramifications. Q. I'm on the console/telnet of the PIX and I see an error like "201008: The PIX is disallowing new connections." My PIX will not pass any inbound or outbound traffic. What is wrong? A. This error means that you are doing "reliable TCP syslog" to a PIX Firewall Syslog Server (PFSS) software on a Windows NT system and that the system is not responding to PIX's syslog messages. To correct this problem, try one of the following options: Go to the NT server running PFSS and correct the problem that is keeping that server from accepting TCP syslog data from the PIX. The problem is usually a full hard drive or an issue with the syslog service not running. Disable the TCP syslog feature and return to the standard syslog utility udp. This can be done on the command line of the PIX with the logging host [in_if_name] ip_address [protocol/port] command. Simply type logging host ip_address, then retype the command without the protocol/port portion. It will default to the standard protocol/port of UDP/514. Note: The "reliable TCP syslog" feature of PIX and PFSS was intended to create a security policy that basically says: "If the PIX can't log it, then don't do it." If this is not what you intended, then you should not run "reliable TCP syslog." Instead, use the standard syslog abilities that will not block inbound/outbound traffic if the syslog server is unavailable. Q. When I execute certain commands on the PIX that access the configuration in flash (show config command), I get an error stating "The flash device is in use by another task." What does this mean? A. An example of this error is the following. pixfirewall# write mem Building configuration... Cryptochecksum: 386bb809 e4d edb c The flash device is in use by another task. [FAILED] Type help or '?' for a list of available commands. pixfirewall#
12 What this means is that there is another session on the PIX where someone has used a write terminal or similar command that will access the flash and it is sitting at a " more " prompt. In order to verify this, execute the who command while logged onto the console of the PIX. PIX# who 0: PIX# In this example, we see that a user from is logged into the PIX via Telnet. We can use the kill command to forcefully log that user out. PIX# kill? usage: kill <telnet_id> PIX# kill 0 PIX# who PIX# The user has been logged out and now you can perform your flash operation. In the slight chance that this does not work, a reboot of the PIX will also solve the problem. Q. Can I operate the PIX in a "one armed" configuration? A. No, the PIX cannot operate in a "one armed" configuration because of the Adaptive Security Algorithm under which the PIX operates. For more information, see Understanding PIX Firewall. For example, if you have a PIX with two interfaces (inside and outside) and on the inside interface there is a /24 network. Off this network there is a router with the /24 network connected to it. Then suppose there is a server on the inside interface which is This host has a default gateway of the inside interface of the PIX ( ). In this scenario, assume that the PIX has the correct routing information, such as route inside where is the router's IP address. You might think that the host could send a packet to and this packet would go to the PIX, get redirected to the router at , and go on to the destination host, but this is not the case. The PIX does not send ICMP redirects like a router. Also, the PIX does not allow a packet to leave an interface from which it came. So assuming the host sent a packet with a destination address of to the PIX's inside interface, the PIX would drop that packet because it was destined to go out the same interface (inside interface) on which it came. This is true for any PIX interface, not just the inside interface. In this scenario, the solution is for the host to set its default gateway to be the router's interface ( ), and then have a default gateway on the router point to the PIX ( ).
13 Q. Will a PIX operate correctly if plugged into a trunk port on a switch? A. No, the PIX does not understand ISL or 802.1Q encapsulation. Q. Can I set a timeout on the console port of the PIX? A. No, this cannot be done on the PIX. Q. I know the PIX can do NAT based on the source address, but can the PIX do NAT based on destination? A. Only in PIX version 6.2 and later can you NAT based on destination. See the PIX 6.2 documentation for more information. Q. I can't get Network File System (NFS) mounts to work across the PIX. What am I doing wrong? A. The PIX does not support portmapper (port 111) over TCP. You should configure your NFS to use UDP instead. Tools Information For additional resources, refer to Cisco TAC Tools for Security Technologies. Related Information PIX Top Issues Documentation for PIX Firewall More PIX Firewall Technical Tips PIX Command Reference Security Product Field Notices (including PIX) PIX Product Support Page Requests for Comments (RFCs) All contents are Copyright Cisco Systems Inc. All rights reserved. Important Notices and Privacy Statement.
Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the
Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. CHAPTER 5 OBJECTIVES Configure a router with an initial configuration. Use the
ECE/CS 4984: Wireless Networks and Mobile Systems Pre-lab and In-class Laboratory Exercise 10 (L10) Part I Objectives and Lab Materials Objective The objectives of this lab are to: Familiarize students
Chapter 3 LAN Configuration This chapter describes how to configure the advanced LAN features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. This chapter contains the following sections
[Previous] [Next] Chapter 12 Supporting Network Address Translation (NAT) About This Chapter Network address translation (NAT) is a protocol that allows a network with private addresses to access information
Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Find your network example: 1. Basic network with and 2 WAN lines - click here 2. Add a web server to the LAN - click here 3. Add a web,
642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall
Load Balance Router R258V Specification Hardware Interface WAN - 5 * 10/100M bps Ethernet LAN - 8 * 10/100M bps Switch Reset Switch LED Indicator Power - Push to load factory default value or back to latest
Smart Tips Enabling WAN Load Balancing Overview Many small businesses today use broadband links such as DSL or Cable, favoring them over the traditional link such as T1/E1 or leased lines because of the
1 Basic Configuration of Cisco 2600 Router Basic Configuration Cisco 2600 Router I decided to incorporate the Cisco 2600 into my previously designed network. This would give me two seperate broadcast domains
3.1 Connecting to a Router and Basic Configuration Objective This lab will focus on the ability to connect a PC to a router in order to establish a console session and observe the user interface. A console
Chapter 9 Monitoring System Performance This chapter describes the full set of system monitoring features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. You can be alerted to important
LAB THREE STATIC ROUTING In this lab you will work with four different network topologies. The topology for Parts 1-4 is shown in Figure 3.1. These parts address router configuration on Linux PCs and a
ZyWALL 5 Internet Security Appliance Quick Start Guide Version 3.62 (XD.0) May 2004 Introducing the ZyWALL The ZyWALL 5 is the ideal secure gateway for all data passing between the Internet and the LAN.
PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example Document ID: 77869 Contents Introduction Prerequisites Requirements Components Used Related Products
PIX/ASA 7.x and above: Mail (SMTP) Server Access on the DMZ Configuration Example Document ID: 69374 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram
Chapter 15: Advanced Networks IT Essentials: PC Hardware and Software v4.0 1 Determine a Network Topology A site survey is a physical inspection of the building that will help determine a basic logical
University of Jordan Faculty of Engineering & Technology Computer Engineering Department Computer Networks Laboratory 907528 Lab. 2 Network Devices & Packet Tracer Objectives 1. To become familiar with
C H A P T E R 5 Deploying Secure Internet Connectivity This chapter is a step-by-step procedure explaining how to use the ASDM Startup Wizard to set up the initial configuration for your ASA/PIX Security
Trouble Shooting SiteManager to GateManager access If you are unsure if a SiteManager will be able to access the GateManager through the corporate firewall, or you experience connection issues, this document
Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis
CS326 Fall 2001 Room: PAI 5.48 Name: Lab 2 - Basic Router Configuration In this lab you will learn: the various configuration modes of Cisco 2621 routers how to set up IP addresses for such routers how
PFSENSE Load Balance with Fail Over From Version Beta3 Following are the Installation instructions of PFSense beginning at first Login to setup Load Balance and Fail over procedures for outbound Internet
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
Prestige 324 Intelligent Broadband Sharing Gateway Version 3.60 January 2003 Quick Start Guide 1 Introducing the Prestige The Prestige is a broadband sharing gateway with a built-in four-port 10/100 Mbps
Cisco PIX vs. Checkpoint Firewall Introduction Firewall technology ranges from packet filtering to application-layer proxies, to Stateful inspection; each technique gleaning the benefits from its predecessor.
Prestige 202H Plus ISDN Internet Access Router Quick Start Guide Version 3.40 12/2004 Table of Contents 1 Introducing the Prestige...3 2 Hardware Installation...4 2.1 Rear Panel...4 2.2 The Front Panel
Guide eprism 2505 eprism Email Security Suite 800-782-3762 www.edgewave.com 2001 2012 EdgeWave. All rights reserved. The EdgeWave logo is a trademark of EdgeWave Inc. All other trademarks and registered
Mikrotik Basics Terms Used Layer X When I refer to something being at layer X I m referring to the OSI model. VLAN 802.1Q Layer 2 marking on traffic used to segment sets of traffic. VLAN tags are applied
How To Understand and Configure Your Network for IntraVUE Summary This document attempts to standardize the methods used to configure Intrauve in situations where there is little or no understanding of
Introduction Digi Connect Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering The Digi Connect supports five features which provide security and IP traffic forwarding when using incoming
Mikrotik Security IP -> Services Disable unused services Set Available From for appropriate hosts Secure protocols are preferred (Winbox/SSH) IP -> Neighbors Disable Discovery Interfaces where not necessary.
Sample Configuration Using the ip nat outside source static Table of Contents Sample Configuration Using the ip nat outside source static Command...1 Introduction...1 Before You Begin...1 Conventions...1
Cisco IOS Firewall Feature Set Feature Summary The Cisco IOS Firewall feature set is available in Cisco IOS Release 12.0. This document includes information that is new in Cisco IOS Release 12.0(1)T, including
Migrating a Campus Network: Flat to Routed Brian Candler Network Startup Resource Center firstname.lastname@example.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International
OVERVIEW OF TYPICAL WINDOWS SERVER ROLES Before you start Objectives: learn about common server roles which can be used in Windows environment. Prerequisites: no prerequisites. Key terms: network, server,
Lab 8.5.3 Configuring the PIX Firewall as a DHCP Server Objective Scenario Estimated Time: 15 minutes Number of Team Members: Two teams with four students per team. In this lab, students will learn the
Basic ViPNet VPN Deployment Schemes Supplement to ViPNet Documentation 1991 2015 Infotecs Americas. All rights reserved. Version: 00121-04 90 01 ENU This document is included in the software distribution
IP Address and Pre-configuration Information Ethernet Connectivity: Connect your workstation or device to the Digi Cellular Device via one of these methods: Direct from workstation to Digi Cellular Device
Debugging Network Communications Situation: you have a computer and your NetBurner device on a network, but you cannot communicate between the two. This application note provides a set of debugging steps
Table of Contents Cisco VPN Client FAQ...1 Questions...1 Introduction...2 Q. Why does the VPN Client disconnect after 30 minutes? Can I extend this time period?...2 Q. I upgraded to Mac OS X 10.3 (known
Prestige 324 Intelligent Broadband Sharing Gateway Version V3.61(JF.0) May 2004 Quick Start Guide 1 1 Introducing the Prestige The Prestige is a broadband sharing gateway with a built-in four-port 10/100
A Division of Cisco Systems, Inc. Broadband Router with 2 Phone Ports Voice Installation and Troubleshooting Guide Model No. RTP300 Copyright and Trademarks Specifications are subject to change without
Basic Network Configuration 2 Table of Contents Basic Network Configuration... 25 LAN (local area network) vs WAN (wide area network)... 25 Local Area Network... 25 Wide Area Network... 26 Accessing the
McAfee.com Personal Firewall 1 Table of Contents Table of Contents...2 Installing Personal Firewall...3 Configuring Personal Firewall and Completing the Installation...3 Configuring Personal Firewall...
CompTIA Network+ N10 005 Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs Domain 1.0: Network Concepts 1.1 Compare the layers of the OSI and TCP/IP Models TCP/IP Model Layer Matching
Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the RangeMax Dual Band Wireless-N Router WNDR3300, including LAN, WAN, and routing settings.
WAN Failover Scenarios Using Digi Wireless WAN Routers This document discusses several methods for using a Digi wireless WAN gateway to provide WAN failover for IP connections in conjunction with another
CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs Tasks: 1 (10 min) Verify that TCP/IP is installed on each of the computers 2 (10 min) Connect the computers together via a switch 3 (10 min)
Multi-Homing Security Gateway MH-5000 Quick Installation Guide 1 Before You Begin It s best to use a computer with an Ethernet adapter for configuring the MH-5000. The default IP address for the MH-5000
GLBP - Gateway Load Balancing Protocol Gateway Load Balancing Protocol (GLBP) protects data traffic from a failed router or circuit, like Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy
PIX/ASA 7.x and above : Mail (SMTP) Server Access on Inside Network Configuration Example Document ID: 70031 Contents Introduction Prerequisites Requirements Components Used Conventions Related Products
Copyright Statement is the registered trademark of Shenzhen Tenda Technology Co., Ltd. Other trademark or trade name mentioned herein are the trademark or registered trademark of above company. Copyright
QUICKSTART GUIDE 1 Getting Started You will need the following items to get started: A desktop or laptop computer Two ethernet cables (one ethernet cable is shipped with the _ Blocker, and you must provide
Millbeck Communications Secure Remote Access Service Internet VPN Access to N3 VPN Client Set Up Guide Version 6.0 COPYRIGHT NOTICE Copyright 2013 Millbeck Communications Ltd. All Rights Reserved. Introduction
Virtual Appliances Virtual Appliances: Setup Guide for Umbrella on VMWare and Hyper-V Virtual Appliance Setup Guide for Umbrella Page 1 Table of Contents Overview... 3 Prerequisites... 4 Virtualized Server
Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 8 Device Interface
USER MANUAL GUIMGR Graphical User Interface Manager for FRM301/FRM401 Media Racks CTC Union Technologies Co., Ltd. Far Eastern Vienna Technology Center (Neihu Technology Park) 8F, No. 60 Zhouzi St. Neihu,
Cisco Secure PIX Firewall with Two Routers Configuration Example Document ID: 15244 Interactive: This document offers customized analysis of your Cisco device. Contents Introduction Prerequisites Requirements
HOW TO CONFIGURE CISCO FIREWALL PART I Cisco Abstract: Please find below a step by step process to configure the PIX Firewall from scratch. A simple scenario is given here where you have a corporate network
Networking Security IP packet security Networking Security IP packet security Copyright International Business Machines Corporation 1998,2000. All rights reserved. US Government Users Restricted Rights
v0.3 6, July 2013 What is a VPN? Virtual Private Network or VPN is a mechanism to extend a private network across a public network such as the Internet. A VPN creates a point to point connection or tunnel
1 Cisco Security Appliances - Introduction to PIX/ASA Firewalls - Both Cisco routers and multilayer switches support the IOS firewall set, which provides security functionality. Additionally, Cisco offers
Chapter 7 Troubleshooting This chapter provides troubleshooting tips and information for your ProSafe VPN Firewall 200. After each problem description, instructions are provided to help you diagnose and
Catalyst Layer 3 Switch for Wake On LAN Support Across VLANs Configuration Example Document ID: 91672 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information
www.prilink.com PRILINK PRI MANAGEMENT SSTEM INSTALLATION GUIDE PRI Management PRILINK PRI Management System Installation Guide Version 3.0, Rev. 12-01-24 Page 1 Table of Contents 1 HARDWARE INSTALLATION...
Load Balancer LB-2 User s Guide TABLE OF CONTENTS 1: INTRODUCTION...1 Internet Features...1 Other Features...3 Package Contents...4 Physical Details...4 2: BASIC SETUP...8 Overview...8 Procedure...8 3:
Page 1 of 5 Network Home Network Map Our Publications -Log On - Subscribe/Renew - Advertise Home Back Issues Web Exclusives Topics Authors Contact Us search for on this site go power sea ARTICLE INFORMATION
UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting
ading Cisco IOS Software for the Cisco 806, 826, 827, 828, and Table of Contents Upgrading Cisco IOS Software for the Cisco 806, 826, 827, 828, and SOHO70 Routers...1 Introduction...1 Before You Begin...1
AutoDownload: SQL Server and Network Trouble Shooting AutoDownload uses Microsoft s SQL Server database software. Since 2005 when AutoDownload was first released Microsoft have also released new versions
Using a VPN with CentraLine AX Systems User Guide TABLE OF CONTENTS Introduction 2 What Is a VPN? 2 Why Use a VPN? 2 How Can I Set Up a VPN? 2 Important 2 Network Diagrams 2 Network Set-Up with a VPN 2
Page 1 of 10 Contestant Number: Time: Rank: COMPUTER NETWORK TECHNOLOGY (300) REGIONAL 2014 TOTAL POINTS (500) Failure to adhere to any of the following rules will result in disqualification: 1. Contestant
Question Number (ID) : 1 (jaamsp_mngnwi-025) Lisa would like to configure five of her 15 Web servers, which are running Microsoft Windows Server 2003, Web Edition, to always receive specific IP addresses