Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: PIX 501

from [John Waskewics] Network Security [Permanent Link]
Subject: RE: PIX 501
Date: Fri, 24 Jun 2005 16:17:14 -0700 
David,

We have this setup and have used dynamic and static Ips for our site to
site using a PIX 515 at the HQ, and 506's at the remote sites.

We are using the same firmware 6.1.x on all devices and in both
scenarios, dynamic and static, things worked very well. 

The only problems we ran into is that our crpto key sometimes got
corrupted during a manual reconfig.  This had nothing to do with the
dynamic IP though.

We suggest using manual commands to change the crpto set and NOT the
PDM, because the PDM does an incomplete change when changing IP address
and rehashing the keys.


Regards,

 

John Waskewics, MCP

President

Lead-In Technologies(r), Inc.

Business Efficiency Through Information Technology

 

21823 Plummer Street

Chatsworth, CA 91311

818-407-1024, 122 Voice

818-475-1881 Fax

www.leadintech.com

john@leadintech.com

 

Your single source for IT.

 

Lead-In is a proud member of:

The ASCII Group (http://ascii.com)
Executives' Association of the San Fernando Valley (http://easfv.com)

Los Angeles SMB Technology Network (http://www.lasmbug.org)

 

________________________________

Note: This message and any attachments are intended only for the use of
the individual or entity to which it is addressed and may contain
information that is privileged, confidential, and exempt from disclosure
under applicable law. If the reader of this message is not the intended
recipient, or the employee or agent responsible for delivering the
message to the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please
notify the sender by replying to this message, and then delete it from
your system.  All rights reserved.  Thank you.

-----Original Message-----
From: Dave Nardoni [mailto:dnardoni@firstresponseconsulting.com] 
Sent: Friday, June 24, 2005 6:54 AM
To: firewalls@securityfocus.com
Subject: PIX 501

Is anyone aware of any problems with setting up site to site VPN's with
PIX's where the sites have dynamic IP's.  Situation is I have to link a
bunch of branch offices to main office and all branch offices are DSL or
cable modems that have dynamic and do not have static IP's.  Any
problems or gotcha's that anyone is aware of, one thing I am concerned
about is when the lease expires will the VPN go down and come back up
correctly?  How is this handled?

Anyway thanks in advance for any comments,

David Nardoni CISSP, EnCE
dnardoni@firstresponseconsulting.com
PGP Signature: 9CE4 C240 BBC7 2945 BDD6  C97A 0E3D 2547 DB0A 104C
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Theoretical question: Can firewall detect attack which he can’t block?, Terry Vernon
Next by Date:  Re: Theoretical question: Can firewall detect attack which he can’t block?, Rodrigo Blanco
Previous by Thread:  RE: PIX 501, Ha, Jason
Next by Thread:  RE: PIX 501, Andrew Shore
Indexes:  [Date] [Thread] [Top] [All Lists]