I’ll keep this one short. It seems that sending a NO-OP signal to help keep your SSH connection active within SecureCRT interferes with the TFTP process on a Cisco ASA. My download continued to fail due to a timeout error until I disabled the “Send Protocol NO-OP” setting.

Woohoo.

Today I was a client’s corporate office configuring a new Cisco PIX 506 firewall with VPN support. While the PIX supports IPSEC, we decided to use PPTP because client side configuration on Windows 2000/XP is very straight forward and rather simple for a non-technical employee to configure.

After configuring PPTP on the PIX (which is a snap), I configured and tested a Windows XP workstation using a dialup connection. While the test was a success (the tunnel was established and the secure network could be accessed), internet access failed because the PIX won’t/can’t redirect traffic that isn’t on it’s local network (Plug: the Cisco VPN Concentrator can perform this task with ease). A simple fix for this problem would appear to be to modify the Windows VPN connection and disable the use default gateway on remote network option, but now no traffic is getting though the VPN tunnel to the secure network.

(more…)

Many internet hardware products offer a read-only access mode, which I’m guessing is to keep Mr. Slacky from screwing up the config – ahem, no router bgp 6078 – on your live core router. But that’s the problem, Cisco doesn’t offer an elegant solution for read-only access to their routers. You can modify the exec level for show running-config, although the output ends up being completely useless because you didn’t supply a new exec level for all of the associated commands that are necessary to gather the configuration.

(more…)