I second all of what you said.... They [*nix-heads] call it "WinBlows", yet they still feel the need to develop and run an XServer... esp. when their Enterprise Tape Backup Packages (Veritas) require it... So much for the lame argument of 'Command prompt to the Core DUDE!!'
Lest we need to start a flame war... All further follow-ups to this specific thread will be Kill-Filed. No need to waste the time or bandwidth.... (Big GRIN)- Hypocrisy at its finest. Cheers! Mark Odette II StellarConnection Services CCNA, 1/2 CCNP, MCSE 4.0 & 2000, A+ Certified. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Allen May Sent: Wednesday, November 28, 2001 10:31 PM To: [EMAIL PROTECTED] Subject: Re: NAT commands [7:27539] You need TACACS to authenticate to a pool of internal IPs through the PIX. That gets you on the internal IP network & is controlled by access-lists. Next if you still need more authentication via VPN then connect to the server after TACACS VPN is connected. The only time I needed this second step was when I wanted to authenticate to NT or Novell servers. No need to have all "real" ip's. You can IPSec in and you've got all the internal IP address space you'd ever need available to you. I won't even comment on the "sucks" thing since I use all 3..PIX, BSD, Linux, etc. PIX can handle it just fine. And we definitely won't go into specifics on why *nix is more vulnerable to attacks & proven so by studies (vs a true firewall). If you're interested in details check the archives. However, I do recommend a version of *nix (anything but the most hacked one, Redhat) for TACACS rather than NT. Something about purely *nix and Apple people bugs me...maybe it's all the complaining and tendency to start fights ;) Allen ----- Original Message ----- From: David Tran To: Sent: Wednesday, November 28, 2001 4:19 PM Subject: Re: NAT commands [7:27539] > That's why PIX sucks. Go with Linux or BSD > ----- Original Message ----- > From: "Rizzo, Damian" > To: > Sent: Wednesday, November 28, 2001 4:20 PM > Subject: RE: NAT commands [7:27539] > > > > I do not think this will work. I had the exact same problem as below, > though > > I was using a Cable connection. After talking with Cisco it was determined > > that the problem was attempting to forward GRE traffic. Since GRE is a > > Protocol and not a Port, it is extremeley difficult to route and/or > forward, > > and in the event you are using a PIX firewall, as I found out, it is just > > not possible. I actually had to purchase another IP address from my ISP so > I > > could Static map it and use ACL's to open the GRE protocol. Hope this > helps. > > > > > > -Rizzo > > > > > > > > -----Original Message----- > > From: NKP [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, November 28, 2001 8:50 AM > > To: [EMAIL PROTECTED] > > Subject: NAT commands [7:27539] > > > > > > Hi All > > I have the following scenario . > > I have a Cisco 2600 router which is connected to the ISDN and I have got > a > > fixed Ip address from my ISP which is assigned to the bri interface , it > is > > connecting fine .All the internal addresses are translated on ethernet > > on my ethernet I have a Windows 2K server . > > I want a remote user to connect to my Win2K server , how should I > > configure my router to send the request for authentication to this win2K > > server via VPN as it has a translated IP address . . My remote client is > on > > Win 98 . > > > > My present router configs are given below > > > > thanks in advance , > > > > Navin Parwal > > > > > > > > > > Router# > > Router# > > Router#sh run > > Building configuration... > > > > Current configuration: > > ! > > version 12.0 > > service timestamps debug uptime > > service timestamps log uptime > > no service password-encryption > > ! > > hostname Router > > ! > > ! > > memory-size iomem 10 > > ip subnet-zero > > ! > > ip dhcp pool local > > network 192.168.1.0 255.255.255.0 > > default-router 192.168.1.1 > > dns-server 12.10.194.34 > > ! > > isdn switch-type basic-net3 > > ! > > ! > > ! > > ! > > interface Ethernet0/0 > > ip address 192.168.1.1 255.255.255.0 > > no ip directed-broadcast > > ip nat inside > > no cdp enable > > no mop enabled > > ! > > interface Serial0/0 > > no ip address > > no ip directed-broadcast > > no ip mroute-cache > > shutdown > > no fair-queue > > clockrate 64000 > > ! > > interface BRI0/0 > > ip address 202.157.70.61 255.255.255.0 > > no ip directed-broadcast > > ip nat outside > > encapsulation ppp > > dialer string 226476 > > dialer-group 1 > > isdn switch-type basic-net3 > > no cdp enable > > ppp chap refuse > > ppp pap sent-username jbc password > > hold-queue 75 in > > ! > > ip nat inside source list 10 interface BRI0/0 overload > > ip classless > > ip route 0.0.0.0 0.0.0.0 BRI0/0 > > no ip http server > > ! > > access-list 10 permit any > > dialer-list 1 protocol ip permit > > ! > > ! > > line con 0 > > transport input none > > line aux 0 > > line vty 0 4 > > login > > ! > > no scheduler allocate > > end > > This electronic mail transmission contains confidential information > intended > > only for the person(s) named. Any use, distribution, copying, or > disclosure > > by any other person is strictly prohibited. If you received this > > transmission in error, please notify the sender by replying to e-mail and > > destroy message. Opinions, conclusions, and other information in this > > message that do not relate to the official business of MARAKON ASSOCIATES > > shall be understood to be neither given nor endorsed by the company. When > > addressed to MARAKON clients, any information contained in this e-mail is > > subject to the terms and conditions in the governing client contract. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27649&t=27539 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
