Re: VoIP quality and Requirement [7:20497]
Mukul, usually, one voice packet is 20 bytes. Add to that 40 bytes for RTP+UDP+IP headers. So, for 8 Kbps voice stream, you would have to add 16 Kbps for overhead. That is total 24 Kbps. RTP header compression could shrink that to 11-12 Kbps, but it is possible to use it only on PtoP links, between two routers running RTP compression. End-to-end delay (delay budget) should be less than 150 ms, but then, it all depends, it could work will more, depending on users' expectations. BTW, great book for VoIP is Integrating Voice and Data Networks. Sasa MJ wrote: Moreover I second question was : What should be bandwidth to run one channel, they say 8K, so does that mean that on 64K leased line I can have 8 Ports working without any problem Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20508t=20497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Where do I begin [7:20474]
Grant, I am studying for written myself. I asked this question as well and got a lot of great and different answers and one of them was to use various resources. Checl www.bn.com for recent books. www.examnotes.net for group postings, feel free to post this question there too. There are CCIEs there as well. www.boson.com is popular for there study quesions. Grant Sabesky wrote: I have 13 years of networking and MS systems experience and want to investigate the CCIE Security certification. I have expertise in Checkpoint FW-1 on Unix and NT as well as IP protocols, Cisco routers and switches. Where do I start to prepare for the written? What equipment is necessary and what books to purchase? Sorry for the generic form of questioning. thanks in advance. grant Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20509t=20474 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Small series Cisco router that supports NAT inFast [7:20512]
Why don't you try Cisco 1700 Series. Specifically 1720, Or u have plan for the VoIP then 1750 ... Mukul Elaluf, Sylvia, wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi I would like if somebody can recommend a Cisco small series router that supports NAT in Fast Switching (both at the same time). I was recommended a 1720 series but I read the specifications and I do not see anything like that on it. Thanks Silvia -Original Message- From: Elaluf, Sylvia, [SMTP:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 7:15 AM To: [EMAIL PROTECTED] Subject: Small series Cisco router that supports NAT and Fast Switching [7:20499] Hi everybody I would like to know if somebody can recomend a Cisco small series router that supports NAT and Fast Switching. I want to use this switch as a cheap load balancing solution. Regards Silvia Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20512t=20512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ipsec cisco-checkpoint FW-1 [7:20513]
I want to configure an IPSEC between cisco router and a checkpoint FW-1 version 4.1. Any help or links will be appreciated. rgds, -- -- Paul Msava ,CCNA email:[EMAIL PROTECTED] Tel:+254 11 22 83 91 http://www.uunet.co.ke Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20513t=20513 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Small series Cisco router that supports NAT inFast Switching: [7:20510]
Hi I would like if somebody can recommend a Cisco small series router that supports NAT in Fast Switching (both at the same time). I was recommended a 1720 series but I read the specifications and I do not see anything like that on it. Thanks Silvia -Original Message- From: Elaluf, Sylvia, [SMTP:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 7:15 AM To: [EMAIL PROTECTED] Subject: Small series Cisco router that supports NAT and Fast Switching [7:20499] Hi everybody I would like to know if somebody can recomend a Cisco small series router that supports NAT and Fast Switching. I want to use this switch as a cheap load balancing solution. Regards Silvia Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20510t=20510 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP quality and Requirement [7:20497]
Thanks Sasa, Well this will help me to calculate. Where you got all these stats ? are they in the same book that you have reffered, can u tell me the Author and publication also. Can we have RTP compression at 2 Internet routers if they are connected Via Internet ? Moreover normally delay is 500 msec or something on internet, and if you have ever done a voice chat on msn or yahoo when we are on dialup, things work perfectly. So that made me think that VoIP should work perfectly on Internet based leased lines. Mukul Sasa Milic wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Mukul, usually, one voice packet is 20 bytes. Add to that 40 bytes for RTP+UDP+IP headers. So, for 8 Kbps voice stream, you would have to add 16 Kbps for overhead. That is total 24 Kbps. RTP header compression could shrink that to 11-12 Kbps, but it is possible to use it only on PtoP links, between two routers running RTP compression. End-to-end delay (delay budget) should be less than 150 ms, but then, it all depends, it could work will more, depending on users' expectations. BTW, great book for VoIP is Integrating Voice and Data Networks. Sasa MJ wrote: Moreover I second question was : What should be bandwidth to run one channel, they say 8K, so does that mean that on 64K leased line I can have 8 Ports working without any problem Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20511t=20497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP quality and Requirement [7:20497]
MJ here a table with some bandwidth figure for your traffic, as the others state 150ms is about the max delay after that then you can't guarantee quality. One major things to look for would be your qos on the local tail, read up on CBWFQ techniques they should help prioritise your voip traffic regards Codec Voice Bandwidth Transport Bandwidth Default packet size Packetisation delay ms Coding delay ms Complexity (according to Cisco) Quality MOS value G.711 64 kBit/s 80 kBit/s (with rtp header compression about 65 kbps) 160 20 0.375 Low Normal 4.1 G.729 8 kBit/s 12 kBit/s (rtp comp.) 24 kBit/s (without rtp comp.) 20 20 35 Medium Normal 3.92 G.726 16 kBit/s 32 kBit/s (with rtp header compression about 17 kpbs) 40 20 0.375 Medium Analog G.726 24 kbit/s 40 kbit/s (with rtp header compression about 25 kbps) 60 20 0.375 Medium Normal G.726 32 kBit/s 48 kBit/s (with rtp header compression about 33 kbps) 80 15 0.375 Medium Normal 3.85 MJ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, I am planning to implement VoIP between our different office located in different country. All our offices have leased line to Internet normally either of 64K or 128K. I have 2x64 Leased lines coming from different ISP's. Can you suggest me. 1. What should be avg. Ping in msec between office to have good VoIP. 2. What should be bandwidth to run one channel, they say 8K, so does that mean that on 64K leased line I can have 8 Ports working without any problem ? What are the other things that I should look for before setting up VoIP ? Regards, Mukul Jain Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20514t=20497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
fasteth relearning address [7:20515]
Dear Group, I log into myCatalyst 2924XL and I found the following error message: %RTD-1-ADDR_FLAP: FastEthernet0/1 relearning 7 addrs per min How can I proceed to troubleshoot this? Thanks in advance, Teresa Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20515t=20515 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SecureID on Cisco [7:20438]
You will need to do Radius between the ACE server and the Cisco router! Gerwin - Original Message - From: To: Sent: Wednesday, September 19, 2001 8:56 PM Subject: SecureID on Cisco [7:20438] Greetings all, Looking for reference/ideas on how to configure RSA SecureID on Cisco's routers. Any ideas would be great. Thanks..Nabil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20516t=20438 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX / DNS [7:20518]
Has anyone seen this before (due to DNS Response)? How do I see details on the DNS response that was denied (packet coming on the external interface of the firewall I presume)? 106007 Deny inbound UDP from 208.145.207.71/9597 to 10.1.1.51/1077 due to DNS Response Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20518t=20518 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco MPLS Beta Exam (641 - 910 Beta) [7:20520]
Dear all, I will take the Cisco MPLS Beta Exam (641 - 910 Beta) tomorrow!! Anyone has taken it and can give some suggestion to me? Thanks a lot!! kc Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20520t=20520 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Switch to 3Com hub [7:20517]
I have set a 2924 with a management address on vlan 1.We want to use a cross over to a 3com hub which runs into another 3com which runs into a router.There is a 2mb line between between the 2 buildings and the core sits at the second building. Will I be able to telnet into the switch ? Thanks in advance _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20517t=20517 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP quality and Requirement [7:20497]
Dear Patrick, Can you send me the below table in Excel or some othe format. This was messed up when I printed the same. Thanks Mukul Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... MJ here a table with some bandwidth figure for your traffic, as the others state 150ms is about the max delay after that then you can't guarantee quality. One major things to look for would be your qos on the local tail, read up on CBWFQ techniques they should help prioritise your voip traffic regards Codec Voice Bandwidth Transport Bandwidth Default packet size Packetisation delay ms Coding delay ms Complexity (according to Cisco) Quality MOS value G.711 64 kBit/s 80 kBit/s (with rtp header compression about 65 kbps) 160 20 0.375 Low Normal 4.1 G.729 8 kBit/s 12 kBit/s (rtp comp.) 24 kBit/s (without rtp comp.) 20 20 35 Medium Normal 3.92 G.726 16 kBit/s 32 kBit/s (with rtp header compression about 17 kpbs) 40 20 0.375 Medium Analog G.726 24 kbit/s 40 kbit/s (with rtp header compression about 25 kbps) 60 20 0.375 Medium Normal G.726 32 kBit/s 48 kBit/s (with rtp header compression about 33 kbps) 80 15 0.375 Medium Normal 3.85 MJ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, I am planning to implement VoIP between our different office located in different country. All our offices have leased line to Internet normally either of 64K or 128K. I have 2x64 Leased lines coming from different ISP's. Can you suggest me. 1. What should be avg. Ping in msec between office to have good VoIP. 2. What should be bandwidth to run one channel, they say 8K, so does that mean that on 64K leased line I can have 8 Ports working without any problem ? What are the other things that I should look for before setting up VoIP ? Regards, Mukul Jain Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20519t=20497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSPFA Exam [7:20521]
Hi, Does anybody know what PIXOS the CSPFA exam covers? According to the Cisco website it doesn't cover dhcpd so I assume it's pre PIXOS6 ? Mzl. PJB Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20521t=20521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Switch to 3Com hub [7:20517]
yes, remember there are hubs and switches, as long as the switch is on the correct LAN then there is absolutely no reason as to why you can't. -Original Message- From: Shane Stockman [mailto:[EMAIL PROTECTED]] Sent: 20 September 2001 11:40 To: [EMAIL PROTECTED] Subject: Switch to 3Com hub [7:20517] I have set a 2924 with a management address on vlan 1.We want to use a cross over to a 3com hub which runs into another 3com which runs into a router.There is a 2mb line between between the 2 buildings and the core sits at the second building. Will I be able to telnet into the switch ? Thanks in advance _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20522t=20517 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
nimda virus [7:20523]
Anyone knows how to block the nimda virus? thank you, kroywen -- Information and attachments herein are intended for the named recipients only. It may contain attorney-client privileged or confidential matter. If you have received this message in error, please notify us immediately by a collect phone call to +(632)8177746, and destroy the original message. Do not disclose the contents to anyone. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20523t=20523 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: nimda virus [7:20523]
I have just came out after patching my servers (IIS on win2K) for this . I don't know how to really handle such Viruses. Do we have options on Firewall to fight against such Viruses. Mukul kroywen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Anyone knows how to block the nimda virus? thank you, kroywen -- Information and attachments herein are intended for the named recipients only. It may contain attorney-client privileged or confidential matter. If you have received this message in error, please notify us immediately by a collect phone call to +(632)8177746, and destroy the original message. Do not disclose the contents to anyone. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20524t=20523 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
REMOVE ME FROM THE MAILING LIST. [7:20525]
I WISH TO REMOVE MY NAME FROM THE MAIL LIST...THANK YOU. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20525t=20525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP--username [7:20526]
Any body knows how can i map ( IP address - user name ) On Router 2600 network access server . i mean i like to assign to each user dial for hom an IP address ..how can i do that ...??? Regards -- Ahmed Malkawi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20526t=20526 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP address - user name [7:20527]
Any body knows how can i map ( IP address - user name ) On Router 2600 network access server . i mean i like to assign to each user dial for hom an IP address ..how can i do that ...??? Regards -- Ahmed Malkawi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20527t=20527 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP--username [7:20526]
Make your router a DHCP server and apply manual bindings based on MAC addresses. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ahmed Malkawi Sent: Thursday, September 20, 2001 7:00 AM To: [EMAIL PROTECTED] Subject: IP--username [7:20526] Any body knows how can i map ( IP address - user name ) On Router 2600 network access server . i mean i like to assign to each user dial for hom an IP address ..how can i do that ...??? Regards -- Ahmed Malkawi _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20528t=20526 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP quality and Requirement [7:20497]
MJ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear Patrick, Can you send me the below table in Excel or some othe format. This was messed up when I printed the same. Thanks Mukul Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... MJ here a table with some bandwidth figure for your traffic, as the others state 150ms is about the max delay after that then you can't guarantee quality. One major things to look for would be your qos on the local tail, read up on CBWFQ techniques they should help prioritise your voip traffic regards Codec Voice Bandwidth Transport Bandwidth Default packet size Packetisation delay ms Coding delay ms Complexity (according to Cisco) Quality MOS value G.711 64 kBit/s 80 kBit/s (with rtp header compression about 65 kbps) 160 20 0.375 Low Normal 4.1 G.729 8 kBit/s 12 kBit/s (rtp comp.) 24 kBit/s (without rtp comp.) 20 20 35 Medium Normal 3.92 G.726 16 kBit/s 32 kBit/s (with rtp header compression about 17 kpbs) 40 20 0.375 Medium Analog G.726 24 kbit/s 40 kbit/s (with rtp header compression about 25 kbps) 60 20 0.375 Medium Normal G.726 32 kBit/s 48 kBit/s (with rtp header compression about 33 kbps) 80 15 0.375 Medium Normal 3.85 MJ wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, I am planning to implement VoIP between our different office located in different country. All our offices have leased line to Internet normally either of 64K or 128K. I have 2x64 Leased lines coming from different ISP's. Can you suggest me. 1. What should be avg. Ping in msec between office to have good VoIP. 2. What should be bandwidth to run one channel, they say 8K, so does that mean that on 64K leased line I can have 8 Ports working without any problem ? What are the other things that I should look for before setting up VoIP ? Regards, Mukul Jain [demime removed a uuencoded section named Codecs.doc which was 571 lines] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20531t=20497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco MPLS Beta Exam (641 - 910 Beta) [7:20520]
Please write a feedback message about the exam in this group after you completed the exam. How many question in Beta Exam ? kc Dear all, I will take the Cisco MPLS Beta Exam (641 - 910 Beta) tomorrow!! Anyone has taken it and can give some suggestion to me? Thanks a lot!! kc Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20529t=20520 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CSPFA Exam [7:20521]
hi , it cover pixOS ver 5.1 chris -Original Message- From: GumBaJa [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 12:57 PM To: [EMAIL PROTECTED] Subject: CSPFA Exam [7:20521] Hi, Does anybody know what PIXOS the CSPFA exam covers? According to the Cisco website it doesn't cover dhcpd so I assume it's pre PIXOS6 ? Mzl. PJB Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20530t=20521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Anyone toke the Cisco Multicast+QoS BETA exam? [7:20532]
Can share experience ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20532t=20532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: nimda virus [7:20523]
the only option we could have is with the IDS on PIX or IOS FW feature set. the problem is that in those version, IDS detects and filters only the 59 most common attacks signatures and you cannot add manually more signatures (performance issue in the router or PIX if too much signatures to check). if you use IDS sensor, you can configure the string/pattern of nimda, or whatever else (code red, blue) to be filtered, and the sensor sends a command to the PIX which will create a temp ACLs to block it, but it doesn't scale (attacks with spoofed ip address will block packets from normal users). So for the moment the only solution is patches and Host IDS as Entercept (now acquired by Cisco and orderable from Cisco) or BlackICE. If any of you have an idea how to fix that, please let us know. A solution would be to have two firewall, one with normal function and a second one which would check only specifics signatures. But for that we must ask cisco to add the feature in the IOS FW or PIXOS that let us add new signatures in IDS. A second one would be to have an entry router which routes all application except http for specific IP addresses (thoses of WebServers) to a PIX functionning normally and http packets for the WebServers to a home made firewall,ie. Linux box acting as a router with firewall enabled and which checks only specific signatures for specific IP addresses. But as I know such a box doesn't exist in the market today. If yes, please let me know !!! hope it helps and it is right :-) (correct me if not) cheers chris -Original Message- From: MJ [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 1:44 PM To: [EMAIL PROTECTED] Subject: Re: nimda virus [7:20523] I have just came out after patching my servers (IIS on win2K) for this . I don't know how to really handle such Viruses. Do we have options on Firewall to fight against such Viruses. Mukul kroywen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Anyone knows how to block the nimda virus? thank you, kroywen -- Information and attachments herein are intended for the named recipients only. It may contain attorney-client privileged or confidential matter. If you have received this message in error, please notify us immediately by a collect phone call to +(632)8177746, and destroy the original message. Do not disclose the contents to anyone. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20534t=20523 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Solutions [7:20468]
I've used both the IOS and the concentrator solutions. I have found the concentrator solution to be more expensive, but absolutely rock solid. The IOS solution is less expensive, but there are many bugs even with the latest versions. Lots of headaches here. My recommendation: if you have the bucks, go with the concentrator. By far the better choice from a maintenance and reliablity aspect. Lori -Original Message- From: Bob Johnson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 6:46 PM To: [EMAIL PROTECTED] Subject: Cisco VPN Solutions [7:20468] Hi, I'm looking for comments about various Cisco VPN options allowing access from a home workstation.. As far as I know my options are: 1) Cisco PIX accessed by VPN Client 1.1 2) Cisco 3000 (or 5000) Concentrator accessed by VPN client 3.1 3) Cisco IPsec IOS access by VPN Client 1.1 It would seem that option 3 is the most cost effective (assuming you already have the hardware, you just need to purchase the correct IOS).. Anyone with hints/info/caveats? Appreciate any feedback from people actually using the IOS and the VPN client... Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20533t=20468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Throw away that old PIX? [7:20535]
Very informative! I have check the release notes for releases 4.2 One of the flaw of the previous versions is the noop phenomenon http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v42/pixrn420.h tm#xtocid1236635 I am running version 4.07. Apparently I need a 2MB flash update before upgrade. If the cost is prohibitive (100$ I may have to get rid of the PIX box Please advise Pierre-Alex -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 6:20 AM Subject: noop by rhenium with smtp (Exim 3.22 #6) id 15k1oO-0002iw-00 for [EMAIL PROTECTED]; Thu, 20 Sep 2001 12:16:08 +0100 Message-ID: From: Andy Lee To: Pierre-Alex GUANEL References: Subject: Re: PIX / DNS [7:20518] Date: Thu, 20 Sep 2001 11:53:12 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Pierre It may be due to DNS guard on the PIX (automatically closes DNS UDP session once DNS response received rather than wait for associated UDP timers to expire). I assume there will still be a small time associated with closing the DNS UDP session the PIX blocks any additional replies during this period FYI DNS guard enabled as default. Regards Andy If you require Cisco consultancy skills or assistance with a Cisco Upgrade/rollout on an ADHOC basis (UK only) please contact me via email I shall forward my CV. (No agencies) I am an instructor who is finding himself with gaps in his teaching schedule due to thnoop periods of 1 - 14days. (I can negotiate longer periods if necessary) - Original Message - From: Pierre-Alex GUANEL To: Sent: Thursday, September 20, 2001 11:41 AM Subject: PIX / DNS [7:20518] Has anyone seen this before (due to DNS Response)? How do I see details on the DNS response that was denied (packet coming on the external interface of the firewall I presume)? 106007 Deny inbound UDP from 208.145.207.71/9597 to 10.1.1.51/1077 due to DNS Response Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20535t=20535 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP address - user name [7:20527]
I don't know what you exactly mean, but this is what I think you want: username joe pass pass Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20536t=20527 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP address - user name [7:20527]
I don't know what you exactly mean, but this is what I think you want: username joe pass pass username john pass pass1 interface dialer1 ip address 1.1.1.1 255.255.255.0 dialer remote-name joe peer default ip address 1.1.1.2 (this would assign this ip address to the user joe) dialer pool 1 interface dialer2 ip add 2.2.2.2 255.255.255.0 dialer remote-name john peer default ip add 2.2.2.1 dialer pool 2 int b0/0 dialer pool-member 1 dialer pool-member 2 If anyone has a simpler way to do this, I would like him/her to post it. Dragi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20537t=20527 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP address - user name [7:20527]
cistron-radius on a linux box. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ahmed Malkawi Sent: Thursday, September 20, 2001 7:00 AM To: [EMAIL PROTECTED] Subject: IP address - user name [7:20527] Any body knows how can i map ( IP address - user name ) On Router 2600 network access server . i mean i like to assign to each user dial for hom an IP address ..how can i do that ...??? Regards -- Ahmed Malkawi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20538t=20527 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX / DNS [7:20518]
If I remove mailguard, which ports should I open so that my mail server receives mail from the Internet? (25 / 110) Pierre-Alex -Original Message- From: Eric Hoffman [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 8:09 AM To: 'Pierre-Alex GUANEL' Subject: RE: PIX / DNS [7:20518] The due to DNS response syslog message in a deny statement means that the PIX Firewall DNS Guard feature is in effect and the message indicates slow response from the DNS server. When the response is slow, the PIX Firewall sends a second DNS inquiry, the first returns, and the second gets denied and logged. The above paragraph was taken directly from the cisco webpage: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v41/pixrn417.h tm Watch the wrap. Not sure which version it started in, but it is in the majority of pix code. HTH, Eric -Original Message- From: Pierre-Alex GUANEL [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 6:42 AM To: [EMAIL PROTECTED] Subject: PIX / DNS [7:20518] Has anyone seen this before (due to DNS Response)? How do I see details on the DNS response that was denied (packet coming on the external interface of the firewall I presume)? 106007 Deny inbound UDP from 208.145.207.71/9597 to 10.1.1.51/1077 due to DNS Response Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20539t=20518 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Solutions [7:20468]
The better, but more costly choice is the concentrator, you have a lot less issues to worry about than w/ IOS.Either pay now or pay for it later P. Neil Borne, CCDA,CCNP and C-voice Systems Integrator III From: Hyde, Lori Reply-To: Hyde, Lori To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] Date: Thu, 20 Sep 2001 08:42:52 -0400 I've used both the IOS and the concentrator solutions. I have found the concentrator solution to be more expensive, but absolutely rock solid. The IOS solution is less expensive, but there are many bugs even with the latest versions. Lots of headaches here. My recommendation: if you have the bucks, go with the concentrator. By far the better choice from a maintenance and reliablity aspect. Lori -Original Message- From: Bob Johnson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 6:46 PM To: [EMAIL PROTECTED] Subject: Cisco VPN Solutions [7:20468] Hi, I'm looking for comments about various Cisco VPN options allowing access from a home workstation.. As far as I know my options are: 1) Cisco PIX accessed by VPN Client 1.1 2) Cisco 3000 (or 5000) Concentrator accessed by VPN client 3.1 3) Cisco IPsec IOS access by VPN Client 1.1 It would seem that option 3 is the most cost effective (assuming you already have the hardware, you just need to purchase the correct IOS).. Anyone with hints/info/caveats? Appreciate any feedback from people actually using the IOS and the VPN client... Thanks _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20540t=20468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: fasteth relearning address [7:20515]
For some reason your port relearned the macs... either it flapped or something failed over... TP wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear Group, I log into myCatalyst 2924XL and I found the following error message: %RTD-1-ADDR_FLAP: FastEthernet0/1 relearning 7 addrs per min How can I proceed to troubleshoot this? Thanks in advance, Teresa Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20541t=20515 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ipsec cisco-checkpoint FW-1 [7:20513]
Search www.cisco.com. There's a hugh area describing how to do it. I've read it but I didn't save the link... Paul Msava wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I want to configure an IPSEC between cisco router and a checkpoint FW-1 version 4.1. Any help or links will be appreciated. rgds, -- -- Paul Msava ,CCNA email:[EMAIL PROTECTED] Tel:+254 11 22 83 91 http://www.uunet.co.ke Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20542t=20513 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT and Telnet [7:20362]
I have 12.1(9) Enterprise Plus on my 2514 and no mapping needed either. I just telnetted to it now from the office and verified the config... Lupi, Guy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have routers functioning like this with code below 12.1, and it works fine, no mapping needed. I wonder why they would change that, interesting though. -Original Message- From: EA Louie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 6:39 PM To: [EMAIL PROTECTED] Subject: Re: NAT and Telnet [7:20362] Guy...yes, you're correct - I mapped port 23 on the outside to 23 on a loopback... and one of my study buddies just called and told me it's a new 'feature' of 12.1 and higher to deny incoming on the outside interface. Some firewall feature gets enabled that prevents inbound telnet to the outside interface unless that 'conduit' is opened using nat inside source static. I might downgrade to 12.0 tonight to see if that's true. -e- - Original Message - From: Lupi, Guy To: 'EA Louie' ; Sent: Wednesday, September 19, 2001 2:03 PM Subject: RE: NAT and Telnet [7:20362] Did you have to map port 23 of the outside interface to port 23 of the inside interface? Something like this: ip nat inside source static tcp 192.168.1.1 23 208.2.2.2 23 -Original Message- From: EA Louie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 1:28 AM To: [EMAIL PROTECTED] Subject: NAT and Telnet [7:20362] I posted this on the Lab list...but I thought some folks here might enjoy the challenge, too. (Apologies to those who are on both for the cross-post) I was going to post a how to question about NAT, but I figured it out so I thought I'd share the information with the list and challenge you with the solution. When using the address of the outside interface as the NAT overload address, I could not telnet into the router. I could ping, but the telnet sessions would time out. I came up with a solution - can any of you figure out what it was? And does anyone know the reason that this happens? -e- _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20543t=20362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Beachfront Quizzers free lab POD? [7:20353]
It looks like they're a mess. I hope they'll be better when people actually pay but probably not... If this is the way they show people their service something is wrong... jap_e wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I had booked a free lab POD at the www.bfq.com as suggested by somebody on this list, and when it was my time, i realised that i have no clue how to access the POD! No ip address for telnet, no information given on their site except the wiring diagram. I spend most of my first 2 hours searching for a way to telnet into their routers, and gave up in the end. Tell me, how did you (if you have tried the free lab) acccess any of the routers? Thanks for your feedback. Regards, Eve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20544t=20353 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SecureID on Cisco [7:20438]
I don't know of a way to directly configure a cisco device to authenticate against a SecureID server, however SecureID integrates very well with most RADIUS implementations. Once that is configured, you can then configure AAA on your cisco device to authenticate against your RADIUS server. HTH __ Thomas Crowe Senior Systems Engineer / Architect CTS Professional Services - Atlanta Phone: 770-664-3900 Cell: 404-277-4089 __ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, September 19, 2001 2:56 PM To: [EMAIL PROTECTED] Subject: SecureID on Cisco [7:20438] Greetings all, Looking for reference/ideas on how to configure RSA SecureID on Cisco's routers. Any ideas would be great. Thanks..Nabil [GroupStudy.com removed an attachment of type text/x-vcard which had a name of Thomas Crowe.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20545t=20438 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bridging and DLSW [7:20484]
try the token ring paper at ccprep.com http://www.ccprep.com/resources/news/archives/Token_Ring2.pdf its a good start Lupi, Guy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am trying to find a good resource on bridging and DLSW, does anyone have any specific links or books that they could recommend? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20546t=20484 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FastEther Channel [7:20494]
No I don't think so, I believe that it's only supported on the 7500 and 7200 routers. Dave Thomas N. wrote: Hi All, I have a Cisco 2621 router with 2 FastEthernet ports, and plan to implement trunking with Routing on a Stick. I wonder if it is possible to combine the 2 FastEthernet ports on the Cisco 2621 router to create a FastEther Channel, then create a trunk out of that FastEthernet Channel of 200Mbps link? Thanks All! Thomas N. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20547t=20494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Looking for CIPT 3.0 course material [7:20549]
WTB CIPT 3.0 course material. Pls contact [EMAIL PROTECTED] Keith Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20549t=20549 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Solutions [7:20468]
One thing to be aware of - the VPN client doesn't (at least didn't last time I looked) support Windows 2000. It also has (once again, possibly should be had) big issues with some ISPs, especially aol and netzero. I have to agree with the other folks, the concentrator (we have 3 vpn-3030 systems deployed around the world) is rock solid - I've only ever had one hang. The cisco VPN hardware solution is a great fit for home offices connecting to the concetrator, and the 806 router also works very well. I've used the client to pix, and while it works fine, it's a real p.i.t.a. Andras -Original Message- From: Neil Borne [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 6:33 AM To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] The better, but more costly choice is the concentrator, you have a lot less issues to worry about than w/ IOS.Either pay now or pay for it later P. Neil Borne, CCDA,CCNP and C-voice Systems Integrator III From: Hyde, Lori Reply-To: Hyde, Lori To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] Date: Thu, 20 Sep 2001 08:42:52 -0400 I've used both the IOS and the concentrator solutions. I have found the concentrator solution to be more expensive, but absolutely rock solid. The IOS solution is less expensive, but there are many bugs even with the latest versions. Lots of headaches here. My recommendation: if you have the bucks, go with the concentrator. By far the better choice from a maintenance and reliablity aspect. Lori -Original Message- From: Bob Johnson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 6:46 PM To: [EMAIL PROTECTED] Subject: Cisco VPN Solutions [7:20468] Hi, I'm looking for comments about various Cisco VPN options allowing access from a home workstation.. As far as I know my options are: 1) Cisco PIX accessed by VPN Client 1.1 2) Cisco 3000 (or 5000) Concentrator accessed by VPN client 3.1 3) Cisco IPsec IOS access by VPN Client 1.1 It would seem that option 3 is the most cost effective (assuming you already have the hardware, you just need to purchase the correct IOS).. Anyone with hints/info/caveats? Appreciate any feedback from people actually using the IOS and the VPN client... Thanks _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20550t=20468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Solutions [7:20468]
One update: There is a new version of client that does support windows 2000. I haven't seen the problems with any ISPs, but I haven't tried aol or netzero either. :) Good luck! Lori -Original Message- From: Andras Bellak [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 10:16 AM To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] One thing to be aware of - the VPN client doesn't (at least didn't last time I looked) support Windows 2000. It also has (once again, possibly should be had) big issues with some ISPs, especially aol and netzero. I have to agree with the other folks, the concentrator (we have 3 vpn-3030 systems deployed around the world) is rock solid - I've only ever had one hang. The cisco VPN hardware solution is a great fit for home offices connecting to the concetrator, and the 806 router also works very well. I've used the client to pix, and while it works fine, it's a real p.i.t.a. Andras -Original Message- From: Neil Borne [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 6:33 AM To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] The better, but more costly choice is the concentrator, you have a lot less issues to worry about than w/ IOS.Either pay now or pay for it later P. Neil Borne, CCDA,CCNP and C-voice Systems Integrator III From: Hyde, Lori Reply-To: Hyde, Lori To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] Date: Thu, 20 Sep 2001 08:42:52 -0400 I've used both the IOS and the concentrator solutions. I have found the concentrator solution to be more expensive, but absolutely rock solid. The IOS solution is less expensive, but there are many bugs even with the latest versions. Lots of headaches here. My recommendation: if you have the bucks, go with the concentrator. By far the better choice from a maintenance and reliablity aspect. Lori -Original Message- From: Bob Johnson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 6:46 PM To: [EMAIL PROTECTED] Subject: Cisco VPN Solutions [7:20468] Hi, I'm looking for comments about various Cisco VPN options allowing access from a home workstation.. As far as I know my options are: 1) Cisco PIX accessed by VPN Client 1.1 2) Cisco 3000 (or 5000) Concentrator accessed by VPN client 3.1 3) Cisco IPsec IOS access by VPN Client 1.1 It would seem that option 3 is the most cost effective (assuming you already have the hardware, you just need to purchase the correct IOS).. Anyone with hints/info/caveats? Appreciate any feedback from people actually using the IOS and the VPN client... Thanks _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20551t=20468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SecureID on Cisco [7:20438]
Check out this link. It gives an overview of the configuration process. http://www.cisco.com/warp/public/cc/so/neso/sqso/csap/sarsa_rg.htm Michael Hall CCIE, CISSP -Original Message- From: Thomas Crowe [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 6:59 AM To: [EMAIL PROTECTED] Subject: RE: SecureID on Cisco [7:20438] I don't know of a way to directly configure a cisco device to authenticate against a SecureID server, however SecureID integrates very well with most RADIUS implementations. Once that is configured, you can then configure AAA on your cisco device to authenticate against your RADIUS server. HTH __ Thomas Crowe Senior Systems Engineer / Architect CTS Professional Services - Atlanta Phone: 770-664-3900 Cell: 404-277-4089 __ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, September 19, 2001 2:56 PM To: [EMAIL PROTECTED] Subject: SecureID on Cisco [7:20438] Greetings all, Looking for reference/ideas on how to configure RSA SecureID on Cisco's routers. Any ideas would be great. Thanks..Nabil [GroupStudy.com removed an attachment of type text/x-vcard which had a name of Thomas Crowe.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20553t=20438 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Solutions [7:20468]
I am curoius to see what happens when CISCO comes out with the next Unified client later on P. Neil Borne, CCDA,CCNP and C-voice Systems Integrator III From: Andras Bellak Reply-To: Andras Bellak To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] Date: Thu, 20 Sep 2001 10:15:56 -0400 One thing to be aware of - the VPN client doesn't (at least didn't last time I looked) support Windows 2000. It also has (once again, possibly should be had) big issues with some ISPs, especially aol and netzero. I have to agree with the other folks, the concentrator (we have 3 vpn-3030 systems deployed around the world) is rock solid - I've only ever had one hang. The cisco VPN hardware solution is a great fit for home offices connecting to the concetrator, and the 806 router also works very well. I've used the client to pix, and while it works fine, it's a real p.i.t.a. Andras -Original Message- From: Neil Borne [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 6:33 AM To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] The better, but more costly choice is the concentrator, you have a lot less issues to worry about than w/ IOS.Either pay now or pay for it later P. Neil Borne, CCDA,CCNP and C-voice Systems Integrator III From: Hyde, Lori Reply-To: Hyde, Lori To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] Date: Thu, 20 Sep 2001 08:42:52 -0400 I've used both the IOS and the concentrator solutions. I have found the concentrator solution to be more expensive, but absolutely rock solid. The IOS solution is less expensive, but there are many bugs even with the latest versions. Lots of headaches here. My recommendation: if you have the bucks, go with the concentrator. By far the better choice from a maintenance and reliablity aspect. Lori -Original Message- From: Bob Johnson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 6:46 PM To: [EMAIL PROTECTED] Subject: Cisco VPN Solutions [7:20468] Hi, I'm looking for comments about various Cisco VPN options allowing access from a home workstation.. As far as I know my options are: 1) Cisco PIX accessed by VPN Client 1.1 2) Cisco 3000 (or 5000) Concentrator accessed by VPN client 3.1 3) Cisco IPsec IOS access by VPN Client 1.1 It would seem that option 3 is the most cost effective (assuming you already have the hardware, you just need to purchase the correct IOS).. Anyone with hints/info/caveats? Appreciate any feedback from people actually using the IOS and the VPN client... Thanks _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20554t=20468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: nimda virus [7:20523]
Try these links to get updates and perform preventive maintence on your PC's to avoid the virus in the future. Otherwise, go to your respective virus protection s/w site for updates. I've also provided the updates for the various Outlook platforms. Be sure and read before downloading Outlook patches. Security Antivirus downloads http://tech.msn.com/fdl/msndl11.asp Outlook 2002 http://office.microsoft.com/downloads/2002/OLK1003.aspx Outlook 2000 http://office.microsoft.com/downloads/2000/outlctlx.aspx Good luck, Aderion Brewer MACG, President Metro Atlanta Cisco Group www.macg.org -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of kroywen Sent: Thursday, September 20, 2001 7:25 AM To: [EMAIL PROTECTED] Subject: nimda virus [7:20523] Anyone knows how to block the nimda virus? thank you, kroywen -- Information and attachments herein are intended for the named recipients only. It may contain attorney-client privileged or confidential matter. If you have received this message in error, please notify us immediately by a collect phone call to +(632)8177746, and destroy the original message. Do not disclose the contents to anyone. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20555t=20523 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VPN Solutions [7:20468]
The VPN client FULLY supports Windows 2000 as well as Windows ME, 98, NT, and 95. The unified client is tons better than the old client that Cisco had out. The new Unified client fully supports end user termination into the VPN Concentrators (3000 currently, 5000 series soon) and the PIX 6.0 and up code. The termination to IOS is slated for later this year, I hear. Tim - Original Message - From: Andras Bellak To: Sent: Thursday, September 20, 2001 10:15 AM Subject: RE: Cisco VPN Solutions [7:20468] One thing to be aware of - the VPN client doesn't (at least didn't last time I looked) support Windows 2000. It also has (once again, possibly should be had) big issues with some ISPs, especially aol and netzero. I have to agree with the other folks, the concentrator (we have 3 vpn-3030 systems deployed around the world) is rock solid - I've only ever had one hang. The cisco VPN hardware solution is a great fit for home offices connecting to the concetrator, and the 806 router also works very well. I've used the client to pix, and while it works fine, it's a real p.i.t.a. Andras -Original Message- From: Neil Borne [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 6:33 AM To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] The better, but more costly choice is the concentrator, you have a lot less issues to worry about than w/ IOS.Either pay now or pay for it later P. Neil Borne, CCDA,CCNP and C-voice Systems Integrator III From: Hyde, Lori Reply-To: Hyde, Lori To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] Date: Thu, 20 Sep 2001 08:42:52 -0400 I've used both the IOS and the concentrator solutions. I have found the concentrator solution to be more expensive, but absolutely rock solid. The IOS solution is less expensive, but there are many bugs even with the latest versions. Lots of headaches here. My recommendation: if you have the bucks, go with the concentrator. By far the better choice from a maintenance and reliablity aspect. Lori -Original Message- From: Bob Johnson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 6:46 PM To: [EMAIL PROTECTED] Subject: Cisco VPN Solutions [7:20468] Hi, I'm looking for comments about various Cisco VPN options allowing access from a home workstation.. As far as I know my options are: 1) Cisco PIX accessed by VPN Client 1.1 2) Cisco 3000 (or 5000) Concentrator accessed by VPN client 3.1 3) Cisco IPsec IOS access by VPN Client 1.1 It would seem that option 3 is the most cost effective (assuming you already have the hardware, you just need to purchase the correct IOS).. Anyone with hints/info/caveats? Appreciate any feedback from people actually using the IOS and the VPN client... Thanks _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20552t=20468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Whats wrong with my PING [7:20556]
Should be a very simple one this don't know what I'm doing wrong. Why can't I ping my own interface or the remote end. Back to back serial cable Here is the config of router gazdav attatched via s0 to S1 of router 2511. gazdav#sh ru Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log uptime service password-encryption ! hostname gazdav ! enable secret 5 $1$FgI.$bygzIO/R77k37T.qfBWhH. ! username gazdav password 7 username pinger password 7 xxx username ping privilege 5 password 7 xxx! ! ! ! ip subnet-zero no ip finger no ip domain-lookup ! isdn switch-type basic-net3 isdn voice-call-failure 0 ! ! ! interface Ethernet0 ip address 10.10.1.1 255.255.255.0 no ip directed-broadcast ip nat inside no ip route-cache no ip mroute-cache ! interface Serial0 ip address 172.16.10.6 255.255.255.252 no ip directed-broadcast encapsulation ppp ! interface BRI0 bandwidth 64 ip address negotiated no ip directed-broadcast ip nat outside encapsulation ppp no ip route-cache no ip mroute-cache no keepalive dialer idle-timeout 150 dialer string 08089933000 dialer-group 2 isdn switch-type basic-net3 ppp authentication chap callin ppp chap hostname gazdav ppp chap password 7 xx ! router ospf 101 network 10.10.1.0 0.0.0.255 area 0 network 172.16.10.4 0.0.0.0 area 0 ! ip nat inside source list 100 interface BRI0 overload ip classless no ip http server ! logging 10.10.1.2 access-list 1 permit 10.10.1.2 access-list 100 permit ip 10.10.1.0 0.0.0.255 any access-list 101 deny udp any any eq snmp access-list 101 deny udp any any eq ntp access-list 101 permit ip any any access-list 110 deny udp 10.10.1.0 0.0.0.255 eq netbios-ns any log dialer-list 1 protocol ip list 110 dialer-list 2 protocol ip permit snmp-server engineID local 000902605CBC2B55 snmp-server community public RW ! line con 0 exec-timeout 0 0 transport input none line vty 0 exec-timeout 0 0 privilege level 5 password 7 xxx no login length 25 transport input telnet line vty 1 4 exec-timeout 0 0 privilege level 5 password 7 xxx no login transport input telnet ! end And here is the config of the router at the other end. 2511#sh ru Building configuration... Current configuration : 968 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname 2511 ! enable secret 5 $1$aJT7$r0fZD.akp8IAaWZEYJuxD1 ! ip subnet-zero no ip domain-lookup ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! interface Ethernet0 ip address 10.10.1.10 255.255.255.0 no ip route-cache no ip mroute-cache shutdown ! interface Serial0 ip address 172.16.10.5 255.255.255.252 encapsulation ppp no ip route-cache no ip mroute-cache no fair-queue clockrate 64000 ! interface Serial1 ip address 172.16.20.5 255.255.255.252 no ip route-cache no ip mroute-cache clockrate 64000 ! router ospf 100 log-adjacency-changes network 172.16.10.4 0.0.0.0 area 0 network 172.16.20.4 0.0.0.0 area 0 ! ip classless no ip http server ! ! line con 0 exec-timeout 0 0 line 1 16 transport input all line aux 0 transport input all line vty 0 4 no login ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20556t=20556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Choosing Modules for 7576 [7:20557]
Hi All, I am trying to purchase some cisco modules for 7576 router. Our company is providing T1 line for business. Can some one please tell me which modules should be best? Thanks Danny Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20557t=20557 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VPN Solutions [7:20468]
Could you tell me where should i put my concentrator in my network? best regards, frank Bob Johnson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I'm looking for comments about various Cisco VPN options allowing access from a home workstation.. As far as I know my options are: 1) Cisco PIX accessed by VPN Client 1.1 2) Cisco 3000 (or 5000) Concentrator accessed by VPN client 3.1 3) Cisco IPsec IOS access by VPN Client 1.1 It would seem that option 3 is the most cost effective (assuming you already have the hardware, you just need to purchase the correct IOS).. Anyone with hints/info/caveats? Appreciate any feedback from people actually using the IOS and the VPN client... Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20560t=20468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: SecureID on Cisco [7:20438]
We have a as5300 authenticating to a SteelBelted Radius NT server that then passes the request off to our SecurID server. Has been working for well over a year. -Original Message- From: Michael Hall [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 10:57 AM To: [EMAIL PROTECTED] Subject: RE: SecureID on Cisco [7:20438] Check out this link. It gives an overview of the configuration process. http://www.cisco.com/warp/public/cc/so/neso/sqso/csap/sarsa_rg.htm Michael Hall CCIE, CISSP -Original Message- From: Thomas Crowe [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 6:59 AM To: [EMAIL PROTECTED] Subject: RE: SecureID on Cisco [7:20438] I don't know of a way to directly configure a cisco device to authenticate against a SecureID server, however SecureID integrates very well with most RADIUS implementations. Once that is configured, you can then configure AAA on your cisco device to authenticate against your RADIUS server. HTH __ Thomas Crowe Senior Systems Engineer / Architect CTS Professional Services - Atlanta Phone: 770-664-3900 Cell: 404-277-4089 __ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, September 19, 2001 2:56 PM To: [EMAIL PROTECTED] Subject: SecureID on Cisco [7:20438] Greetings all, Looking for reference/ideas on how to configure RSA SecureID on Cisco's routers. Any ideas would be great. Thanks..Nabil [GroupStudy.com removed an attachment of type text/x-vcard which had a name of Thomas Crowe.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20558t=20438 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Whats wrong with my PING [7:20556]
Hi there, 1) You misconfigured the IP on 2511's S1 interface. 2) 2511's S1 is missing an enc ppp command. Regards, Gary Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Should be a very simple one this don't know what I'm doing wrong. Why can't I ping my own interface or the remote end. Back to back serial cable Here is the config of router gazdav attatched via s0 to S1 of router 2511. gazdav#sh ru Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log uptime service password-encryption ! hostname gazdav ! enable secret 5 $1$FgI.$bygzIO/R77k37T.qfBWhH. ! username gazdav password 7 username pinger password 7 xxx username ping privilege 5 password 7 xxx! ! ! ! ip subnet-zero no ip finger no ip domain-lookup ! isdn switch-type basic-net3 isdn voice-call-failure 0 ! ! ! interface Ethernet0 ip address 10.10.1.1 255.255.255.0 no ip directed-broadcast ip nat inside no ip route-cache no ip mroute-cache ! interface Serial0 ip address 172.16.10.6 255.255.255.252 no ip directed-broadcast encapsulation ppp ! interface BRI0 bandwidth 64 ip address negotiated no ip directed-broadcast ip nat outside encapsulation ppp no ip route-cache no ip mroute-cache no keepalive dialer idle-timeout 150 dialer string 08089933000 dialer-group 2 isdn switch-type basic-net3 ppp authentication chap callin ppp chap hostname gazdav ppp chap password 7 xx ! router ospf 101 network 10.10.1.0 0.0.0.255 area 0 network 172.16.10.4 0.0.0.0 area 0 ! ip nat inside source list 100 interface BRI0 overload ip classless no ip http server ! logging 10.10.1.2 access-list 1 permit 10.10.1.2 access-list 100 permit ip 10.10.1.0 0.0.0.255 any access-list 101 deny udp any any eq snmp access-list 101 deny udp any any eq ntp access-list 101 permit ip any any access-list 110 deny udp 10.10.1.0 0.0.0.255 eq netbios-ns any log dialer-list 1 protocol ip list 110 dialer-list 2 protocol ip permit snmp-server engineID local 000902605CBC2B55 snmp-server community public RW ! line con 0 exec-timeout 0 0 transport input none line vty 0 exec-timeout 0 0 privilege level 5 password 7 xxx no login length 25 transport input telnet line vty 1 4 exec-timeout 0 0 privilege level 5 password 7 xxx no login transport input telnet ! end And here is the config of the router at the other end. 2511#sh ru Building configuration... Current configuration : 968 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname 2511 ! enable secret 5 $1$aJT7$r0fZD.akp8IAaWZEYJuxD1 ! ip subnet-zero no ip domain-lookup ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! interface Ethernet0 ip address 10.10.1.10 255.255.255.0 no ip route-cache no ip mroute-cache shutdown ! interface Serial0 ip address 172.16.10.5 255.255.255.252 encapsulation ppp no ip route-cache no ip mroute-cache no fair-queue clockrate 64000 ! interface Serial1 ip address 172.16.20.5 255.255.255.252 no ip route-cache no ip mroute-cache clockrate 64000 ! router ospf 100 log-adjacency-changes network 172.16.10.4 0.0.0.0 area 0 network 172.16.20.4 0.0.0.0 area 0 ! ip classless no ip http server ! ! line con 0 exec-timeout 0 0 line 1 16 transport input all line aux 0 transport input all line vty 0 4 no login ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20559t=20556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: REMOVE ME FROM THE MAILING LIST. [7:20525]
another genius. - Original Message - From: steve Ademoye To: Sent: Thursday, September 20, 2001 6:54 AM Subject: REMOVE ME FROM THE MAILING LIST. [7:20525] I WISH TO REMOVE MY NAME FROM THE MAIL LIST...THANK YOU. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20561t=20525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CVOICE [7:20562]
Hi All, I am planning to take CVOICE exam so I have a few questions about the topics regarding the exam. Approximately how many questions will be about the commands, and are there any questions about AVVID. Best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20562t=20562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
boot promt [7:20563]
i just upgrade my flash on a 2514 router to 16megs. i get the boot promt i did not get it before how do i get normal promt Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20563t=20563 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Solutions [7:20468]
They also released a Linux version of the client about a month ago. I haven't seen any problems with it yet. Very similar to the Windows client except everything is command line based (what you would expect). Jeff. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tim O'Brien Sent: Thursday, September 20, 2001 10:45 AM To: [EMAIL PROTECTED] Subject: Re: Cisco VPN Solutions [7:20468] The VPN client FULLY supports Windows 2000 as well as Windows ME, 98, NT, and 95. The unified client is tons better than the old client that Cisco had out. The new Unified client fully supports end user termination into the VPN Concentrators (3000 currently, 5000 series soon) and the PIX 6.0 and up code. The termination to IOS is slated for later this year, I hear. Tim - Original Message - From: Andras Bellak To: Sent: Thursday, September 20, 2001 10:15 AM Subject: RE: Cisco VPN Solutions [7:20468] One thing to be aware of - the VPN client doesn't (at least didn't last time I looked) support Windows 2000. It also has (once again, possibly should be had) big issues with some ISPs, especially aol and netzero. I have to agree with the other folks, the concentrator (we have 3 vpn-3030 systems deployed around the world) is rock solid - I've only ever had one hang. The cisco VPN hardware solution is a great fit for home offices connecting to the concetrator, and the 806 router also works very well. I've used the client to pix, and while it works fine, it's a real p.i.t.a. Andras -Original Message- From: Neil Borne [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 6:33 AM To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] The better, but more costly choice is the concentrator, you have a lot less issues to worry about than w/ IOS.Either pay now or pay for it later P. Neil Borne, CCDA,CCNP and C-voice Systems Integrator III From: Hyde, Lori Reply-To: Hyde, Lori To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] Date: Thu, 20 Sep 2001 08:42:52 -0400 I've used both the IOS and the concentrator solutions. I have found the concentrator solution to be more expensive, but absolutely rock solid. The IOS solution is less expensive, but there are many bugs even with the latest versions. Lots of headaches here. My recommendation: if you have the bucks, go with the concentrator. By far the better choice from a maintenance and reliablity aspect. Lori -Original Message- From: Bob Johnson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 6:46 PM To: [EMAIL PROTECTED] Subject: Cisco VPN Solutions [7:20468] Hi, I'm looking for comments about various Cisco VPN options allowing access from a home workstation.. As far as I know my options are: 1) Cisco PIX accessed by VPN Client 1.1 2) Cisco 3000 (or 5000) Concentrator accessed by VPN client 3.1 3) Cisco IPsec IOS access by VPN Client 1.1 It would seem that option 3 is the most cost effective (assuming you already have the hardware, you just need to purchase the correct IOS).. Anyone with hints/info/caveats? Appreciate any feedback from people actually using the IOS and the VPN client... Thanks _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20564t=20468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Whats wrong with my PING [7:20556]
Nope that isn't it s0 on 2511 is connected to a 1601 called gazdav to its s0 they both have ppp encaps. However 2511 s1 is connected to a 2501 and they both have encaps hdlc. Weirder still both interfaces show up up ...Hmmm Thanx anyways news.groupstudy.com wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi there, 1) You misconfigured the IP on 2511's S1 interface. 2) 2511's S1 is missing an enc ppp command. Regards, Gary Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Should be a very simple one this don't know what I'm doing wrong. Why can't I ping my own interface or the remote end. Back to back serial cable Here is the config of router gazdav attatched via s0 to S1 of router 2511. gazdav#sh ru Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log uptime service password-encryption ! hostname gazdav ! enable secret 5 $1$FgI.$bygzIO/R77k37T.qfBWhH. ! username gazdav password 7 username pinger password 7 xxx username ping privilege 5 password 7 xxx! ! ! ! ip subnet-zero no ip finger no ip domain-lookup ! isdn switch-type basic-net3 isdn voice-call-failure 0 ! ! ! interface Ethernet0 ip address 10.10.1.1 255.255.255.0 no ip directed-broadcast ip nat inside no ip route-cache no ip mroute-cache ! interface Serial0 ip address 172.16.10.6 255.255.255.252 no ip directed-broadcast encapsulation ppp ! interface BRI0 bandwidth 64 ip address negotiated no ip directed-broadcast ip nat outside encapsulation ppp no ip route-cache no ip mroute-cache no keepalive dialer idle-timeout 150 dialer string 08089933000 dialer-group 2 isdn switch-type basic-net3 ppp authentication chap callin ppp chap hostname gazdav ppp chap password 7 xx ! router ospf 101 network 10.10.1.0 0.0.0.255 area 0 network 172.16.10.4 0.0.0.0 area 0 ! ip nat inside source list 100 interface BRI0 overload ip classless no ip http server ! logging 10.10.1.2 access-list 1 permit 10.10.1.2 access-list 100 permit ip 10.10.1.0 0.0.0.255 any access-list 101 deny udp any any eq snmp access-list 101 deny udp any any eq ntp access-list 101 permit ip any any access-list 110 deny udp 10.10.1.0 0.0.0.255 eq netbios-ns any log dialer-list 1 protocol ip list 110 dialer-list 2 protocol ip permit snmp-server engineID local 000902605CBC2B55 snmp-server community public RW ! line con 0 exec-timeout 0 0 transport input none line vty 0 exec-timeout 0 0 privilege level 5 password 7 xxx no login length 25 transport input telnet line vty 1 4 exec-timeout 0 0 privilege level 5 password 7 xxx no login transport input telnet ! end And here is the config of the router at the other end. 2511#sh ru Building configuration... Current configuration : 968 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname 2511 ! enable secret 5 $1$aJT7$r0fZD.akp8IAaWZEYJuxD1 ! ip subnet-zero no ip domain-lookup ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! interface Ethernet0 ip address 10.10.1.10 255.255.255.0 no ip route-cache no ip mroute-cache shutdown ! interface Serial0 ip address 172.16.10.5 255.255.255.252 encapsulation ppp no ip route-cache no ip mroute-cache no fair-queue clockrate 64000 ! interface Serial1 ip address 172.16.20.5 255.255.255.252 no ip route-cache no ip mroute-cache clockrate 64000 ! router ospf 100 log-adjacency-changes network 172.16.10.4 0.0.0.0 area 0 network 172.16.20.4 0.0.0.0 area 0 ! ip classless no ip http server ! ! line con 0 exec-timeout 0 0 line 1 16 transport input all line aux 0 transport input all line vty 0 4 no login ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20565t=20556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Whats wrong with my PING [7:20556]
Looks like you mean s0 of 2511 Dave Gaz wrote: Should be a very simple one this don't know what I'm doing wrong. Why can't I ping my own interface or the remote end. Back to back serial cable Here is the config of router gazdav attatched via s0 to S1 of router 2511. gazdav#sh ru Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log uptime service password-encryption ! hostname gazdav ! enable secret 5 $1$FgI.$bygzIO/R77k37T.qfBWhH. ! username gazdav password 7 username pinger password 7 xxx username ping privilege 5 password 7 xxx! ! ! ! ip subnet-zero no ip finger no ip domain-lookup ! isdn switch-type basic-net3 isdn voice-call-failure 0 ! ! ! interface Ethernet0 ip address 10.10.1.1 255.255.255.0 no ip directed-broadcast ip nat inside no ip route-cache no ip mroute-cache ! interface Serial0 ip address 172.16.10.6 255.255.255.252 no ip directed-broadcast encapsulation ppp ! interface BRI0 bandwidth 64 ip address negotiated no ip directed-broadcast ip nat outside encapsulation ppp no ip route-cache no ip mroute-cache no keepalive dialer idle-timeout 150 dialer string 08089933000 dialer-group 2 isdn switch-type basic-net3 ppp authentication chap callin ppp chap hostname gazdav ppp chap password 7 xx ! router ospf 101 network 10.10.1.0 0.0.0.255 area 0 network 172.16.10.4 0.0.0.0 area 0 ! ip nat inside source list 100 interface BRI0 overload ip classless no ip http server ! logging 10.10.1.2 access-list 1 permit 10.10.1.2 access-list 100 permit ip 10.10.1.0 0.0.0.255 any access-list 101 deny udp any any eq snmp access-list 101 deny udp any any eq ntp access-list 101 permit ip any any access-list 110 deny udp 10.10.1.0 0.0.0.255 eq netbios-ns any log dialer-list 1 protocol ip list 110 dialer-list 2 protocol ip permit snmp-server engineID local 000902605CBC2B55 snmp-server community public RW ! line con 0 exec-timeout 0 0 transport input none line vty 0 exec-timeout 0 0 privilege level 5 password 7 xxx no login length 25 transport input telnet line vty 1 4 exec-timeout 0 0 privilege level 5 password 7 xxx no login transport input telnet ! end And here is the config of the router at the other end. 2511#sh ru Building configuration... Current configuration : 968 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname 2511 ! enable secret 5 $1$aJT7$r0fZD.akp8IAaWZEYJuxD1 ! ip subnet-zero no ip domain-lookup ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! interface Ethernet0 ip address 10.10.1.10 255.255.255.0 no ip route-cache no ip mroute-cache shutdown ! interface Serial0 ip address 172.16.10.5 255.255.255.252 encapsulation ppp no ip route-cache no ip mroute-cache no fair-queue clockrate 64000 ! interface Serial1 ip address 172.16.20.5 255.255.255.252 no ip route-cache no ip mroute-cache clockrate 64000 ! router ospf 100 log-adjacency-changes network 172.16.10.4 0.0.0.0 area 0 network 172.16.20.4 0.0.0.0 area 0 ! ip classless no ip http server ! ! line con 0 exec-timeout 0 0 line 1 16 transport input all line aux 0 transport input all line vty 0 4 no login ! -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20567t=20556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Solutions [7:20468]
Has anyone had difficulty running the VPN client on ME. We have had Cisco on phone and in ME the VPN doesnt see the domain for some reason. --- Jeff Chambers wrote: They also released a Linux version of the client about a month ago. I haven't seen any problems with it yet. Very similar to the Windows client except everything is command line based (what you would expect). Jeff. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tim O'Brien Sent: Thursday, September 20, 2001 10:45 AM To: [EMAIL PROTECTED] Subject: Re: Cisco VPN Solutions [7:20468] The VPN client FULLY supports Windows 2000 as well as Windows ME, 98, NT, and 95. The unified client is tons better than the old client that Cisco had out. The new Unified client fully supports end user termination into the VPN Concentrators (3000 currently, 5000 series soon) and the PIX 6.0 and up code. The termination to IOS is slated for later this year, I hear. Tim - Original Message - From: Andras Bellak To: Sent: Thursday, September 20, 2001 10:15 AM Subject: RE: Cisco VPN Solutions [7:20468] One thing to be aware of - the VPN client doesn't (at least didn't last time I looked) support Windows 2000. It also has (once again, possibly should be had) big issues with some ISPs, especially aol and netzero. I have to agree with the other folks, the concentrator (we have 3 vpn-3030 systems deployed around the world) is rock solid - I've only ever had one hang. The cisco VPN hardware solution is a great fit for home offices connecting to the concetrator, and the 806 router also works very well. I've used the client to pix, and while it works fine, it's a real p.i.t.a. Andras -Original Message- From: Neil Borne [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 6:33 AM To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] The better, but more costly choice is the concentrator, you have a lot less issues to worry about than w/ IOS.Either pay now or pay for it later P. Neil Borne, CCDA,CCNP and C-voice Systems Integrator III From: Hyde, Lori Reply-To: Hyde, Lori To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] Date: Thu, 20 Sep 2001 08:42:52 -0400 I've used both the IOS and the concentrator solutions. I have found the concentrator solution to be more expensive, but absolutely rock solid. The IOS solution is less expensive, but there are many bugs even with the latest versions. Lots of headaches here. My recommendation: if you have the bucks, go with the concentrator. By far the better choice from a maintenance and reliablity aspect. Lori -Original Message- From: Bob Johnson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 6:46 PM To: [EMAIL PROTECTED] Subject: Cisco VPN Solutions [7:20468] Hi, I'm looking for comments about various Cisco VPN options allowing access from a home workstation.. As far as I know my options are: 1) Cisco PIX accessed by VPN Client 1.1 2) Cisco 3000 (or 5000) Concentrator accessed by VPN client 3.1 3) Cisco IPsec IOS access by VPN Client 1.1 It would seem that option 3 is the most cost effective (assuming you already have the hardware, you just need to purchase the correct IOS).. Anyone with hints/info/caveats? Appreciate any feedback from people actually using the IOS and the VPN client... Thanks _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp [EMAIL PROTECTED] = Spencer Plantier Internet Solutions Engineer Voice 919-949-9993 Cell 919-696-8848 __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20566t=20468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP quality and Requirement [7:20497]
- Integrating Voice and Data Networks Scott Keagy Cisco Press Published October 2000 ISBN 1578701961 MJ wrote: Thanks Sasa, Well this will help me to calculate. Where you got all these stats ? are they in the same book that you have reffered, can u tell me the Author and publication also. Can we have RTP compression at 2 Internet routers if they are connected Via Internet ? Moreover normally delay is 500 msec or something on internet, and if you have ever done a voice chat on msn or yahoo when we are on dialup, things work perfectly. So that made me think that VoIP should work perfectly on Internet based leased lines. Mukul Sasa Milic wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Mukul, usually, one voice packet is 20 bytes. Add to that 40 bytes for RTP+UDP+IP headers. So, for 8 Kbps voice stream, you would have to add 16 Kbps for overhead. That is total 24 Kbps. RTP header compression could shrink that to 11-12 Kbps, but it is possible to use it only on PtoP links, between two routers running RTP compression. End-to-end delay (delay budget) should be less than 150 ms, but then, it all depends, it could work will more, depending on users' expectations. BTW, great book for VoIP is Integrating Voice and Data Networks. Sasa MJ wrote: Moreover I second question was : What should be bandwidth to run one channel, they say 8K, so does that mean that on 64K leased line I can have 8 Ports working without any problem Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20568t=20497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Whats wrong with my PING [7:20556]
ermmm there is an encap ppp statement on 2511 s1but your mask 255.255.255.252...the binary states 1100 last two will give you 4 ip`s and 2 useable ones.. try using ip address 172.16.10.6 and 172.16.10.7 and c how you go Cheers steve From: news.groupstudy.com Reply-To: news.groupstudy.com To: [EMAIL PROTECTED] Subject: Re: Whats wrong with my PING [7:20556] Date: Thu, 20 Sep 2001 11:31:15 -0400 Hi there, 1) You misconfigured the IP on 2511's S1 interface. 2) 2511's S1 is missing an enc ppp command. Regards, Gary Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Should be a very simple one this don't know what I'm doing wrong. Why can't I ping my own interface or the remote end. Back to back serial cable Here is the config of router gazdav attatched via s0 to S1 of router 2511. gazdav#sh ru Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log uptime service password-encryption ! hostname gazdav ! enable secret 5 $1$FgI.$bygzIO/R77k37T.qfBWhH. ! username gazdav password 7 username pinger password 7 xxx username ping privilege 5 password 7 xxx! ! ! ! ip subnet-zero no ip finger no ip domain-lookup ! isdn switch-type basic-net3 isdn voice-call-failure 0 ! ! ! interface Ethernet0 ip address 10.10.1.1 255.255.255.0 no ip directed-broadcast ip nat inside no ip route-cache no ip mroute-cache ! interface Serial0 ip address 172.16.10.6 255.255.255.252 no ip directed-broadcast encapsulation ppp ! interface BRI0 bandwidth 64 ip address negotiated no ip directed-broadcast ip nat outside encapsulation ppp no ip route-cache no ip mroute-cache no keepalive dialer idle-timeout 150 dialer string 08089933000 dialer-group 2 isdn switch-type basic-net3 ppp authentication chap callin ppp chap hostname gazdav ppp chap password 7 xx ! router ospf 101 network 10.10.1.0 0.0.0.255 area 0 network 172.16.10.4 0.0.0.0 area 0 ! ip nat inside source list 100 interface BRI0 overload ip classless no ip http server ! logging 10.10.1.2 access-list 1 permit 10.10.1.2 access-list 100 permit ip 10.10.1.0 0.0.0.255 any access-list 101 deny udp any any eq snmp access-list 101 deny udp any any eq ntp access-list 101 permit ip any any access-list 110 deny udp 10.10.1.0 0.0.0.255 eq netbios-ns any log dialer-list 1 protocol ip list 110 dialer-list 2 protocol ip permit snmp-server engineID local 000902605CBC2B55 snmp-server community public RW ! line con 0 exec-timeout 0 0 transport input none line vty 0 exec-timeout 0 0 privilege level 5 password 7 xxx no login length 25 transport input telnet line vty 1 4 exec-timeout 0 0 privilege level 5 password 7 xxx no login transport input telnet ! end And here is the config of the router at the other end. 2511#sh ru Building configuration... Current configuration : 968 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname 2511 ! enable secret 5 $1$aJT7$r0fZD.akp8IAaWZEYJuxD1 ! ip subnet-zero no ip domain-lookup ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! interface Ethernet0 ip address 10.10.1.10 255.255.255.0 no ip route-cache no ip mroute-cache shutdown ! interface Serial0 ip address 172.16.10.5 255.255.255.252 encapsulation ppp no ip route-cache no ip mroute-cache no fair-queue clockrate 64000 ! interface Serial1 ip address 172.16.20.5 255.255.255.252 no ip route-cache no ip mroute-cache clockrate 64000 ! router ospf 100 log-adjacency-changes network 172.16.10.4 0.0.0.0 area 0 network 172.16.20.4 0.0.0.0 area 0 ! ip classless no ip http server ! ! line con 0 exec-timeout 0 0 line 1 16 transport input all line aux 0 transport input all line vty 0 4 no login ! _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20569t=20556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Whats wrong with my PING [7:20556]
Try reload both routers to see what happen. If still the same, I guess the cable is defective. Once I met this weird situation b4 and solved by replacing another cable. So you may try to swap cable to see if it works. Gary Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Nope that isn't it s0 on 2511 is connected to a 1601 called gazdav to its s0 they both have ppp encaps. However 2511 s1 is connected to a 2501 and they both have encaps hdlc. Weirder still both interfaces show up up ...Hmmm Thanx anyways news.groupstudy.com wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi there, 1) You misconfigured the IP on 2511's S1 interface. 2) 2511's S1 is missing an enc ppp command. Regards, Gary Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Should be a very simple one this don't know what I'm doing wrong. Why can't I ping my own interface or the remote end. Back to back serial cable Here is the config of router gazdav attatched via s0 to S1 of router 2511. gazdav#sh ru Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log uptime service password-encryption ! hostname gazdav ! enable secret 5 $1$FgI.$bygzIO/R77k37T.qfBWhH. ! username gazdav password 7 username pinger password 7 xxx username ping privilege 5 password 7 xxx! ! ! ! ip subnet-zero no ip finger no ip domain-lookup ! isdn switch-type basic-net3 isdn voice-call-failure 0 ! ! ! interface Ethernet0 ip address 10.10.1.1 255.255.255.0 no ip directed-broadcast ip nat inside no ip route-cache no ip mroute-cache ! interface Serial0 ip address 172.16.10.6 255.255.255.252 no ip directed-broadcast encapsulation ppp ! interface BRI0 bandwidth 64 ip address negotiated no ip directed-broadcast ip nat outside encapsulation ppp no ip route-cache no ip mroute-cache no keepalive dialer idle-timeout 150 dialer string 08089933000 dialer-group 2 isdn switch-type basic-net3 ppp authentication chap callin ppp chap hostname gazdav ppp chap password 7 xx ! router ospf 101 network 10.10.1.0 0.0.0.255 area 0 network 172.16.10.4 0.0.0.0 area 0 ! ip nat inside source list 100 interface BRI0 overload ip classless no ip http server ! logging 10.10.1.2 access-list 1 permit 10.10.1.2 access-list 100 permit ip 10.10.1.0 0.0.0.255 any access-list 101 deny udp any any eq snmp access-list 101 deny udp any any eq ntp access-list 101 permit ip any any access-list 110 deny udp 10.10.1.0 0.0.0.255 eq netbios-ns any log dialer-list 1 protocol ip list 110 dialer-list 2 protocol ip permit snmp-server engineID local 000902605CBC2B55 snmp-server community public RW ! line con 0 exec-timeout 0 0 transport input none line vty 0 exec-timeout 0 0 privilege level 5 password 7 xxx no login length 25 transport input telnet line vty 1 4 exec-timeout 0 0 privilege level 5 password 7 xxx no login transport input telnet ! end And here is the config of the router at the other end. 2511#sh ru Building configuration... Current configuration : 968 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname 2511 ! enable secret 5 $1$aJT7$r0fZD.akp8IAaWZEYJuxD1 ! ip subnet-zero no ip domain-lookup ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! interface Ethernet0 ip address 10.10.1.10 255.255.255.0 no ip route-cache no ip mroute-cache shutdown ! interface Serial0 ip address 172.16.10.5 255.255.255.252 encapsulation ppp no ip route-cache no ip mroute-cache no fair-queue clockrate 64000 ! interface Serial1 ip address 172.16.20.5 255.255.255.252 no ip route-cache no ip mroute-cache clockrate 64000 ! router ospf 100 log-adjacency-changes network 172.16.10.4 0.0.0.0 area 0 network 172.16.20.4 0.0.0.0 area 0 ! ip classless no ip http server ! ! line con 0 exec-timeout 0 0 line 1 16 transport input all line aux 0 transport input all line vty 0 4 no login ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20570t=20556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: boot promt [7:20563]
If you just upgraded the flash you have no IOS so am not suprised you are on boot mode. Download an image and boot er up!! Dave george gittins wrote: i just upgrade my flash on a 2514 router to 16megs. i get the boot promt i did not get it before how do i get normal promt -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20571t=20563 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX / DNS [7:20518]
Yes, I did, (and I posted to the newsgroup). Here it is again... The due to DNS response syslog message in a deny statement means that the PIX Firewall DNS Guard feature is in effect and the message indicates slow response from the DNS server. When the response is slow, the PIX Firewall sends a second DNS inquiry, the first returns, and the second gets denied and logged. The above paragraph was taken directly from the cisco webpage: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v41/pixrn417.h tm Watch the wrap. Not sure which version it started in, but it is in the majority of pix code. HTH, Eric -Original Message- From: Allen May [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 11:25 AM To: Pierre-Alex GUANEL Subject: Re: PIX / DNS [7:20518] Did you get an answer for that? I'd be interested in knowing what it was as well. Allen - Original Message - From: Pierre-Alex GUANEL To: Sent: Thursday, September 20, 2001 5:41 AM Subject: PIX / DNS [7:20518] Has anyone seen this before (due to DNS Response)? How do I see details on the DNS response that was denied (packet coming on the external interface of the firewall I presume)? 106007 Deny inbound UDP from 208.145.207.71/9597 to 10.1.1.51/1077 due to DNS Response Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20572t=20518 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switch to 3Com hub [7:20517]
You have only told us about the physical layer. There doesn't seem to be any problem at that layer, from what you have told us. But Telnet is an application layer that works on top of TCP/IP. TCP should be fine unless there are access lists. Any problems will probably be due to IP addressing or routing. In particular make sure that VLAN 1 is on a subnet that the rest of the network can reach. Those are my initial thoughts based on very little data Good luck. Let us know if there are any issues. Thanks. Priscilla At 06:40 AM 9/20/01, Shane Stockman wrote: I have set a 2924 with a management address on vlan 1.We want to use a cross over to a 3com hub which runs into another 3com which runs into a router.There is a 2mb line between between the 2 buildings and the core sits at the second building. Will I be able to telnet into the switch ? Thanks in advance _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20573t=20517 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Small series Cisco router that supports NAT inFast [7:20575]
The features you are requesting are software features, not hardware features. In nearly all cases, as long as you have the correct IOS version, the router platform doesn't matter. There are a few cases where some features are only available on certain router hardware platforms, but that is the exception rather than the rule. All router platforms from the 800 series on up (including the 1700 series) support NAT and fast switching provided you use the correct IOS. If your using 12.1 or above code, you just need the basic IP feature set to get the features you want. You typically won't find software features by searching on individual router hardware documentation. For future reference, you can search for particular features for particular code revs and hardware platforms as http://www.cisco.com/go/fn HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 12:37 AM To: [EMAIL PROTECTED] Subject: Small series Cisco router that supports NAT inFast Switching: [7:20510] Hi I would like if somebody can recommend a Cisco small series router that supports NAT in Fast Switching (both at the same time). I was recommended a 1720 series but I read the specifications and I do not see anything like that on it. Thanks Silvia -Original Message- From: Elaluf, Sylvia, [SMTP:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 7:15 AM To: [EMAIL PROTECTED] Subject: Small series Cisco router that supports NAT and Fast Switching [7:20499] Hi everybody I would like to know if somebody can recomend a Cisco small series router that supports NAT and Fast Switching. I want to use this switch as a cheap load balancing solution. Regards Silvia Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20575t=20575 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX / DNS [7:20518]
To receive mail (SMTP) on your server you only need TCP port 25. TCP port 110 is for POP access so users can get their mail from the mail server, mail servers don't use port 110. HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Pierre-Alex GUANEL Sent: Thursday, September 20, 2001 6:31 AM To: [EMAIL PROTECTED] Subject: RE: PIX / DNS [7:20518] If I remove mailguard, which ports should I open so that my mail server receives mail from the Internet? (25 / 110) Pierre-Alex -Original Message- From: Eric Hoffman [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 8:09 AM To: 'Pierre-Alex GUANEL' Subject: RE: PIX / DNS [7:20518] The due to DNS response syslog message in a deny statement means that the PIX Firewall DNS Guard feature is in effect and the message indicates slow response from the DNS server. When the response is slow, the PIX Firewall sends a second DNS inquiry, the first returns, and the second gets denied and logged. The above paragraph was taken directly from the cisco webpage: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v41/pixrn417.h tm Watch the wrap. Not sure which version it started in, but it is in the majority of pix code. HTH, Eric -Original Message- From: Pierre-Alex GUANEL [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 6:42 AM To: [EMAIL PROTECTED] Subject: PIX / DNS [7:20518] Has anyone seen this before (due to DNS Response)? How do I see details on the DNS response that was denied (packet coming on the external interface of the firewall I presume)? 106007 Deny inbound UDP from 208.145.207.71/9597 to 10.1.1.51/1077 due to DNS Response Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20576t=20518 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: boot promt [7:20563]
by boot prompt I'm assuming that you are seeing: router(boot) If this is the case then your router may have encountered a problem when trying to load the IOS. Check your flash and your config-register. Are you currently set to boot from flash and then TFTP? -Original Message- From: george gittins [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 11:47 AM To: [EMAIL PROTECTED] Subject: boot promt [7:20563] i just upgrade my flash on a 2514 router to 16megs. i get the boot promt i did not get it before how do i get normal promt Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20577t=20563 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX / DNS [7:20518]
Thankx a bunch. Maybe after all I will keep my old PIX :) Pierre-Alex -Original Message- From: Kent Hundley [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 2:54 PM To: 'Pierre-Alex GUANEL'; [EMAIL PROTECTED] Subject: RE: PIX / DNS [7:20518] To receive mail (SMTP) on your server you only need TCP port 25. TCP port 110 is for POP access so users can get their mail from the mail server, mail servers don't use port 110. HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Pierre-Alex GUANEL Sent: Thursday, September 20, 2001 6:31 AM To: [EMAIL PROTECTED] Subject: RE: PIX / DNS [7:20518] If I remove mailguard, which ports should I open so that my mail server receives mail from the Internet? (25 / 110) Pierre-Alex -Original Message- From: Eric Hoffman [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 8:09 AM To: 'Pierre-Alex GUANEL' Subject: RE: PIX / DNS [7:20518] The due to DNS response syslog message in a deny statement means that the PIX Firewall DNS Guard feature is in effect and the message indicates slow response from the DNS server. When the response is slow, the PIX Firewall sends a second DNS inquiry, the first returns, and the second gets denied and logged. The above paragraph was taken directly from the cisco webpage: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v41/pixrn417.h tm Watch the wrap. Not sure which version it started in, but it is in the majority of pix code. HTH, Eric -Original Message- From: Pierre-Alex GUANEL [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 6:42 AM To: [EMAIL PROTECTED] Subject: PIX / DNS [7:20518] Has anyone seen this before (due to DNS Response)? How do I see details on the DNS response that was denied (packet coming on the external interface of the firewall I presume)? 106007 Deny inbound UDP from 208.145.207.71/9597 to 10.1.1.51/1077 due to DNS Response Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20578t=20518 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Whats wrong with my PING [7:20556]
Yep reload worked. Should have tried that earlier, but you often assume your own lack of knowledge, well I do, but suppose I keep learning... Thanx to all that responded news.groupstudy.com wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Try reload both routers to see what happen. If still the same, I guess the cable is defective. Once I met this weird situation b4 and solved by replacing another cable. So you may try to swap cable to see if it works. Gary Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Nope that isn't it s0 on 2511 is connected to a 1601 called gazdav to its s0 they both have ppp encaps. However 2511 s1 is connected to a 2501 and they both have encaps hdlc. Weirder still both interfaces show up up ...Hmmm Thanx anyways news.groupstudy.com wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi there, 1) You misconfigured the IP on 2511's S1 interface. 2) 2511's S1 is missing an enc ppp command. Regards, Gary Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Should be a very simple one this don't know what I'm doing wrong. Why can't I ping my own interface or the remote end. Back to back serial cable Here is the config of router gazdav attatched via s0 to S1 of router 2511. gazdav#sh ru Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log uptime service password-encryption ! hostname gazdav ! enable secret 5 $1$FgI.$bygzIO/R77k37T.qfBWhH. ! username gazdav password 7 username pinger password 7 xxx username ping privilege 5 password 7 xxx! ! ! ! ip subnet-zero no ip finger no ip domain-lookup ! isdn switch-type basic-net3 isdn voice-call-failure 0 ! ! ! interface Ethernet0 ip address 10.10.1.1 255.255.255.0 no ip directed-broadcast ip nat inside no ip route-cache no ip mroute-cache ! interface Serial0 ip address 172.16.10.6 255.255.255.252 no ip directed-broadcast encapsulation ppp ! interface BRI0 bandwidth 64 ip address negotiated no ip directed-broadcast ip nat outside encapsulation ppp no ip route-cache no ip mroute-cache no keepalive dialer idle-timeout 150 dialer string 08089933000 dialer-group 2 isdn switch-type basic-net3 ppp authentication chap callin ppp chap hostname gazdav ppp chap password 7 xx ! router ospf 101 network 10.10.1.0 0.0.0.255 area 0 network 172.16.10.4 0.0.0.0 area 0 ! ip nat inside source list 100 interface BRI0 overload ip classless no ip http server ! logging 10.10.1.2 access-list 1 permit 10.10.1.2 access-list 100 permit ip 10.10.1.0 0.0.0.255 any access-list 101 deny udp any any eq snmp access-list 101 deny udp any any eq ntp access-list 101 permit ip any any access-list 110 deny udp 10.10.1.0 0.0.0.255 eq netbios-ns any log dialer-list 1 protocol ip list 110 dialer-list 2 protocol ip permit snmp-server engineID local 000902605CBC2B55 snmp-server community public RW ! line con 0 exec-timeout 0 0 transport input none line vty 0 exec-timeout 0 0 privilege level 5 password 7 xxx no login length 25 transport input telnet line vty 1 4 exec-timeout 0 0 privilege level 5 password 7 xxx no login transport input telnet ! end And here is the config of the router at the other end. 2511#sh ru Building configuration... Current configuration : 968 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname 2511 ! enable secret 5 $1$aJT7$r0fZD.akp8IAaWZEYJuxD1 ! ip subnet-zero no ip domain-lookup ! ip ssh time-out 120 ip ssh authentication-retries 3 ! ! ! ! interface Ethernet0 ip address 10.10.1.10 255.255.255.0 no ip route-cache no ip mroute-cache shutdown ! interface Serial0 ip address 172.16.10.5 255.255.255.252 encapsulation ppp no ip route-cache no ip mroute-cache no fair-queue clockrate 64000 ! interface Serial1 ip address 172.16.20.5 255.255.255.252 no ip route-cache no ip mroute-cache clockrate 64000 ! router ospf 100 log-adjacency-changes network 172.16.10.4 0.0.0.0 area 0 network 172.16.20.4 0.0.0.0 area 0 ! ip classless no ip http server ! ! line con 0 exec-timeout 0 0 line 1 16 transport input
RE: VPN Client 3.0 Through Watchguard [7:20461]
Don, I have installed and configured quite a few WG FB's where I last worked. Where I work now, we setup a Cisco VPN 3000 concentrator for customers to connect to us over the Internet. One customer has a Watchguard and was unable to connect. We obtained a temporary FB II for testing and could not get it to fully work. We were able to establish a connection, but within a few seconds, it would drop. You do not need TCP 50 and 51, what is needed is protocol 50 and 51. I was not able to find the ability in the WG to allow these, only tcp/udp port numbers. You do need some tcp/udp port numbers as well as the protocol numbers. Last I had heard, WG did not have a resolution to this. It is something with their firewall. Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20581t=20461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: something about vpn [7:20137]
I think he meant router to pix vpn (as opposed to client to pix) in which case the router does much more than provide connectivity... Patrick Ramsey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... As far as I remember the netscreens do support ipsec vpn's... (we have 3 here on our network but are not using them for vpn's) I'll take a look though. And yes you can use a pix for a vpn as long as you have the activation key that supports 56bit or 168bit encryption. The router really plays no part in the vpn except physical connectivity. -Patrick Leo Shen 09/16/01 10:58PM can a pix and a router(such as 1720) make a vpn? and can a pix(or a router) and netscreen(a sort of hardware firewall)make a vpn? for instance,in usa,there is a pix,in taiwan province of china,there is a netscreen,can they make a vpn connection? thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20583t=20137 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: T1 Router question [7:20460]
If you're using routing protocols, like EIGRP, you can simply set the bandwidth statements on both interfaces to be the same and as long as the destination is reachable via both T's, it will automagically load balance, on a per destination basis by default. You can do a 'no ip route-cache' on the serial interfaces for it to do per packet load balancing. If you just want to use it for redundancy, you can use static routes and just assign a higher cost to the second T1 route, but if you're paying for 2 T's , you might as well use them. Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20582t=20460 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router IP Question [7:20419]
Sure can. Just use static nat for your internal devices that you want the outside to reach. Then set your mx and other records to point to that outside ip address. I would highly suggest, if you are going to put a router on your dsl line, to put some strong access-lists on the router. Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20584t=20419 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: REMOVE ME FROM THE MAILING LIST. [7:20525]
I'm sorry... you're not allowed to leave... this is a lifetime group and the only way to leave is by dying... so make that choice if you must... steve Ademoye wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I WISH TO REMOVE MY NAME FROM THE MAIL LIST...THANK YOU. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20585t=20525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access to AUX port [7:20364]
I don't think you need any special config on the aux port. Hook an external modem to it with the cisco rollover cable, just like a console port, and you should be in business. Use something like Hyperterminal to access it, set Hyperterminal to 9600/8/none/1. Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20586t=20364 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Ipsec cisco-checkpoint FW-1 [7:20513]
Sometimes searching Cisco's web site does miracles. Try it and see for yourself. http://www.cisco.com/warp/public/707/cp-r.shtml Eugene -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Paul Msava Sent: Thursday, September 20, 2001 3:45 AM To: [EMAIL PROTECTED] Subject: Ipsec cisco-checkpoint FW-1 [7:20513] I want to configure an IPSEC between cisco router and a checkpoint FW-1 version 4.1. Any help or links will be appreciated. rgds, -- -- Paul Msava ,CCNA email:[EMAIL PROTECTED] Tel:+254 11 22 83 91 http://www.uunet.co.ke [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20587t=20513 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: something about vpn [7:20137]
As long as the router on the other end supports IPSec and IKE you should be able to. I've connected PIX boxes to Cisco routers a few times now and seem to recall seeing documentation on connecting to other types of routers on cisco.com when I was looking for configs to do the PIX-2600 VPN. http://www.netscreen.com/downloads/net10.pdf says the Netscreen will connect to other products that have used the standard-based IPSec. - Original Message - From: Dennis H To: Sent: Thursday, September 20, 2001 1:23 PM Subject: Re: something about vpn [7:20137] I think he meant router to pix vpn (as opposed to client to pix) in which case the router does much more than provide connectivity... Patrick Ramsey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... As far as I remember the netscreens do support ipsec vpn's... (we have 3 here on our network but are not using them for vpn's) I'll take a look though. And yes you can use a pix for a vpn as long as you have the activation key that supports 56bit or 168bit encryption. The router really plays no part in the vpn except physical connectivity. -Patrick Leo Shen 09/16/01 10:58PM can a pix and a router(such as 1720) make a vpn? and can a pix(or a router) and netscreen(a sort of hardware firewall)make a vpn? for instance,in usa,there is a pix,in taiwan province of china,there is a netscreen,can they make a vpn connection? thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20588t=20137 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access to AUX port [7:20364]
I think you may need to ad TIA (transport input all) Dave David Jones wrote: I don't think you need any special config on the aux port. Hook an external modem to it with the cisco rollover cable, just like a console port, and you should be in business. Use something like Hyperterminal to access it, set Hyperterminal to 9600/8/none/1. Dave -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20589t=20364 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame Relay question ? [7:20590]
I have a router that has 2 PVC of 128k the 1st PVC on serial0 and the 2nd PVC on serial1. How can I bundle both PVCs on the router to make 256k. Both PVCs are pointing to the same router at the main site. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20590t=20590 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
set port host [7:20591]
I got a question today from a customer who had seen a %PAGP-5-PORTFROMSTP: error message on his 6509. I explained it was mostly informational, the device connected to that port was either disconnected or shutdown. I then thought I had a good idea, do a set port host on our lab switch on a port connected to a router. My reasoning was that this, among other things, disables PAGP, auto port channeling, so if I disconnect a device on a port with port host enabled I should not see PAGP error messages. Wrong, I still get them Thought I would throw that out to see if I'm smokin crack with my logic. Thanks Dave -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20591t=20591 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Mac VPN client [7:20592]
I am looking for a Mac Mac OSX VPN client that will work with either a 525PIX or a 3000 series concentrator. I know there is one that will work with the 5000 series concentrator but nothing that specifically says will work with the above mentioned products on Cisco's website. Anyone implemented this on their network? I also read that TunnelBuilder from Efficient Networks works with the PIX and 3000 series but has anyone used it and how is it? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20592t=20592 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ciscoworks 2000 [7:20453]
Dear Lavillie, I been working with CIscoWorks2000 for about a year, I was not able to fine any good book related to this product other then one from Cisco web site. Cisco press has one book out for this product But it only covers the basics.. jin jung CCNP, CCDP, MCSE, CNE, CCIE wittee pass,, - Original Message - From: LaVillie Tate To: Sent: Wednesday, September 19, 2001 5:15 PM Subject: Ciscoworks 2000 [7:20453] Can anyone suggest any books for Ciscoworks 2000? Thanks in advance, LaVillie Tate __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20594t=20453 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN to a PIX 506 version 6 [7:20593]
I am attempting to set up our PIX 506 to allow 3DES IPSEC VPNs to be created over the internet from a client dialed to local ISP. I have tried many clients but am having a horrible time with Cisco's 3000 version 3 client. (some workstations will be Win2k therefore ruling out the secure client). When I bring the tunnel up I have no routes to enable the workstation to use the tunnel? Am I doing something wrong, using wrong client etc??? Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20593t=20593 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HP OpenView, CiscoWorks, Cabletron [7:20406]
Depends on what kind of networking product you have in your network. If you have all cisco, go with CiscoWork2000, If not HPOV,,.. Now cisoc has new module call DFM ,,(device fault manager) where you can monitor all your devices and get page if it fails-- which is what HPOV was used for most of the time. Jin Jung... CCNP, CCDP, CCIE written pass, MCSE, CNE - Original Message - From: Brian Whalen To: Sent: Wednesday, September 19, 2001 5:52 PM Subject: Re: HP OpenView, CiscoWorks, Cabletron [7:20406] This probably depends greatly on what you'd like to do with it. Brian Sonic Whalen Success = Preparation + Opportunity On Wed, 19 Sep 2001, Mr. Monitor wrote: Dears.. Who know which one is the best ? Which one is the best tools? Thank you very much! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20595t=20406 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fiber Trunking.....question? [7:20596]
Hello All you cisco mentors out there I have a question regarding a particular device on an existing network that i cannot connect to after i have set up the trunk. The device is address 172.21.1.248 ..a reporting system. I have a p.c on the same network that currently connects to this unit daily. I have loaded some PBX software onto this p.c. that is extremely Chatty. I have been advised to put this device onto this trunked vlan in order to share the load so to speak. I wanna know if anyone has a solution as to how this p.c can still communicate to this .248 device after i put it on the trunk? isn't there a database of MAC addesss that get's created ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20596t=20596 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BCMSN [7:20597]
Hi, I was wondering if some could help me. I need some info regarding BCMSN exam and scoring. I would be grateful if someone could enlighten me... Thanks, MSJ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20597t=20597 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame Relay question ? [7:20590]
Any IGP will equal cost load share, it's the switching method that's more important. You could set up a multilink group which combines the two interface to a multilink interface for example but this does not give you a 256K link, you still have 2 128K connections. It's much easiers and less overhead to simply enable CEF and choose your favorite loadsharing mechanism, per packet or per destination. Dave mindiani mindiani wrote: I have a router that has 2 PVC of 128k the 1st PVC on serial0 and the 2nd PVC on serial1. How can I bundle both PVCs on the router to make 256k. Both PVCs are pointing to the same router at the main site. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20598t=20590 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
want to purchase 2502 logic board [7:20599]
Hi, I am looking for someone to sell me a motherboard for the 2502 router without flash. If someone have it then mail me for the deal to complete. I am in MD -Mamoor Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20599t=20599 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: REMOVE ME FROM THE MAILING LIST. [7:20525]
Just write REMOVE 1000 times and say REMOVE 2000 time for 2 days then i think u can get rid of this quick sand. -Mamoor steve Ademoye wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I WISH TO REMOVE MY NAME FROM THE MAIL LIST...THANK YOU. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20600t=20525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: nimda virus [7:20523]
kroywen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Anyone knows how to block the nimda virus? thank you, kroywen -- Information and attachments herein are intended for the named recipients only. It may contain attorney-client privileged or confidential matter. If you have received this message in error, please notify us immediately by a collect phone call to +(632)8177746, and destroy the original message. Do not disclose the contents to anyone. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20601t=20523 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCSI Qualifications [7:20602]
Greetings Group Can anyone direct me to a source of info regarding the CCSI (Cisco Certified Systems Instructor) certification. I'm not finding any info on Cisco sites and a search engine lookup is only returning websites of IT training companies. Thanks Dyland Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20602t=20602 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: REMOVE ME FROM THE MAILING LIST. [7:20525]
NOT UNTIL YOU ASK NICE! steve Ademoye wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I WISH TO REMOVE MY NAME FROM THE MAIL LIST...THANK YOU. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20605t=20525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Multicast Problem [7:20604]
Hello guys, I am having a multicast problem for the past 3 days. When I go to my cat500 switcha and type: show multicast group, I can't see the mac address. I have 3 routers running dense mode and they are all connect to the cat switch in the same vlan.I am running multicast on the switch to Any help will be great: This is the config: R8 interface Loopback0 ip address 172.16.250.1 255.255.255.0 no ip directed-broadcast ip pim dense-mode ip igmp join-group 226.6.6.6 ! interface Ethernet0/0 ip address 172.16.23.3 255.255.255.0 no ip directed-broadcast ! interface Serial0/0 encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 172.16.11.8 255.255.255.0 no ip directed-broadcast ip pim dense-mode frame-relay interface-dlci 802 ! interface Serial0/0.2 multipoint ip address 172.16.10.8 255.255.255.0 no ip directed-broadcast ip pim dense-mode ip ospf network point-to-multipoint frame-relay map ip 172.16.10.9 809 broadcast frame-relay map ip 172.16.10.12 812 broadcast ! router ospf 100 network 172.16.0.0 0.0.255.255 area 0 r12 ip multicast-routing ip dvmrp route-limit 2 ! interface Ethernet0 ip address 172.16.13.1 255.255.255.0 ip cgmp ! interface Serial0 ip address 172.16.10.12 255.255.255.0 ip pim dense-mode encapsulation frame-relay ip ospf network point-to-multipoint frame-relay map ip 172.16.10.8 128 broadcast frame-relay lmi-type cisco ! router ospf 100 network 172.16.0.0 0.0.255.255 area 0 r2 hostname r2 ! ip subnet-zero ! ip multicast-routing ip dvmrp route-limit 2 cns event-service server ! ! ! interface Ethernet0 ip address 172.16.13.2 255.255.255.0 ip pim dense-mode no ip route-cache ip cgmp no ip mroute-cache ! interface Serial0 ip address 172.16.11.2 255.255.255.0 ip pim dense-mode encapsulation frame-relay no ip route-cache ip ospf network point-to-multipoint no ip mroute-cache logging event subif-link-status logging event dlci-status-change frame-relay map ip 172.16.11.8 208 broadcast _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20604t=20604 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Fridays funnies!! [7:20606]
The teacher gave her fifth grade class an assignment: Get their parents to tell them a story with a moral at the end of it. The next day the kids came back and one by one began to tell their stories. Kathy said, My father's a farmer and we have a lot of egg-laying hens. One time we were taking our eggs to market in a basket on the front seat of the pickup when we hit a bump in the road and all the eggs went flying and broke and made a mess. And what's the moral of the story? asked the teacher Don't put all your eggs in one basket! Very good, said the teacher.Next little Lucy raised and hand and said, Our family are farmers too. But we raise chickens for the meat market. We had a dozen eggs one time, but when they hatched we only got ten live chicks and the moral to this story is, don't count your chickens until they're hatched. That was a fine story Lucy. Johnny, do you have a story to share? Yes, ma'am, my daddy told me this story about my Aunt Karen. Aunt Karen was a flight engineer in Afghanistan and her plane got hit. She had to bail out over enemy territory and all she had was a bottle of whiskey, a machine gun and a machete. She drank the whiskey on the way down so it wouldn't break and then she landed right in the middle of 100 bin Laden's troops. She killed seventy of them with the machine gun until she ran out of bullets, then she killed twenty more with the machete till the blade broke and then she killed Osama bin Laden and the last ten with her bare hands. Good heavens, said the horrified teacher, what kind of moral did your daddy tell you from that horrible story? Don't mess with Aunt Karen when she's been drinking! - ROMANCE MATHEMATICS Smart man + smart woman = romance Smart man + dumb woman = affair Dumb man + smart woman = marriage Dumb man + dumb woman = pregnancy OFFICE ARITHMETIC Smart boss + smart employee = profit Smart boss + dumb employee = production Dumb boss + smart employee = promotion Dumb boss + dumb employee = overtime SHOPPING MATH A man will pay $2 for a $1 item he needs. A woman will pay $1 for a $2 item that she doesn't need. GENERAL EQUATIONS STATISTICS A woman worries about the future until she gets a husband. A man never worries about the future until he gets a wife. A successful man is one who makes more money than his wife can spend. A successful woman is one who can find such a man. HAPPINESS To be happy with a man, you must understand him a lot and love him a little. To be happy with a woman, you must love her a lot and not try to understand her at all. LONGEVITY Married men live longer than single men, but married men are a lot more willing to die. MEMORY Any married man should forget his mistakes, there's no use in two people remembering the same thing. APPEARANCE Men wake up as good-looking as they went to bed. Women somehow deteriorate during the night. PROPENSITY TO CHANGE A woman marries a man expecting he will change, but he doesn't. A man marries a woman expecting that she won't change, and she does. DISCUSSION TECHNIQUE A woman has the last word in any argument. Anything a man says after that is the beginning of a new argument. COMPREHENSION There are 2 times when a man doesn't understand a woman - before marriage and after marriage HOW TO STOP PEOPLE FROM BUGGING YOU ABOUT GETTING MARRIED: Old aunts used to come up to me at weddings, poking me in the ribs and cackling, telling me, You're next. They stopped after I started doing the same thing to them at funerals. -- Natasha Flazynski CCNA, MCSE http://www.ciscobot.com My Cisco information site. http://www.botbuilders.com Artificial Intelligence and Linux development Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20606t=20606 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: fasteth relearning address [7:20515]
If this a trunked linked, make sure you manually set the parameters on each end, no auto. Also, I have seen some servers with teamed nic's try to etherchannel and it will flap like that unless the switch is also configured for it. Hope this helps. Jeff From: TP Reply-To: TP To: [EMAIL PROTECTED] Subject: fasteth relearning address [7:20515] Date: Thu, 20 Sep 2001 05:29:33 -0400 Dear Group, I log into myCatalyst 2924XL and I found the following error message: %RTD-1-ADDR_FLAP: FastEthernet0/1 relearning 7 addrs per min How can I proceed to troubleshoot this? Thanks in advance, Teresa _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20607t=20515 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCSI Qualifications [7:20602]
Greetings Group Can anyone direct me to a source of info regarding the CCSI (Cisco Certified Systems Instructor) certification. I'm not finding any info on Cisco sites and a search engine lookup is only returning websites of IT training companies. Thanks Dyland Since you can only get the CCSI when sponsored by a Cisco Training Partner, the qualifications are set both by Cisco and the training company. My CCSI, I suppose, is inactive, but in any case I received it directly from Cisco, before there were training partners. The requirements have changed significantly since 1995 -- my qualification was more like a 3-week CCIE lab! At that time, there were no formal requirements -- it was a consensus of proctors agreeing you were ready. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20608t=20602 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
frame relay question [7:20609]
Hello, We have ATT frame line between US and Asia. Sometimes frame line is not available (therefore ISDN backup kicked in). But the weird thing is on both side frame routers, show serial interface says up. I couldn't ping between the 2 frame routers. Worse, on the syslog server, the link down was not captured 'cause the serial were still up. What can I do to collect some fact and data so I can yell at ATT? Thanks in advance. Jim __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20609t=20609 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: nimda virus [7:20523]
you can use NBAR I have set it up to block code red and it is also blocking mimda enable cef and follow direction in below link this should block any new IIS hacking viruses command to enable cef ip cef http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/scdam_wp.htm any one know if this can be used to block executable email attachments someone 09/20/01 01:26PM kroywen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Anyone knows how to block the nimda virus? thank you, kroywen -- Information and attachments herein are intended for the named recipients only. It may contain attorney-client privileged or confidential matter. If you have received this message in error, please notify us immediately by a collect phone call to +(632)8177746, and destroy the original message. Do not disclose the contents to anyone. Thank you. you can use NBAR I have set it up to block code red and it is also blocking mimdaenable cef and follow direction in below link this should block any new IIS hacking virusescommand to enable cef ip cef http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/scdam_wp.htm any one know if this can be used to block executable email attachments someone 09/20/01 01:26PM kroywen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Anyone knows how to block the nimda virus? thank you, kroywen -- Information and attachments herein are intended for the named recipients only. It may contain attorney-client privileged or confidential matter. If you have received this message in error, please notify us immediately by a collect phone call to +(632)8177746, and destroy the original message. Do not disclose the contents to anyone. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20610t=20523 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Solutions [7:20468]
Bob, I have had a couple versions of 3.x on my w2000 machine with no problems at all. Also, I use netzero and it has been good to me so far, 9 months with this client. I would agree that the Concentrator is solid, haven't had to touch it for anything except user management, config. for over a year. From: Andras Bellak Reply-To: Andras Bellak To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] Date: Thu, 20 Sep 2001 10:15:56 -0400 One thing to be aware of - the VPN client doesn't (at least didn't last time I looked) support Windows 2000. It also has (once again, possibly should be had) big issues with some ISPs, especially aol and netzero. I have to agree with the other folks, the concentrator (we have 3 vpn-3030 systems deployed around the world) is rock solid - I've only ever had one hang. The cisco VPN hardware solution is a great fit for home offices connecting to the concetrator, and the 806 router also works very well. I've used the client to pix, and while it works fine, it's a real p.i.t.a. Andras -Original Message- From: Neil Borne [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 6:33 AM To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] The better, but more costly choice is the concentrator, you have a lot less issues to worry about than w/ IOS.Either pay now or pay for it later P. Neil Borne, CCDA,CCNP and C-voice Systems Integrator III From: Hyde, Lori Reply-To: Hyde, Lori To: [EMAIL PROTECTED] Subject: RE: Cisco VPN Solutions [7:20468] Date: Thu, 20 Sep 2001 08:42:52 -0400 I've used both the IOS and the concentrator solutions. I have found the concentrator solution to be more expensive, but absolutely rock solid. The IOS solution is less expensive, but there are many bugs even with the latest versions. Lots of headaches here. My recommendation: if you have the bucks, go with the concentrator. By far the better choice from a maintenance and reliablity aspect. Lori -Original Message- From: Bob Johnson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 6:46 PM To: [EMAIL PROTECTED] Subject: Cisco VPN Solutions [7:20468] Hi, I'm looking for comments about various Cisco VPN options allowing access from a home workstation.. As far as I know my options are: 1) Cisco PIX accessed by VPN Client 1.1 2) Cisco 3000 (or 5000) Concentrator accessed by VPN client 3.1 3) Cisco IPsec IOS access by VPN Client 1.1 It would seem that option 3 is the most cost effective (assuming you already have the hardware, you just need to purchase the correct IOS).. Anyone with hints/info/caveats? Appreciate any feedback from people actually using the IOS and the VPN client... Thanks _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20611t=20468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]