RE: CCNP exam path question [7:45839]

[adam lee]

Any order is okay.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Paulo Roque
Sent: Wednesday, June 05, 2002 9:52 AM
To: [EMAIL PROTECTED]
Subject: CCNP exam path question [7:45839]


Hi all,

Must the exam path for CCNP be Routing, Switching, Remote Access and Support
or the exams could be taken in any order?

Thanks in advance!!

--
Eng. Paulo Roque
Network Engineer
Cisco Certified Network Associate
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45917&t=45839
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: CCIE Written book for sale [7:45918]

[Kris Keen]

Hi All,

I have Denni' NLI Study Guide book for sale. No marks, or anything, perfect
condition. $120 AUD + shipping

Contact me on [EMAIL PROTECTED]


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45918&t=45918
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Amazing!! Passed the beta [7:45920]

[douglas mizell]

I just received word via Prometric (couldn't stand the suspense so I called 
them) and to my utter amazement I passed the CCIE Beta exam!! I thought it 
was the most difficult test I have ever attempted and was sure I had failed 
my first Cisco exam. I thought I had failed because it hit MPLS and 
Multicasting pretty hard and I am weak in those areas. I must have done 
better in the others, anyway a pass is a pass. Now on to what seperates the 
men from the boys, first attempt in November I hope.
Thanks to the regulars of this list, although I don't correspond too 
terribly much I have been a member of this list for almost three years and 
Howard, Priscilla and Chuck have answered many questions for me indirectly. 
This is awesome.

Doug Mizell
CCNP



_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45920&t=45920
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: It's Official - CCNP 6xx series [7:45867]

[Tom Scott]

Kris Keen wrote:

> Instead of all crying, just go and sit the exam. Who cares if your
> registered for 5x or 6x, you honestly thing they are different?
>
> The CCNP exams are a joke they are that easy, and if havent changed for 6xx
> then I'm really disappointed in Cisco.
>
> Is BRI and PRI different in how they are composed? No, do you Cisco will
ask
> you what they are composed of, be it in 5x or 6x ? Yes. Are they different?
> No.
>
> Go and sit the exam.

Whoa, Jack, who elected you?

-- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45922&t=45867
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Remote Access problem [7:45924]

[BASSOLE Rock]

Hello group,


I' am presently working on a remote access solution for our network. We have
decided to use a Cisco 3620 with a Fastethernet for LAN connexion and PRI/E1
module for WAN connection. The router is running IOS version 12.2(4)T3. This
access server is configured to allow analog connexions and ISDN connexions,
callback is also allowed. The remote users connecting are authenticated by a
RADIUS Server (Steelbelt). The RADIUS server is also supposed to return
values to the remote client: 

-Framed-IP-Address
-Framed-IP-Netmask
-Famed-Protocol
-Framed-route
-Callback-number
-Cisco-client-Primary-DNS
-Cisco-client-Secondary-DNS

We are currently testing this solution and it's no working properly. The
remote user is not getting the appropriate RADIUS attributs. We only have
the Framed-IP-Address right, the other attribut are retrieved by the router.
Do you have an idea on how to force the router to get those specific
attributs ?
Please find attached the configuration of the router.
 
Any information is welcome.

Thank you.

Rock BASSOLE

 > 
version 12.2
service nagle
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname
!
logging buffered 4 debugging
aaa new-model
!
!
aaa authentication login default group radius line
aaa authentication enable default none
aaa authentication ppp default group radius local
aaa authorization network default group radius local
enable secret password
aaa session-id common
!
clock timezone GMT+01 1
clock summer-time GMT+01 recurring last Sun Mar 1:00 last Sun Oct 2:00
ip subnet-zero
no ip source-route
!
!
ip telnet source-interface Loopback0
no ip domain-lookup
!
no ip bootp server
isdn switch-type primary-net5
chat-script offhook "" "ATH1" OK
chat-script callback ABORT ERROR ABORT BUSY "" "ATZ" OK "ATDT \T" TIMEOUT 30
CONNECT \c
!
controller E1 1/0
 framing NO-CRC4
 pri-group timeslots 1-31
!
controller E1 1/1
!
!
!
interface Loopback0
 description Interface Loopback NAS
 ip address X.X.X.X 255.255.255.255
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 no ip mroute-cache
!
interface FastEthernet1/0
description Interface FastEthernet VLAN_10.21_RAS
 ip address X.X.X.X 255.255.128.0
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 speed 100
 full-duplex
 no cdp enable
!
interface Serial1/0:15
description canal D pour le controller E1
 no ip address
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 encapsulation ppp
 dialer rotary-group 0
 dialer-group 1
 isdn switch-type primary-net5
 isdn incoming-voice modem
 no fair-queue
 compress mppc
 no cdp enable
!
interface Group-Async1
description Interface de connexion RTC
 ip unnumbered Loopback0
 encapsulation ppp
 no ip mroute-cache
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 async mode dedicated
 no peer default ip address
 compress mppc
 ppp callback accept
 ppp authentication chap
 group-range 1 30
!
interface Dialer0
description Intercace de connexion ISDN
 ip unnumbered Loopback0
 encapsulation ppp
 no ip mroute-cache
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 dialer in-band
 dialer aaa
 dialer enable-timeout 5
 dialer hold-queue 20
 dialer-group 1
 no peer default ip address
 no fair-queue
 compress mppc
 no cdp enable
 ppp callback accept
 ppp authentication chap callin
 ppp multilink
!
router rip
 passive-interface Dialer0
 network 10.0.0.0
!
ip classless
no ip http server
ip pim bidir-enable
!
ip radius source-interface Loopback0
logging source-interface Loopback0
logging
logging
access-list 23 remark *** VTY Access ***

dialer-list 1 protocol ip permit
no cdp run
snmp-server community community RO 23
snmp-server community community RW 23
snmp-server trap-source Loopback0
snmp-server host-ip-add password
snmp-server host-ip-add password
snmp-server tftp-server-list 23
radius-server host-ip address auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server key key
banner login ^C

#
#
#   UNAUTHORIZED ACCESS IS PROHIBITED
#
#  AND MAY BE SUBJECT TO CIVIL AND/OR CRIMINAL PENALTIES   #
#
#

^C
!
line con 0
 exec-timeout 5 0
 password password
line 1 30
 script modem-off-hook offhook
 script callback callback
 modem InOut
 modem autoconfigure type mica
 transport preferred none
 transport input all
 transport output none
 autoselect during-login
 autoselect ppp
 callback forced-wait 5
 stopbits 1
 flowcontrol hardware
line aux 0
 exec-timeout 5 0
 password password
line vty 0 4
 access-class 23 in
 exec-timeout 5 0
 password password
 transport input telnet
 transport output none
!
ntp clock-period 17208202
ntp source Loopback0
ntp server X.X.X.X prefer
ntp server X.X.X.X
no scheduler allocate
!
end




Message Posted at:
http://www.groupstud

Re: It's Official - CCNP 6xx series [7:45867]

[Anil Kumar]

Yes. Even Cisco Site tells the same

http://www.cisco.com/warp/public/10/wwtraining/whats_new/


Regards.. Anil
--- "Kaminski, Shawn G"  wrote:
> Just called Prometric and VUE for information on when
> they're switching to
> the new CCNP 6xx series exams. As of this afternoon,
> 6/5/02, the CCNP 5xx
> series exams are no longer available. 
> 
> Shawn K.
[EMAIL PROTECTED]


__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45926&t=45867
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VPN Design ? [7:45927]

[Jeffrey Reed]

I havent actually setup a VPN, but think I understand the very basic
concepts of a tunnel. Applying to a real life situation is confusing me a
little. I have a need to setup a remote office for a customer. They have a
2500 with a very basic NAT configuration, listed below my signature. They do
not have a firewall sitting between them and the Internet (not my choice).
They have a DSL connection at the remote office.

In order for the few PCs in the remote office to have access to the main
office servers, do I even need to build a tunnel since they have no
firewall? If I want to use a tunnel, how do you get a tunnel between two
routers without running the 3DES on the Cisco in the main office? The DSL
Router is a no-name from the telco.

Any suggestions would be appreciated!!

Jeffrey Reed
Classic Networking, Inc.
Cell 717-805-5536
Office 717-737-8586
FAX 717-737-0290

ip nat pool NATPOOL x.x.203.161 x.x.203.161 netmask 255.255.255.224
ip nat inside source list 1 pool NATPOOL overload
ip name-server x.224.86.15
ip name-server x.224.64.20
!
interface Ethernet0
 ip address 192.168.200.254 255.255.255.0
 ip nat inside
!
interface Serial0
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Serial1
 description 384K Fractional T1 to Epix (Circuit ID# DS1-8135)
 ip address x.x.34.154 255.255.255.252
 no ip directed-broadcast
 ip nat outside
!
ip default-gateway x.x.34.153
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1 permanent
access-list 1 permit 192.168.200.0 0.0.0.255




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45927&t=45927
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Voip/Internet Telephony [7:45915]

[Brad Ellis]

I would say VoIP encompasses internet telephony.  In other words, internet
telephony is a use of VoIP technology.

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.optsys.net (Cisco hardware)

""ss ss""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all!
> I suppose this is a basic question but I am not able to get it.
> The query I wud like to raise:
> What is the difference between Voip & Internet Telephony?Are they
different
> jargons used to mean the same thing or both jargons mean different
things?
> Can someone explain these two terms?
>
> Thanx in advance
> ss




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45916&t=45915
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Overhead [7:45719]

[Elijah Savage]

Theo,

The reason I sent it to everyone on the list was for the specific reason
of the individual who asked the question. I could not find the original
question through all my mail and I did not want him thinking it was ok to
setup 3000 users on a residetntial dsl line thinking I had did it (smile).
I appreciated your comments I was not trying to be a jerk sorry.
> Well that is why I sent the e-mail just to you and not everyone on the
> group.
>
> Not everyone has the 100m connection but there are quite a few who do.
> Your explanation is a bit more clear now.  When I saw 608 and 128 I
> thought it had to be K even though it was a bit slow for DSL.  But hey!
>  You never know when someone might ask you to configure 9600k point to
> point connections now do you?  He He He.
>
> I agree with your wanting 2 45m connections.  In the States that would
> be  the best solutions.   I am here in Tokyo and NTT is our provider.
> I am  not entirely too worried about losing the connection to the
> Internet at  this point.  Our homepage is hosted elsewhere and all we
> really need is  e-mail here.  Not too intensive huh? Just a simple
> static route.  I still  don't know why we have a 100m commection.  I
> assume it is something with  politics.  When they told  me our
> connection speed the first thing I  though was Quake 3 and UnReal
> Tournament.
>
> Theo
>
>
>
>
>
>
>
> "Elijah Savage"
> Sent by: [EMAIL PROTECTED]
> 06/06/2002 05:08 AM
> Please respond to "Elijah Savage"
>
>
>To: [EMAIL PROTECTED]
>cc:
>Subject:Re: VPN Overhead [7:45719]
>
>
> You have totally misunderstood what I was saying, and it was in my
> original email I hope no one else took it this way and just think I am
> a total idiot. My company where the vpn concentrators are located has 2
> ds3's to the internet, that is 45mb on each ds3 with a total 90mb to
> the net. What we used for testing the client piece was a dsl connection
> and a cable connection and dialup I hope this clears things up for you.
> I do not know where you are located but even in this day and age
> bandwidth is still extremely expensive and a 100m conection wow you
> make it seem as if everyone has this type of connection where you are.
> And I would rather have 2 45mb connections than one 100mb anyday,
> reason redundancy and a tad bit of load balancing tho not true load
> balancing with bgp. We get full routes from both providers which are 2
> different tier1 providers Sprint and UUnet and we distribute the
> default route from both into our IGP. This is great for when you have a
> farmer doing some digging and happens to cut through UUnet's pipe which
> happens to be carrying about 128 ds'3 that can't get put back together
> until about 7 hours later. :)
> Sorry for the confusion
>
>
>> That is amazing.  I would never have constructed a VPN infrastructure
>> with  3000 users and 128k.
>>
>> In my office, we have a 100m pipe and this is not unusual given the
>> area.  When I was working at Worldcom, we were designing a massive
>> Metro network  infrastructure upgrade for the financial district of
>> Tokyo.  That was back  in 2000.  I left Worldcom, before the burst
>> mind you, and now in this same  area, most companies have 100m
>> connections to the Internet.  Home DSL is  30m or in my area only 8m
>> with a
>> dependable 3.5m connection.
>>
>> Not bad for living next to rice paddies I think.
>>
>> If I had 3000 users, I would have recommended a 1.5 line to the
>> Internet  at least.  I was troubleshooting a VPN 5008 problem last
>> year with 1000  users between New Zealand, Singapore, and Tokyo and
>> that company had  upgraded from 128 to 1.5 and said the performance
>> was just so much better.
>> That was for an office of only 50 people local to Tokyo.
>>
>> Thanks for your info.  I will try to implement it in my designs.
>>
>> Theodore Stout, CISSP
>> Senior Security Consultant
>> CCNP, CCDP, CSS1, CCSE
>>
>>
>>
>>
>>
>>
>> "Elijah Savage"
>> 06/04/2002 08:02 PM
>> Please respond to esavage
>>
>>
>>To:
>>cc: , ,
>> Subject:Re: VPN Overhead
>>[7:45719]
>>
>>
>> The bandwidth of the dsl that the telco generously loaned us for 60
>> days was 608 down 128 up, that is another thing if you have a good
>> working relation with your local telco ask them to get you a circuit
>> for testing and they will probably do it.
>>> What is the bandwidth of you DSL?
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> "Elijah Savage"
>>> Sent by: [EMAIL PROTECTED]
>>> 06/04/2002 11:47 AM
>>> Please respond to "Elijah Savage"
>>>
>>>
>>>To: [EMAIL PROTECTED]
>>>cc:
>>>Subject:Re: VPN Overhead [7:45719]
>>>
>>>
>>> We have 2 3030 concentrators setup in a load balancing fashion and it
>>> works very well. We have rolled this out to about 3000 users and have
>>> done all types of testing with different applications and different
>>> types of access. Over dialup we notice that there is about 12%
>>> o

Re: Searching for CCIE Lab scenarios [7:45754]

[Jitendra Joshi]

Hi,

I am aiming to do my CCIE Routing and Switching Qual
exam. Can anyone guide the what books to read other
then online materials. Coz I do not just want to do
the qual more then that I am more intersted in
developing a knolwedge base which would be on the
roadmap of CCIE Rou&Switch.

Thanks,

Jit(CCNP).
--- Thomas Larus  wrote:
> The Lab Scenarios from CCBootcamp cost a lot more
> than $150 (and are
> supposed to be very good-- I chose Ipexpert lab
> scenarios mainly because
> they use a topology that more closely fits my home
> lab).  I think you must
> be looking at the price of their CCIE Written Exam
> preparation material.  I
> just want to make sure you buy one product thinking
> you are getting the
> other.
> 
> 
> 
> ""Ronald Dommelen""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi all,
> >
> > Probably a frequently asked question but I'm
> asking it again:
> >
> > I'm looking for CCIE lab scenario's. I already
> have some books covering
> all
> > the topics and issues but now I'm looking for Lab
> scenarios.
> >
> > Can somebody also perhaps tell me if the document
> from CCBOOTCAMP a good
> > document is ?($150,-)
> >
> >
> > Best regards Ronald
> >
> > The Netherlands
[EMAIL PROTECTED]


__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45921&t=45754
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Recommended Reading for CCIE Written [7:45837]

[Hamid]

Reza,

Do you know when exactly will the new test be online? I haven't found
anything about the exact date?

Hamid


""Reza""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hamid,
> I am also planning to take the exam before the end of this month and
before
> Cisco brings the new monster test on line. I have read all the books that
> you mention here except, CCIE LAN Switching ,by Hamilton
> I am also doing the Boson practice#3 and have the CCXX material. I am sure
> you know about Token Ring paper.
>
> Good luck and let me know how you do.
> Reza
>
> ""Hamid""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi,
> > I am studying for the written exam and I am going to take the exam in 3
or
> 4
> > weeks.
> >
> > I have used the following books:
> > - CCIE LAN Switching ,by Hamilton
> > - Routing TCP/IP Vol. 1, by Doyle
> > - Routers, Switches & Bridges for CCIEs, by Caslow
> > - Some other matterials such as Exam Cram , 
> >
> > I was wondering wether I should study any other books for the Exam?
> >
> > Any input would be welcome.
> >
> > Hamid




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45919&t=45837
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

SNMP vs SNMP-Server? [7:45928]

[Jeffrey Reed]

Whats the difference between setting SNMP and SNMP-Server commands in IOS?
The settings look the same between the two and Im not sure if there is a
difference?

Thanks!

Jeffrey Reed
Classic Networking, Inc.
Cell 717-805-5536
Office 717-737-8586
FAX 717-737-0290




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45928&t=45928
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Question [7:45930]

[Richard Tufaro]

Anyone seen or used this? http://pancho.lunarmedia.net/index.shtml




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45930&t=45930
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE beta results [7:45853]

[Shahid Muhammad Shafi]

Hi Guys,
I called prometric today and who!!! I am joining u
guys. I got a "P" too. I am so happy owwowwowowowow
Shahid
 
  dre  wrote: ""Oleg Oz"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I took the CCIE beta exam at the begining on May (a day beofore the
> end) and could wait no more. I called prometric to see if they had a grade
> in thier system, they told me that thier system showed a "P" for pass (I
> called twice to confirm.) Cisco's system does not show anything yet (I
know
> it can take up to ten days to show up.) Now, I still do not belive that I
> passed (until I have the printed copy in my hand) and wanted to check with
> the group to see if anyone else had this experience. That is, not getting
> the official results and calling prometric to get the results (and the
> finding out the the info prometric had was not correct.

I just called them and they said it was updated last week with the pass
information.
I have not yet received the official results (this isn't to be expected
until at least
next week I thought, no?).

I feel the same way you do (having passed the exam and not believing it).

But, if we did pass... that's *great* news... Congrats!

-dre
Shahid Muhammad Shafi
"Every man dies; not every man really lives"

remember, if God bringz u 2 it, He WILL bring u thru it!!!-

Please help feed hungry people worldwide http://www.hungersite.com/
A small thing each of us can do to help others less fortunate than ourselves


-
Do You Yahoo!?
Sign-up for Video Highlights of 2002 FIFA World Cup




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45932&t=45853
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NANOG 25 Meeting [7:45933]

[Nigel Taylor]

All,
I was browsing the NANOG 25 site and took a preview of the presentations 
that will be presented during the meeting.

Based on my recent growing interest in Inter-Domain routing and 
policies(IRR, RPSL), BGP, and MPLS/TE. I was wondering if anyone on the list 
would be in attendance, also does anyone have any idea as to the timeline in 
which the presentations make their way to the "web-site".  I'm really 
looking forward to getting my hands on those presentations

thanks
Nigel

_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45933&t=45933
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Design ? [7:45927]

[Craig Columbus]

"In order for the few PCs in the remote office to have access to the main
office servers, do I even need to build a tunnel since they have no
firewall?"

Whether to setup a vpn tunnel or not is dictated by your business needs and 
the types of services you want the remote office to access, not by the 
presence or absence of a firewall.  So, you may, or may not, need a 
tunnel.  Let's say that you are passing sensitive data from server to 
client.  By setting up a tunnel and using the appropriate access lists on 
the router, you can make sure that only certain clients can access the data 
and that the data is encrypted when it's travelling over the public network.

"If I want to use a tunnel, how do you get a tunnel between two routers 
without running the 3DES on the Cisco in the main office?"

Well, you don't need 3DES.  You can also use DES and a greatly reduced 
cost.  For most applications, this is sufficient.  However, many security 
experts caution against using DES since it's relatively easy to 
break.  Either way, you'll need to upgrade the 2500 to a crypto IOS.

"The DSL Router is a no-name from the telco."

The DSL router will only be involved in the VPN if you setup a peer-to-peer 
between the routers (my preference).  You can also install a VPN client on 
the client machines and have them connect.  Be forewarned that you don't 
want multiple clients behind a dynamic NAT/PAT router trying to connect to 
the same VPN server...it won't work.  If this is the case, you'll need to 
go with the peer-to-peer.  You should check with the DSL router 
manufacturer to see if it supports IPSEC VPNs...you might be surprised.  I 
recently setup a Netopia SDSL router to connect to a PIX via IPSEC.  It was 
very easy and it's been remarkably stable.

Hope this helps.

Craig

At 08:42 AM 6/6/2002 -0400, you wrote:
>I havent actually setup a VPN, but think I understand the very basic
>concepts of a tunnel. Applying to a real life situation is confusing me a
>little. I have a need to setup a remote office for a customer. They have a
>2500 with a very basic NAT configuration, listed below my signature. They do
>not have a firewall sitting between them and the Internet (not my choice).
>They have a DSL connection at the remote office.
>
>In order for the few PCs in the remote office to have access to the main
>office servers, do I even need to build a tunnel since they have no
>firewall? If I want to use a tunnel, how do you get a tunnel between two
>routers without running the 3DES on the Cisco in the main office? The DSL
>Router is a no-name from the telco.
>
>Any suggestions would be appreciated!!
>
>Jeffrey Reed
>Classic Networking, Inc.
>Cell 717-805-5536
>Office 717-737-8586
>FAX 717-737-0290
>
>ip nat pool NATPOOL x.x.203.161 x.x.203.161 netmask 255.255.255.224
>ip nat inside source list 1 pool NATPOOL overload
>ip name-server x.224.86.15
>ip name-server x.224.64.20
>!
>interface Ethernet0
>  ip address 192.168.200.254 255.255.255.0
>  ip nat inside
>!
>interface Serial0
>  no ip address
>  no ip directed-broadcast
>  shutdown
>!
>interface Serial1
>  description 384K Fractional T1 to Epix (Circuit ID# DS1-8135)
>  ip address x.x.34.154 255.255.255.252
>  no ip directed-broadcast
>  ip nat outside
>!
>ip default-gateway x.x.34.153
>ip classless
>ip route 0.0.0.0 0.0.0.0 Serial1 permanent
>access-list 1 permit 192.168.200.0 0.0.0.255




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45931&t=45927
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

pix and vpn [7:45934]

[GEORGE]

I don't have a vpn accelerator card installed on my pix can I configure
vpn ?
Im trying to configure internet users ability to connect to my internal
network
Probably use this config
http://www.cisco.com/warp/customer/110/pptpcrypto3.html
any suggestions..?
 
 
0: ethernet0: address is 0090.2710.27df, irq 11
1: ethernet1: address is 0090.270d.c12c, irq 10
2: ethernet2: address is 0090.2710.46a2, irq 15
Licensed Features:
Failover:   Enabled
VPN-DES:Enabled
VPN-3DES:   Disabled
Maximum Interfaces: 6
Cut-through Proxy:  Enabled
Guards: Enabled
URL-filtering:  Enabled
Inside Hosts:   Unlimited
Throughput: Unlimited
IKE peers:  Unlimited




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45934&t=45934
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN Design ? [7:45927]

[Marshal Schoener]

"""Be forewarned that you don't 
want multiple clients behind a dynamic NAT/PAT router trying to connect to 
the same VPN server...it won't work."""

>>>

This isn't really the case.  It can be a bit more difficult to setup the
clients behind a NAT device, but it is entirely possible.
In many cases it's as easy as forcing UDP encapsulation on the server
side...

Good luck,

-Original Message-
From: Craig Columbus [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 06, 2002 9:37 AM
To: [EMAIL PROTECTED]
Subject: Re: VPN Design ? [7:45927]


"In order for the few PCs in the remote office to have access to the main
office servers, do I even need to build a tunnel since they have no
firewall?"

Whether to setup a vpn tunnel or not is dictated by your business needs and 
the types of services you want the remote office to access, not by the 
presence or absence of a firewall.  So, you may, or may not, need a 
tunnel.  Let's say that you are passing sensitive data from server to 
client.  By setting up a tunnel and using the appropriate access lists on 
the router, you can make sure that only certain clients can access the data 
and that the data is encrypted when it's travelling over the public network.

"If I want to use a tunnel, how do you get a tunnel between two routers 
without running the 3DES on the Cisco in the main office?"

Well, you don't need 3DES.  You can also use DES and a greatly reduced 
cost.  For most applications, this is sufficient.  However, many security 
experts caution against using DES since it's relatively easy to 
break.  Either way, you'll need to upgrade the 2500 to a crypto IOS.

"The DSL Router is a no-name from the telco."

The DSL router will only be involved in the VPN if you setup a peer-to-peer 
between the routers (my preference).  You can also install a VPN client on 
the client machines and have them connect.  Be forewarned that you don't 
want multiple clients behind a dynamic NAT/PAT router trying to connect to 
the same VPN server...it won't work.  If this is the case, you'll need to 
go with the peer-to-peer.  You should check with the DSL router 
manufacturer to see if it supports IPSEC VPNs...you might be surprised.  I 
recently setup a Netopia SDSL router to connect to a PIX via IPSEC.  It was 
very easy and it's been remarkably stable.

Hope this helps.

Craig

At 08:42 AM 6/6/2002 -0400, you wrote:
>I havent actually setup a VPN, but think I understand the very basic
>concepts of a tunnel. Applying to a real life situation is confusing me a
>little. I have a need to setup a remote office for a customer. They have a
>2500 with a very basic NAT configuration, listed below my signature. They
do
>not have a firewall sitting between them and the Internet (not my choice).
>They have a DSL connection at the remote office.
>
>In order for the few PCs in the remote office to have access to the main
>office servers, do I even need to build a tunnel since they have no
>firewall? If I want to use a tunnel, how do you get a tunnel between two
>routers without running the 3DES on the Cisco in the main office? The DSL
>Router is a no-name from the telco.
>
>Any suggestions would be appreciated!!
>
>Jeffrey Reed
>Classic Networking, Inc.
>Cell 717-805-5536
>Office 717-737-8586
>FAX 717-737-0290
>
>ip nat pool NATPOOL x.x.203.161 x.x.203.161 netmask 255.255.255.224
>ip nat inside source list 1 pool NATPOOL overload
>ip name-server x.224.86.15
>ip name-server x.224.64.20
>!
>interface Ethernet0
>  ip address 192.168.200.254 255.255.255.0
>  ip nat inside
>!
>interface Serial0
>  no ip address
>  no ip directed-broadcast
>  shutdown
>!
>interface Serial1
>  description 384K Fractional T1 to Epix (Circuit ID# DS1-8135)
>  ip address x.x.34.154 255.255.255.252
>  no ip directed-broadcast
>  ip nat outside
>!
>ip default-gateway x.x.34.153
>ip classless
>ip route 0.0.0.0 0.0.0.0 Serial1 permanent
>access-list 1 permit 192.168.200.0 0.0.0.255




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45935&t=45927
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Remote access troubleshooting [7:45936]

[BASSOLE Rock]

Hello group,


I' am presently working on a remote access solution for our network. We have
decided to use a Cisco 3620 with a Fastethernet for LAN connexion and PRI/E1
module for WAN connection. The router is running IOS version 12.2(4)T3. This
access server is configured to allow analog connexions and ISDN connexions,
callback is also allowed. The remote users connecting are authenticated by a
RADIUS Server (Steelbelt). The RADIUS server is also supposed to return
values to the remote client: 

-Framed-IP-Address
-Framed-IP-Netmask
-Famed-Protocol
-Framed-route
-Callback-number
-Cisco-client-Primary-DNS
-Cisco-client-Secondary-DNS

We are currently testing this solution and it's no working properly. The
remote user is not getting the appropriate RADIUS attributs. We only have
the Framed-IP-Address right, the other attribut are retrieved by the router.
Do you have an idea on how to force the router to get those specific
attributs ?
Please find the configuration of the router.
 
Any information is welcome.

Thank you.

Rock BASSOLE





version 12.2
service nagle
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname 
!
logging buffered 4 debugging
aaa new-model
!
!
aaa authentication login default group radius line
aaa authentication enable default none
aaa authentication ppp default group radius local
aaa authorization network default group radius local
enable secret password
aaa session-id common
!
clock timezone GMT+01 1
clock summer-time GMT+01 recurring last Sun Mar 1:00 last Sun Oct 2:00
ip subnet-zero
no ip source-route
!
!
ip telnet source-interface Loopback0
no ip domain-lookup
!
no ip bootp server
isdn switch-type primary-net5
chat-script offhook "" "ATH1" OK
chat-script callback ABORT ERROR ABORT BUSY "" "ATZ" OK "ATDT \T" TIMEOUT 30
CONNECT \c
!
controller E1 1/0
 framing NO-CRC4
 pri-group timeslots 1-31
!
controller E1 1/1
!
!
!
interface Loopback0
 description Interface Loopback NAS
 ip address X.X.X.X 255.255.255.255
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 no ip mroute-cache
!
interface FastEthernet1/0
description Interface FastEthernet VLAN_10.21_RAS
 ip address X.X.X.X 255.255.128.0
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 speed 100
 full-duplex
 no cdp enable
!
interface Serial1/0:15
description canal D pour le controller E1
 no ip address
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 encapsulation ppp
 dialer rotary-group 0
 dialer-group 1
 isdn switch-type primary-net5
 isdn incoming-voice modem
 no fair-queue
 compress mppc
 no cdp enable
!
interface Group-Async1
description Interface de connexion RTC
 ip unnumbered Loopback0
 encapsulation ppp
 no ip mroute-cache
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 async mode dedicated
 no peer default ip address
 compress mppc
 ppp callback accept
 ppp authentication chap
 group-range 1 30
!
interface Dialer0
description Intercace de connexion ISDN
 ip unnumbered Loopback0
 encapsulation ppp
 no ip mroute-cache
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 dialer in-band
 dialer aaa
 dialer enable-timeout 5
 dialer hold-queue 20
 dialer-group 1
 no peer default ip address
 no fair-queue
 compress mppc
 no cdp enable
 ppp callback accept
 ppp authentication chap callin
 ppp multilink
!
router rip
 passive-interface Dialer0
 network 10.0.0.0
!
ip classless
no ip http server
ip pim bidir-enable
!
ip radius source-interface Loopback0
logging source-interface Loopback0
logging
logging
access-list 23 remark *** VTY Access ***

dialer-list 1 protocol ip permit
no cdp run
snmp-server community community RO 23
snmp-server community community RW 23
snmp-server trap-source Loopback0
snmp-server host-ip-add password
snmp-server host-ip-add password
snmp-server tftp-server-list 23
radius-server host-ip address auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server key key
banner login ^C

#
#
#   UNAUTHORIZED ACCESS IS PROHIBITED
#
#  AND MAY BE SUBJECT TO CIVIL AND/OR CRIMINAL PENALTIES   #
#
#

^C
!
line con 0
 exec-timeout 5 0
 password password
line 1 30
 script modem-off-hook offhook
 script callback callback
 modem InOut
 modem autoconfigure type mica
 transport preferred none
 transport input all
 transport output none
 autoselect during-login
 autoselect ppp
 callback forced-wait 5
 stopbits 1
 flowcontrol hardware
line aux 0
 exec-timeout 5 0
 password password
line vty 0 4
 access-class 23 in
 exec-timeout 5 0
 password password
 transport input telnet
 transport output none
!
ntp clock-period 17208202
ntp source Loopback0
ntp server X.X.X.X prefer
ntp server X.X.X.X
no scheduler allocate
!
end




Message Posted at:
http://www.groupstudy.com/fo

Anniversary [7:45937]

[Kenneth R. Snell]

Exactly one year as a "made man". Time to start studying for the recert. So,
I'm back!

Ken
#7544




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45937&t=45937
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Networkers San Diego [7:45885]

[Logan, Harold]

I'll be at the CCIE Power Session on Monday. It better be worth it... I just
got done paying for my power session, air fare to san diego, and
registration fee for my lab in july. I'm at the point where my credit cards
cringe every time I reach for my wallet.

Anyone else doing the IE power session?

Hal

> -Original Message-
> From: Ken Diliberto [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 05, 2002 8:24 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Networkers San Diego [7:45885]
> 
> 
> I am.  Should be interesting.  If there's already a meeting 
> place for those
> of us attending, I'd like to know so I can be there, too.
> 
> Ken
> 
> >>> "Oleg Oz"  06/05/02 03:44PM >>>
> I think I saw a thread on this a few weeks ago but can no 
> longer find it..
> Is anyone going to networkers in San Diego.. Taking power sessions?
> 
>  Oleg.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45939&t=45885
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE beta results [7:45853]

[Oleg Oz]

I spoke with another person at Prometric. She basically said dont count
your chickens before they hatch. Also, she said they sometimes put a P in
there just for giggles and . (pardon my periods)

   So, if you took the test out of curiosity and never expected to pass you
probably did'nt. :(


   Oleg.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45941&t=45853
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIP vs CCNP vs CCIE - not very close at all [7:45893]

[Chris Parker]

Neal,

I agree with you 100% the the CCIP is more relevent than the CCIE in the
service provider sphere.

However I think the CCIP has yet to attain the credability and recognition
of the CCIE. I think the reason Cisco probably introduced the CCIP is to
address the shortcomings of the CCIE in the service provider area. However,
since the CCIE is so coveted and since some many people have invested so
much in their CCIE's , i think Cisco probably didn't want to superceed the
CCIE with the CCIP.

Utimately, it will be up to the market to decide which certification is more
relevent in the future. Perhaps CCIE will become associated more with the
Enterpise arena and CCIP with the serivce provider arena.

Chris


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45944&t=45893
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN Design ? [7:45927]

[Craig Columbus]

I'm not referring to a strictly static NAT setup.  I'm talking about 
dynamic NAT/PAT, where clients may get a NAT address or may use PAT, 
depending on pool availability.
For example, I had a location that was dropping connections on the PIX and 
I couldn't figure out what was going on.  The remote site had 3 dynamic NAT 
addresses, 1 overload address (PAT)and 10 clients.  I opened a case with 
TAC, they reviewed and told me that they don't support multiple clients 
behind dynamic NAT/PAT and that I'd need to either not use NAT/PAT or 
assign statics to each client.
I know PAT isn't a problem with multiple clients connecting to different 
VPN servers, but I've yet to see it work properly when multiple clients 
using PAT connect to the same VPN server.  If you've got a way to make PAT 
work with multiple clients connecting to the same VPN server, I'd love to 
hear the details since I could make use of this in several locations.

Craig

At 10:08 AM 6/6/2002 -0400, you wrote:
>"""Be forewarned that you don't
>want multiple clients behind a dynamic NAT/PAT router trying to connect to
>the same VPN server...it won't work."""
>

> >>>
>
>This isn't really the case.  It can be a bit more difficult to setup the
>clients behind a NAT device, but it is entirely possible.
>In many cases it's as easy as forcing UDP encapsulation on the server
>side...
>
>Good luck,
>
>-Original Message-
>From: Craig Columbus [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, June 06, 2002 9:37 AM
>To: [EMAIL PROTECTED]
>Subject: Re: VPN Design ? [7:45927]
>
>
>"In order for the few PCs in the remote office to have access to the main
>office servers, do I even need to build a tunnel since they have no
>firewall?"
>
>Whether to setup a vpn tunnel or not is dictated by your business needs and
>the types of services you want the remote office to access, not by the
>presence or absence of a firewall.  So, you may, or may not, need a
>tunnel.  Let's say that you are passing sensitive data from server to
>client.  By setting up a tunnel and using the appropriate access lists on
>the router, you can make sure that only certain clients can access the data
>and that the data is encrypted when it's travelling over the public network.
>
>"If I want to use a tunnel, how do you get a tunnel between two routers
>without running the 3DES on the Cisco in the main office?"
>
>Well, you don't need 3DES.  You can also use DES and a greatly reduced
>cost.  For most applications, this is sufficient.  However, many security
>experts caution against using DES since it's relatively easy to
>break.  Either way, you'll need to upgrade the 2500 to a crypto IOS.
>
>"The DSL Router is a no-name from the telco."
>
>The DSL router will only be involved in the VPN if you setup a peer-to-peer
>between the routers (my preference).  You can also install a VPN client on
>the client machines and have them connect.  Be forewarned that you don't
>want multiple clients behind a dynamic NAT/PAT router trying to connect to
>the same VPN server...it won't work.  If this is the case, you'll need to
>go with the peer-to-peer.  You should check with the DSL router
>manufacturer to see if it supports IPSEC VPNs...you might be surprised.  I
>recently setup a Netopia SDSL router to connect to a PIX via IPSEC.  It was
>very easy and it's been remarkably stable.
>
>Hope this helps.
>
>Craig
>
>At 08:42 AM 6/6/2002 -0400, you wrote:
> >I havent actually setup a VPN, but think I understand the very basic
> >concepts of a tunnel. Applying to a real life situation is confusing me a
> >little. I have a need to setup a remote office for a customer. They have a
> >2500 with a very basic NAT configuration, listed below my signature. They
>do
> >not have a firewall sitting between them and the Internet (not my choice).
> >They have a DSL connection at the remote office.
> >
> >In order for the few PCs in the remote office to have access to the main
> >office servers, do I even need to build a tunnel since they have no
> >firewall? If I want to use a tunnel, how do you get a tunnel between two
> >routers without running the 3DES on the Cisco in the main office? The DSL
> >Router is a no-name from the telco.
> >
> >Any suggestions would be appreciated!!
> >
> >Jeffrey Reed
> >Classic Networking, Inc.
> >Cell 717-805-5536
> >Office 717-737-8586
> >FAX 717-737-0290
> >
> >ip nat pool NATPOOL x.x.203.161 x.x.203.161 netmask 255.255.255.224
> >ip nat inside source list 1 pool NATPOOL overload
> >ip name-server x.224.86.15
> >ip name-server x.224.64.20
> >!
> >interface Ethernet0
> >  ip address 192.168.200.254 255.255.255.0
> >  ip nat inside
> >!
> >interface Serial0
> >  no ip address
> >  no ip directed-broadcast
> >  shutdown
> >!
> >interface Serial1
> >  description 384K Fractional T1 to Epix (Circuit ID# DS1-8135)
> >  ip address x.x.34.154 255.255.255.252
> >  no ip directed-broadcast
> >  ip nat outside
> >!
> >ip

PIX 506 port translation with DHCP [7:45945]

[Parmjit]

hi
I have a pix 506 connected to cable and would like my ftp server available
on the net and wondered how to configure the 506 to do so.

I have tried "static (inside,outside) interface 192.168.0.2 netmask
255.255.255.255 0 0"
and "conduit permit tcp host 192.168.0.2 eq ftp any" but it doesn't work.

any thoughts?

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45945&t=45945
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: pix and vpn [7:45934]

[Mark Odette II]

Short answer: Yes, you can configure VPNs without the aide of the
Accelerator card.  Your VPN encryption will be DES only, unless you
purchase a 3DES license and install it.

Good luck!

Mark

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, June 06, 2002 8:54 AM
To: [EMAIL PROTECTED]
Subject: pix and vpn [7:45934]

I don't have a vpn accelerator card installed on my pix can I configure
vpn ?
Im trying to configure internet users ability to connect to my internal
network
Probably use this config
http://www.cisco.com/warp/customer/110/pptpcrypto3.html
any suggestions..?
 
 
0: ethernet0: address is 0090.2710.27df, irq 11
1: ethernet1: address is 0090.270d.c12c, irq 10
2: ethernet2: address is 0090.2710.46a2, irq 15
Licensed Features:
Failover:   Enabled
VPN-DES:Enabled
VPN-3DES:   Disabled
Maximum Interfaces: 6
Cut-through Proxy:  Enabled
Guards: Enabled
URL-filtering:  Enabled
Inside Hosts:   Unlimited
Throughput: Unlimited
IKE peers:  Unlimited




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45946&t=45934
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN Design ? [7:45927]

[Marshal Schoener]

Thanks for that response.
You just taught me something :-)

I mis-understood what you were saying the first time.
Regards,


-Original Message-
From: Craig Columbus [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 05, 2002 11:07 AM
To: Marshal Schoener
Cc: [EMAIL PROTECTED]
Subject: RE: VPN Design ? [7:45927]


I'm not referring to a strictly static NAT setup.  I'm talking about 
dynamic NAT/PAT, where clients may get a NAT address or may use PAT, 
depending on pool availability.
For example, I had a location that was dropping connections on the PIX and 
I couldn't figure out what was going on.  The remote site had 3 dynamic NAT 
addresses, 1 overload address (PAT)and 10 clients.  I opened a case with 
TAC, they reviewed and told me that they don't support multiple clients 
behind dynamic NAT/PAT and that I'd need to either not use NAT/PAT or 
assign statics to each client.
I know PAT isn't a problem with multiple clients connecting to different 
VPN servers, but I've yet to see it work properly when multiple clients 
using PAT connect to the same VPN server.  If you've got a way to make PAT 
work with multiple clients connecting to the same VPN server, I'd love to 
hear the details since I could make use of this in several locations.

Craig

At 10:08 AM 6/6/2002 -0400, you wrote:
>"""Be forewarned that you don't
>want multiple clients behind a dynamic NAT/PAT router trying to connect to
>the same VPN server...it won't work."""
>

> >>>
>
>This isn't really the case.  It can be a bit more difficult to setup the
>clients behind a NAT device, but it is entirely possible.
>In many cases it's as easy as forcing UDP encapsulation on the server
>side...
>
>Good luck,
>
>-Original Message-
>From: Craig Columbus [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, June 06, 2002 9:37 AM
>To: [EMAIL PROTECTED]
>Subject: Re: VPN Design ? [7:45927]
>
>
>"In order for the few PCs in the remote office to have access to the main
>office servers, do I even need to build a tunnel since they have no
>firewall?"
>
>Whether to setup a vpn tunnel or not is dictated by your business needs and
>the types of services you want the remote office to access, not by the
>presence or absence of a firewall.  So, you may, or may not, need a
>tunnel.  Let's say that you are passing sensitive data from server to
>client.  By setting up a tunnel and using the appropriate access lists on
>the router, you can make sure that only certain clients can access the data
>and that the data is encrypted when it's travelling over the public
network.
>
>"If I want to use a tunnel, how do you get a tunnel between two routers
>without running the 3DES on the Cisco in the main office?"
>
>Well, you don't need 3DES.  You can also use DES and a greatly reduced
>cost.  For most applications, this is sufficient.  However, many security
>experts caution against using DES since it's relatively easy to
>break.  Either way, you'll need to upgrade the 2500 to a crypto IOS.
>
>"The DSL Router is a no-name from the telco."
>
>The DSL router will only be involved in the VPN if you setup a peer-to-peer
>between the routers (my preference).  You can also install a VPN client on
>the client machines and have them connect.  Be forewarned that you don't
>want multiple clients behind a dynamic NAT/PAT router trying to connect to
>the same VPN server...it won't work.  If this is the case, you'll need to
>go with the peer-to-peer.  You should check with the DSL router
>manufacturer to see if it supports IPSEC VPNs...you might be surprised.  I
>recently setup a Netopia SDSL router to connect to a PIX via IPSEC.  It was
>very easy and it's been remarkably stable.
>
>Hope this helps.
>
>Craig
>
>At 08:42 AM 6/6/2002 -0400, you wrote:
> >I havent actually setup a VPN, but think I understand the very basic
> >concepts of a tunnel. Applying to a real life situation is confusing me a
> >little. I have a need to setup a remote office for a customer. They have
a
> >2500 with a very basic NAT configuration, listed below my signature. They
>do
> >not have a firewall sitting between them and the Internet (not my
choice).
> >They have a DSL connection at the remote office.
> >
> >In order for the few PCs in the remote office to have access to the main
> >office servers, do I even need to build a tunnel since they have no
> >firewall? If I want to use a tunnel, how do you get a tunnel between two
> >routers without running the 3DES on the Cisco in the main office? The DSL
> >Router is a no-name from the telco.
> >
> >Any suggestions would be appreciated!!
> >
> >Jeffrey Reed
> >Classic Networking, Inc.
> >Cell 717-805-5536
> >Office 717-737-8586
> >FAX 717-737-0290
> >
> >ip nat pool NATPOOL x.x.203.161 x.x.203.161 netmask 255.255.255.224
> >ip nat inside source list 1 pool NATPOOL overload
> >ip name-server x.224.86.15
> >ip name-server x.224.64.20
> >!
> >interface Ethernet0
> >  ip address 192.168.2

Re: Anniversary [7:45937]

[Howard C. Berkowitz]

At 10:33 AM -0400 6/6/02, Kenneth R. Snell wrote:
>Exactly one year as a "made man". Time to start studying for the recert. So,
>I'm back!
>
>Ken
>#7544
>

I'm not sure I like the examplewhat if the Mafia required you to 
recertify in making your bones?

:-)

Might be useful for Noo Yawk CCIEs




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45951&t=45937
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Anniversary [7:45937]

[Will Gragido]

Well, being that the whole process of being 'made' is a NY Mafia thing, I
think that its geographically centric ;-)  In other cities, that was not the
case.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Howard C. Berkowitz
Sent: Thursday, June 06, 2002 10:47 AM
To: [EMAIL PROTECTED]
Subject: Re: Anniversary [7:45937]


At 10:33 AM -0400 6/6/02, Kenneth R. Snell wrote:
>Exactly one year as a "made man". Time to start studying for the recert.
So,
>I'm back!
>
>Ken
>#7544
>

I'm not sure I like the examplewhat if the Mafia required you to
recertify in making your bones?

:-)

Might be useful for Noo Yawk CCIEs




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45955&t=45937
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Anniversary [7:45937]

[Andrew Smith]

On 06-Jun-2002, Howard C. Berkowitz wrote:
> At 10:33 AM -0400 6/6/02, Kenneth R. Snell wrote:
> >Exactly one year as a "made man". Time to start studying for the recert.
So,
> >I'm back!
> >
> >Ken
> >#7544
> >
> 
> I'm not sure I like the examplewhat if the Mafia required you to 
> recertify in making your bones?
> 
> :-)
> 
> Might be useful for Noo Yawk CCIEs

Be sure to study the newly implemented equine fragmentation protocol when
translating from STABLE to BED.
 
---
  ** Andrew W. Smith ** [EMAIL PROTECTED] ** Senior Network Engineer **
** http://www.neosoft.com/neosoft/staff/andrew ** 1-888-NEOSOFT **
 ** NeoSoft, Inc. An Internet America Company  1-800-BE-A-GEEK **
   ** "Opportunities multiply as they are seized" - Sun Tzu **
---




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45954&t=45937
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Anniversary [7:45937]

[Lupi, Guy]

I know when I got mine they made me burn the saint. ;)

*-Original Message-
*From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]]
*Sent: Thursday, June 06, 2002 11:47 AM
*To: [EMAIL PROTECTED]
*Subject: Re: Anniversary [7:45937]
*
*
*At 10:33 AM -0400 6/6/02, Kenneth R. Snell wrote:
*>Exactly one year as a "made man". Time to start studying for 
*the recert. So,
*>I'm back!
*>
*>Ken
*>#7544
*>
*
*I'm not sure I like the examplewhat if the Mafia required you to 
*recertify in making your bones?
*
*:-)
*
*Might be useful for Noo Yawk CCIEs
*
*
*
*
*Report misconduct 
*and Nondisclosure violations to [EMAIL PROTECTED]
*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45956&t=45937
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Serial down line protocol down [7:45957]

[Waqar Ahmed]

Hi,

I am facing problem in our new commissioned DXX link .
line protocol and serial are down but output of show
controller shows v.35 TX RX clock detected.

Please advice.



__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45957&t=45957
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Voip/Internet Telephony [7:45915]

[Jason Weden]

VoIP is any time you take sound and packetize it using standard (H.323, SIP,
etc) or non-standard (Cisco's Skinny) protocols, which, in turn, allows
one's voice to travel over IP.  When you use VoIP to inmitate and/or expand
upon traditional POTS telephony (ip-to-pstn, call forwarding, call-waiting,
the stuff that Howard says above), it is more-encompassing to use to use the
term IP Telephony.

Internet Telephony -- well, the word Internet implies that data is
traversing different ISP backbones (autonomous systems) between the two or
more VoIP callers.  I would say Internet Telephony is one way to do IP
Telephony but that IP Telephony doesn't need to use the Internet such as
when it is used on a LAN only or when the WAN does not traverse the Internet.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45958&t=45915
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX 506 port translation with DHCP [7:45945]

[brian charles]

If you have version 6.0 or greater you can do port redirection with the
static command. Create an acl to allow the traffic

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/s.htm#xtocid20


static
Maps a local IP address to a global IP address (NAT) and supports TCP and
UDP port redirection (static PAT). (Configuration mode.)

[no] static [(internal_if_name, external_if_name)] {tcp | udp} {global_ip |
interface} global_port local_ip local_port [netmask mask] [max_conns
[em_limit]] [norandomseq]

show static




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45959&t=45945
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Design ? [7:45927]

[Ben Woltz]

I'm not sure if this is exactly what you are referring to Craig, but it
might help.  We also have had problems doing VPN Client connections behind
PAT.  Its only in places where the DSL/Cable router cannot support PAT on
unknown ports, like UDP 1 which is default for VPN 3000 connections. 
Linksys routers are an example.  The workaround is in 3000 concentrator
version 3.5 where you can do IPSec via TCP.  So you can setup PAT on known
ports, like TCP port 80.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45960&t=45927
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Anniversary [7:45937]

[Mark Smith]

Quoting Andrew Smith :

> On 06-Jun-2002, Howard C. Berkowitz wrote:
> > At 10:33 AM -0400 6/6/02, Kenneth R. Snell wrote:
> > >Exactly one year as a "made man". Time to start
> studying for the recert.
> So,
> > >I'm back!
> > >
> > >Ken
> > >#7544
> > >
> > 
> > I'm not sure I like the examplewhat if the Mafia
> required you to 
> > recertify in making your bones?
> > 
> > :-)
> > 
> > Might be useful for Noo Yawk CCIEs
> 
> Be sure to study the newly implemented equine
> fragmentation protocol when
> translating from STABLE to BED.
>  

Aaa.fuhgit uhbow dit


> ---
>   ** Andrew W. Smith ** [EMAIL PROTECTED] ** Senior
> Network Engineer **
> ** http://www.neosoft.com/neosoft/staff/andrew **
> 1-888-NEOSOFT **
>  ** NeoSoft, Inc. An Internet America Company 
> 1-800-BE-A-GEEK **
>** "Opportunities multiply as they are seized"
> - Sun Tzu **
> ---
> [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45961&t=45937
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Frame Relay Traffic Shaping - [7:45962]

[Pierre-Alex Guanel]

Please check my logic:

My Bc is 8,000 bits
My Be is 16,000 bits
My CIR is 64 Kbps

If I send 1 burst of 56,000 bits then 4 bursts of  4,000 bits, after the 4th
burst of 4,000 bits I will be able to burst again but not before that.
Correct?

Here is my rational (Assume no congestion in the frame-relay network):

During the first Tc interval, I send Bc+Be. 
During the second, third and fourth interval I can no longer burst
because I have used all my "burst credit". 
At the end of the 4th Tc interval I have taken care of my first burst. 

During the next four bursts, I am "paying back" so to speak on my credit
line because I am sending less than the CIR.
So on the 9th Tc interval I can burst again.


Pierre-Alex


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45962&t=45962
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: To much! [7:45865]

[Pierre-Alex Guanel]

Try exercising... It does increase mental stamina.

Pierre-Alex


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45965&t=45865
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX 506 port translation with DHCP [7:45945]

[Parmjit]

hi,
Thanks I tried "static (inside,outside) tcp interface ftp armada ftp netmask
255.255.255.255 10 0" where armada is the name of the internal ftp server, I
also used a conduit permit ip any any and I still can't ftp to it.
I should also mention there is another problem unless I use a conduit permit
icmp any any I cannot ping out, if I prefix this with a "no" so I can't
ping, people on the net can still ping my pix, there is nothing in the
config in the way of access lists etc. Having read the section in the book a
pix by default should allow internal users to ping out but not the other way
around, is there a fix for this also?

thanks

""brian charles""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> If you have version 6.0 or greater you can do port redirection with the
> static command. Create an acl to allow the traffic
>
>
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/s.h
tm#xtocid20
>
>
> static
> Maps a local IP address to a global IP address (NAT) and supports TCP and
> UDP port redirection (static PAT). (Configuration mode.)
>
> [no] static [(internal_if_name, external_if_name)] {tcp | udp} {global_ip
|
> interface} global_port local_ip local_port [netmask mask] [max_conns
> [em_limit]] [norandomseq]
>
> show static




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45966&t=45945
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Anniversary [7:45937]

[Will Gragido]

LOL

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Lupi, Guy
Sent: Thursday, June 06, 2002 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: Anniversary [7:45937]


I know when I got mine they made me burn the saint. ;)

*-Original Message-
*From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]]
*Sent: Thursday, June 06, 2002 11:47 AM
*To: [EMAIL PROTECTED]
*Subject: Re: Anniversary [7:45937]
*
*
*At 10:33 AM -0400 6/6/02, Kenneth R. Snell wrote:
*>Exactly one year as a "made man". Time to start studying for
*the recert. So,
*>I'm back!
*>
*>Ken
*>#7544
*>
*
*I'm not sure I like the examplewhat if the Mafia required you to
*recertify in making your bones?
*
*:-)
*
*Might be useful for Noo Yawk CCIEs
*
*
*
*
*Report misconduct
*and Nondisclosure violations to [EMAIL PROTECTED]
*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45964&t=45937
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NANOG 25 Meeting [7:45933]

[dre]

""Nigel Taylor""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Based on my recent growing interest in Inter-Domain routing and
> policies(IRR, RPSL), BGP, and MPLS/TE. I was wondering if anyone on the
list
> would be in attendance, also does anyone have any idea as to the timeline
in
> which the presentations make their way to the "web-site".  I'm really
> looking forward to getting my hands on those presentations

I'll be in attendance.  Historically, the presentations appear on the
website
super randomly (not pseudorandomly I hope).  This time, it appears that
they are "waiting" for something because there's only like 2-3 up there
right now.  Normally they go up, then down, then up, then down, and so
on.  By the end of the conference, the ones that are going to stick
generally
do.  Your second best bet is to watch the conference live via Multicast or
with
RealPlayer http://www.nanog.org/mtg-0206/network.html#multi if you want
to soak in everything.  So I guess your best bet is to just actually go,
which I
recommend ;>

-dre




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45967&t=45933
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco 3660 Router and NAT [7:45968]

[[EMAIL PROTECTED]]

Has anyone has any problems with a 3660 router and approximately
2000 users using inside NAT?  I am wondering about CPU.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45968&t=45968
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NANOG 25 Meeting [7:45933]

[Peter van Oene]

The conference is 40 minutes from my house and I'll definitely be in 
attendance and likely hang around the Juniper Networks booth at the
Beer&Gear.

At 11:27 AM 6/6/2002 -0400, Howard C. Berkowitz wrote:
> >All,
> > I was browsing the NANOG 25 site and took a preview of the
>presentations
> >that will be presented during the meeting.
> >
> >Based on my recent growing interest in Inter-Domain routing and
> >policies(IRR, RPSL), BGP, and MPLS/TE. I was wondering if anyone on the
list
> >would be in attendance, also does anyone have any idea as to the timeline
in
> >which the presentations make their way to the "web-site".  I'm really
> >looking forward to getting my hands on those presentations
> >
> >thanks
> >Nigel
>
>Unfortunately I won't be able to make it in person, but I know of a
>couple of list members that are going.  Susan Harris generally yells
>at presenters to have their presentations in at least a week before,
>because people often can see them better on their laptops than on the
>main screen.  So, they'll probably be pretty much on the NANOG server
>by Saturday or Sunday.
>
>If you're not aware of it, NANOG normally has real-time Real Video or
>other streaming video of the actual conference available free.  They
>also store the videos on the website after the conference.
>
>Incidentally, the Fall NANOG meeting will be especially worth
>attending, because there will be a new format:  NANOG tutorials on
>Sunday, NANOG program on Monday and Tuesday, and ARIN public and
>member meetings on Wednesday-Friday.
>
>They don't always video the BOFs, which can be a shame -- Sue Hares
>is one of my coauthors on the BGP convergence drafts, and I'd like to
>hear it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45969&t=45933
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

40x/50x counting towards CCNP [7:45993]

[Choy, Wai Yew]

Hi,

I have completed 2 papers on CCNP...One is ACRC (40x) the other is BCRAN
(50x)...

I still has 2 more to go but now there is this new series (60x)...Hence what
will I get at the end of the day? CCNP1.0 or nothing?

Thanx..

With regards, 
Sliver




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45993&t=45993
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RSB and NetBEUI [7:45994]

[Nelson Herron]

Is there some function that can filter NetBEUI traffic through a
router/bridge based on packet size that can get set without user
intervention?  I have RSB (both simple and multi-port RSB show the same
symptoms) configured on a 7010/RSP w/ an old four-port CX Token interface
board.  I am bridging two switched TrCRFs from an Olicom 8600 (under
separate TrBRFs).  I am using Win2k NetBEUI clients (no IP).  When I do a
packet capture of a network browse/drive mapping session, I see lots of
traffic going through the bridge (using MS NetMon on either side of the
bridge, I see NetBIOS and LLC going back and forth), but none of my actions
are successful.  Browses and mappings do not complete.  The largest frame
that I can see traversing the bridge is 68 bytes.  Frames 102 or larger do
not make it through the bridge.  This is the only difference that I can see
between packets that make it through and those that don't.  The bridge MTU
is set to 4096 bytes.  There are no access lists set.  I have seen this
behavior on a 7007 also running a CX card.  I have no other multi-port token
systems to test it with.  Any help will be greatly appreciated.

Thank you,

Nelson R. Herron


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45994&t=45994
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OSPF area 0 [7:45995]

[Cisco Study]

Hi group,

 

Is there any condition that OSPF area 0 must be contiguous?.

I remembered read this some where on CCO. Is this true?. For a situation,
three ospf routers connected in a triangle shape, what if one of the link
goes down?.

Any one experienced on this situation, please show me some documents related
to this?.

 

Thanks in advance,

J.



-
Do You Yahoo!?
Sign-up for Video Highlights of 2002 FIFA World Cup




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45995&t=45995
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Voip/Internet Telephony [7:45915]

[Steven A. Ridder]

Call Manager/AVVID is IP telephony - the end to end voip network.

VoIP is usually just packetized voice between two routers.

IP telephony is more indepth then VoIP.

--

RFC 1149 Compliant.



""Jason Weden""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> VoIP is any time you take sound and packetize it using standard (H.323,
SIP,
> etc) or non-standard (Cisco's Skinny) protocols, which, in turn, allows
> one's voice to travel over IP.  When you use VoIP to inmitate and/or
expand
> upon traditional POTS telephony (ip-to-pstn, call forwarding,
call-waiting,
> the stuff that Howard says above), it is more-encompassing to use to use
the
> term IP Telephony.
>
> Internet Telephony -- well, the word Internet implies that data is
> traversing different ISP backbones (autonomous systems) between the two or
> more VoIP callers.  I would say Internet Telephony is one way to do IP
> Telephony but that IP Telephony doesn't need to use the Internet such as
> when it is used on a LAN only or when the WAN does not traverse the
Internet.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45996&t=45915
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Networkers San Diego [7:45885]

[Steven A. Ridder]

I'll be at the power session on Mon.

--

RFC 1149 Compliant.



""Moffett, Ryan""  wrote in message
news:[EMAIL PROTECTED]...
> I am doing the IE power session on Friday
>
> -Original Message-
> From: Logan, Harold [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 06, 2002 10:50 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Networkers San Diego [7:45885]
>
>
> I'll be at the CCIE Power Session on Monday. It better be worth it... I
just
> got done paying for my power session, air fare to san diego, and
> registration fee for my lab in july. I'm at the point where my credit
cards
> cringe every time I reach for my wallet.
>
> Anyone else doing the IE power session?
>
> Hal
>
> > -Original Message-
> > From: Ken Diliberto [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, June 05, 2002 8:24 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Networkers San Diego [7:45885]
> >
> >
> > I am.  Should be interesting.  If there's already a meeting
> > place for those
> > of us attending, I'd like to know so I can be there, too.
> >
> > Ken
> >
> > >>> "Oleg Oz"  06/05/02 03:44PM >>>
> > I think I saw a thread on this a few weeks ago but can no
> > longer find it..
> > Is anyone going to networkers in San Diego.. Taking power sessions?
> >
> >  Oleg.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45997&t=45885
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: To much! [7:45865]

[Steven A. Ridder]

Actually, scientific studies show that when your brain feels like you're
full, sleep is the only answer.  There was an interesting hour on this exact
topic on NPR last week.

--

RFC 1149 Compliant.



""Pierre-Alex Guanel""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Try exercising... It does increase mental stamina.
>
> Pierre-Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45998&t=45865
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX 506 port translation with DHCP [7:45945]

[Lidiya White]

>>> Having read the section in the book a

pix by default should allow internal users to ping out but not the other
way

around, is there a fix for this also?

 

 

That is not true.


Handling ICMP Pings with the PIX Firewall


http://www.cisco.com/warp/public/110/31.html

 

Use "conduit permit icmp any any echo-reply".

 

Before you try to FTP, try to telnet on port 21. What is the default
gateway of the FTP server? Enable "logging buffer info" and check "sh
log" for the build or teardown messages for the FTP server's ip
address..

 

-- Lidiya White

 

 

-Original Message-

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Parmjit

Sent: Thursday, June 06, 2002 12:34 PM

To: [EMAIL PROTECTED]

Subject: Re: PIX 506 port translation with DHCP [7:45945]

 

hi,

Thanks I tried "static (inside,outside) tcp interface ftp armada ftp
netmask

255.255.255.255 10 0" where armada is the name of the internal ftp
server, I

also used a conduit permit ip any any and I still can't ftp to it.

I should also mention there is another problem unless I use a conduit
permit

icmp any any I cannot ping out, if I prefix this with a "no" so I can't

ping, people on the net can still ping my pix, there is nothing in the

config in the way of access lists etc. Having read the section in the
book a

pix by default should allow internal users to ping out but not the other
way

around, is there a fix for this also?

 

thanks

 

""brian charles""  wrote in message

[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...

> If you have version 6.0 or greater you can do port redirection with
the

> static command. Create an acl to allow the traffic

>

>

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref
/s.h

tm#xtocid20

>

>

> static

> Maps a local IP address to a global IP address (NAT) and supports TCP
and

> UDP port redirection (static PAT). (Configuration mode.)

>

> [no] static [(internal_if_name, external_if_name)] {tcp | udp}
{global_ip

|

> interface} global_port local_ip local_port [netmask mask] [max_conns

> [em_limit]] [norandomseq]

>

> show static




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45999&t=45945
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Lab Question Mark [7:45980]

[Robert McBride]

Hey,

I just heard that there is no question mark availability on the lab.  Can
anyone give me there experience on this ??

  -Thanks-
 -Robert-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45980&t=45980
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]