RE: VoIP from behind PIX [7:60796]
Voice quality is as you might expect in a situation where you can't control QoS. I would compair it to cell phone quality. You can have some echo, some fade from time to time. We use Sprint for Internet access so remote sites that also use Sprint (or Earthlink) work well almost all the time where as others . . . Hope this helps, Scott --- On Fri 01/10, William Gragido wrote:From: William Gragido [mailto: [EMAIL PROTECTED]]To: [EMAIL PROTECTED], [EMAIL PROTECTED]: Fri, 10 Jan 2003 11:38:23 -0800Subject: RE: VoIP from behind PIX [7:60796]What sorts of performance issues are you noticing on the telephony side ofthe house? You said it was acceptable so on a MOS scale, whats the voicequality like? Thanks.Will-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf [EMAIL PROTECTED]: Friday, January 10, 2003 6:18 AMTo: [EMAIL PROTECTED]: RE: VoIP from behind PIX [7:60796]We have several DSL sites that are composed of a PIX 501 and one or two IPphones. Voice quality is acceptable but not great.Scott --- On Fri 01/10, Simer Mayo wrote:From: Simer Mayo [mailto:[EMAIL PROTECTED]]To: [EMAIL PROTECTED]: Fri, 10 Jan 2003 07:35:17GMTSubject: VoIP from behind PIX [7:60796]1. Will PIX 515 handle VoIPtraffic?2. Will PIX 501 handle VoIP traffic?3. Can we VPN between 2(site-to-site) and pass VoIP traffice thru theVPN Thanks SimerMessage Postedat:http://www.groupstudy.com/form/read.php?f=7i=60796t=60796--FAQ, list archives, and subscriptioninfo: http://www.groupstudy.com/list/cisco.htmlReport misconduct andNondisclosure violations to [EMAIL PROTECTED] Excite! - http://www.excite.comThe most personalized portal on the Web!Message Posted at:http://www.groupstudy.com/form/read.php?f=7i=60812t=60796--FAQ, list archives, and subscription info:http://www.groupstudy.com/list/cisco.htmlReport misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60884t=60796 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TACACS password encryption [7:60886]
Hi all, Am reading cramsession notes and there are statement like this: 1. The entire body of Tacacs+ packet is encrypted is ther is a shared key on the router and server. 2. Tacacs transmits passwords in clear text Dont' they conflict? Is the user password encrypted or not? Thanks Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60886t=60886 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load balancing NAT [7:60663]
Could you change the persistence to use cookies instead of source IP address (assuming it is a browser based connection)? That would allow you to still load balance across the multiple app servers. Clayton Emilia Lambros wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm looking more for a way to play with how the nat pool I have behaves with IP address use. The NAT config and translations are all working, however I can't find a situation online that shows me how I can force translations to not overload quite so much, or how I can make more IP addresses be used so my load balancing works with sticky sessions set. For as long as only 1 IP is being used, all connections to the application servers go to one application server. Even with 2 IPs being used, I would have more of a chance of connections going to the 2nd application server to create some load balancing but as I said, I'm sitting on 8500 connections and 1 IP being used. I know in theory I can go up to 65K+ connections on that 1 IP, but I would prefer more like a couple of hundred per IP. The majority of articles I've read show how to configure, say rotary pools or tcp load distribution but not examples of how you can use it another way that I could perhaps, adapt. As I said though, I can't play with the config because its a live environment so its a little harder to play and test with, without a guarantee that it will work :) -Original Message- From: The Long and Winding Road [mailto:[EMAIL PROTECTED]] Sent: Thursday, 9 January 2003 11:24 AM To: [EMAIL PROTECTED] Subject: Re: Load balancing NAT [7:60663] if you have a CCO customer account, there are a lot of articles in the TAC database this one is a good start, I believe. http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note0 9186a0080093fca.shtml watch the wrap. HTH -- TANSTAAFL there ain't no such thing as a free lunch Emilia Lambros wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I have an application being load balanced at one site (sticky sessions set such that each connection from 1 IP will continue its transactions to the same server it started on) and at another site, the users accessing the load balanced application. The users come in from different office locations across private WAN links, nat inside is on each of their interfaces and on each interface out of the router those WAN links connect to, is nat outside. I have changed their initial configuration based on NAT overload to an interface IP address to be a pool of addresses overloaded. I was hoping that the connections would spill over to the second IP in the pool at some stage sooner than the 8500 NAT connections I have currently, but no go. I may as well have NAT'd to 1 IP again :) Is there a way to overload NAT, but have it using more than 1 IP in the pool? e.g. a pool of 30 IPs, its currently using 1.. I'd love the router to even round robin the use of IPs out of the pool but I can't play with the config to try it (live environment) and can't find any documentation online explaining exactly what I need NAT to do/not do :( Thanks, Em :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60887t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: : Influencing EIGRP to use GRE tunnels over Serial link [7:60888]
Thank you for all that responded to this. Found out that I had to influence the route using the bandwidth and delay properties to change the primary route to MPLS instead of the frame relay link. Cheers, Jamie -Original Message- From: Amar KHELIFI [mailto:[EMAIL PROTECTED]] Sent: January 11, 2003 3:15 PM To: [EMAIL PROTECTED] Subject: Re: RE: : Influencing EIGRP to use GRE tunnels over Serial link [7:60840] Sorry, but i lacked to enphasis some important points that affect the ((bandwith)) command, it is true that the bandwith command affectes only igrp and eigrp route selection, and that it has nothing to do with the actual clock, that is left to the ((clock rate)) command. it is, how ever a good practice in large environments to coordone the bandwith used for specific interfaces throughout the hall network that way the interface type can be predictable in any hope your viewing the routing table @, but you don't have to bother yourself with if you just have a hub and spoke topologie that is not very large, and even though in which case you would implement stubing as it is the most scalable solution in that scenario. excuse the lack of info in the previous message Best Regards, Amar CCNA, CCNP - Original Message - From: Amar KHELIFI To: Sent: Saturday, January 11, 2003 9:30 PM Subject: Re: RE: : Influencing EIGRP to use GRE tunnels over Serial link [7:60840] the BW of the tunnel should not be over that of the T1, assuming all traffic will use the tuunel interface to get to the other site the best way if you are only paasing traffic for a particular network, is to messure the bw used to reach the net by using ip accounting or netflow if you the necessaey ios and hw, and calculate it based on the monitored time to have an average which you will use to split the bandwith between the Physical and logical interfaces. Hope this helps Best Regards Amar CCNA CCNP PS i don't know why i can't send messages to the group - Original Message - From: Newsgroups: groupstudy.cisco Sent: Friday, January 10, 2003 8:53 PM Subject: Re: RE: : Influencing EIGRP to use GRE tunnels over Serial link [7:60840] Thank you for the response. Another peice of the puzzle is that I believe there are two way to influence the EIGRP Table. I could increase the 10.x.x.x tunnel bandwidth or I could advertise the 64.200.x.x network in to the EIGRP metric. Presently the 64.200.x.x network is not advertised in the eigrp table, only the 10.x.x.x is. I believe this is a situation of two way to 'skin' the cat. Just wondering what way is preferred over the other. To further convolude the situation I have another engineer here that believe the delay should be manipulated instead of the bandwidth. Any suggestions are appreciated. Cheers, Jamie - Original Message - From: Georgescu, Aurelian Date: Friday, January 10, 2003 11:21 am Subject: RE: : Influencing EIGRP to use GRE tunnels over Serial link [7:60834] You have to put a bandwidth statement under the tunnel interfaces as well, with a higher value than FR. Aurelian Georgescu -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, January 10, 2003 2:00 PM To: [EMAIL PROTECTED] Subject: : Influencing EIGRP to use GRE tunnels over Serial link [7:60834] Hello all, I have a question. I have gre tunnels going through MPLS running 1.544mbps,running EIGRP. The secondary links are Frame Relay links running at 256kbps per link. Presently EIGRP has calculated the best link to be the SprintLink as there are bandwidth statements in the frame relay subinterface on the remote site: Remote Site In Tampa: interface Serial0/0.2 point-to-point description Connect to Seattle bandwidth 256 ip address 192.168.228.253 255.255.255.0 no ip mroute-cache no cdp enable frame-relay interface-dlci 41 interface Tunnel1 description Tampa Tunnel to Seattle ip address 10.0.48.6 255.255.255.252 tunnel source Serial0/1 tunnel destination 64.200.134.18 ! The Tamp Site connects with Seattle Hub with these configs: interface Tunnel1 description Seattle Tunnel to Tampa ip address 10.0.48.5 255.255.255.252 tunnel source Serial2/0 tunnel destination 64.200.118.162 end interface Serial0/0.8 point-to-point description Seattle to Tampa bandwidth 256 ip address 192.168.228.254 255.255.255.0 no ip route-cache no ip mroute-cache no cdp enable frame-relay interface-dlci 39 I believe the best way to influence EIGRP would be to add a bandwidth statement to the tunnel or the interface to which the tunnel is applied to. One other question. T1 1.544mbps would be 193000 in the
IBGP next-hop-self ? [7:60889]
According to the document, IBGP won't change the next-hop address. In this example, R1, R2, R3 are in AS100, R4 in AS200, R5 in AS300 R1--R5 / \ /\ R2R3-R4 R1 is the RR, next-hop-self is enabled on R3(nei R1) and R1(nei R2 R3). As what I think, the next hop on R2 for R4(AS200) should be R3. But when I tried on IOS 12.1.5(10T), the next-hop on R2 is R1. Thanks Wei Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60889t=60889 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RIP v1 question [7:60885]
bergenpeak wrote in message news:[EMAIL PROTECTED]... Is it possible, using RIPv1, to send advertisements which will be interpreted as /32s? I would think this is not possible as the route would be either advertised as a classful route (when crossing classful boundaries) or would be interpreted as a /30 or larger (based on how the receiving interface is configured). Is there some way to actually cause /32 routes to be advertised and interpreted as /32s in RIPv1? yes, RIPv1 supports host routes. I don't have any routers powered on at the moment, but I will be doing some lab work later tonight and much of tomorrow, so I'll put something together and show you a routing table example. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60890t=60885 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RIP v1 question [7:60885]
bergenpeak wrote in message news:[EMAIL PROTECTED]... Is it possible, using RIPv1, to send advertisements which will be interpreted as /32s? I would think this is not possible as the route would be either advertised as a classful route (when crossing classful boundaries) or would be interpreted as a /30 or larger (based on how the receiving interface is configured). Is there some way to actually cause /32 routes to be advertised and interpreted as /32s in RIPv1? as promised, from a real routing table. note that because of the classful nature of RIPv1, the host routes must fall within the major classfull network of the particular interface. Otherwise, what is received is a classfull summary. For this example, note the /32's, indicative of a host route. Gateway of last resort is not set 222.222.222.0/32 is subnetted, 1 subnets C 222.222.222.5 is directly connected, Loopback1001 22.0.0.0/8 is variably subnetted, 4 subnets, 2 masks R 22.2.2.4/32 [120/1] via 22.1.1.4, 00:00:01, TokenRing0 R 22.2.2.3/32 [120/1] via 22.1.1.3, 00:00:01, TokenRing0 C 22.1.1.0/24 is directly connected, TokenRing0 R 22.2.2.44/32 [120/1] via 22.1.1.4, 00:00:01, TokenRing0 179.1.0.0/24 is subnetted, 1 subnets C 179.1.5.0 is directly connected, Loopback101 R197.1.3.0/24 [120/1] via 22.1.1.4, 00:00:02, TokenRing0 R197.1.5.0/24 [120/1] via 22.1.1.4, 00:00:02, TokenRing0 Router_5# Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60892t=60885 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX DHCP problem [7:60893]
I have a PIX 506 and would like to use it for my home office. My ISP assigns dynamic IP to me. I can see my PIX 506 got the IP address but I can't ping anywhere. I don't know if it gets default gateway. How do I verify? Thanks. Yoshi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60893t=60893 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: virtual labs [7:60700]
Why don't you do this... 1) Organize your thoughts and create an approach concerning things you want to learn and improve. 2) Collect the information you need regarding your next Cisco exam. You may pick up two subjects at once (routing switching). 3) Read the blueprint of your next exam and make sure that you know - theoretically - what each one means and its basic concepts. Would be really nice if you knew the command syntax also. Once finished, email me at [EMAIL PROTECTED] I'll share my home lab with you. I can't offer you an excellent stuff, even though I don't have a great cisco lab. This is what've got on so far: - 4 Cisco 2501 - 2 Cisco 2502 - 1 Cisco 2523 - 2 Catalyst 2916 with modules supporting ISL/dot1q - 1 Catalyst 1900 With all this you can practice a lot of things, but I will not be able to help you on remote access subjects. I think it's better than nothing. You access it once or twice, prior taking the exam.. so you can play a lot and become familiar with the environment. This will help you for your examination. Do you know what I mean? You play it, online. Other options are www.networkforce.com, www.ccprep.com. But you will have to pay for it. Let me know what you think. Regards, -- Leonardo Furtado Network Engineering and Security Architecture reddyred wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Has anyone found any cheap, USEFUL virtual labs for the CCNP track. I'm currently an unemployed CCNA and don't have $1,000 bucks for online labs nor equipment Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60891t=60700 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Network Academy Router Simulator [7:60894]
Hi all, I recently, kind of, stumbled onto an instructor's webpage that allows free, uncontrolled download of the Network Academy Router Simulator. Anyone who accesses this page can download this simulator. I believe the instructor is an academy instructor. Has there been any form of violation? Thanks, cheekin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60894t=60894 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
