RE: wireless security and VPN software? [7:73988]
Being in healthcare, I have some strong views on this topic. Unfortunately, I'm cramming for the CSI test I have tomorrow, and I still have two chapters to go through on the KnowledgeNet course. So, you will just have to wait... LOL Expect some comments on EAP-TLS, WPA, and assorted technologies. For now, I have to get some sleep, and study ;-) Priscilla - Send me your email address... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 7:52 PM To: [EMAIL PROTECTED] Subject: wireless security and VPN software? [7:73988] For a large campus network that has a need for wireless access in conference rooms, cafeterias, etc., would it be overkill to require wireless clients to use VPN IPSec software to access the campus network? This is for a customer who is paranoid about security and understands the tradeoff of ease-of-use versus security. There are othere downsides with requiring VPN software, of course, including the usual issues of incompatibility with some apps, the lack of support for protocols other than IP, and the lack of support for multicast applications (from what I understand). Also, we have to consider the scalability of the current VPN solution and whether it can support numerous transient wireless users, but we think it can. There are many advantages with IPSec too, like support for encryption that actually works... What do you all think? Do any of you require your campus wireless users to use VPN software? Sorry if it's a stupid question. Priscilla **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74002t=73988 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
PIX timeout uauth [7:73995]
I have a site to site tunnel between 2 sites with PIX 515e. The tunnel between the sites goes in a sleep mode every morning and I have to ping site 2 PC IP address from a PC behind the PIX in site 1 to get the tunnel back online. timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute uauth 00:25:00 inactivity Please advice. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73995t=73995 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: What cables need to be used for an AS2511-rj [7:73987]
Hi Natachaya, Answer to your question: Roll-Over. If you want to connect from a Cisco 2511 Terminal Server to another Cisco device on the console port then you need a Roll-Over cable, 9 times out of ten. A Roll-Over cable is what is sais, it rolls the cable completely over so that if the blue wire started on pin 1 on one side it is now on pin 8 on the other side. If you have any problems with the configuration then give me a shout. Have fun, Brian. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74003t=73987 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: 3750 Capability [7:73989]
What about RMON/SNMP in combi with managament software? Statistics (RMON group 1)-Collects Ethernet, Fast Ethernet, and Gigabit Ethernet statistics on an interface. History (RMON group 2)-Collects a history group of statistics on Ethernet, Fast Ethernet, and Gigabit Ethernet interfaces for a specified polling interval. Alarm (RMON group 3)-Monitors a specific management information base (MIB) object for a specified interval, triggers an alarm at a specified value (rising threshold), and resets the alarm at another value (falling threshold). Alarms can be used with events; the alarm triggers an event, which can generate a log entry or an SNMP trap. Event (RMON group 9)-Determines the action to take when an event is triggered by an alarm. The action can be to generate a log entry or an SNMP trap. Martijn -Oorspronkelijk bericht- Van: Azhar Teza [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 15 augustus 2003 1:58 Aan: [EMAIL PROTECTED] Onderwerp: 3750 Capability [7:73989] Netflow Switching Card on 6509 allow administer to monitor traffic rightdown the plumbing level. For Example if one of the ports on 6509 is connected to a workstation, with netflow card one could determine in seconds that what kind of traffic is passed on that port, like video streaming, or users is downloading 10.0mb file and so on. Am I correct? If swithes such as 3750 (fairly new products) are stacked in IDF's and there is a issue with the port then how can one achieve the same results in 3750 switches as one can do it with netflow card in 6509 switches. Are there any features that can allow me to monitor traffic at plumbing level such as If user's port is bogged down because of video streaming in Cisco 3750 switches. ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74007t=73989 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: What cables need to be used for an AS2511-rj [7:73987]
Thank you again for all the responses. Does anyone have a sample reverse telnet configuration I can attempt to apply on my router? Daniel, I realize that you man of mis-read what I typed but I was asking about an AS2511-RJ. The rj specifically means non octal cable but rj45 ports. And apparently the answer that I couldnt find is using a roll-over cable. Once again... thanx guys! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74006t=73987 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: What cables need to be used for an AS2511-rj [7:73987]
here you go: Terminal_Serveren Password: Terminal_Server#sh run Building configuration... Current configuration: ! version 11.0 service timestamps log uptime no service udp-small-servers no service tcp-small-servers ! hostname Terminal_Server ! enable password cisco ! no ip domain-lookup ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface Ethernet0 ip address 10.0.0.99 255.0.0.0 ! interface Serial0 no ip address shutdown ! interface Serial1 no ip address shutdown ! ip host R8 2008 1.1.1.1 ip host SW1 2009 1.1.1.1 ip host R9 2011 1.1.1.1 ip host R10 2011 1.1.1.1 ip host R1 2001 1.1.1.1 ip host R2 2002 1.1.1.1 ip host R3 2003 1.1.1.1 ip host R4 2004 1.1.1.1 ip host R5 2005 1.1.1.1 ip host R6 2006 1.1.1.1 ip host R7 2007 1.1.1.1 ip host SW2 2010 1.1.1.1 ip route 0.0.0.0 0.0.0.0 10.0.0.2 banner exec ^C ## # 1. R1 (2501) # # 2. R2 (2501) # # 3. R3 (2502) # # 4. R4 (2502) # # 5. R5 (2503) # # 6. R6 (2503) # # 7. R7 (2509) # # 8. R8 (4500) # # 9. SW1 (3524) # #10. SW2 (2924) # #11. R9 (3630) # #12. - # #13. - # #14. - # #15. - # #16. - # ## ^C banner motd ^C # # # #Welcome to the # # # # CCIE-LAB# # # # Terminal Server# # # #You can access this TS lab from# # # # # # # # Please use your loginname and password for login # # # # # # # # # # # * * This is a private computer facility. Access to the facility * * must be specifically authorized. If you are not authorized, * * your continued access and further inquiry will expose you to * * criminal and/or civil proceedings.* * * * Thank You,* * ^C alias exec sr show run alias exec ss show startup alias exec ct config terminal alias exec sir show ip route alias exec siib show ip interface brief alias exec crs copy run start ! line con 0 line 1 16 no exec transport input all line aux 0 transport input all line vty 0 4 password cisco login ! end Terminal_Server# Quoting Aspiring Cisco Gurl : Thank you again for all the responses. Does anyone have a sample reverse telnet configuration I can attempt to apply on my router? Daniel, I realize that you man of mis-read what I typed but I was asking about an AS2511-RJ. The rj specifically means non octal cable but rj45 ports. And apparently the answer that I couldnt find is using a roll-over cable. Once again... thanx guys! **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Iwan Hoogendoorn Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74011t=73987 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Books for CCNP [7:74010]
Hi to Everybody, I am starting to prepare for the CCNP. What can you recommend for a better books for BSCI? Thanks, June Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74010t=74010 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: What cables need to be used for an AS2511-rj [7:73987]
Hi Natchaya, Here is an example configuration that should help you out. ! conf t ! ! int e 0 ip address 192.168.0.1 255.255.255.0 no shut no keepalive exit ! ! menu console_menu title / Welcome to the Foo Out Of Band Terminal Server To disconnect a session, please press , enter X and then enter 18 to disconnect. Type a number to select an option; Type 17 to exit the menu. 1. Device A Console 2. Device B Console 3. Device C Console 4. Device D Console 5. Device E Console 6. Device F Console 7. Device G Console 8. Device H Console 9. Device I Console 10. Device J Console 11. Device K Console 12. Device L Console 13. Device M Console 14. Device N Console 15. Device O Console 16. Device P Console 17. Exit 18. Disconnect your present Serial connection / ! ! ! menu console_menu command 1 connect 192.168.0.1 2001 menu console_menu command 2 connect 192.168.0.1 2002 menu console_menu command 3 connect 192.168.0.1 2003 menu console_menu command 4 connect 192.168.0.1 2004 menu console_menu command 5 connect 192.168.0.1 2005 menu console_menu command 6 connect 192.168.0.1 2006 menu console_menu command 7 connect 192.168.0.1 2007 menu console_menu command 8 connect 192.168.0.1 2008 menu console_menu command 9 connect 192.168.0.1 2009 menu console_menu command 10 connect 192.168.0.1 2010 menu console_menu command 11 connect 192.168.0.1 2011 menu console_menu command 12 connect 192.168.0.1 2012 menu console_menu command 13 connect 192.168.0.1 2013 menu console_menu command 14 connect 192.168.0.1 2014 menu console_menu command 15 connect 192.168.0.1 2015 menu console_menu command 16 connect 192.168.0.1 2016 menu console_menu command 17 menu-exit menu console_menu command 18 disconnect menu console_menu clear-screen menu console_menu status-line menu console_menu line-mode menu console_menu single-space ! ! line 1 16 session-timeout 120 no exec exec-timeout 120 0 password cisco login transport input all stopbits 1 exit ! line con 0 login password cisco autocommand menu console_menu exit ! ! It has a bit more than you normally need, but it is also nice and friendly. If I break the configuration down you will see that I have put the IP Address 192.168.0.1 255.255.255.0 on Ethernet 0. In addition I have put in the no keepalive command, which allows you to reverse telnet to the device even though you do not have an actual LINK on Ethernet 0. If you do not use the no keepalive command then you actually have to have a LINK on E0. Then you will see that I have put in a MENU called console_menu. When you connect to the console of the Terminal Server, this menu appears automatically due to the autocommand menu console_menu command. Next you will notice all of the menu console_menu command commands towards the end of the config, which will be executed when you type the corresponding number when the menu has appeared. That means that if you type a 3 when the menu appears then it will execute a connect 192.168.0.1 2003 which means that it does a reverse telnet to port 2003. This connnects you to CONSOLE Port 3 on your Terminal Server. If you have any problems with this configuration, give me a shout. Have fun, Brian. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74009t=73987 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: wireless security and VPN software? [7:73988]
.. not a stupid question at all. The issues we ran into: 1. We put the wireless users on a completely untrusted segment 2. We needed to permit DHCP+DNS to clients pre-VPN connection DHCP to get an IP, obviously DNS because our VPN Profiles used DNS names 3. We needed to also permit access to the concentrator(s) (seems obvious, but you'd be surprised ... ) 4. We used CS-ACS for the auth., this works reasonably well for us. (aside from not being able to apply service packs to Win2k in a timely fashiondammit) Other issues: 1. Make sure your WAP's and VPN Concentrators are able to handle double the expected load . 2. Make sure you have good WAP coverage - once they can get wireless access from anywhere users will be miffed if they can't get access from their favorite corner of the lunchroom. 3. Maybe someone else has a answer for this - but one problem we do have is when a user roams from one WAP-area to another their VPN gets dropped. 4. If using all one brand you can go for other security options (e.g.-LEAP) 5. If it is a static, reasonably small user population you could also go for mac filtering. (I know - you can get around this, but ... think layers) The truly surprising part is that the client is willing to consider making a performance/ease-of-use sacrifices for security! You should run with it. Thanks! TJ -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 7:52 PM To: [EMAIL PROTECTED] Subject: wireless security and VPN software? [7:73988] For a large campus network that has a need for wireless access in conference rooms, cafeterias, etc., would it be overkill to require wireless clients to use VPN IPSec software to access the campus network? This is for a customer who is paranoid about security and understands the tradeoff of ease-of-use versus security. There are othere downsides with requiring VPN software, of course, including the usual issues of incompatibility with some apps, the lack of support for protocols other than IP, and the lack of support for multicast applications (from what I understand). Also, we have to consider the scalability of the current VPN solution and whether it can support numerous transient wireless users, but we think it can. There are many advantages with IPSec too, like support for encryption that actually works... What do you all think? Do any of you require your campus wireless users to use VPN software? Sorry if it's a stupid question. Priscilla ** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74013t=73988 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Line Redundancy [7:73931]
How about this. I'll give some tips since nobody is replying. Different pairs of copper. Different dsl provider. 2 Different ip subnets/29? Double global pools on pix e0. dougble nat to double internal ip's for mail(1 nic). double public dns records for mx mail etc. different prio. try to mix and match with pix for routes (outside) subnet 1 to mail external mail relayer DG 1 AD 10 routes (outside) subnet 2 to mail external mail relayer DG 2 AD 20 so some kind of static failover/load balance. or something. Martijn -Oorspronkelijk bericht- Van: E. Keith J. [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 12 augustus 2003 19:38 Aan: [EMAIL PROTECTED] Onderwerp: Line Redundancy [7:73931] Hi all, I need some Line or Internet redundancy for a relatively small network. We currently have a SDSL line from speakeasy which resells Covad. I need another type of line that would remain up if this line went down as it recently did. Now they believe me about redundancy! To my understanding it is really difficult to get different connections in the last mile? From the CO to the site. Nonetheless any redundancy is better than absolutely none. I think T1 is a choice as it is logically different. Still may not protect me in the last mile but better than nothing. The T1 would become the primary connection with the SDSL becoming the backup. Id like to use a 515 to bring in both lines. A phone line would not meet the requirements needed. I understand having a ASDL line and SDSL line would use different hardware. This would be a choice if I cannot get the dollars for the above. We are still a small company. Maybe 50 employees, but growing. what other choices might I have? I'm in the California bay area if that helps. Thanks Keith J. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74008t=73931 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
PIX xlate question [7:74012]
why would I see the folowing when I do sh xlate on the pix, i.e. one global address is beeing translated to the next in line global address ? and sugestions would be welcome Global 213.213.128.143 Local 213.213.128.142 Global 213.213.128.142 Local 213.213.128.141 Global 213.213.128.137 Local 213.213.128.136 Global 213.213.128.136 Local 213.213.128.135 Global 213.213.128.139 Local 213.213.128.138 Global 213.213.128.138 Local 213.213.128.137 Global 213.213.128.133 Local 217.3.103.62 Global 213.213.128.132 Local 213.213.128.131 Global 213.213.128.135 Local 213.213.128.134 Global 213.213.128.134 Local 213.213.128.133 Global 213.213.128.129 Local 213.213.128.128 Global 213.213.128.128 Local 213.213.128.127 Global 213.213.128.131 Local 213.213.128.130 Global 213.213.128.130 Local 213.213.128.129 Global 213.213.128.189 Local 213.213.128.188 Global 213.213.128.188 Local 213.213.128.187 Global 213.213.128.191 Local 200.65.74.239 Global 213.213.128.190 Local 213.213.128.189 Global 213.213.128.185 Local 213.213.128.184 Global 213.213.128.184 Local 213.213.128.183 Global 213.213.128.187 Local 213.213.128.186 Global 213.213.128.186 Local 213.213.128.185 Global 213.213.128.181 Local 213.213.128.180 Global 213.213.128.180 Local 213.213.128.179 Global 213.213.128.183 Local 213.213.128.182 Global 213.213.128.182 Local 213.213.128.181 Global 213.213.128.177 Local 213.213.128.176 Global 213.213.128.176 Local 213.213.128.175 Global 213.213.128.179 Local 213.213.128.178 Global 213.213.128.178 Local 213.213.128.177 Global 213.213.128.173 Local 213.213.138.210 Global 213.213.128.172 Local 10.200.20.124 Global 213.213.128.175 Local 213.213.128.174 Global 213.213.128.174 Local 213.213.128.173 Global 213.213.128.169 Local 213.213.128.168 Global 213.213.128.168 Local 213.213.128.167 Global 213.213.128.171 Local 213.213.128.170 Global 213.213.128.170 Local 213.213.128.169 Global 213.213.128.165 Local 213.213.128.164 Global 213.213.128.164 Local 213.213.128.163 Global 213.213.128.167 Local 213.213.128.166 Global 213.213.128.166 Local 213.213.128.165 Global 213.213.128.161 Local 213.213.128.160 Global 213.213.128.160 Local 213.213.128.159 Global 213.213.128.163 Local 213.213.128.162 Global 213.213.128.162 Local 213.213.128.161 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74012t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: hsrp and icmp redirects [7:73972]
How do all incoming routes/gateway branchoffice routes look? Martijn -Oorspronkelijk bericht- Van: Robert Kimble [mailto:[EMAIL PROTECTED] Verzonden: donderdag 14 augustus 2003 16:57 Aan: [EMAIL PROTECTED] Onderwerp: hsrp and icmp redirects [7:73972] Ok. I'll try to explain what happened as best as I can. We have two 6509's each with an msfc and until last night we were only using the msfc on one of them. Last night I brought up the second msfc and set up hsrp between the two. everything worked great here in the office last night. However, this morning our branch offices had no connectivity to us. My boss went in and turned off icmp redirects on the vlan interfaces on the second msfc and everything was fine. 1. I thought icmp redirects were disabled automatically when you configure hsrp on an interface. 2. How did turning off the redirects fix the problem? (I would ask my boss but I probably look bad enough). Any way. Please let me know if you need more info to answer this question. -Bobby **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74005t=73972 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX xlate question [7:74012]
PLS give, just to be sure, Global and NAT statements. Martijn -Oorspronkelijk bericht- Van: Skarphedinsson Arni V. [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 15 augustus 2003 12:34 Aan: [EMAIL PROTECTED] Onderwerp: PIX xlate question [7:74012] why would I see the folowing when I do sh xlate on the pix, i.e. one global address is beeing translated to the next in line global address ? and sugestions would be welcome Global 213.213.128.143 Local 213.213.128.142 Global 213.213.128.142 Local 213.213.128.141 Global 213.213.128.137 Local 213.213.128.136 Global 213.213.128.136 Local 213.213.128.135 Global 213.213.128.139 Local 213.213.128.138 Global 213.213.128.138 Local 213.213.128.137 Global 213.213.128.133 Local 217.3.103.62 Global 213.213.128.132 Local 213.213.128.131 Global 213.213.128.135 Local 213.213.128.134 Global 213.213.128.134 Local 213.213.128.133 Global 213.213.128.129 Local 213.213.128.128 Global 213.213.128.128 Local 213.213.128.127 Global 213.213.128.131 Local 213.213.128.130 Global 213.213.128.130 Local 213.213.128.129 Global 213.213.128.189 Local 213.213.128.188 Global 213.213.128.188 Local 213.213.128.187 Global 213.213.128.191 Local 200.65.74.239 Global 213.213.128.190 Local 213.213.128.189 Global 213.213.128.185 Local 213.213.128.184 Global 213.213.128.184 Local 213.213.128.183 Global 213.213.128.187 Local 213.213.128.186 Global 213.213.128.186 Local 213.213.128.185 Global 213.213.128.181 Local 213.213.128.180 Global 213.213.128.180 Local 213.213.128.179 Global 213.213.128.183 Local 213.213.128.182 Global 213.213.128.182 Local 213.213.128.181 Global 213.213.128.177 Local 213.213.128.176 Global 213.213.128.176 Local 213.213.128.175 Global 213.213.128.179 Local 213.213.128.178 Global 213.213.128.178 Local 213.213.128.177 Global 213.213.128.173 Local 213.213.138.210 Global 213.213.128.172 Local 10.200.20.124 Global 213.213.128.175 Local 213.213.128.174 Global 213.213.128.174 Local 213.213.128.173 Global 213.213.128.169 Local 213.213.128.168 Global 213.213.128.168 Local 213.213.128.167 Global 213.213.128.171 Local 213.213.128.170 Global 213.213.128.170 Local 213.213.128.169 Global 213.213.128.165 Local 213.213.128.164 Global 213.213.128.164 Local 213.213.128.163 Global 213.213.128.167 Local 213.213.128.166 Global 213.213.128.166 Local 213.213.128.165 Global 213.213.128.161 Local 213.213.128.160 Global 213.213.128.160 Local 213.213.128.159 Global 213.213.128.163 Local 213.213.128.162 Global 213.213.128.162 Local 213.213.128.161 **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74014t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
642-801 Routing [7:74015]
Anybody who recently Pass this exame ? How much IPv6 in questions ? joupin.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74015t=74015 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: PIX xlate question [7:74012]
Skarphedinsson Arni V. wrote: why would I see the following when I do sh xlate on the pix, i.e. one global address is beeing translated to the next in line global address ? and sugestions would be welcome Global 213.213.128.143 Local 213.213.128.142 Global 213.213.128.142 Local 213.213.128.141 Global 213.213.128.137 Local 213.213.128.136 Global 213.213.128.136 Local 213.213.128.135 Global 213.213.128.139 Local 213.213.128.138 Global 213.213.128.138 Local 213.213.128.137 Global 213.213.128.133 Local 217.3.103.62 Global 213.213.128.132 Local 213.213.128.131 Global 213.213.128.135 Local 213.213.128.134 Global 213.213.128.134 Local 213.213.128.133 Global 213.213.128.129 Local 213.213.128.128 Global 213.213.128.128 Local 213.213.128.127 Global 213.213.128.131 Local 213.213.128.130 Global 213.213.128.130 Local 213.213.128.129 Global 213.213.128.189 Local 213.213.128.188 Global 213.213.128.188 Local 213.213.128.187 Global 213.213.128.191 Local 200.65.74.239 Global 213.213.128.190 Local 213.213.128.189 Global 213.213.128.185 Local 213.213.128.184 Global 213.213.128.184 Local 213.213.128.183 Global 213.213.128.187 Local 213.213.128.186 Global 213.213.128.186 Local 213.213.128.185 Global 213.213.128.181 Local 213.213.128.180 Global 213.213.128.180 Local 213.213.128.179 Global 213.213.128.183 Local 213.213.128.182 Global 213.213.128.182 Local 213.213.128.181 Global 213.213.128.177 Local 213.213.128.176 Global 213.213.128.176 Local 213.213.128.175 Global 213.213.128.179 Local 213.213.128.178 Global 213.213.128.178 Local 213.213.128.177 Global 213.213.128.173 Local 213.213.138.210 Global 213.213.128.172 Local 10.200.20.124 Global 213.213.128.175 Local 213.213.128.174 Global 213.213.128.174 Local 213.213.128.173 Global 213.213.128.169 Local 213.213.128.168 Global 213.213.128.168 Local 213.213.128.167 Global 213.213.128.171 Local 213.213.128.170 Global 213.213.128.170 Local 213.213.128.169 Global 213.213.128.165 Local 213.213.128.164 Global 213.213.128.164 Local 213.213.128.163 Global 213.213.128.167 Local 213.213.128.166 Global 213.213.128.166 Local 213.213.128.165 Global 213.213.128.161 Local 213.213.128.160 Global 213.213.128.160 Local 213.213.128.159 Global 213.213.128.163 Local 213.213.128.162 Global 213.213.128.162 Local 213.213.128.161 **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html I haven't seen this before, how are you handling IP when they pass through the PIX? Can you post the config for NAT/pat/static? and or post a show xlate detail Cheers Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74016t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Books for CCNP [7:74010]
I've always used cisco press, exam cram, and routersim. Although, I used the Sybex book for the remote access test and it was definitely top notch. I know a couple people who used the sybex book for the bsci and they swear by it. As far as practice tests go I would recomend transcender. Hope that helps ;-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74019t=74010 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
hsrp default route in ospf [7:74017]
Howdy all, I have two 6509's with hsrp running between their msfc's. OSPF is advertising the ip addresses of interfaces of the routers instead of the virtual ip that I set up in hsrp. Since hsrp fails over faster than ospf, I was wondering if there is a way to have ospf advertise the virtual ip address instead of the interface addresses? Any suggestions are much appreciated ;-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74017t=74017 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX xlate question [7:74012]
you're doing one-for-one NATing. i'll bet your argument states a range of global IP addresses to translate to the local subnet... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pat Donlon Sent: Friday, August 15, 2003 6:24 AM To: [EMAIL PROTECTED] Subject: Re: PIX xlate question [7:74012] Skarphedinsson Arni V. wrote: why would I see the following when I do sh xlate on the pix, i.e. one global address is beeing translated to the next in line global address ? and sugestions would be welcome Global 213.213.128.143 Local 213.213.128.142 Global 213.213.128.142 Local 213.213.128.141 Global 213.213.128.137 Local 213.213.128.136 Global 213.213.128.136 Local 213.213.128.135 Global 213.213.128.139 Local 213.213.128.138 Global 213.213.128.138 Local 213.213.128.137 Global 213.213.128.133 Local 217.3.103.62 Global 213.213.128.132 Local 213.213.128.131 Global 213.213.128.135 Local 213.213.128.134 Global 213.213.128.134 Local 213.213.128.133 Global 213.213.128.129 Local 213.213.128.128 Global 213.213.128.128 Local 213.213.128.127 Global 213.213.128.131 Local 213.213.128.130 Global 213.213.128.130 Local 213.213.128.129 Global 213.213.128.189 Local 213.213.128.188 Global 213.213.128.188 Local 213.213.128.187 Global 213.213.128.191 Local 200.65.74.239 Global 213.213.128.190 Local 213.213.128.189 Global 213.213.128.185 Local 213.213.128.184 Global 213.213.128.184 Local 213.213.128.183 Global 213.213.128.187 Local 213.213.128.186 Global 213.213.128.186 Local 213.213.128.185 Global 213.213.128.181 Local 213.213.128.180 Global 213.213.128.180 Local 213.213.128.179 Global 213.213.128.183 Local 213.213.128.182 Global 213.213.128.182 Local 213.213.128.181 Global 213.213.128.177 Local 213.213.128.176 Global 213.213.128.176 Local 213.213.128.175 Global 213.213.128.179 Local 213.213.128.178 Global 213.213.128.178 Local 213.213.128.177 Global 213.213.128.173 Local 213.213.138.210 Global 213.213.128.172 Local 10.200.20.124 Global 213.213.128.175 Local 213.213.128.174 Global 213.213.128.174 Local 213.213.128.173 Global 213.213.128.169 Local 213.213.128.168 Global 213.213.128.168 Local 213.213.128.167 Global 213.213.128.171 Local 213.213.128.170 Global 213.213.128.170 Local 213.213.128.169 Global 213.213.128.165 Local 213.213.128.164 Global 213.213.128.164 Local 213.213.128.163 Global 213.213.128.167 Local 213.213.128.166 Global 213.213.128.166 Local 213.213.128.165 Global 213.213.128.161 Local 213.213.128.160 Global 213.213.128.160 Local 213.213.128.159 Global 213.213.128.163 Local 213.213.128.162 Global 213.213.128.162 Local 213.213.128.161 **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html I haven't seen this before, how are you handling IP when they pass through the PIX? Can you post the config for NAT/pat/static? and or post a show xlate detail Cheers Pat **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74020t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX timeout uauth [7:73995]
Simer, I always leave all timers standard. That works. I keep PIXOS versions in sync. When you ping from site 2 in the morning, tunnel should also come up. Double check all the access-lists/peer statements. Martijn -Oorspronkelijk bericht- Van: Simer Mayo [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 15 augustus 2003 6:46 Aan: [EMAIL PROTECTED] Onderwerp: PIX timeout uauth [7:73995] I have a site to site tunnel between 2 sites with PIX 515e. The tunnel between the sites goes in a sleep mode every morning and I have to ping site 2 PC IP address from a PC behind the PIX in site 1 to get the tunnel back online. timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute uauth 00:25:00 inactivity Please advice. Thanks **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74004t=73995 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: PIX timeout uauth [7:74018]
The parameters you should be concerned with are: isakmp policy 10 lifetime 86400 crypto ipsec security-association lifetime seconds 3600 After 24 hours, phase I key will be re-nego. Phase II key will be re-nego. after 1 hours. Simer Mayo wrote: I have a site to site tunnel between 2 sites with PIX 515e. The tunnel between the sites goes in a sleep mode every morning and I have to ping site 2 PC IP address from a PC behind the PIX in site 1 to get the tunnel back online. timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute uauth 00:25:00 inactivity Please advice. Thanks - Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74018t=74018 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: hsrp default route in ospf [7:74017]
Why would that not make sense? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74023t=74017 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX xlate question [7:74012]
Oops. Didn't look at the output closely enough. Can you send the NAT statements? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edward Sohn Sent: Friday, August 15, 2003 7:36 AM To: [EMAIL PROTECTED] Subject: RE: PIX xlate question [7:74012] you're doing one-for-one NATing. i'll bet your argument states a range of global IP addresses to translate to the local subnet... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pat Donlon Sent: Friday, August 15, 2003 6:24 AM To: [EMAIL PROTECTED] Subject: Re: PIX xlate question [7:74012] Skarphedinsson Arni V. wrote: why would I see the following when I do sh xlate on the pix, i.e. one global address is beeing translated to the next in line global address ? and sugestions would be welcome Global 213.213.128.143 Local 213.213.128.142 Global 213.213.128.142 Local 213.213.128.141 Global 213.213.128.137 Local 213.213.128.136 Global 213.213.128.136 Local 213.213.128.135 Global 213.213.128.139 Local 213.213.128.138 Global 213.213.128.138 Local 213.213.128.137 Global 213.213.128.133 Local 217.3.103.62 Global 213.213.128.132 Local 213.213.128.131 Global 213.213.128.135 Local 213.213.128.134 Global 213.213.128.134 Local 213.213.128.133 Global 213.213.128.129 Local 213.213.128.128 Global 213.213.128.128 Local 213.213.128.127 Global 213.213.128.131 Local 213.213.128.130 Global 213.213.128.130 Local 213.213.128.129 Global 213.213.128.189 Local 213.213.128.188 Global 213.213.128.188 Local 213.213.128.187 Global 213.213.128.191 Local 200.65.74.239 Global 213.213.128.190 Local 213.213.128.189 Global 213.213.128.185 Local 213.213.128.184 Global 213.213.128.184 Local 213.213.128.183 Global 213.213.128.187 Local 213.213.128.186 Global 213.213.128.186 Local 213.213.128.185 Global 213.213.128.181 Local 213.213.128.180 Global 213.213.128.180 Local 213.213.128.179 Global 213.213.128.183 Local 213.213.128.182 Global 213.213.128.182 Local 213.213.128.181 Global 213.213.128.177 Local 213.213.128.176 Global 213.213.128.176 Local 213.213.128.175 Global 213.213.128.179 Local 213.213.128.178 Global 213.213.128.178 Local 213.213.128.177 Global 213.213.128.173 Local 213.213.138.210 Global 213.213.128.172 Local 10.200.20.124 Global 213.213.128.175 Local 213.213.128.174 Global 213.213.128.174 Local 213.213.128.173 Global 213.213.128.169 Local 213.213.128.168 Global 213.213.128.168 Local 213.213.128.167 Global 213.213.128.171 Local 213.213.128.170 Global 213.213.128.170 Local 213.213.128.169 Global 213.213.128.165 Local 213.213.128.164 Global 213.213.128.164 Local 213.213.128.163 Global 213.213.128.167 Local 213.213.128.166 Global 213.213.128.166 Local 213.213.128.165 Global 213.213.128.161 Local 213.213.128.160 Global 213.213.128.160 Local 213.213.128.159 Global 213.213.128.163 Local 213.213.128.162 Global 213.213.128.162 Local 213.213.128.161 **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html I haven't seen this before, how are you handling IP when they pass through the PIX? Can you post the config for NAT/pat/static? and or post a show xlate detail Cheers Pat **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74021t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: hsrp default route in ospf [7:74017]
No, that would not make sense. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Robert Kimble [mailto:[EMAIL PROTECTED] Sent: Friday, August 15, 2003 9:43 AM To: [EMAIL PROTECTED] Subject: hsrp default route in ospf [7:74017] Howdy all, I have two 6509's with hsrp running between their msfc's. OSPF is advertising the ip addresses of interfaces of the routers instead of the virtual ip that I set up in hsrp. Since hsrp fails over faster than ospf, I was wondering if there is a way to have ospf advertise the virtual ip address instead of the interface addresses? Any suggestions are much appreciated ;-) **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74022t=74017 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: 642-801 Routing [7:74015]
None on mine. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74024t=74015 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
ACL for DMVPN [7:74028]
I got a lab setup simulating DMVPN with IPSec over GRE. I would like to apply an access control list to the outside interface of the routers to block everything, except for TCP/UPD ports that are needed for GRE, IPSec, IKE and those related to DMVPN implementation. Does someone know what ports should I open on the ACL? Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74028t=74028 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: wireless security and VPN software? [7:73988]
Reimer, Fred wrote: Being in healthcare, I have some strong views on this topic. Unfortunately, I'm cramming for the CSI test I have tomorrow, and I still have two chapters Good luck on the test. to go through on the KnowledgeNet course. So, you will just have to wait... LOL Expect some comments on EAP-TLS, WPA, and assorted technologies. Sounds great. I'd love to hear your comments on EAP-TLS, WPA, (RSN?) Thanks in advance and thanks to everyone else who answered too. For now, I have to get some sleep, and study ;-) Priscilla - Send me your email address... I can do that, but please post comments for all to see so everyone benefits. Thanks. Priscilla Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 7:52 PM To: [EMAIL PROTECTED] Subject: wireless security and VPN software? [7:73988] For a large campus network that has a need for wireless access in conference rooms, cafeterias, etc., would it be overkill to require wireless clients to use VPN IPSec software to access the campus network? This is for a customer who is paranoid about security and understands the tradeoff of ease-of-use versus security. There are othere downsides with requiring VPN software, of course, including the usual issues of incompatibility with some apps, the lack of support for protocols other than IP, and the lack of support for multicast applications (from what I understand). Also, we have to consider the scalability of the current VPN solution and whether it can support numerous transient wireless users, but we think it can. There are many advantages with IPSec too, like support for encryption that actually works... What do you all think? Do any of you require your campus wireless users to use VPN software? Sorry if it's a stupid question. Priscilla **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74027t=73988 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: hsrp default route in ospf [7:74017]
Because the HSRP virtual IP address is used only by the directly connected hosts (as a gateway), not by the remote devices that learn the routes via OSPF. Thanks, Zsombor Robert Kimble wrote: Why would that not make sense? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74025t=74017 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: hsrp default route in ospf [7:74017]
That makes sense. I managed to find the same answer after doing some reading on Cisco's site. I appreciate the info. Thanks Zsombor! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74026t=74017 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: PIX xlate question [7:74012]
Your pool may consist of addresses from the local addresses, and the xlates are occuring on a catch as catch basis, which acconts for the weird results of your show command.. Assuming your local addresses are 213.x.x.x, your pool of addresses to which these locals are to be translated is also 213.x.x.xyou apparently have a case of unintional identity NAT here Skarphedinsson Arni V. wrote in message news:[EMAIL PROTECTED] why would I see the folowing when I do sh xlate on the pix, i.e. one global address is beeing translated to the next in line global address ? and sugestions would be welcome Global 213.213.128.143 Local 213.213.128.142 Global 213.213.128.142 Local 213.213.128.141 Global 213.213.128.137 Local 213.213.128.136 Global 213.213.128.136 Local 213.213.128.135 Global 213.213.128.139 Local 213.213.128.138 Global 213.213.128.138 Local 213.213.128.137 Global 213.213.128.133 Local 217.3.103.62 Global 213.213.128.132 Local 213.213.128.131 Global 213.213.128.135 Local 213.213.128.134 Global 213.213.128.134 Local 213.213.128.133 Global 213.213.128.129 Local 213.213.128.128 Global 213.213.128.128 Local 213.213.128.127 Global 213.213.128.131 Local 213.213.128.130 Global 213.213.128.130 Local 213.213.128.129 Global 213.213.128.189 Local 213.213.128.188 Global 213.213.128.188 Local 213.213.128.187 Global 213.213.128.191 Local 200.65.74.239 Global 213.213.128.190 Local 213.213.128.189 Global 213.213.128.185 Local 213.213.128.184 Global 213.213.128.184 Local 213.213.128.183 Global 213.213.128.187 Local 213.213.128.186 Global 213.213.128.186 Local 213.213.128.185 Global 213.213.128.181 Local 213.213.128.180 Global 213.213.128.180 Local 213.213.128.179 Global 213.213.128.183 Local 213.213.128.182 Global 213.213.128.182 Local 213.213.128.181 Global 213.213.128.177 Local 213.213.128.176 Global 213.213.128.176 Local 213.213.128.175 Global 213.213.128.179 Local 213.213.128.178 Global 213.213.128.178 Local 213.213.128.177 Global 213.213.128.173 Local 213.213.138.210 Global 213.213.128.172 Local 10.200.20.124 Global 213.213.128.175 Local 213.213.128.174 Global 213.213.128.174 Local 213.213.128.173 Global 213.213.128.169 Local 213.213.128.168 Global 213.213.128.168 Local 213.213.128.167 Global 213.213.128.171 Local 213.213.128.170 Global 213.213.128.170 Local 213.213.128.169 Global 213.213.128.165 Local 213.213.128.164 Global 213.213.128.164 Local 213.213.128.163 Global 213.213.128.167 Local 213.213.128.166 Global 213.213.128.166 Local 213.213.128.165 Global 213.213.128.161 Local 213.213.128.160 Global 213.213.128.160 Local 213.213.128.159 Global 213.213.128.163 Local 213.213.128.162 Global 213.213.128.162 Local 213.213.128.161 **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74029t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: did you save ?????? [7:73986]
Out here in Kansas, we all got ethanol fueled hamsters running on treadmills for power production, so we were unaffected by the blackout. One hamster did escape and raid the local quickee-mart for some chocolate donettes, though...that reduced power output by about .1%, as well as causing cardio problems with said hamster. We called him Jimmy the Hamster, and he does NOT have his CCNA, despite his claims of high test scores. Sorry for the silly response...been writing all day and needed a goof break. Charles Kurt Kruegel wrote in message news:[EMAIL PROTECTED] so did everybody save there configs before the power went out ??? i'm more worried about about server's that had their power cut then my network equipment like my older grouchy sun boxes ! **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74030t=73986 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: did you save ?????? [7:73986]
I thought it was groundhogs that Kansas had an oversupply of... Larry Letterman Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charles Cthulhu Riley Sent: Friday, August 15, 2003 12:35 PM To: [EMAIL PROTECTED] Subject: Re: did you save ?? [7:73986] Out here in Kansas, we all got ethanol fueled hamsters running on treadmills for power production, so we were unaffected by the blackout. One hamster did escape and raid the local quickee-mart for some chocolate donettes, though...that reduced power output by about .1%, as well as causing cardio problems with said hamster. We called him Jimmy the Hamster, and he does NOT have his CCNA, despite his claims of high test scores. Sorry for the silly response...been writing all day and needed a goof break. Charles Kurt Kruegel wrote in message news:[EMAIL PROTECTED] so did everybody save there configs before the power went out ??? i'm more worried about about server's that had their power cut then my network equipment like my older grouchy sun boxes ! **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74031t=73986 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
CIT Exam Preparation [7:74032]
Hi All , Does any one have detailed exam topics for 642 - 831 CIT exam ? Thanks Asif - Original Message - From: Charles Cthulhu Riley To: Sent: Friday, August 15, 2003 12:25 PM Subject: Re: PIX xlate question [7:74012] Your pool may consist of addresses from the local addresses, and the xlates are occuring on a catch as catch basis, which acconts for the weird results of your show command.. Assuming your local addresses are 213.x.x.x, your pool of addresses to which these locals are to be translated is also 213.x.x.xyou apparently have a case of unintional identity NAT here Skarphedinsson Arni V. wrote in message news:[EMAIL PROTECTED] why would I see the folowing when I do sh xlate on the pix, i.e. one global address is beeing translated to the next in line global address ? and sugestions would be welcome Global 213.213.128.143 Local 213.213.128.142 Global 213.213.128.142 Local 213.213.128.141 Global 213.213.128.137 Local 213.213.128.136 Global 213.213.128.136 Local 213.213.128.135 Global 213.213.128.139 Local 213.213.128.138 Global 213.213.128.138 Local 213.213.128.137 Global 213.213.128.133 Local 217.3.103.62 Global 213.213.128.132 Local 213.213.128.131 Global 213.213.128.135 Local 213.213.128.134 Global 213.213.128.134 Local 213.213.128.133 Global 213.213.128.129 Local 213.213.128.128 Global 213.213.128.128 Local 213.213.128.127 Global 213.213.128.131 Local 213.213.128.130 Global 213.213.128.130 Local 213.213.128.129 Global 213.213.128.189 Local 213.213.128.188 Global 213.213.128.188 Local 213.213.128.187 Global 213.213.128.191 Local 200.65.74.239 Global 213.213.128.190 Local 213.213.128.189 Global 213.213.128.185 Local 213.213.128.184 Global 213.213.128.184 Local 213.213.128.183 Global 213.213.128.187 Local 213.213.128.186 Global 213.213.128.186 Local 213.213.128.185 Global 213.213.128.181 Local 213.213.128.180 Global 213.213.128.180 Local 213.213.128.179 Global 213.213.128.183 Local 213.213.128.182 Global 213.213.128.182 Local 213.213.128.181 Global 213.213.128.177 Local 213.213.128.176 Global 213.213.128.176 Local 213.213.128.175 Global 213.213.128.179 Local 213.213.128.178 Global 213.213.128.178 Local 213.213.128.177 Global 213.213.128.173 Local 213.213.138.210 Global 213.213.128.172 Local 10.200.20.124 Global 213.213.128.175 Local 213.213.128.174 Global 213.213.128.174 Local 213.213.128.173 Global 213.213.128.169 Local 213.213.128.168 Global 213.213.128.168 Local 213.213.128.167 Global 213.213.128.171 Local 213.213.128.170 Global 213.213.128.170 Local 213.213.128.169 Global 213.213.128.165 Local 213.213.128.164 Global 213.213.128.164 Local 213.213.128.163 Global 213.213.128.167 Local 213.213.128.166 Global 213.213.128.166 Local 213.213.128.165 Global 213.213.128.161 Local 213.213.128.160 Global 213.213.128.160 Local 213.213.128.159 Global 213.213.128.163 Local 213.213.128.162 Global 213.213.128.162 Local 213.213.128.161 **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74032t=74032 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: wireless security and VPN software? [7:73988]
Well, I thought for sure I was going to fail, but I passed the CSI test with a score of 902. Needed 825 out of 1000... After giving it some thought, I think it's probably better if I don't comment on the wireless questions at this point. I had typed up quite a bit of observations that I just deleted, before I realized that this is one of the key areas where we sell our products (in my group). It would probably not be the wisest decision to provide free RD to our competitors. If anyone has specific questions on anything, then by all means ask away, but I opened up the original question a little more than I intended. But some answers to the original question (personal views only): 1) VPNs, specifically IPsec VPNs, will always be more secure than WEP, or Cisco's proprietary CCKM or the WPA standard. 2) I don't think it is unreasonable. Especially since you can have auto-initiate with the VPN 3000 Client so that the VPN is automatically connected and the users don't even need to be aware that it is there. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74033t=73988 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: did you save ?????? [7:73986]
Hamsters have optimal ground for electricity...groundhogs have too much... Larry Letterman wrote in message news:[EMAIL PROTECTED] I thought it was groundhogs that Kansas had an oversupply of... Larry Letterman Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charles Cthulhu Riley Sent: Friday, August 15, 2003 12:35 PM To: [EMAIL PROTECTED] Subject: Re: did you save ?? [7:73986] Out here in Kansas, we all got ethanol fueled hamsters running on treadmills for power production, so we were unaffected by the blackout. One hamster did escape and raid the local quickee-mart for some chocolate donettes, though...that reduced power output by about .1%, as well as causing cardio problems with said hamster. We called him Jimmy the Hamster, and he does NOT have his CCNA, despite his claims of high test scores. Sorry for the silly response...been writing all day and needed a goof break. Charles Kurt Kruegel wrote in message news:[EMAIL PROTECTED] so did everybody save there configs before the power went out ??? i'm more worried about about server's that had their power cut then my network equipment like my older grouchy sun boxes ! **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74034t=73986 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
GRE Tunnel Recursive Routing Error [7:74035]
Hi all, I'm getting a recursive routing error when trying to tunnel with gre. r1-pix-r2 The error follows along with my configs and route tables. Thanks! 00:52:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down bb2# 00:53:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up 00:53:30: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routin g 00:53:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down 00:54:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up 00:54:40: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routin g bb2#wr t Building configuration... Current configuration : 913 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname bb2 ! ! ! ! ! ! ip subnet-zero ip domain-name hellocomputers.com ip name-server 4.1.1.1 ! ! ! ! ! ! interface Loopback0 ip address 112.112.112.112 255.255.255.0 ! interface Tunnel0 ip address 172.16.22.112 255.255.255.0 tunnel source 10.10.112.112 tunnel destination 150.50.22.2 ! interface Ethernet0 ip address 10.10.112.112 255.255.255.0 ! interface Serial0 no ip address shutdown no fair-queue ! interface Serial1 no ip address shutdown ! interface BRI0 no ip address shutdown isdn x25 static-tei 0 ! router eigrp 100 network 172.16.0.0 no auto-summary no eigrp log-neighbor-changes ! ip classless ip route 0.0.0.0 0.0.0.0 10.10.112.12 ip route 172.16.22.2 255.255.255.255 Ethernet0 ip http server ! ! alias exec c config t ! line con 0 line aux 0 line vty 0 4 login ! end bb2# r2#wr t Building configuration... Current configuration : 2557 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname r2 ! logging buffered 4096 debugging ! username all memory-size iomem 10 ip subnet-zero ! ! ip domain name hellocomputers.com ip name-server 4.1.1.1 ! ip audit notify log ip audit po max-events 100 ! ! ! key chain keyr2 key 1 key-string 7 151A0E000825 ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! ! interface Loopback0 ip address 22.22.22.22 255.255.255.0 ! interface Tunnel0 ip address 172.16.22.2 255.255.255.0 tunnel source 150.50.22.2 tunnel destination 150.50.22.112 ! interface FastEthernet0/0 ip address 150.50.22.2 255.255.255.0 ip rip authentication mode md5 ip rip authentication key-chain keyr2 duplex auto speed auto ! interface Serial0/0 no ip address encapsulation frame-relay frame-relay lmi-type ansi ! interface Serial0/0.21 point-to-point ip address 150.50.12.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 04530E0A032E ip ospf network point-to-point frame-relay interface-dlci 121 ! interface Serial0/0.23 point-to-point ip address 150.50.23.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 130D121E0703 frame-relay interface-dlci 123 ! interface Serial0/0.24 point-to-point ip address 150.50.24.2 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 011B03085704 frame-relay interface-dlci 124 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! router eigrp 100 network 150.50.0.0 network 172.16.0.0 no auto-summary no eigrp log-neighbor-changes ! router ospf 100 router-id 22.22.22.22 log-adjacency-changes area 1 virtual-link 11.11.11.11 network 22.22.22.0 0.0.0.255 area 1 network 150.50.12.0 0.0.0.255 area 1 network 150.50.23.0 0.0.0.255 area 2 network 150.50.24.0 0.0.0.255 area 1 ! router rip version 2 passive-interface Serial0/0.21 passive-interface Serial0/0.23 passive-interface Serial0/0.24 network 150.50.0.0 neighbor 150.50.22.12 no auto-summary ! ip classless ip route 172.16.22.112 255.255.255.255 FastEthernet0/0 ip http server ip pim bidir-enable ! ! access-list 2 permit 112.112.112.112 access-list 2 permit 150.50.22.2 ! call rsvp-sync ! voice-port 1/0/0 ! voice-port 1/0/1 ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! alias exec c config t ! line con 0 line aux 0 line vty 0 4 login ! ! end r2#sh ip route Gateway of last resort is 150.50.22.12 to network 0.0.0.0 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks C 172.16.22.0/24 is directly connected, Tunnel0 S 172.16.22.112/32 is directly connected, FastEthernet0/0 22.0.0.0/24 is subnetted, 1 subnets C 22.22.22.0 is directly connected, Loopback0 150.50.0.0/24 is subnetted, 1 subnets C 150.50.22.0 is directly connected, FastEthernet0/0 R* 0.0.0.0/0 [120/1] via 150.50.22.12, 00:00:03, FastEthernet0/0 r2# r2# ts129 [Resuming connection 9 to bb2 ... ] 00:5 bb2#sh ip route Gateway of last resort is 10.10.112.12 to network 0.0.0.0 172.16.0.0/32 is subnetted, 1 subnets S
Quality of service for prioritizing Voice by limit [7:74036]
Dear Members, I am new member of this group. If my below problem is outside the scope of this group, please suggest me a suitable group where I can post the same below proble. I am trying to give priority to voice over other traffic by setting up a below test bed in my lab. Explanation of my test bed : (voicereceiver/background receiver)-E0-Router- E1-(Voicegenerator/background generator) Voice receiver, Background receiver and router 1s EO interface forms one Ethernet segment. (Actually I am using three routers. But for easy debugging presently I am working with one router) Router 1s E1 interface, Voice generator and background traffic generator form other Ethernet LAN. I am limiting bandwidth of router E0 interface to 48kbps by below commands: *** I am sniffing at the interface E0 using Ethereal sniffer-protocol analyzer. But I am unable to get better results for voice application over background traffic. For both Testing without QoS and with QoS I am getting the same results. FOR EVERY VOICE PACKET I GET ONE BACKGROUND PACKET- SAME RESULTS FOR BOTH WITH AND WITHOUT QOS DEPLOYED *** The voice application is generating at 32 kbps with packet size frame size of 876 bytes. It uses UDP port no 60600. It uses TCP port# 8896 for connection activeness. I am using these details in my QoS configurations. For initial testing, I am also generating background traffic also with 32kbps rate and frame size of 876 bytes. Since total net traffic voice + background = 32 + 32 = 64 Kbps, so I am reducing the bandwidth of the interface using traffic shape and rate-limit commands. Router 1: Option 1: Conf t int e 0 rate-limit output 48000 6000 6000 conform-action transmit exceed-action drop Option 2: Conf t int e 0 traffic-shape rate 48000 6000 6000 1000 I think with the above configuration, all traffic above 48000 bps are dropped. So there are good chances that 24000 bps of both voice and data are sent, and remaining s 8000bps for both voice and background are dropped. So, therefore QoS does not come into picture because now total traffic is 48 but NOW actual interface bandwidth is 10 Mbps after the rate-limit or traffic-shape phase. IS THERE OTHER WAY TO REDUCE THE BANDWIDTH OF THE ETHERnet InTERFACE.? My router configs for Priority queuing and class based weighted fair queuing My Full router configuration: Policy : Priority Queuing ONE#show run Building configuration... Current configuration : 1279 bytes ! hostname ONE ! enable password cisco ! ip subnet-zero no ip domain-lookup ! ! ! ! ! interface Ethernet0 ip address 10.0.0.2 255.255.255.0 rate-limit output 48000 6000 6000 conform-action transmit exceed-action drop priority-group 1 ! interface Ethernet1 ip address 10.10.0.1 255.255.255.0 ! ! ip classless ip route 10.20.0.0 255.255.255.0 10.10.0.2 ip route 10.30.0.0 255.255.255.0 10.10.0.2 no ip http server ip pim bidir-enable ! priority-list 1 protocol ip high tcp 8896 priority-list 1 protocol ip high udp 60600 no cdp run ! ! line con 0 escape-character BREAK line aux 0 line vty 0 4 no login ! end +++ CLASS BASED WEIGTED FAIR QUEUING ONE#show run Building configuration... Current configuration : 1279 bytes ! hostname ONE ! enable password cisco ! ip subnet-zero no ip domain-lookup ! ! class-map match-all voice match access-group 101 ! ! policy-map catalyst class voice priority 36 class class-default fair-queue 16 ! ! ! ! interface Ethernet0 ip address 10.0.0.2 255.255.255.0 rate-limit output 48000 6000 6000 conform-action transmit exceed-action drop service-policy output catalyst ! interface Ethernet1 ip address 10.10.0.1 255.255.255.0 ! interface Serial0 ip address 10.10.10.10 255.255.255.0 ! interface Serial1 ip address 22.22.22.22 255.0.0.0 ! ip classless ip route 10.20.0.0 255.255.255.0 10.10.0.2 ip route 10.30.0.0 255.255.255.0 10.10.0.2 no ip http server ip pim bidir-enable ! access-list 101 permit udp any any eq 60600 access-list 101 permit tcp any any eq 8896 no cdp run ! ! line con 0 escape-character BREAK line aux 0 line vty 0 4 no login ! end Please explain me possible changes in my config/testbed and any suggestion. Thanks in Advance, Vijay Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74036t=74036 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
