Split-Tunnel with PPTP on PIX [7:64585]
I there a way to do split-tunneling for vpn clients connecting to a pix with pptp so that they don´t lose internet conectivity, the clients are using the microsoft vpn dialar. any examples of this would be great. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64585t=64585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE lab equipment question [7:64670]
I am asembling an CCIE lab at work and just found http://www.horizondatacom.com has any one used them, and if so what is your experince At least the price looks good, I have assembled the folowing list and would like some comments on it, I already have 2x1005, 2x1003, 2610, 2511-RJ access server with the equipment below I am looking to get a lot more routers and ethernet ports, also a frame switch, and ATM capability, the only thing I need in adition to this is another router with ATM, the 7200 will be great, and I think the price is good for that class of router Part Number DescriptionEach Total CISCO2501CISCO 2501 Router W/1 Ethernet.. $250.00$1,000.00 CISCO2522Cisco 2522 Router 1 Ethernet, .. $600.00$600.00 CISCO2610Cisco 2610 Modular Router W/1 .. $650.00$1,300.00 CISCO7206Cisco7206 Modular Router 6-Slo.. $1,900.00 $1,900.00 PA-2HCisco 7200/7500 2-Port High Sp.. $600.00$600.00 PA-4ECisco 7000/7200/7500 4-Port Et.. $350.00$350.00 PA-FE-FX Cisco 7200/7500 Single-Port Fa.. $250.00$250.00 A100 Cisco LightStream 100 ATM Swit.. $495.00$495.00 PA-A1-OC3MM Cisco 7200/7500 1-Port ATM OC3.. $250.00$250.00 VIC-2FXS Cisco 2-Port Foreign Exchange .. $195.00$390.00 WIC-1T CISCO1600/2600/3600 WIC-1T 1-P.. $150.00$300.00 Subtotal $7,435.00 Any comments on the equipment or horizondatacom would be welcome Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64670t=64670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Written Traning [7:63494]
Can any one recomed a good traning class for the CCIE Written Exam, most of the CCIE traning programs I see offerd are traning for the lab, after you have taken the written. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63494t=63494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX Question [7:60941]
Hi Can anyone please tell me what the point of the following command is static (inside,outside) 157.157.146.13 157.157.146.13 netmask 255.255.255.255 0 0 Same IP address on the inside and the outside, I have seen this used on production networks, but can not figure out why, can anyone please explain. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60941t=60941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Question [7:60941]
Ok, But I am not quite sure I understand this, beacuse in this example the address is used as an privat address on the company´s internal network, and is not routed to the pix on the outside interface from hosts on the network, so If this is to bypass NAT, by what IP address do the hosts on the outside know the inside host, as I have not used a static command to assign any Public IP address that is routable on the outside interface to the internl host ??? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60944t=60941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Question [7:60941]
The thing is the the router external to the pix, does not have a route for the 157.157.0.0 network, considering that, whill this ever work ??? Although the address is a public IP address, this company uses it as an internal address, and It sould not be visible on the internet, also the server with the IP address in on the inside network, not the DMZ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60954t=60941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Simple VPN PPTP Question [7:60611]
Hi all I have a question regarding VPN, I want to configure a 827 router, so I can VPN into it with out using the cisco VPN client, just use the Windows 2000 Client, i.e. use PPTP I have done this with the PIX, and there are noproblems there, I also have setup Ipsec and 3des with the 827, but I just cant get this to work. and cant find any config examples on the cisco website, atleast none that I can use and work. any hint would be welcome. best regards, Arni V. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60611t=60611 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
WLANFE [7:59278]
Can some one tell me, what AP is focused on in the Wireless LAN for Field Engineers exam (WLANFE 9E0-581) Is it the 350,1100 or 1200, or just all of them Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59278t=59278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT, Network Sniffer Software [7:59065]
Hi all, and sorry for the OT question, but you are the most profesional goup of network pepole i know about. My company is thinking about buying a network sniffer package, basicly what we need, is a network sniffer, but thene some extras would be nice, like some kind of WAN module, to sniff frame-relay and such connections, and also some Voice and performance testing options. We have been looking at Sniffer Pro Field Service Suite PERP from NAI, and with the sinffbook hardware, it can do most of the thing I mentioned, but the price is a bit high, the total price would be around 50.000 Euros, that is very close to 50.000 Dollars, do any of you know about any cheaper alternitives, or similarly priced, but would be a better option. Best regards, Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59065t=59065 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 501 reloading [7:58946]
I have sees this exact problem with a lot of the pix 501 boxes, and would be intrested to know if cisco is going to do anything about it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58975t=58946 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AS2511 as Term Server [7:58793]
Can I use a cisco AS2511 Router as a terminal server to remotely connect to my router lab, i.e. connect cables from the async ports on the as2511 to the console ports on all the other routers ? I know ít´s possable with the 2511 and 2509, but need to know if the AS type is any diffrent. Best regards, Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58793t=58793 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX question [7:58623]
If I have a pix seperating my network from the internet with an inside and an outside interface, then I have some servers on the inside network that I use Static to give an ip address on the outside network for host´s on the internet to access. that´s the easy part, now the question Is it possible for the inside hosts to access the servers that I have using the public ip address, I.E. as my inside hosts wear accessing them from the internet, so they would go out the pix and then back in using the public IP address of the server they are connecting to. does this make any sense ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58623t=58623 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passed BCRAN [7:58548]
Well passed BCRAN tody, It was an ok test, not to hard, the only thing that gave me any problems was, a lot of Modem / Access Server type question, as that is somthing I have no hands on experience with. Well onto to Routing next, then support. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58548t=58548 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3002 Vpn Client 3DES [7:57830]
can any one give me an idea about the 3des throughput of the 3002 VPN Hardware Client ? have looked all over cisco´s site, but can not find anything Best regards, Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57830t=57830 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 828 3des Performance [7:57703]
I just realizied who you are, and that I am reading your book Cisco PIX Firewalls :) it´s a small networking world. I think it´s a great book, and has give me a lot of information about working with the cisco PIX. Thanx again. p.s. and if anyone knows of a link to www.cisco.com, that I can see the Ipsec throughput performance numbers for 3des on, especialy for the 800 series routers, please let me know. Best regards, Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57762t=57703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
828 3des Performance [7:57703]
Hi I have a VPN 3005 Concentrator, that establishes an Ipsec 3des tunnel to a 828 router, the router has uppgraded memory and 3des sofware. the router is connectd to my via a 2mbits line, and workes fine, but when I establish the vpn tunnel the performance drops down to something line 256Kbits, and I can see one the router that the CPU load is about 50 - 80% Is this normal, i.e. can the 828 just not handle any more ipsec 3des traffic ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57703t=57703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 828 3des Performance [7:57703]
Thanx for the info, can you or anyone point me to a page at cisco.com that has info about the performance off these routers, I feel better if I can point the customer at some official cisco information about the performance of his router Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57708t=57703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NetIQ Chariot [7:57710]
I now this is somewhat off topic but, I am confident you can give me some valid input about this, My company is thinking about buying NetIQ´s Chariot software, any one here have any good or bad experince with that product, and Is it as helpfull as it seem for troubleshooting network problems. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57710t=57710 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSVPN 9E0-121 [7:57498]
has any one hear taken the CSVPN 9E0-121 I am thinking about taking that exam, I have some experience with the 3005 Concentrator, but none with the 3002 Hardware Clients, so I would like some information about aproxemently how large a part of the exam the 3002 is, can I get a way with haveing never uses that product, or is it a must for the exam, to have used the 3002 Best regards, Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57498t=57498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2950 EMI [7:57499]
I have a simple question, can the Catalyst 2950 switch with a EMI Software Image Route i.e. does it become a L3 swithc when the EMI images is loaded, like the 3550 can with the EMI Image. Best regards, Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57499t=57499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Concentrator Issue [7:57185]
I Have the folowing setup VPN-Client--VPN-Concentrator---ipsec-tunnel---PIX Connections from the networks on the inside of the pix to the concentrator private network workes fine connections from the VPN Client to the concentrator private network worke fine. But I cant connect from the Inside network of the PIX to the VPN Client. If I use Debug ICMP Trace on the PIX I can see the Echo Requests from the vpn client when I ping a device on the inside of the pix, and vice versa when I ping to the VPN client. But there are no ECHO replays getting through... any thoughts.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57185t=57185 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VTP Concentrator - client to client [7:44276]
Yes you can do this with the Reverse Route Injection, I have used it, it´s easy to setup. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57186t=44276 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISP vpn configuration [7:55099]
I have been trying to get an answer to this question with out luck, the question is, If I am running an ISP and a company has a connection to me, now someone from that company wants to use a vpn connection from the internet to connect to his company through me, and I have a PIX to accept his VPN connection, how can I tell my PIX to only send that user to his company and not the rest of my network. please let me know if anyone knows somthing about this. Best regards, Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55099t=55099 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
QOS VoIP [7:55000]
I need to get some insights into designing and installing a IP Phone network, with CISCO switches and routers, but IP phones from another vendor, and I am looking for some courses that can help me desing and implement the QOS features, I was thinking about the DQOS course, any thoughts or suggestions. best regards, Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55000t=55000 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN Issue [7:54702]
It would be great if anyone could give me some insights into if it´s posible to use the 2610 or a PIX to do what I was talking about Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54878t=54702 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Issue [7:54702]
I have a question regarding VPN setup, I have some clients connect to me with 828 G.Shdsl routers, most of the also have PIX 501 and can tunnel between them selfs then I have a 2610 Router that routes the internet traffic from the clients to the internet, Now they want to be able to VPN in from the internet, and connect to there network, so the Problem is what can I use that can take a VPN connection and only send it to one network, depending on who made the VPN connection can I use the VPN conncentrator 3005 a PIX 506, or just the 2610 Router Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54702t=54702 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN Issue [7:54702]
Ok,thanx for the info, would it be possible any other way, as I already have a PIX506 and a 2610 router or is the VPN 3005 the only and best way to go Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54704t=54702 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: chap authentication LONG !!! [7:54234]
Do I have to have the hostname of each router in each other, if I am calling an ISP I just get a username and password, that I send the ISP router, I dont get any hostname or password to put in my router to authenticate the ISP router Or do I Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54308t=54234 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: chap authentication LONG !!! [7:54234]
Ok thanx for the explanation to get this 100% I just have one more question If I am calling an ISP Router 1 has in its config dialer 0 ppp authentication chap calli ppp chap hostname bla ppp chap password bla1 and that works to authenticate to the ISP router, but as chap is two way, do I also have to have a username ISPROUTER password some other password my ISP tells my in my config for the ISP router to authenticate back to me, as chap is two way, must I use it like this thanx for all the information Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54313t=54234 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: chap authentication LONG !!! [7:54234]
Ok I have tested this and got it to work with out the dual usernames on bouth router, as I was talking about in the previous post but that still leves my orginal question, and if any one can see anything from the debug, that would be great. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54315t=54234 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PPP authentication problem [7:54047]
The thing is that is I am calling an ISP so I have no control over the router I am calling into, I cant use that routers hostname as a username as I have an account there with a username that I have to use, and the problem seems to be sending that username to the ISP router.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54215t=54047 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
chap authentication LONG !!! [7:54234]
Well I have some more chap authentication issues, and if someone can give me any pointers that would be great, I have two routers a 1003 who is calling an 3660 over ISDN this is the debug from the 100300:03:54: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 00:03:55: %DIALER-6-BIND: Interface BRI0:1 bound to profile Dialer0 00:03:55: BR0:1 PPP: Treating connection as a callout 00:03:55: BR0:1 PPP: Phase is ESTABLISHING, Active Open 00:03:55: BR0:1 LCP: O CONFREQ [Closed] id 16 len 10 00:03:55: BR0:1 LCP:MagicNumber 0x6073F820 (0x05066073F820) 00:03:55: BR0:1 LCP: I CONFREQ [REQsent] id 25 len 15 00:03:55: BR0:1 LCP:AuthProto CHAP (0x0305C22305) 00:03:55: BR0:1 LCP:MagicNumbe.r 0x2F591151 (0x05062F591151) 00:03:55: BR0:1 LCP: O CONFACK [REQsent] id 25 len 15 00:03:55: BR0:1 LCP:AuthProto CHAP (0x0305C22305) 00:03:55: BR0:1 LCP:MagicNumber 0x2F591151 (0x05062F591151) 00:03:55: BR0:1 LCP: I CONFACK [ACKsent] id 16 len 10 00:03:55: BR0:1 LCP:MagicNumber 0x6073F820 (0x05066073F820) 00:03:55: BR0:1 LCP: State is Open 00:03:55: BR0:1 PPP: Phase is AUTHENTICATING, by the peer 00:03:55: BR0:1 CHAP: I CHALLENGE id 41 len 30 from jal-3660 00:03:55: BR0:1 CHAP: Using hostname test-2001 from interface Di0 00:03:55: BR0:1 CHAP: Username jal-3660 not found 00:03:55: BR0:1 CHAP: Using default password from Di0 00:03:55: BR0:1 CHAP: O RESPONSE id 41 len 33 from test-2001 00:03:55: BR0:1 CHAP: I SUCCESS id 41 len 4 00:03:55: BR0:1 PPP: Phase is UP 00:03:55: BR0:1 IPCP: O CONFREQ [Not negotiated] id 16 len 10 00:03:55: BR0:1 IPCP:Address 10.20.30.2 (0x03060A141E02) 00:03:55: BR0:1 CDPCP: O CONFREQ [Closed] id 16 len 4 00:03:55: BR0:1 CDPCP: I CONFREQ .[REQsent] id 16 len 4 00:03:55: BR0:1 CDPCP: O CONFACK [REQsent] id 16 len 4 00:03:55: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down 00:03:55: %DIALER-6-UNBIND: Interface BRI0:1 unbound from profile Dialer0 00:03:55: BR0:1 IPCP: State is Closed 00:03:55: BR0:1 CDPCP: State is Closed 00:03:55: BR0:1 PPP: Phase is TERMINATING 00:03:55: BR0:1 LCP: State is Closed 00:03:55: BR0:1 PPP: Phase is DOWN and hear is from the 3660 Mar 9 14:05:06: Se2/0:1 CHAP: O CHALLENGE id 15 len 30 from jal-3660 Mar 9 14:05:06: Se2/0:1 CHAP: I RESPONSE id 15 len 36 from test-sap2001 Mar 9 14:05:06: Se2/0:1 PPP: Sent CHAP LOGIN Request to AAA Mar 9 14:05:06: Se2/0:1 PPP: Received LOGIN Response from AAA = PASS Mar 9 14:05:06: %DIALER-6-BIND: Interface Se2/0:1 bound to profile Di23 Mar 9 14:05:06: Se2/0:1 PPP: Treating connection as a callin Mar 9 14:05:06: Se2/0:1 PPP: Authorization NOT required Mar 9 14:05:06: Se2/0:1 CHAP: O CHALLENGE id 16 len 36 from test-sap2001 Mar 9 14:05:06: Se2/0:1 CHAP: I RESPONSE id 16 len 29 from test1 Mar 9 14:05:06: Se2/0:1 PPP: Sent CHAP LOGIN Request to AAA Mar 9 14:05:06: Se2/0:1 PPP: Received LOGIN Response from AAA = FAIL Mar 9 14:05:06: Se2/0:1 CHAP: O FAILURE id 16 len 26 msg is Authentication Mar 9 14:05:06: %ISDN-6-CONNECT: Interface Serial2/0:1 is now connected to 5 Mar 9 14:05:06: %LINK-3-UPDOWN: Interface Serial2/0:1, changed state to down Mar 9 14:05:06: %DIALER-6-UNBIND: Interface Se2/0:1 unbound from profile Di2 Mar 9 14:05:07: %LINK-3-UPDOWN: Interface Serial2/0:1, changed state to up Mar 9 14:05:07: Se2/0:1 PPP: Treating connection as a callin Mar 9 14:05:07: Se2/0:1 PPP: Authorization NOT required Mar 9 14:05:07: Se2/0:1 CHAP: O CHALLENGE id 17 len 30 from jal-3660 Mar 9 14:05:07: Se2/0:1 CHAP: I RESPONSE id 17 len 36 from test-sap2001 Mar 9 14:05:07: Se2/0:1 PPP: Sent CHAP LOGIN Request to AAA Mar 9 14:05:07: Se2/0:1 PPP: Received LOGIN Response from AAA = PASS Mar 9 14:05:07: %DIALER-6-BIND: Interface Se2/0:1 bound to profile Di23 Mar 9 14:05:07: Se2/0:1 PPP: Treating connection as a callin Mar 9 14:05:07: Se2/0:1 PPP: Authorization NOT required Mar 9 14:05:07: Se2/0:1 CHAP: O CHALLENGE id 18 len 36 from test-sap2001 Mar 9 14:05:07: Se2/0:1 CHAP: I RESPONSE id 18 len 29 from test1 Mar 9 14:05:07: Se2/0:1 PPP: Sent CHAP LOGIN Request to AAA Mar 9 14:05:07: Se2/0:1 PPP: Received LOGIN Response from AAA = FAIL Mar 9 14:05:07: Se2/0:1 CHAP: O FAILURE id 18 len 26 msg is Authentication Mar 9 14:05:07: %ISDN-6-CONNECT: Interface Serial2/0:1 is now connected to 5 Mar 9 14:05:07: %LINK-3-UPDOWN: Interface Serial2/0:1, changed state to down Mar 9 14:05:07: %DIALER-6-UNBIND: Interface Se2/0:1 unbound from profile Di2 any pointers would be great, beacuse I have no idea of what to try next. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54234t=54234 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: chap authentication LONG !!! [7:54234]
It´s my understanging that when I use ppp authentication chap callin i dont have to have the username on my router, as if I was calling into an ISP then the ISP´s route would have to have a username on my router, and I dont think that is the that is used. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54241t=54234 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PPP authentication problem [7:54047]
I am having problems with a ISDN router calling into an ISP, the CHAP authentication is not sending the correct username. the debug i get PPP BRI0:1: CHAP challenge from 3640 00:10:21: PPP BRI0:1: USERNAME 3640: lookup failure. 00:10:21: PPP BRI0:1: Unable to authenticate for peer. it always tries to use the remote router hostname as the username 3640, but the username I am trying to use is somthing compleatly difrent is is a part of my confing interface Dialer0 ip unnumbered Ethernet0 encapsulation ppp dialer remote-name 3640 dialer string 5123456 dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap ppp chap hostname li5h31 ppp chap password 7 045358571B3259 any thoughts ??? best regards, Arni V. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54047t=54047 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PPP authentication problem [7:54047]
I have already tried using ppp authentication chap callin, and that does not change anything yes the IP unnumberd is just there for testing, as this router I am using can not do IP address negoitedted, and NAT but the production router will be able to. Could that be the issue, from the debug, it looks like the problem is with the chap username / password Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54064t=54047 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN over Sattalite [7:52742]
I have a cisco1003 isdn router dialing into another router, in an outher country, and it has worked perfectly, but now my telco switched the voice and isdn calls from the fiber to a sattalite, and the the router can not connect, are thare any timeout settings our somthing like that I can change.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52742t=52742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLan encap. over WAN [7:52613]
I have the following problem, I have two locations connected bya ATM from a service provide, and I get ethernet at each end, now I would like to send Vlan tagged frames 802.1q over the link, as I need to have two IP networks span both sites. But when I turn tagging on, It does not work, and the Provider says that his equipment can´t handle the tagged frames Is there any way to work around this, with routing or switching ?? please let me know Best regards Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52613t=52613 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Building a PIX [7:48210]
I did this when we uppgrade the flash memory of the pix classic at work, just took the old flash card and put it in an old Pentium 133 motherbord, and some Intel NIC´s works like a charm Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48215t=48210 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
C or B class network [7:48111]
I have two locations one with 20 servers and 150 users, and the other close by with 150 users, they are connect with a 100Mbits fiber connection, I am using sperate C-class networks for these locations, but now I need to change the IP network to eighter another C-class network or a B-class network, would the b-class not be the best way to go Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48111t=48111 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
A net or B net [7:43480]
I have two networks, that are conneted to Cat5 switches that are connected with one 100Mbits connection, and they are set up as difrent Vlans, then I have a router to route between them, one network has about 30 servers and somthing like 150 clients, and the other around 100 clients, now I have to change the IP networks uesd for those net´s so I was thinking if I should change them both to one B IP network, and eliminate the routing between those networks. anyone have any insights on that Best Regards, Arni V. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43480t=43480 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX + NAT Question [7:41022]
I am having problems to get a certain configuration to work with my PIX, I use NAT for all network to a Public IP address range, then I also use PAT for my 10.100.0.0 network so all machines comming from that network use the public address ending with .50. Now I need to use PAT for a client that is not on the 10.100.0.0 network, I have tried to add a NAT statment just for that client, and that does not work, the client always uses the NAT statment and not the PAT ?? any thoughts ? here is the config global (outside) 1 212.100.128.100-212.100.128.200 global (outside) 2 212.100.128.50 global (dmz) 1 123.123.148.150 nat (inside) 0 access-list 100 nat (inside) 2 123.123.144.251 255.255.255.255 0 0 nat (inside) 2 10.100.0.0 255.255.0.0 0 0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (dmz) 1 0.0.0.0 0.0.0.0 0 0 Best regards, Arni V. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41022t=41022 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX + NAT Question [7:41022]
the nat (inside) 2 123.123.144.251 255.255.255.255 0 0 is somthing I added to try to get the host 123.123.144.251 to PAT to the .50 address, but that´s not working, the network connected to the inside interface is 123.123.144.0/24 the nat (inside) 2 10.100.0.0 255.255.0.0 0 0 statment is what I use to PAT the 10.100.0.0 network and that works, ? so how do I ad the single host from the other network ??? Tahnx for the information Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41101t=41022 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT PIX [7:38633]
Hi I have a PIX firewall, and am using nat to let my clients access the internet, but now I need to connect about a 100 clients, bases in an wan of more than 50 places, all to the internet through the same ip address, so the question is, can I have some sort of a NAT list letting all the 100 ip addresses get on the net through the one public address ?? Best regards ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38633t=38633 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Should I buy IDS ? [7:36053]
I am administrating a network of about 500 computers, 30 servers, and somthink like 70 WAN locations, I have been thinking about the Cisco IDS system, anyone have any good reasons to use one, have you used it, and has it detected much intrusion. I realy need somthing to sell the ides to the managment. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36053t=36053 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN problem [7:35715]
I am having problems with clients, that connect to the pix, when they are connected, they can´t go back out to the internet through the same pix here is a part of the configuration ip local pool heima 192.168.15.50-192.168.15.100 vpdn group 1 accept dialin pptp vpdn group 1 ppp authentication chap vpdn group 1 ppp authentication mschap vpdn group 1 ppp encryption mppe 40 vpdn group 1 client configuration address local heima vpdn group 1 client configuration dns 157.157.144.30 vpdn group 1 client configuration wins 157.157.144.10 vpdn group 1 client authentication local any sugestions ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35715t=35715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN problem [7:35715]
Thanx for the information, can I use this with w2k clients connecting, or do I have to use the Cisco VPN client? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35735t=35715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FW: Cat1900 from standard to enterprise [7:31084]
What did you do ?, I need to do the same with a Sitch I have for testing Best regards Arni V. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31124t=31084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FW: Cat1900 from standard to enterprise [7:31084]
Thanx, but I dont have a CCO account, I used to but does not work anymore :( any other way ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31136t=31084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]