RE: PIX Licensing [7:62233]
hi, this is a "show version" printout from a 535 PIX with FO license. with failover license _ Cisco PIX Firewall Version 6.2(2) Cisco PIX Device Manager Version 2.0(2) Compiled on Fri 07-Jun-02 17:49 by morlee inetpix up 156 days 14 hours Hardware: PIX-535, 1024 MB RAM, CPU Pentium III 1000 MHz Flash i28F640J5 @ 0x300, 16MB BIOS Flash DA28F320J5 @ 0xfffd8000, 128KB Encryption hardware device : IRE2141 with 2048KB, HW:1.0, CGXROM:1.9, FW:6.5 0: gb-ethernet0: address is 0003.47e0.0748, irq 10 1: gb-ethernet1: address is 0003.47e0.070d, irq 255 2: ethernet0: address is 00e0.b605.74f7, irq 11 3: ethernet1: address is 00e0.b605.74f6, irq 10 4: ethernet2: address is 00e0.b605.74f5, irq 11 5: ethernet3: address is 00e0.b605.74f4, irq 10 6: ethernet4: address is 0002.b3b2.4a00, irq 12 7: ethernet5: address is 0002.b3b2.49ff, irq 12 8: ethernet6: address is 0002.b3b2.4a02, irq 11 9: ethernet7: address is 0002.b3b2.4a01, irq 255 Licensed Features: Failover: Enabled VPN-DES:Enabled VPN-3DES: Enabled Maximum Interfaces: 10 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: Unlimited Throughput: Unlimited IKE peers: Unlimited This machine is licensed to run in failover secondary mode only Serial Number: 406300710 (0x1837a826) Running Activation Key: 0xba6c104d 0xc375beb0 0x1a8b03e8 0x81cee06a Configuration last modified by enable_15 at 09:42:24.312 MET Mon Feb 3 2003 with UR-license, primary PIX _ Cisco PIX Firewall Version 6.2(2) Cisco PIX Device Manager Version 2.0(2) Compiled on Fri 07-Jun-02 17:49 by morlee inetpix up 156 days 14 hours Hardware: PIX-535, 1024 MB RAM, CPU Pentium III 1000 MHz Flash i28F640J5 @ 0x300, 16MB BIOS Flash DA28F320J5 @ 0xfffd8000, 128KB Encryption hardware device : IRE2141 with 2048KB, HW:1.0, CGXROM:1.9, FW:6.5 0: gb-ethernet0: address is 0003.47e0.07c6, irq 10 1: gb-ethernet1: address is 0003.47e0.0715, irq 255 2: ethernet0: address is 00e0.b603.4f58, irq 11 3: ethernet1: address is 00e0.b603.4f57, irq 10 4: ethernet2: address is 00e0.b603.4f56, irq 11 5: ethernet3: address is 00e0.b603.4f55, irq 10 6: ethernet4: address is 0002.b3b2.4880, irq 12 7: ethernet5: address is 0002.b3b2.46b3, irq 12 8: ethernet6: address is 0002.b3b2.4a32, irq 11 9: ethernet7: address is 0002.b3b2.475c, irq 255 Licensed Features: Failover: Enabled VPN-DES:Enabled VPN-3DES: Enabled Maximum Interfaces: 10 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: Unlimited Throughput: Unlimited IKE peers: Unlimited Serial Number: 406300498 (0x1837a752) Running Activation Key: 0xfb8670f9 0xdc4290f3 0x2e46ca84 0x3c3d8b96 Configuration last modified by enable_15 at 13:37:09.877 MET Fri Jan 31 2003 inetpix> Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62342&t=62233 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Licensing [7:62233]
Hi In a Pix 515 with restricted license you can have a max of 3 interfaces, with a PIX 515 unrestricted license up to 6 interfaces For failover you always need an unrestricted license. You can not run a PIX with failover license as standalone box. A PIX with failover license is only a quarter of the price of a standalone PIX. With "show version" you can see what type of license you have. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62282&t=62233 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP unnumbered for HDLC connection [7:62134]
Hi Give us a look at the routing table from both routers. The router with the configured ip address on the Serial interface does not know how to get to the next hop address. Do you see in the routing table the next-hop address or the outbound interface? see you Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62151&t=62134 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP unnumbered for HDLC connection [7:62134]
Hi What kind of routing protocol are you using? Ospf can not build an adjacency this way. With other routing protocols you should be able to exchange routing tables. But you won't be able to send traffic, because the router does not know where the next-hop address is. So you still need this static route to tell the router where the next-hop address is reachable. see you Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62143&t=62134 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: URGENT HSRP PROBLEM [7:62064]
hi this is a strange thing. If the routers are connected via a switch make sure that port security is disabled because the actice router has 2 MAC Adresses for the HSRP interface. see you Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62136&t=62064 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP unnumbered for HDLC connection [7:62134]
Hi Deepak When you configure "ip unnnumbered" on an interfaces it looks like an interface with a /0 mask. On the other side with a configured ip address on the interface you have a different mask. So the two connected interfaces don't belong to the same network. What you could do is to configure on the router with the static ip address a route outwards the connecting interface for the other router's network. But I have never tried this before. The interface an line protocol will come undependently of the configured ip address. see you Claudio Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62135&t=62134 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
Hi Yes you have to configure an access-list that allows only this particular host. Then -> debug ip packets (access-list X) Make sure you have configured "no logging console" on your router in advance. This way you don't risk to crash the router so easily. If you only want to see what traffic that this host generates you can also configure "ip accounting" on the outbound interface. see you Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62133&t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPSec over Tunnel - not working !! [7:62124]
Hello You should not encrypt the tunnel network itself. First line of access-list 199 should be: access-list 199 deny ip 120.20.59.0 0.0.0.255 120.20.59.0 0.0.0.255 The router can not build an OSPF adjacency on encrypted traffic. see you Claudio Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62132&t=62124 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
