IP Assignement
Anyone can tell me where could I get the information of Global IP assignement. For example, which IP range is used by which country? Thanks, _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Aeronet Wireless Network
Just wondering whether the Aeronet wireless network can support three subnets? I know each access point has the IP address, should clients within the IP range also? Thanks, Daniel **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN and Cluster
I am trying to configure several cat 3500 as one cluster group over Giga-stack. However, I found the Giga-stack do not pass the VLAN information. I could only access VLAN1 cross switches. Is there any configuration issue? If I do not user cluster, and configure Giga-stack as trunk port, there is not problem for other VLANs. Daniel _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN routing in Cat6000
I am trying to configure VLAN routing in Cat 6006, (Super engine does support routing). However, after I configure interface VLAN2, it said VLAN 2 is shutdown. it's no use to issue 'no shutdown' command. How should I configure it? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Create users in Router
How to create user with encrypted password? When I type the command 'username password 7 xxx', it ask for calculated password. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP to CCDP [7:39448]
Well, I got my CCNP two years ago with old exam track. What if I want to get CCDP certification, do I need to take all the exams again, or I could just take the CID. Thanks, Daniel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39448&t=39448 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP to CCDP [7:39448]
Does this mean your CCDP will be valid for three years from now on? or it will expire when your CCNP expires. Thanks, - Original Message - From: "Moffett, Ryan" To: "'Daniel Ma'" ; Sent: Monday, March 25, 2002 2:59 PM Subject: RE: CCNP to CCDP [7:39448] > You can still pursue the CCDP. If you look at the certification tracking > website, it should show you started your CCDP back when you started passing > exams related to the CCNP or CCDA. I just did exactly the same thing. I > passed my CCNP about 2 years ago and just got my CCDP with the CID test last > month. It wasn't clear to me either based on what I could dig up on Cisco's > website, however I scheduled the exam anyway and followed up on the tracking > website to make sure it showed me as completing my CCDP. > > -Original Message- > From: Daniel Ma [mailto:[EMAIL PROTECTED]] > Sent: Monday, March 25, 2002 2:28 PM > To: [EMAIL PROTECTED] > Subject: CCNP to CCDP [7:39448] > > > Well, I got my CCNP two years ago with old exam track. What if I want to get > CCDP certification, do I need to take all the exams again, or I could just > take the CID. > > Thanks, > > Daniel _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39459&t=39448 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP to CCDP [7:39448]
Hi Priscilla, I passed CCDA two years ago with your wonderful book. I am thinking about instead of recertifying my CCNP, I take the CCDP to maintain my Professional level, and meantime, prepare for CCIE. So I wonder if I get CCDP now, is it valid for another three years? Thanks, Daniel ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > CID and CCDA. > > At 02:28 PM 3/25/02, Daniel Ma wrote: > >Well, I got my CCNP two years ago with old exam track. What if I want to get > >CCDP certification, do I need to take all the exams again, or I could just > >take the CID. > > > >Thanks, > > > >Daniel > > > Priscilla Oppenheimer > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39462&t=39448 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco online testing link->
Do the on-line tests credit to our certificates? Or they are just sample tests? I am really curious about that. If so, then we do not need to register with Sylvan Prometric and get it free? "Dick Silva" <[EMAIL PROTECTED]> wrote in message 005901bfef44$4499adc0$7f3dd0d1@dick">news:005901bfef44$4499adc0$7f3dd0d1@dick... > / > What does one need to get a CCO password? > \ > -Original Message- > From: Hou, Li <[EMAIL PROTECTED]> > Newsgroups: groupstudy.cisco > To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> > Date: Sunday, July 16, 2000 5:26 AM > Subject: Cisco online testing link-> > > > >You need CCO to use this link: > >http://www.cisco.com/cgi-bin/front.x/wwtraining/colt/ColtLogin.pl > > > > > >___ > >UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > >FAQ, list archives, and subscription info: http://www.groupstudy.com > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCDP question
yes, you need. "Daniel Ji" <[EMAIL PROTECTED]> wrote in message 8llbcs$bmp$[EMAIL PROTECTED]">news:8llbcs$bmp$[EMAIL PROTECTED]... > Hi, guys: > I just got CCNP and thinking to go for CCDP, but I don't have CCDA yet, > My question is, do I have to have CCDA in order to get CCDP? or just take > CID > > thanks in advance. > Daniel. > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
on-line test in CCO
Hi, all. I just found that in Cisco web-site there are some free on-line tests. Are these tests similar to the real test for CCNP, for example, BCRAN? Thanks, Daniel Ma Systems Engineer Enterprise Computing Unit Infonet Systems & Services Pte Ltd DID: (65)4616095 Fax: 4792289 e-mail: [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: on-line test in CCO
http://www.cisco.com/cgi-bin/front.x/wwtraining/colt/ColtLogin.pl You need a CCO account. Daniel Ma Systems Engineer Enterprise Computing Unit Infonet Systems & Services Pte Ltd DID: (65)4616095 Fax: 4792289 e-mail: [EMAIL PROTECTED] > -Original Message- > From: Fomes Iain [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, July 26, 2000 4:11 PM > To: 'Daniel Ma' > Subject: RE: on-line test in CCO > > Where are they Daniel i've taken and passed my BCRAN so i can tell you if > they are or not > > > -Original Message- > > From: Daniel Ma [SMTP:[EMAIL PROTECTED]] > > Sent: 26 July 2000 08:49 > > To: Cisco (E-mail) > > Subject:on-line test in CCO > > > > Hi, all. > > > > I just found that in Cisco web-site there are some free on-line tests. > Are > > these tests similar to the real test for CCNP, for example, BCRAN? > > > > Thanks, > > > > Daniel Ma > > Systems Engineer > > Enterprise Computing Unit > > Infonet Systems & Services Pte Ltd > > DID: (65)4616095 Fax: 4792289 > > e-mail: [EMAIL PROTECTED] > > > > > > ___ > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: a ccna question-help
1. ATM Zhang Jin <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear group, > > I find a confused question on an exam guide which is: > select the connect-oriented protocols: > 1.ATM > 2.TOKEN RING > 3.FDDI > 4.Ethernet > 5.FrameRelay > > anyone can help me select the correct answer? > > thanks > > dean > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access-list for IP and TCP
I am not sure how the access list works with IP and TCP. For example, access-list 101 permit ip any any Does it mean that the router permit any ip traffic, no matter it's tcp or udp? So if I add the following list after above one, it should have no effect at all. access-list 101 deny tcp any any eq telnet If I really want to deny telnet traffic, I should put this list before the first one. Am I right? If I am wrong please correct me. thanks, Daniel Ma Systems Engineer Infonet Systems & Services Pte Ltd DID: (65)4616095 FAX: (65)4792289 E-mail: [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Factory default for catalyst 2924 XL
May I know which command can reset the Catalyst 2924 XL to factory default configurations? Thanks, Daniel Ma Systems Engineer Infonet Systems & Services Pte Ltd DID: (65)4616095 FAX: (65)4792289 E-mail: [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Visio drawing for Cisco equipment
I just bought a Visio 2000 technical version, however I can not find the cisco drawing library, for example, the catalyst switches or cisco routers. Could anyone tell me where I could find those drawing libraries? Thanks, Daniel Ma ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF configuration - Please help
In router A, I think you could not put the mask as 0.0.0.0, because if so the area only include one ip address. Another thing is, have u try show interface and make sure the Serial port is up? Daniel "Billy Monroe" <[EMAIL PROTECTED]> wrote in message 8hj7i6$tdo$[EMAIL PROTECTED]">news:8hj7i6$tdo$[EMAIL PROTECTED]... > Hello: > > I have two 2503 and I am following Hutnik's to configure OSPF. > I connected RouterA, s0 (DCE) to RouterB, s0(DTE). > > When I enter #show ip ospf int I see the following: > ... > Transmit Delay is 1 sec, State DOWN > Hello due in... > ... > > > The State should be "POINT_TO_POINT". > The routers don't see each other. (#show ip route doesn't display OSPF > entry). > I entered "no shut" and "shut" in both routers s0 interfaces but it didn't > work. Any idea of what is wrong ? > > > Configurarion is below. > > > THanks, > > > > > > > > > > RouterA > > > ! > hostname RouterA > ! > int Loopback0 > ip add 10.1.1.1 255.255.255.0 > > > int Loopback1 > ip add 11.1.1.1 255.255.255.0 > ! > int S0 > ip add 192.1.1.1 255.255.255.0 > no fair-queue > router ospf 64 > network 192.1.1.1 0.0.0.0 area 0 > network 10.1.1.1 0.0.0.0 area 0 > ! > no ip classless > ! > ... > > > RouterB > > > ! > hostname RouterB > ! > int loopack0 > ip add 152.1.1.1 255.255.255.0 > int Loopback1 > ip add 153.1.1.1 255.255.255.0 > ! > int serial0 > ip add 192.1.1.2 255.255.255.0 > no fair-queue > clockrate 50 > ! > int s1 > no ip add > shutdown > ! > router ospf 64 > network 0.0.0.0 255.255.255.255 > ! > no ip classless > ! > ... > > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Visio Files for Cisco Equipment
Thanks, ED. Another thing is, do you have the Visio files for Symbols of router and switch, like that in the Cisco books. For example, the router is a circle while switch is a square. Regards, Daniel > -Original Message- > From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, June 08, 2000 7:10 PM > To: [EMAIL PROTECTED] > Subject: Visio Files for Cisco Equipment > > > > Daniel, > > Here's the Visio files that we use for Cisco equipment. Most are from > Cisco's site. The files that came with our Visio package weren't updated > to include the latest equipment in the catalyst line so we use these from > Cisco instead. > > > ed > > > (See attached file: Cisco Visio Files.ZIP) << File: .ZIP File >> ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF adjacency question
We all know that in an area (multi-access media), all routers must form adjacency with DR and BDR. But how it is done if the router is not directly linked to DR? For example, Router A is the DR. Router B is between the Router A and Router C. Now Router C must form adjacency with Router A. Am I right to say that Router C multicast to 224.0.0.6, then Router B will forward this packet to Router A? So actually it's a virtual adjacency between Router A and Router C, they are not neighbor. I really hope you would clear the concept for me, as I could not find the answer in books, even in "Routing TCP/IP". Thanks, Daniel ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF adjacency question
I even become more confused. 1. Routers must form adjacency to DR and BDR in an area; 2. Router C could not form adjacency to Router A (DR) because they are not in the same segment. Therefore, 1. Router C and Router A can not be in same area; 2. The two interfaces of Router B should not in same area. Router A (DR) --Router B---Router C I know there must be something wrong, anyone could help me? Thanks, Daniel "Ryan Moffett" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > In your example, router C cannot form an adjacency to router A. It must > form an adjacency with router B. The adjacency process will not even occur > as router C and router A will never become neighbors. They cannot become > neighbors because they do not share the same IP segment. Since the HELLO > packets are sent as multicast, router B will most likely not forward the > multicast to router C. If router C were to somehow receive this HELLO > packet the network portion of the source address would not match that of > router C and the neighbor relationship will fail. > > Ryan > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Daniel Ma > Sent: Thursday, June 08, 2000 9:30 PM > To: [EMAIL PROTECTED] > Subject: OSPF adjacency question > > > We all know that in an area (multi-access media), all routers must form > adjacency with DR and BDR. But how it is done if the router is not directly > linked to DR? > For example, Router A is the DR. Router B is between the Router A and Router > C. Now Router C must form adjacency with Router A. Am I right to say that > Router C multicast to 224.0.0.6, then Router B will forward this packet to > Router A? So actually it's a virtual adjacency between Router A and Router > C, they are not neighbor. > I really hope you would clear the concept for me, as I could not find the > answer in books, even in "Routing TCP/IP". > > > Thanks, > > Daniel > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF adjacency question
Finally, I got it. The DR and BDR are per segment not per area. If an area has several segments, it has several DRs and BDRs as well. Am I right? Sorry for waisting your bandwidth. Daniel "Daniel Ma" <[EMAIL PROTECTED]> wrote in message 8hpgv2$r6s$[EMAIL PROTECTED]">news:8hpgv2$r6s$[EMAIL PROTECTED]... > We all know that in an area (multi-access media), all routers must form > adjacency with DR and BDR. But how it is done if the router is not directly > linked to DR? > For example, Router A is the DR. Router B is between the Router A and Router > C. Now Router C must form adjacency with Router A. Am I right to say that > Router C multicast to 224.0.0.6, then Router B will forward this packet to > Router A? So actually it's a virtual adjacency between Router A and Router > C, they are not neighbor. > I really hope you would clear the concept for me, as I could not find the > answer in books, even in "Routing TCP/IP". > > > Thanks, > > Daniel > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
question about default route
May I know the difference and usage of following: 1. ip default-network 2. ip default-gateway 3. ip route 0.0.0.0 0.0.0.0 When and which should I use these commands? Thanks ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Backup Interface
I am trying to backup an serial interface using Bri port. However I go through the BRI interface configruation commands, I could not find the command "backup interface" Can any one help me on how to configure it? And for Bri interface should I configure normal DDR? I am using one cisco4700M and one cisco2503, IOS 11.3. Thanks in advance. Daniel Ma Systems Engineer Enterprise Computing Unit Infonet Systems & Services Pte Ltd ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACL Question
Will this do? access-list 1 permit x.x.x.2 255.255.255.254 Daniel "Raymond Everson (Rainman)" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > *Still* haven't figured this one out: > > Create an IP ACL, in as few lines as possible of course, which permits > only even-numbered IP addresses. > > Ideas? > > Rainman > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ports for Internet Mail
Let's use this scenario. 1. The clients are inside the corporate network, with private IP. Let's say 192.168.1.0, public range 202.166.1.0/28. The router is doing dynamic NAT. 2. The E-mail server is in the ISP. 3. Primary DNS is inside corporate network. I use following access-list, however the clients could not access internet mail. Is there any more ports I should open? Another question, for DNS, both TCP and UDP have port 'domain '. What's the difference? Following are examples of access-list: int s0 access-list 101 in access-list 101 permit tcp any 202.166.1.0 0.0.0.15 established access-list 101 permit tcp any 202.166.1.0 0.0.0.15 eq smtp access-list 101 permit tcp any 202.166.1.0 0.0.0.15 eq pop3 access-list 101 permit ip 202.166.1.0 0.0.0.15 any access-list 101 permit tcp any 202.166.1.0 0.0.0.15 eq domain access-list 101 permit udp any 202.166.1.0 0.0.0.15 eq domain ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Press Errors
go to www.ciscopress.com , there is correction for the book you mentioned. Regards, Dan West <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Does anyone know of websites/newsgroups that post > corrections to mistakes in Cisco Press publications? > They may be official or not-- I don't care. > > I found a subnet address error in the Routing TCP/IP > book for one of the static routing config examples. I > was pulling my hair out thinking I was not calculating > the subnet address correctly. That was an error I > could iron out myself but I am concerned about more > broad concepts and such that may be misprints... > > Thanks. > > = > Dan West -- CCNA > > __ > Do You Yahoo!? > Kick off your party with Yahoo! Invites. > http://invites.yahoo.com/ > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Encrytion speed of VPN
The Cisco VPN 3015 has encryption speed of 4Mbps, however what we want to encrypt is a 100Mbps link. Is it possible? The Cisco consultant told me these two speeds are different. However I wonder that if I want to encrypt all the traffic, what's the maximun bandwidth I could have. Thanks in advance for clear my concept. Daniel Ma Systems Engineer Enterprise Computing Unit Infonet Systems & Services Pte Ltd DID: (65)4616095 Fax: 4792289 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Encrytion speed of VPN
What we want to encrypt is a Wireless Lan. Because the wireless network is theorically a share network. For instance, someone steal a notebook which use wireless connection, then he could listen to all the traffic of the wireless network. For security reason, we propose to put a VPN between the access-points and backbone, so that the VPN could authenticate every wireless user and tunnel each user's traffic. The link between access-points and backbone will be 10/100 Mbps. The Cisco guy told me to use VPN 3015, however the 3015 only have the encryption speed of 4Mbps. Is it ture that this will limit my bandwidth to 4Mbps if I try to encrypt all traffic? Thanks for clear my concept. Daniel > -Original Message- > From: Chuck Larrieu [SMTP:[EMAIL PROTECTED]] > Sent: Saturday, July 08, 2000 8:04 AM > To: Daniel Ma; Cisco (E-mail) > Subject: RE: Encrytion speed of VPN > > The spec sheet at > http://www.cisco.com/univercd/cc/td/doc/pcat/3000.htm#xtocid131619 > shows that the CVPN 3060 has an encryption throughput of 100 megabits > > Now the question is, what is the speed of the link over which you will be > doing encryption / VPN tunneling? > > In terms of specifying the equipment you want to purchase, there would be > a > couple of things to look at. Once is the amount of expected traffic. > Another > is the number of expected simultaneous sessions. Third is the link over > which you are doing things. > > So if you have, say 10 simultaneous tunnels, and the aggregate traffic is > 500K, and your link line is a T-1, why would you want to pay for the > capability of doing 100 megabits? > > HTH > > Chuck > > > > -----Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Daniel Ma > Sent: Thursday, July 06, 2000 6:21 PM > To: Cisco (E-mail) > Subject: Encrytion speed of VPN > > The Cisco VPN 3015 has encryption speed of 4Mbps, however what we want to > encrypt is a 100Mbps link. Is it possible? The Cisco consultant told me > these two speeds are different. However I wonder that if I want to encrypt > all the traffic, what's the maximun bandwidth I could have. > > Thanks in advance for clear my concept. > > Daniel Ma > Systems Engineer > Enterprise Computing Unit > Infonet Systems & Services Pte Ltd > DID: (65)4616095 Fax: 4792289 > > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Any special ports for Outlook Web access?
Sorry, a little out of topic. We have installed an MS Exchange server behind the firewall, and opened the SMTP port for it. Now the customer requires Outlook Web Access. I just wonder whether we should open any other ports for this service, or just HTTP will do. Thanks, Daniel Ma Systems Engineer Enterprise Computing Unit Infonet Systems & Services Pte Ltd DID: (65)4616095 Fax: 4792289 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX Firewall without NAT [7:40871]
I am trying to configure a PIX firewall behind the Cayman DSL router. Because we only have one Public IP address which is used by Cayman router. I will use 192.168.1.x and 192.168.0.x for the two segments of PIX. Cayman router does NAT job for all users. In this case, could I configure the PIX without NAT, i.e., NAT (inside) 0 0.0.0.0 0.0.0.0 I wonder whether it works, internal users are still able to connect to internet. Thanks, Daniel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40871&t=40871 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Firewall without NAT [7:40871]
If I have a Mail server inside the Network. Let's say IP is192.168.0.2. How should I configure the Static, could I configure it as follows: static (inside, outside) 192.168.0.2 192.168.0.2 netmask 255.255.255.255 And I configure port Redirect on Cayman router, direct port 25 traffic to 192.168.0.2. Thanks, Daniel ""yangchun"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > hello daniel : > you can do it > ""Daniel Ma"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I am trying to configure a PIX firewall behind the Cayman DSL router. > > Because we only have one Public IP address which is used by Cayman router. > I > > will use 192.168.1.x and 192.168.0.x for the two segments of PIX. Cayman > > router does NAT job for all users. In this case, could I configure the PIX > > without NAT, i.e., > > NAT (inside) 0 0.0.0.0 0.0.0.0 > > > > I wonder whether it works, internal users are still able to connect to > > internet. > > > > Thanks, > > > > Daniel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40910&t=40871 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
configure VPN on PIX which behind PAT router [7:41090]
I am configuring a PIX firewall behind a Cayman DSL router. The whole network only has one public IP address which is on the DSL interface. I need to configure the PIX firewall for the remote VPN clients. My solution is to encapsulate all IPSEC traffic with TCP 1, or UDP 1, so the Cayman router could be configured Pinhole the port 1 to the PIX outside interface. But I could not find documents on how to configure it. It will be greatly appreciated if anyone could help me out, or probably you have better solutions. Thanks, Daniel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41090&t=41090 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Netlock VPN Client for Mac to PIX [7:44744]
I have configured PIX for remote VPN client. It works for Cisco VPN client, however Cisco does not have support to Mac 8-9. I downloaded the software from Netlock. However it failed in Phase 1. Then I upgraded the PIX to 6.2(1), it seems making some progress. However the connection is killed in the end of Phase 2 (I guess) with "return status is IKMP_NO_ERR_NO_TRANS ". Is anybody have experience in configuring VPN for Mac? I am attaching the log file, I do appreciate if someone could help me. Daniel crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 VPN Peer: ISAKMP: Added new peer: ip:63.11.28.147 Total VPN Peers:1 VPN Peer: ISAKMP: Peer ip:63.11.28.147 Ref cnt incremented to:1 Total VPN Peers: 1 OAK_AG exchange ISAKMP (0): processing SA payload. message ID = 0 ISAKMP (0): Checking ISAKMP transform 1 against priority 1 policy ISAKMP: encryption 3DES-CBC ISAKMP: hash SHA ISAKMP: extended auth pre-share ISAKMP: default group 2 ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x1 0xe1 0x33 0x80 ISAKMP (0): atts are not acceptable. Next payload is 3 ISAKMP (0): Checking ISAKMP transform 2 against priority 1 policy ISAKMP: encryption 3DES-CBC ISAKMP: hash MD5 ISAKMP: extended auth pre-share ISAKMP: default group 2 ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x1 0xe1 0x33 0x80 ISAKMP (0): atts are not acceptable. Next payload is 3 ISAKMP (0): Checking ISAKMP transform 3 against priority 1 policy ISAKMP: encryption 3DES-CBC ISAKMP: hash SHA ISAKMP: auth pre-share ISAKMP: default group 2 ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x1 0xe1 0x33 0x80 ISAKMP (0): atts are not acceptable. Next payload is 3 ISAKMP (0): Checking ISAKMP transform 4 against priority 1 policy ISAKMP: encryption 3DES-CBC ISAKMP: hash MD5 ISAKMP: auth pre-share ISAKMP: default group 2 ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x1 0xe1 0x33 0x80 ISAKMP (0): atts are acceptable. Next payload is 3 ISAKMP (0): processing KE payload. message ID = 0 ISAKMP (0): processing NONCE payload. message ID = 0 ISAKMP (0): processing ID payload. message ID = 0 ISAKMP (0): processing vendor id payload ISAKMP (0): received xauth v6 vendor id ISAKMP (0): processing vendor id payload ISAKMP (0): remote peer supports dead peer detection ISAKMP (0): processing vendor id payload ISAKMP (0): speaking to a Unity client ISAKMP: Created a peer node for 63.11.28.147 ISAKMP (0): ID payload next-payload : 10 type : 2 protocol : 17 port : 500 length : 16 ISAKMP (0): Total payload length: 20 return status is IKMP_NO_ERROR crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 OAK_AG exchange ISAKMP (0): processing HASH payload. message ID = 0 ISAKMP (0): processing NOTIFY payload 24578 protocol 1 spi 0, message ID = 0 ISAKMP (0): processing notify INITIAL_CONTACTIPSEC(key_engine): got a queue even t... IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP IPSEC(key_engine_delete_sas): delete all SAs shared with 63.11.28.147 ISAKMP (0): SA has been authenticated return status is IKMP_NO_ERROR ISAKMP (0): sending phase 1 RESPONDER_LIFETIME notify ISAKMP (0): sending NOTIFY message 24576 protocol 1 crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 OAK_QM exchange oakley_process_quick_mode: OAK_QM_IDLE ISAKMP (0): processing SA payload. message ID = 3752133894 ISAKMP : Checking IPSec proposal 1 ISAKMP: transform 1, ESP_3DES ISAKMP: attributes in transform: ISAKMP: encaps is 1 ISAKMP: authenticator is HMAC-SHA ISAKMP: SA life type in seconds ISAKMP: SA life duration (VPI) of 0x1 0xe1 0x33 0x80 IPSEC(validate_propos al): transform proposal (prot 3, trans 3, hmac_alg 2) not supported ISAKMP (0): atts not acceptable. Next payload is 0 ISAKMP : Checking IPSec proposal 2 ISAKMP: transform 1, ESP_3DES ISAKMP: attributes in transform: ISAKMP: encaps is 1 ISAKMP: authenticator is HMAC-MD5 ISAKMP: SA life type in seconds ISAKMP: SA life duration (VPI) of 0x1 0xe1 0x33 0x80 ISAKMP (0): atts are acceptable.IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) dest= 67.32.141.226, src= 63.11.28.147, dest_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4), src_proxy= 63.11.28.147/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4 ISAKMP (0): processing NONCE payload. message ID = 3752133894 ISAKMP (0): processing ID payload. message ID = 3752133894 ISAKMP (0): ID_IPV4_ADDR src 63.11.28.147 prot 0 port 0 ISAKMP (0): processing ID payload. message ID = 3752133894 ISAKMP (0): ID_IPV4_ADDR_RANGE dst 0.0.0.0/0.0.0.0 prot 0 port 0IPSEC(key_engine ): got a queue event... IPSEC(spi_response): getting spi 0xbc74b5c1(3161765313) for SA from 63.11.28.147 to 67.32.141.226 for prot 3 return status is IKMP_NO_ERROR crypto_isakmp_process_block: src 63.11.28.147, dest 67.32.141.226 OAK_QM exchange oakley_process_quick_mode: OAK_QM_AUTH_AWAIT ISAKMP (0): Creating IPSec SAs inboun
BGP route [7:21989]
One of my customer uses Ethernet0/0, instead of Loopback as update source. (See following sample configuration) interface Ethernet0/0 ip address 200.110.60.1 255.255.255.0 router bgp 12345 bgp log-neighbor-changes network 200.110.60.0 neighbor 144.200.200.239 remote-as 1234 neighbor 144.200.200.239 ebgp-multihop 2 neighbor 144.200.200.239 update-source Ethernet0/0 ip route 144.200.200.239 255.255.255.255 Serial1/0 However, ISP thought it's loopback address, so in their configuration, they has a static route: ip route 200.110.60.1 255.255.255.255 Serial 4/1 However, internet users could ping to the router, but could not access servers which in the same subnet of Ethernet 0/0. For example, 200.110.60.2 Apparently, the network 200.110.60.0 was not advertised by BGP. Could anyone tell me why, and give some suggestion? Temporally, we asked ISP change the static route to: ip route 200.110.60.0 255.255.255.0 Serial 4/1 It's working now. But BGP should be able to advertise the route, am I right? So what's the problem here? Thanks, Daniel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21989&t=21989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP route [7:21989]
Thanks Charles, Should I just turn off synchronization on my site only? Or ISP site the BGP peer also need to turn off? Daniel ""Charles Manafa"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Try turning off synchronization - "no sync" in the router bgp config. > > CM > - Original Message - > From: "Daniel Ma" > To: > Sent: Thursday, October 04, 2001 5:02 AM > Subject: BGP route [7:21989] > > > > One of my customer uses Ethernet0/0, instead of Loopback as update > > source. (See following sample configuration) > > > > interface Ethernet0/0 > > ip address 200.110.60.1 255.255.255.0 > > > > router bgp 12345 > > bgp log-neighbor-changes > > network 200.110.60.0 > > neighbor 144.200.200.239 remote-as 1234 > > neighbor 144.200.200.239 ebgp-multihop 2 > > neighbor 144.200.200.239 update-source Ethernet0/0 > > > > ip route 144.200.200.239 255.255.255.255 Serial1/0 > > > > However, ISP thought it's loopback address, so in their configuration, > > they has a static route: > > > > ip route 200.110.60.1 255.255.255.255 Serial 4/1 > > > > However, internet users could ping to the router, but could not access > > servers which in the same subnet of Ethernet 0/0. For example, > > 200.110.60.2 > > > > Apparently, the network 200.110.60.0 was not advertised by BGP. Could > > anyone tell me why, and give some suggestion? Temporally, we asked ISP > > change the static route to: > > ip route 200.110.60.0 255.255.255.0 Serial 4/1 > > > > It's working now. But BGP should be able to advertise the route, am I > > right? So what's the problem here? > > > > Thanks, > > > > Daniel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=22028&t=21989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Solution for Site to site Wireless connection [7:22101]
We deployed some wireless bridges with 11Mbps throughput. We are seeking solutions which are not too expensive to encrypt 11Mbps. However, we calculated the cost, if we use cisco 2600 with VPN card, for one pair, the price easily goes over $15,000. Could any one provide solution around or under $10,000. Regardless the brand of products, as long as it works fine. Thanks, Daniel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=22101&t=22101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
