RE: PIX w/ 3 Interfaces
Title: RE: PIX w/ 3 Interfaces The implementation you are speaking of is quite common actually. The hard part is your security requirements. A good starting point is to list ALL traffic that will be required to reach your DMZ (for example, HTTP, HTTPS, FTP, etc...). Once listed, you can create your rules; it would be rather lengthy to list everything here, so be sure to RTFM (see links below). You might want to check out the following links for PIX information (remember to watch the wrap)! The information can be readily found on CCO. Although the links shown here may be a bit dated (in terms of SW release), it should give you a good understanding of the mechanics behind the installation and configuration of the PIX. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v42/pix42cfg/ http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v42/pix42cfg/pix42cfg.htm BTW - if you haven't, verify that you have a license that will allow you to add another interface to the PIX. HTH. Michael Dingeldey CCDA, CCNP Senior Network Engineer Interactive Business Systems Ph: (734) 542-9137 Fx: (734) 542-9149 -Original Message- From: SH Wesson [mailto:[EMAIL PROTECTED]] Sent: Monday, October 23, 2000 5:27 PM To: [EMAIL PROTECTED] Subject: PIX w/ 3 Interfaces Currently my PIX has two interfaces. I'm getting ready to add another interface to my PIX to make it 3 interfaces to make a separate DMZ network. My question is, when a user on the outside tries to access a server on on the network on the inside (not dmz), is that doable. Also, I haven't been able to find a full blown very very detailed sample config of a 3 interface PIX configuration. If someone could share their 3 interface PIX configuratin with me, I would greatly appreciate it. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Companies requiring proof of previous salary
Title: RE: Companies requiring proof of previous salary Another way to look at this issue has been highlighted at the website www.headhunter.com . If anyone is seriously considering changing positions, this site is a must! There have always been discussions in regards to salary; as has been indicated, many companies want your previous history so that they can be cheap. The best method to protect the information is to specify that your compensation data is covered under a confidentiality agreement; usually, any good corporation will recognize that. Of course, it *is* a good idea to verify this before saying it... HTH. Michael Dingeldey CCDA, CCNP Senior Network Engineer Interactive Business Systems Ph: (734) 542-9137 Fx: (734) 542-9149 -Original Message- From: Kenneth Lorenzo [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 08, 2000 9:05 PM To: [EMAIL PROTECTED] Subject: Re: Companies requiring proof of previous salary Unless you're dying to have the job, I think you should tell them that you are not going to tell them how much you're making right now. Like other guys have said, this is one way for them to cheap out on you. This potentially tells a lot about the potential employer, too. Stephane Wantou Siantou [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]" TARGET="_blank">news:[EMAIL PROTECTED]... Hey Guys, I recently had an interview with a company that requires proof of my previous salary. I don't want to show them anything about my previous salary. How do you think I can go about it? Thanks **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Microsoft Radius (IAS)
Title: RE: Microsoft Radius (IAS) By chance did you configure the correct port numbers on your router? Michael Dingeldey CCDA, CCNP Senior Network Engineer Interactive Business Systems Ph: (734) 542-9137 Fx: (734) 542-9149 -Original Message- From: Tony Russell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 09, 2000 1:17 PM To: '[EMAIL PROTECTED]' Subject: Microsoft Radius (IAS) Has any successfully used Microsoft Radius (Internet Authentication Server) with a cisco router. If so, what is the trick. Any special things to know about. I installed IAS and configured and started the service on my NT box. Set the shared secret and client address fields. I also setup the router using the approriate radius server, key and aaa commands. When ever I try to authenticate, it fails. I can check my event log in NT to see that the router did try to use the Radius server for authentication, but it fails everytime. Any tips. Tony Russell ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX and WIN NT Proxy Server.
Title: RE: PIX and WIN NT Proxy Server. We are trying to deploy the PIX 520 with Windows NT Proxy servers for authentication and Caching. Could anyone who has done this point me to the Pros and Cons of this. Any Web site or white paper would be extremely helpfull. From what I have implemented (and seen), this has been a fairly common setup. By implementing MS Proxy as a cache server (be sure to use a single NIC and NO rules), you will be able to cache all the common (static) pages that all your users visit; this will improve response times and potentially increase your available bandwidth. MS Proxy does operate as a pretty good cache. Of course, there are a couple of added benefits too - If you require all users to be authenticated via the proxy server (say were using SOCKS), you can configure the PIX so that it will only allow outbound traffic from a specific IP address, thereby conserving your connection count (you essentially allow only one address to access the internet). Using a cache server makes certain administrative tasks easier as well, especially if you have to block access to various sites (either directly or via WebSence). There are a couple of things to keep in mind. Depending on how everything is configured, you may need to install and configure a DNS caching server. If you are using PrivateI, some of your reports may break - since a cache is installed, there will only be one originating address. If you need any white papers, you might want to go out and search CCO (sorry, I don't have any of that information bookmaarked). As to other Pros and Cons, all I can say is that it depends on what you *really* want to do. Sorry. HTH. Michael Dingeldey CCDA, CCNP Senior Network Engineer Interactive Business Systems Ph: (734) 542-9137 Fx: (734) 542-9149
RE: Slightly OT: Telco Line Problems
Title: RE: Slightly OT: Telco Line Problems Hmm and it's not the fault of USWorst? A couple of things come to mind - You may in fact have a bad CSU; can you replace it with another unit and see what happens? How far are you from your demarc (where the line enters the building)? And how is your line build-out set? Are you running hot? BTW - what haven't they replaced? I have had arguments in the past with Telcos and providers who swear that their equipment is not at fault. Once they finally replace their equipment (usually their line interface), everything works fine. HTH - that's my $.02 Mike Dingeldey -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 27, 2000 12:11 PM To: [EMAIL PROTECTED] Subject: Slightly OT: Telco Line Problems We are having some odd line problems at one of our branches that none of us have been able to figure out so I thought I'd throw this one out to the group. From time to time, sometimes many weeks in between events, our csu/dsu begins to report OOF and AIS (T1 yellow alarm) errors, but the line will stay up for a while. Then, at some point, we'll get a T1 red alarm and the circuit will die. We call USWest who then tests the line. According to them, they've replaced just about everything between the CO and our location, and the line tests clean. Friday it was bouncing every 30-60 seconds so we had them test it again. Since the test, it has been error free but they claim not to have discovered any problems. This is the endless cycle so far: the line dies, they test, they report no problems, line mysteriously works fine after test for a several weeks, the line has problems, the line dies, they test...etc. My only remaining guesses are these two: bad csu/dsu that isn't bad all the time, or intermittent problems at the location (we share it with a very large supermarket.) Any thoughts? TIA, John Neiberger, CCNA/CCDA ___ Get 100% FREE Internet Access powered by Excite Visit http://freelane.excite.com/freeisp ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Win2000 HyperTerminal
Title: RE: Win2000 HyperTerminal Well, you could always try CTRL-P :) Good Luck. -Original Message- From: Douglas James Howe [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 22, 2000 10:34 AM To: [EMAIL PROTECTED] Subject: Re: Win2000 HyperTerminal Telnet into a router using the DOS box. Westmoreland, Alexis [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]" TARGET="_blank">news:[EMAIL PROTECTED]... I have noticed that the up arrow does not work (to repeat the line on cisco routers) with the Win2000 vers of HyperTerminal. Does anyone know a fix for this problem? I have tried upgrading it to no avail. Thanks in advance. Thanks Alexis A. Westmoreland Getronics Network Engineer (713)852-5402 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
