Re: Vietnamese CCNP group [7:38057]
Bitch, This is not Chinese or Korean. I don't think this is rubbish either. Do some research before open your foul mouth. HTH, Jim --- Mphekeleli Dhlamini wrote: I don't usually reply or ask on these groupstudy,but I think these is not acceptable under any circumstances.If people can just have manners and morals when involving like the discussion boards.I just can't what people will say if I post in my Zulu language knowing for a fact that these won't make sense to most if not all the people who are going to receive these.Waste of bandwidth.. Can you please go and start your own Chinese/Korean or whatever group where they'll understand these rubbish you have written here please. I'm not expecting any replies from the author of these s@$t! People must keep focus sometimes.Forget your democratic country and behave like a responsible human being. Pc9101 2002-03-13 05:24:42 Hi all +ACE- O day co ai dang o Ha NOi - Viet Nam , minh setup CCNP group di . Toi xin tu gioi thieu dang lam cho mot cong ty dinh dang den thiet bi cua Cisco. Va dang hoc thi BCRAN. Chung ta co the trao doi, bat ke trinh do, chi can su nhiet tinh. Hy vong co phan hoi cua cac ban [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38251t=38057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: you American need to think [7:38323]
Sorry for wasting your bandwidth, but I have to say this. Being rich is good; being smart is good. But if you treat others like sxxt, others will treat you like sxxt too. Think about this: if you are a CCNA and your CCIE co-worker say your stupid or dumb, will you respect him? There are so many knowledgeable and friendly people on this list, but there are some rude and arrogant people too. I agree that Bin Laden is a murderer, an evil, but you American need to think why he only attacks US, not Germany or Russia or Japan or others. Show some respect to others, it won't make you poor. Also remember that there are always someone richer and smarter than you. Over. Dismiss. Jim __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38323t=38323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: concentrator 3000 vs. checkpoint vpn [7:37474]
Agree. I used both, Concentrator is very impressive. Support from Cisco TAC is great. Checkpoint VPN is good too, but their support is horrible. And their licensing is confusing. Jim --- Joseph Brunner wrote: The checkpoint is the black sheep of the industry. It is a poorly documented, un-intuative, overly licensed B.S. interface. The checkpoint where I used to work (nokia IP 440) reminded me of this cartoon with porky pig and daffy duck. Porky pig gets a hotel room for .10Cents. The mouse comes and starts chewing celery so he can't sleep. Then daffy wants like $10 for a cat to get rid of the mouse. Then the cat keeps him from sleeping so daffy wants $20 for a dog to get rid of the cat, and its goes all the way till an elephant to get rid of a lion for several hundred dollars. And guess what gets rid of the elephant, (now taking up all the space in his hotel room) ? You guessed it a MOUSE !. Moral of the story, they string you along with different answers on each call (so issues just go in circles), the licenses make the product too expensive, while not as good at VPN tunneling as a Cisco VPN Concentrator, which comes with 100 USERS for only around $4K. The Checkpoint is garbage. Avoid it at all costs. Long live Altiga (Cisco) VPNs. Joseph Brunner ASN 21572 MortgageIT MITLending New York, NY 10038 (212) 651 - 7695 Voice -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 07, 2002 2:18 AM To: [EMAIL PROTECTED] Subject: RE: concentrator 3000 vs. checkpoint vpn [7:37474] I've worked with the 3000 concentrator but not with the Checkpoint. The 3000 is very user friendly and easy to use. You have to do minor configuration via console and then you're off with the web interface which is very simple to use. I can't make a recommendation for which you should buy but the Cisco products always make me happy. I've set up a vpn tunnel from a cisco router to a checkpoint firewall and it seemed like the person on the configuring end of the checkpoint had a lot of problems with upgrading software and technical support but that may have been a one person scenario. I can't say for sure. Jason -Original Message- From: Colin [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 07, 2002 8:03 AM To: [EMAIL PROTECTED] Subject: Re: concentrator 3000 vs. checkpoint vpn [7:37474] I haven't used both but I had to reply. I had set up a CheckPoint SecuRemote VPN, the VPN package that came with CP 2000 on a Nokia box and I have to say, it's not worth the hassle. CP tossed in the VPN component as a selling point so they could say, Hey our firewall does it all. I should also mention that their documentation on getting SecuRemote up and running is sad, if not almost non-existent. Colin Alex Lei wrote: Group, Has anyone used both concentrator 3000 and checkpoint vpn (either software or hardware)? What are each's advantages and disadvantages? I am interested in the following factors: Ease of installation and configuration, security, manageability, reporting and logging, scalability, and pricing. I've searched the archives but couldn't find any real world advices. Thanks, Alex [EMAIL PROTECTED] __ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37758t=37474 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DHCP [7:37757]
Hello, I used to use Linksys router connect to cable modem. Linksys router outside interface gets IP addresses, default gateway and DNS from ISP, then it will give DNS information to inside PCs. Will 1605 router do the same thing? My 1605 only gets IP address, not DNS (I turned on debug and noticed this). How do I have 1605 get DNS and pass on to inside PCs? By the way, both Linksys and 1605 were configured to use PAT. Thanks in advance. Jim __ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37757t=37757 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame Relay lab scenario.... needing help. [7:36929]
Mark, I think you don't use frame map, you need to use frame-relay route xxx on the switch. Also use frame-relay switching in global configuration mode. HTH. Jim --- Mark Odette II wrote: Chuck, et. al., I'm working on a scenario that I'm sure many others have already crossed paths with before too, but I'm at a state of confusion. That scenario is this: 2 Routers acting as end-points of a frame-relay network, with a 3rd router acting as the frame switch. 1700R1 --- 2600FR/Sw --- 1700R2 The objective: Create FR P-to-P connection with the two 1700s via the 2600. (This is a no brainer for me.) Create FR connection from 1700's to 2600 {on a different DLCI} that gives access to the Internet off of the 2600's Ethernet Interface. (This is the part that I am stuck on.) The simulation is that of two sites that connect to each other via private frame cloud (small PVCs), but also connect to local FR POPs for Internet access. I've read through examples off of CCO, but didn't have any light bulbs suddenly and graciously appear above my head. I believe the way to do such a thing is to configure the following: On 1700R1: int s0.200 point-to-point {ip address 192.168.10.??? --- not sure about this} frame-relay interface-dlci 48 ip routing router rip ver 2 network 192.168.10.0 On 1700R2: int s0.210 point-to-point {ip address 192.168.10.??? --- not sure about this} frame-relay interface-dlci 49 ip routing router rip ver 2 network 192.168.10.0 On 2600: int s0/0 frame-relay map ip 192.168.10.248 48 int s0/1 frame-relay map ip 192.168.10.249 49 int fa0/0 ip address 192.168.10.250 255.255.255.0 ip routing router rip ver 2 network 192.168.10.0 My problem is, even on the FR Switch, after creating the frame map on the interface, and then verifying the ip routing table, I still can't ping (from the console of the frame switch) the interface noted with the frame map... i.e., pinging 192.168.10.248 from the console of same router yields : . 0 Success, 5 Failure :( So can someone give me some guide/tips as to what I'm doing wrong?!?! Thanks, Mark Odette II Nearly all men can stand adversity, but if you want to test a man's character, give him power.-Abraham Lincoln [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Greetings - Send FREE e-cards for every occasion! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36935t=36929 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PPPoE [7:36910]
Hello, I found a sample config for PPPoE on CCO, it's 1700 talking to 6400. I have a PPPoE client using 1750 but I don't know if ISP uses 6400. Will 1750 work with other PPPoE servers? Thanks. Jim __ Do You Yahoo!? Yahoo! Greetings - Send FREE e-cards for every occasion! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36910t=36910 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: netmeeting problem [7:36524]
Hello, I've got a netmeeting server, when users logon, only first 2 users can see video, others can only use white board, share directories. What's wrong? Thanks. Jim __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36524t=36524 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CallManager: Attendant DN [7:35048]
Hello, When I tried to configure analog gateway under callmanager, there is an item Attendant DN needs to be configured. What's Attendant DN? Thanks in advance. Jim __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35048t=35048 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Concentrator 3030 RADIUS authentication [7:34537]
Hello, I'm trying to set up authenticating groups externally through RADIUS. I created a group and changed the type to External. On my RADIUS server (Safeword 5.1), I created a group with the same name on 3030. Users couldn't get authenticated. On 3030 log, it said user unspecific. Any thoughts? Thanks. Jim __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34537t=34537 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Concentrator 3030 RADIUS authentication [7:34537]
I think once External type is selected, all other functions are disabled. I guess Concentrator will pass authentication/authorization request to Radius. Anyone knows what attributes Concentrator 3030 talks to Radius server? Thanks again. Jim --- Joseph Brunner wrote: Configuration | User Management | Groups | Modify For the group under IPSEC you need to specify the authentication method (Internal, NT Domain, Radius, SDI, etc) in addition to labeling it an external group. once you do this if it still will not work, then do some debugs under Configuration | System | Events | Classes for all 3 auth's Joseph Brunner ASN 21572 MortgageIT MITLending New York, NY 10038 (212) 651 - 7695 Voice (212) 651 - 7795 Fax -Original Message- From: Jim Bond [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 5:50 PM To: [EMAIL PROTECTED] Subject: Concentrator 3030 RADIUS authentication [7:34537] Hello, I'm trying to set up authenticating groups externally through RADIUS. I created a group and changed the type to External. On my RADIUS server (Safeword 5.1), I created a group with the same name on 3030. Users couldn't get authenticated. On 3030 log, it said user unspecific. Any thoughts? Thanks. Jim __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com [EMAIL PROTECTED] __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34576t=34537 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
dumb wireless question [7:34433]
Hello, What's the difference between wireless access point and wireless workgroup bridge? Thanks in advance. Jim __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34433t=34433 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
where is wireless training online? [7:34003]
Hello, I heard that Cisco has wireless training online but I couldn't find it. Anyone knows where it is? Thanks in advance. Jim __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34003t=34003 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
network monitor software [7:33785]
Hello, I'm trying to see who is the top talker in a network and what traffic it sends out. Any shareware network monitor software I can use? Thanks in advance. Jim __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33785t=33785 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
network monitor software [7:33786]
Hello,I'm trying to see who is the top talker in a network and what traffic it sends out. Any shareware networkmonitor software I can use? Thanks in advance. Jim __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33786t=33786 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Data and Voice PRI [7:32997]
Hello, One of my customers want to link their 2 offices together (They don't have data connection between 2 offices now) and they are thinking using the same PRI line for both voice and data. My question is: Is there a difference between voice PRI and data PRI? If so, do I need to tell provider which one I want? Or there is some kind of multiplexer? Thanks in advance. Jim __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32997t=32997 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
eigrp summary [7:32753]
Hello, We are replacing a 4700 router with a 7507 router. EIGRP interface summary stopped working. Both IOS are 12.0(7). We tried 12.1 and 12.2 on 7507, same thing. Looks like it's not IOS bug. Anyone has the same problem? We use ip summary eigrp 100 178.12.0.0 255.255.0.0 command under one of 7507 router interfaces. Thanks in advance. Jim __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32753t=32753 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - Half.com book purchase [7:32234]
I ordered one too. I have a choice of priority mail. I guess it's depend on the seller. I wanted to use bookpool but the book I want is not available there. Jim --- Chuck Larrieu wrote: Based on my first experience with this means of purchasing books, I have the following observations: 1) price is great 2) service / delivery sucks Don't be in a hurry when you use this subsidiary of e-bay. from the postmark to my hands was about a week, but the postmark is two weeks after I placed the order and the order was accepted. you have no choice for shipping. media mail ( media is apparently Eskimo for dog sled via the north pole ) is the only option. reading the site, I see that comments from other customers are all over the board. about equal good and bad. the bad all revolve around turnaround time. I chose half.com because they claimed to have the book in stock at the time I was ordering. Other places stated no availability. I suspect a part of the problem with the particular book I ordered is that is it is newly released, and the seller ( some small shop in New Jersey ) accepted my bid thinking they could get the book through distribution and found they had to wait for the release. for my money, bookpool is still the way to go. [EMAIL PROTECTED] __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32323t=32234 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: **stupid router tricks [7:32213]
Or change the router hostname to Router(boot) or rommon Jim --- Priscilla Oppenheimer wrote: I once had a student who Telnetted to every other router in the lab and changed the banner message of the day to say something like: SYNTAX ERROR ROUTER CANNOT INITIALIZE CONTACT CISCO TECHNICAL SUPPORT IMMEDIATELY Another good one is to change the router's hostname to # or or to the name of some other router that you frequently Telnet to. ;-) Priscilla At 04:12 PM 1/16/02, Eric Waguespack wrote: over the years, of working on cisco routers lurking in this group, I have learned a few 'cool' tricks you can do with cisco routers, has anyone seen a compiled list of stupid router tricks ? e.g. -making your router a dhcp server -making your router a tftp server -back to back frame relay (no dedicated frame-relay switch) -ip over aux port -login without a password (conf t - line vty 0 4 - privilege level 15) here is where my memory fails me, can you guys think of anymore? __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Priscilla Oppenheimer http://www.priscilla.com [EMAIL PROTECTED] __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32330t=32213 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPSec passthrough [7:32338]
Hello, One of my clients use Cisco VPN client behind a SpeedStream 5660 DSL router to connect to a 3030 but it doesn't work. I remembered seeing enable IPSec passthrough on other routers, but there is no such option on SpeedStream 5660. What's IPSec passthrough? Does it do anything on the IP packets? Thanks in advance. Jim __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32338t=32338 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DHCP coonection on Cisco Router [7:31559]
Regarding your secondary IP, if you use NAT, this will not work because you can't put both ip nat inside and ip nat outside under 1 ethernet interface. A cheaper router will be a 1605, I guess. Jim --- Steven A. Ridder wrote: 2514 supports 2 eth ints. or you may be able to get two cheap 2501's and string them together via serial. I've always wanted to try secondary addressing on 1 interface. The main would get it's IP via DHCP, and the secondary address would be the private IP. Always wanted to know if this would work. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31576t=31559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VOIP [7:31615]
Under global configuration mode, type in enable voip and you are all set... Seriously, though I'm not VOIP expert, I think you need to provide a whole lot more information before anyone can help you... Jim --- Amit Bhasin wrote: Hi all, I have to configure VOIP at my end, i am working on CISCO equippment.. Router: Cisco 3660 RAS: AS 5300 can anyone tell me how to go about configuring it at my end.. Regards, Amit Bhasin _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com [EMAIL PROTECTED] __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31620t=31615 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VOIP dial plan [7:31487]
Hello, I've got a question on dial plan. We've got (208) 472- as DID numbers in our campus, I'd like to use the last 5 digits: 2 in our campus VOIP and 7 digits (no area code) in other offices. In our NY office, we have (845) 288- as regular DID numbers. Is it possible to make 288- goes to NY and 2 stays in our campus? Will the beginning number 2 create any conflict? Thanks in advance. Jim __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31487t=31487 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AS 5300 [7:31394]
Dave, How about ISDN users using ISDN cards? Any difference between ISDN router and ISDN card? Thanks in advance. Jim --- MADMAN wrote: Absolutely, there are plenty of examples on CCO but for a small bribe I can give you a working config ;) Dave Amit Bhasin wrote: Hi all, i need to know whether we can configure Even PRI on Cisco AS 5300 RAS and use it for ISDN and analog Dial-Up users simentaniously.If yes can anyone tell me what will be the configartion commands for as such. Regards, Amit Bhasin -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it [EMAIL PROTECTED] __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31490t=31394 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN voice call and data call [7:31498]
Hello, Anyone knows why ISDN voice call is cheaper than ISDN data call? Thanks in advance. Jim __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31498t=31498 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Call Manager 3.1 [7:31335]
Hello, I'm wondering if I can load CallManager 3.1 on any Compaq server or I have to buy from Cisco? I got error message This application may only be installed on servers that were deployed using the standard Cisco-approved process when I tried to install it. Thanks in advance. Jim __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31335t=31335 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cisco voip [7:31100]
Hello, I'd like to study Cisco VOIP. But there are too many papers on CCO. Anyone can recommend a good URL or book? Thanks in advance. Jim __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31100t=31100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
wireless max distance question [7:30822]
Hello, One of my clients has 2 buildings, distance around 1 mile. They are considering using Cisco wireless solution. I checked Cisco web site and found 350 only supports 2000 feet outdoor at 1MB. I'm wondering if I can use some kind of antenna? Does Cisco make bigger antenna? Thanks in advance. Jim __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30822t=30822 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco to CheckPoint VPN problem, help!! [7:29858]
Hello, I followed this link to configure a 1605 router to CheckPoint 4.1: http://www.cisco.com/warp/public/707/cp-r.shtml My network is: 192.168.2.1-(1605)-16.191.40.9916.191.40.39-(checkpoint)-192.168.1.1 VPN tunnel could not established, here is the debug output from 1605 router: 00:01:29: ISAKMP: reserved not zero on payload 5! 00:01:29: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 16.191.40.39 failed it s sanity check or is malformed 00:01:29: ISAKMP (1): sending packet to 16.191.40.39 (I) QM_IDLE 00:01:29: ISAKMP (1): received packet from 16.191.40.39 (I) QM_IDLE 00:01:29: ISAKMP: reserved not zero on payload 5! 00:01:29: ISAKMP (1): sending packet to 16.191.40.39 (I) QM_IDLE 00:01:29: generate hmac context for conn id 1 00:01:29: ISAKMP (1): deleting SA Looks like there is something wrong on the CheckPoint. Log was turned on at CheckPoint but didn't capture any info. Is there anything wrong with Cisco sample configuration? Or anything I missed? Thanks in advance. Jim __ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29858t=29858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Metro Ethernet [7:29457]
Hello, Anyone has experience with Metro Ethernet? Is it good? (on pricing, availability, QOS etc.)? Thanks in advance. Jim __ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29457t=29457 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
telnet session timeout [7:29028]
Hello, I added exec-timeout 0 0 under line vty 0 4, hoping that I won't get timeout when telnetting to a router. Is this the right command? It doesn't work on my routers. Thanks in advance. Jim __ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29028t=29028 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN nat twice [7:27589]
Hello, I've got clients using Cisco VPN client connect to VPN concentrator at HQ. There are some clients have to be NATed twice. Will this work? Theriotically, I think it should work, but it's not documented on CCO. Anyone got a link? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27589t=27589 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
upgrade 1605 IOS through console [7:27613]
Hello, I have a 1605 in Europe that I can dial into its console. I was trying to load IOS but failed several times with error message limit error exceeded. I was using Hypertermial. Anyone knows what's wrong? Also, I'd like to change speed to 115K, does 1605 support it? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27613t=27613 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco ACS/Telnet config [7:27648]
Maybe add ip tac source e0; password in vty is not necessary. Run debug aaa authen and debug aaa author may help too. HTH. Jim --- Richard wrote: Looking at the config below, can anyone tell me where I might go wrong that prevent me from telneting to this router? I am able to use the same account from Cisco ACS 2.6 to log onto the console, but not through telnet. Thanks in advance for your help Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! aaa new-model aaa authentication login default tacacs+ aaa authentication login no_tacacs enable aaa authentication enable default tacacs+ aaa authentication ppp default tacacs+ aaa authorization exec default tacacs+ aaa authorization exec no_tacacs local aaa authorization network default tacacs+ aaa authorization network no_tacacs local aaa accounting exec default start-stop tacacs+ aaa accounting network default start-stop tacacs+ enable password enable ! ip subnet-zero ! ! ! interface Ethernet0 ip address 5.1.1.4 255.255.255.0 no ip directed-broadcast ! interface Serial0 no ip address no ip directed-broadcast no ip mroute-cache shutdown no fair-queue ! interface Serial1 no ip address no ip directed-broadcast shutdown ! ip classless ! tacacs-server host 5.1.1.1 single-connection tacacs-server key cisco ! line con 0 transport input none line aux 0 line vty 0 4 password line ! end [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27654t=27648 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
dumb IP multicast question [7:27399]
Hello, We have FDDI ring around campus, about 20 7500 routers. We have other 2 7500 routers, 1 as frame hub for international and 1 as frame hub for domestic. We'd like to implement multicast technology. I'm thinking use the 2 hub routers and one of FDDI routers as Auto-RP and RP agents. Is this a good idea? Should I select the FDDI router that is in the same subnet with the 2 hub routers? By the way, multicast source can be anywhere on the network. Thanks in advance. Jim __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27399t=27399 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPSec VPN [7:26137]
Hello, We've got 3660 at central office and PIX at satellite ofices to do IPSec VPN. Sometimes PIX couldn't connect 3660 and I have to reboot 3660 to make it work. I'm wondering if there is a easy way, say clear the connection, so I don't have to reboot the 3660? Thanks in advance. Jim __ Do You Yahoo!? Find the one for you at Yahoo! Personals http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=26137t=26137 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
EIGRP problem [7:26189]
Hello, We have a 4500 (IOS 11.2.16 IP) at hub with static default gateway configured, then redistribute into EIGRP. Sometimes, this default route is missing on spoke routers. I suspect it's an IOS bug, but I couldn't find it in CCO Bug Navigator. Anyone has the same problem? Thanks in advance. Jim __ Do You Yahoo!? Find the one for you at Yahoo! Personals http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=26189t=26189 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: worst company [7:25033]
Hello, I had a very bad experience with Checkpoint and am wondering if anyone had the same problem. One of my clients wanted to try Checkpoint VPN-1 so I filled out online eval form a month ago. A sales rep called me the next day and said a reseller would contact me in 5-10 days (5-10 minutes would make more sense). I didn't hear nothing in 3 weeks so I filled out online eval form again (I lost that rep's phone number) and another sales rep called me said the same thing. Now another week passed and I still didn't hear nothing. My client is very unhappy so he decide to go with Cisco. Is Checkpoint's business so good that they couldn't handle or what? Anyway, Checkpoint lost my client and I would never work with them again. Jim __ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25033t=25033 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSPM for IDS [7:24727]
Hello, I'm trying to setup CSMP. On Netranger side, I got sync NOT received error. Network connection is good. What might be the problem? Thanks a lot. Jim __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24727t=24727 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ip direct-broadcast [7:24160]
Hello, I'm wondering what ip direct-broadcast does? If I have a PC with IP 10.1.1.2, default to 10.1.1.1, which is a router configured with ip direct-broadcast. Does it mean all 10.1.1.255 traffic will be forward to other subnets? Thanks in advance. Jim __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24160t=24160 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ospf point-to-multipoint [7:23655]
Hello, On Jeff Doyle's TCP/IP volume I, P417 it says point-to-multipoint is multicast; P433 it says it's unicast. Which one is correct? Thanks in advance. Jim __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=23655t=23655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
EIGRP problem [7:21510]
Hello, We have about 20 core routers running EIGRP. For some reason, EIGRP recaculated ALL routes every 10-15 hours. This seems odd because I think EIGRP will only caculate effected routes, right? I turned on debug ip eigrp notification on some routers but didn't find anything wrong. How do I find the problem? Thanks in advance. Jim __ Do You Yahoo!? Listen to your Yahoo! Mail messages from any phone. http://phone.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21510t=21510 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
policy route [7:21044]
Hello, I have 2 routers running HSRP in a small office. I want SMTP traffic go through standby router so I configured policy route on active router that all SMTP traffic, send to standby router. But it doesn't work. I'm wondering if policy route will work this way? At active router: interface e0 ip address 10.1.1.2 255.255.255.0 ip policy route-map SMTP standby ip 10.1.1.1 ... route-map SMTP permit 10 match ip address 102 set ip next-hop 10.1.1.3 !standby router ethernet ... access-list 102 permit tcp any any eq 25 Thanks in advance. Jim __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21044t=21044 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: policy route [7:21044]
I have to disagree. The standby router has static route point to the other side. Once traffic gets to standby, it should route... Jim --- Liang Mark J Civ AFRL/PROI wrote: Standby is stanby, it doesn't do any routing until the active router goes down. Regards, Mark, -Original Message- From: Jim Bond [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 11:52 AM To: [EMAIL PROTECTED] Subject: policy route [7:21044] Hello, I have 2 routers running HSRP in a small office. I want SMTP traffic go through standby router so I configured policy route on active router that all SMTP traffic, send to standby router. But it doesn't work. I'm wondering if policy route will work this way? At active router: interface e0 ip address 10.1.1.2 255.255.255.0 ip policy route-map SMTP standby ip 10.1.1.1 ... route-map SMTP permit 10 match ip address 102 set ip next-hop 10.1.1.3 !standby router ethernet ... access-list 102 permit tcp any any eq 25 Thanks in advance. Jim __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com [EMAIL PROTECTED] __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21062t=21044 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
frame relay question [7:20609]
Hello, We have ATT frame line between US and Asia. Sometimes frame line is not available (therefore ISDN backup kicked in). But the weird thing is on both side frame routers, show serial interface says up. I couldn't ping between the 2 frame routers. Worse, on the syslog server, the link down was not captured 'cause the serial were still up. What can I do to collect some fact and data so I can yell at ATT? Thanks in advance. Jim __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20609t=20609 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: frame relay question [7:20609]
Nice try, but no, keepalive is not disabled. By the way, sometimes, interface will go down... --- Ole Drews Jensen wrote: I don't know if this is the problem, but if you have keepalives disabled with the 'no keepalive' command, the link will stay up even though the PVC goes down. A 'show conf' from both routers would help. Hth, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Jim Bond [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 4:56 PM To: [EMAIL PROTECTED] Subject: frame relay question [7:20609] Hello, We have ATT frame line between US and Asia. Sometimes frame line is not available (therefore ISDN backup kicked in). But the weird thing is on both side frame routers, show serial interface says up. I couldn't ping between the 2 frame routers. Worse, on the syslog server, the link down was not captured 'cause the serial were still up. What can I do to collect some fact and data so I can yell at ATT? Thanks in advance. Jim __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ [EMAIL PROTECTED] __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20616t=20609 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN to a PIX 506 version 6 [7:20593]
I have no problem with PIX to 3000 client 3 client. You have to create tunnel on PIX, not on client. Are you using sample config from TAC center? If so, you have to add one more access-list to create the tunnel, they forget to put it there... HTH. Jim --- Kevin McIntyre wrote: I am attempting to set up our PIX 506 to allow 3DES IPSEC VPNs to be created over the internet from a client dialed to local ISP. I have tried many clients but am having a horrible time with Cisco's 3000 version 3 client. (some workstations will be Win2k therefore ruling out the secure client). When I bring the tunnel up I have no routes to enable the workstation to use the tunnel? Am I doing something wrong, using wrong client etc??? Kevin [EMAIL PROTECTED] __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20618t=20593 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: passive FTP [7:20623]
Hello, I'm wondering where can I get a passive FTP client? Thanks in advance. Jim __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20623t=20623 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VPN Client [7:19858]
Looks like it's a split-tunnel problem. Once you lunch VPN, all traffic will be encrypted, other local machines couldn't decrypt the data. You can enable split-tunnel on 3000, tell it only traffic to your main office needs to be encrypted. HTH. Jim --- George Kallingal wrote: I have a question about the Cisco VPN Client software and how it binds its driver to a network card. We have an NT server that we are connecting to a remote network using the Cisco VPN Client (to a Concentrator 3000, I believe). Upon connection through the VPN, I lose connectivity to the other servers on the local network. Is there a way to maintain the local area connection while connected over VPN? I tried to multi-home the server and unbind the DNE driver for one network card, but that just disabled the network card. Has anyone experienced this before? Are there any workarounds? Fixes? Or does this require a call to Cisco TAC? Thanks. George [EMAIL PROTECTED] __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19883t=19858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PPPoE with PIX? [7:18323]
Hello, My client is currently using Linksys router (2 ethernet ports) connect to ISP DSL modem. The Linksys was configured to use PPPoE. I'm trying to replace the Linksys with a PIX 506 or 1720 router, Is there a way to configure PPPoE on them? Thanks in advance. Jim __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18323t=18323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
how to make a router firewall? [7:18268]
Hello, I'm trying to make a 1720 router as firewall. What IOS should I use? What ACLs should I put in the router? My understanding on firewall is to allow outgoing traffic and block incoming traffic unless it's originated from inside, is it correct? Thanks in advance. Jim __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18268t=18268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN and Outlook [7:17692]
Is your VPN client using NAT? If so, disable Allow IPSec through NAT (yes, disable). I had same problem with VPN client 3.0 beta, not sure if it's fixed in 3.1... --- Tom Richs wrote: I have a VPN 3000 concentrator installed. When Microsoft Outlook is launched with the VPN client connection, Outlook is extremely slow. Has anyone encounter this or have any insight on this. Thanks. Tom _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp [EMAIL PROTECTED] __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17722t=17692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
syslog debug [7:17731]
Hello, I have a syslog server and I turned on some debugs on a Cisco router. But the syslog server didn't get any debug information. Do I need to do anything on syslog server or router? Thanks in advance. Jim __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17731t=17731 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN certificate [7:16759]
Hello, Anyone successfully implement Cisco VPN 3000 with Microsoft CA? I couldn't get it work, here is what I did: 1. install CA certificate on VPN 3000 2. enroll VPN 3000 on Microsoft CA 3. enroll VPN client (version 3.0) on Microsoft CA When I tried to connect, it says Remote peer is no longer responding, on 3000, it says error connection. Any idea? Thanks in advance. Jim __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16759t=16759 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
a little OT: appletalk [7:16430]
Hello, I have 2 offices connected each other with PIX running VPN. office1 has Mac users, office2 has a w2k server. Is there a way to have office1 Mac users access office2 w2k server? I already enabled File Service for Macintosh on the w2k server. I was told Appletalk must be enabled for Mac users to access w2k server, so should I use Appletalk AND TCP/IP or TCP/IP only? Thanks in advance. Jim __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16430t=16430 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access list to allow IPSEC traffic through? [7:16367]
How to permit or deny IP protocol 50 or 51? Access-list 100-199? Thanks in advance. Jim --- Kent Hundley wrote: Andy, For future reference, when in doubt its always best to go to the source, i.e the RFC's. You can get a complete reference of the RFC's at: http://www.rfc.net Having said this, in general for IPSec to work you'll need to allow ISAKMP, which uses UDP port 500. This is _usually_ both the source and destination port, but not always. Some VPN clients use a random UDP source port, so you'll have to allow for that unless you know for a fact that your VPN clients don't have this behavior. If you use ESP only (which is common), you just need to also allow IP protocol number 50. If you use AH, you need to also allow IP protocol 51. (_not_ TCP/UDP port numbers, IP protocol numbers) These will be both the source and destination IP protocols. HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy Sent: Friday, August 17, 2001 6:39 AM To: [EMAIL PROTECTED] Subject: Access list to allow IPSEC traffic through? [7:16367] Hi Does anyone know the correct requirements to allow IPSEC traffic through an access list on a perimeter router? Everything works OK without the access list in place. I know it's something to do with allowing the correct port numbers/protocols through, etc... but can't seem to find any more info. Any help greatly appreciated. Andy [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16431t=16367 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: certificate system again [7:13401]
Hello, I posted this message on certificate newsgroup but didn't get any response. Since there are many experts here, allow me to ask this question again: We're trying to set up a certificate system, I'm wondering which one is better? Entrust, Microsoft, VeriSign and Netscape? Thanks in advance. Jim __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13401t=13401 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MAC control [7:13148]
Hello, I want to block a MAC address to cross a router interface, is there a way to do it? I tried to configure a 700 access-list but how do I put it on an interface? Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=13148t=13148 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX authentication [7:11265]
Hello, I'm trying to set up PIX for a client. I would use RADIUS as authentication. The concern I have is if RADIUS server is down, all authentication requests will be denied. On routers, I can create a local account as last resort, something like aaa authentication default radius local, but on PIX, there is no local option, how do I do then? By the way, my client has only 1 RADIUS sever. Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11265t=11265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3000 VPN client to PIX IPsec [7:11225]
Hello, I'm trying to configure IPSec between 3000 Concentrator VPN client (ver 3.0) to PIX (ver 6.01) and I follow the sample config from: http://www.cisco.com/warp/public/110/pix3000.html As soon as I get connected, I lost connection, I can't even ping my gateway. If I disconnect VPN, connection comes back. Here is my configuration: PIX Version 6.0(1) access-list 101 permit ip 172.16.1.0 255.255.255.0 172.16.2.0 255.255.255.0 ip address outside 63.47.199.254 255.255.255.248 ip address inside 172.16.1.1 255.255.255.0 ip local pool bigpool 172.16.2.1-172.16.2.254 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 63.47.199.249 1 sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set myset esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set myset crypto map mymap 10 ipsec-isakmp dynamic dynmap crypto map mymap client configuration address initiate crypto map mymap client configuration address respond crypto map mymap interface outside isakmp enable outside isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup vpn3000 address-pool bigpool vpngroup vpn3000 dns-server 207.69.188.185 207.69.188.186 vpngroup vpn3000 wins-server 172.16.1.20 vpngroup vpn3000 default-domain Pisco vpngroup vpn3000 idle-time 1800 vpngroup vpn3000 password Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11225t=11225 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN, firewall question [7:11103]
Hello, 1. Anyone use VPN 3002 hardware client? Is it any good? 2. I'm looking for a small hardware firewall for personal use (ideally, PCMCIA size), any recommendation? Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11103t=11103 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
650x DHCP? [7:11107]
Hello, My client is considering moving DHCP servers to 6509/6506 switches (MSFC) and get rid of NT DHCP servers. We tested it in a 500-user environment and it works pretty good. Next, we'are going to implement it worldwide. But before we do that, I'd like to hear you guys opinion. Any pros and cons? Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11107t=11107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
network security issue [7:9556]
Hello, My client is a Cisco shop and they have many offices all over the world. They want to make sure that only authorized person can connect to their network. Their concern is that someone may just walk into one of their offices and plug in a laptop and then is on their network. How can we prevent this? The only thing I can think of is create a MAC database and implement security on the 6509 switches. But to create and manage tens of thousands of MAC addresses is a pain. Is there any other way? Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9556t=9556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
last word: UNIX guys look down on we NT guys [7:6842]
Come one man, this is not a sour grape, right? I'm not comparing which OS is good, which is bad. Every OS has pros and cons, what I'm saying is some guys' attitude. What's wrong with being a NT admin? What's wrong with a NT guy making $240K? I made $240K last year 'cause I had 10 people working for me and I'll make even more this year. Sorry, I'm not trying to show off here, I'm just trying to teach some smart UNIX guys a lesson: show some respect to others. By the way, I'm not that smart but I've got MS Computer Science degree and I speak 2 languages (English is my second language), so before you call me looser, tell me what you have. Jim -Original Message- From: Christopher Kolp [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 29, 2001 10:46 PM To: [EMAIL PROTECTED] Subject: RE: another OT: why you UNIX guys look down on we NT guys? [7:6353] Hey NT LOOSER, Go away. This a cisco mailing list. Why don't you go study for the MCSE or something... =] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Bond Sent: Tuesday, May 29, 2001 8:41 PM To: [EMAIL PROTECTED] Subject: another OT: why you UNIX guys look down on we NT guys? [7:6323] UNIX guys, I make $240K per year, how much you make? Why you guys look down on us??? I don't get it... Jim NT guy __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6842t=6842 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: certificate server, which is better? [7:6315]
Hello, Netscape and Microsoft certificate server, which one is easier to use, maintain and troubleshoot? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6315t=6315 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
another OT: why you UNIX guys look down on we NT guys? [7:6323]
UNIX guys, I make $240K per year, how much you make? Why you guys look down on us??? I don't get it... Jim NT guy __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6323t=6323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: another OT: why you UNIX guys look down on we NT guys? [7:6335]
Oh yeah?! I'm win2000 roll out project manager for a fortune 500 company. I make $150 per hour. Hope you can figure out, SMART Unix guy. And Chuck, no problem. I just don't like some people (like SMART Russ) knows a little than others then show off that much. --- Russ Kreigh wrote: We look down upon you because you have to brag about how much you make. - Original Message - From: Jim Bond To: Sent: Tuesday, May 29, 2001 7:40 PM Subject: another OT: why you UNIX guys look down on we NT guys? [7:6323] UNIX guys, I make $240K per year, how much you make? Why you guys look down on us??? I don't get it... Jim NT guy __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=6335t=6335 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
who said CCIE make big bucks? [7:5393]
$29/hr... __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=5393t=5393 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
certificate [7:5200]
Hello, My client wants to use certificate server to authenticate PCs on the network. Is there a way to do it? I thought certificate has to be used with browser. How do you give PC a certificate? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=5200t=5200 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RAS monitor [7:3546]
Hello, We've got a 3640 router with E1/PRI. Some users complain that they couldn't get 56K while others could. Is there a RAS monitoring software that could periodically dials to the 3640 and check the speed so I can tell the users go complain with their teleco? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3546t=3546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN dial to PRI [7:3416]
Hello, I'm trying to configure a 3640 router (E1/PRI) that supports PC with ISDN modem dials in. I couldn't find a sample config on CCO, anyone knows where it is? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3416t=3416 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX telnet again [7:3003]
Hello, I have an IPSEC between central office router to site office PIX. Central office uses public IP address, site office has only 1 public IP address, therefore, uses NAT. Everything works fines except I can't telnet from central office to PIX (inside or outside). I can telnet from central office to servers inside PIX. Is there any command I need to add on the PIX? According to CCO, if IPSEC is established, telnet to PIX outside should work, right? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3003t=3003 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RAS verification [7:23]
Hello, I'm wondering if there is a "modem checking" software that can check my 5300 and 3640 RAS routers. If it can give a report on what speed it connects to and success/fail rate, it would be great. Thanks in advance. Jim __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=23t=23 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPSec protocol number??
Hello, When I was reading Cisco doc, it says "IPSec ESP and AH protocols use protocol numbers 50 and 51". What is protocol number? I've never heard of it. How can you block it? Thanks in advance. Jim __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: email service set up
Hello, Sorry for this OT question. I'm setting up a network for a small company, they've got a DSL Internet connection. What's the best way to handel email service? If I set up an exchange server locally, what happens if there is something wrong with DSL connection? Thanks in advance. Jim __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MAC control on PIX
Hello, I'm wondering if I can put ACL on PIX and only allow certain MAC addresses to go out? I know I can do this on routers but I can't find any info on CCO. Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN
Hello, We are trying to set up an ISDN from China to US. In order to lower the ISDN charge, we'll put a BDC and an Exchange server locally. The concern is BDC to PDC and exchange servers sync will make the ISDN line up all the time. Any suggestions? Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
no domain controller available
Hello, I have users at different buildings (on different subnets), when they move their laptop to another building, they have to do ip release/renew, otherwise, they won't get new ip address. Swithes are 5000/5500/6500. Port fast is already enabled. Anything needs to be done on PCs? Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Telnet to PIX outside interface
Hello, I've got a 3640 router and PIX, running IPSec in between. Everything works fine except I can't telnet from 3640 to PIX outside interface. Any idea? Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN dialout
Hello, I'm wondering if I can put a delay, say 10 seconds, on a dialer interface so that ISDN will NOT come up immediately after interesting traffic comes? Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN dialout
Jack and other mighties, We have two routers at each office, one for frame relay and the other one for ISDN backup. I don't want ISDN line come up as soon as frame relay is down 'cause it might be a glitch. How do I put a delay on ISDN dialer interface? I don't think "backup delay" will work here. Thanks in advance. Jim --- Jack Yu [EMAIL PROTECTED] wrote: Santosh, I am afraid the dialer-hold queue will not wait 10 secs before dialing, it just tells the router to wait for the ISDN to come up, meanwhile hold the 20 packets for 10 sec, if the ISDN does not come up within the timeout period, the router drops the packets. It does not delay the ISDN calls. I think Jim better tell us what he is trying to accomplish. Thanks Jack - ""Santosh Koshy"" [EMAIL PROTECTED] wrote in message 967jsi$dit$[EMAIL PROTECTED]">news:967jsi$dit$[EMAIL PROTECTED]... Jim, I dont think you can just specifiy a time delay for the ISDN to kick in. What you can do, is queue the packets in a buffer until a specified time has reached, before initiating a dial. This is acheived by issuing the "dialer hold-queue" command. Let me give u an example. dialer hold-queue packets timeout seconds packets = can be within the range of 0-100 seconds = 0 to unlimited So in your case, where u want to start the dial after 10 secs, you can do the following := dialer hold-queue 20 timeout 10 The above command will hold 20 packets in the queue OR wait for 10 secs before dialing; whicever comes first. If you think 50 packets is too low, you can increase it to a max of 100. Hope that helps, Santosh Koshy ------- Communications Analyst "Jim Bond" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, I'm wondering if I can put a delay, say 10 seconds, on a dialer interface so that ISDN will NOT come up immediately after interesting traffic comes? Thanks in advance. Jim __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
redundancy
Hello, I've got an important NT server and would like to use redundancy. I've got 2 6509 switches available. What's the common way to do? Should I put 2 NICs in the server and enable fast-ether channel? Or should I seperate those 2 NICs on 2 6509? Thanks in advance. Jim __ Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
modem country???
Hello, While I was reading CCO, I noticed that "modem country" command is required for AS5300, AS5200. What's this command for? Is default US? Thanks in advance. Jim __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PRI to PRI dial
Hello, I'm having problem configuring T1 PRI(5200) dials to E1 PRI(3640). Multilink is enabled. 5200 always brings up 4-8 B channels, but these channels are not stable, they come up then go down, on rotary. I wonder how do I limit max 2 B channels? Also make them stable? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to verify port speed and CIR
Hello, We have a frame relay link with 512K/256K. How do I verify port speed is 512K and CIR is 256K? I used some tools, like MRTG, but I don't think it shows the real speed. Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
EIGRP problem
Hello, We have 4000 router and 5200 router at central office, 2500 routers and 3640 routers at branch office. 4000 and 2500s are connected with frame relay, 5200 and 3640s are connected with ISDN backup. Eigrp is the only protocol. We have a default route from 4000 and it got advertised on 2500s and 3640s as AD /170. We also configure a default route on 3640s with AD /200 so in case frame is down, /200 default route will take over and then can bring up ISDN. The problem is sometimes when frame is ok, 3640 router default route changes to AD /200 and hence brings up ISDN backup (3640 also serves as RAS server). When I do "clear ip route", the AD /170 default route will come back again, then some days later, it'll get replaced by the AD /200 one. We use the same IOS on all routers but this only happened on some branch offices, not all of them. Any idea what wrong it is? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problem solved [last try: tough VPN question] 2 more questions
Hello, Thanks a lot for all the info, you guys are great!!! Problem is solved by doing: 1. Use PIX internal ip address as match address 2. Create nonat for traffic to central router I have 2 more questions (sorry, couldn't find answer) 1. How do I do redundancy between branch office (2 PIXs) and central office (2 7100s)? CCO only gives sample for routers, not PIX 2. At branch office (only 1 IP address), there is a web server behind PIX, how do I do traffic forwarding? Thanks again. Jim Jim Bond [EMAIL PROTECTED] wrote: Hello, Let me re-describe the situation: Central office 7100 router, site office PIX (NAT overload 1 public ip address), IPSec tunnel is establised, clients at site office can't logon NT domain but can do everthing else. Today, I replaced the PIX with a 3620 router (same IPSec setup), everything works fine. Clients can logon NT domain. I think that proves 1)I don't have naming issue 2) PAT works with IPSec. I don't understand why PIX wouldn't work. Please see my PIX config. Thanks in advance. Jim PIX Version 5.2(3) access-list 100 permit ip host 24.176.210.204 167.191.0.0 255.255.0.0 ip address outside 24.176.210.204 255.255.255.0 ip address inside 10.1.1.1 255.255.255.0 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 24.176.210.1 1 sysopt connection permit-ipsec crypto ipsec transform-set IPSEC esp-des esp-md5-hmac crypto map newmap 10 ipsec-isakmp crypto map newmap 10 match address 100 crypto map newmap 10 set peer 169.193.13.2 crypto map newmap 10 set transform-set IPSEC crypto map newmap interface outside isakmp enable outside isakmp key address 169.193.13.2 netmask 255.255.255.255 isakmp identity hostname isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 1 isakmp policy 10 lifetime 86400 dhcpd address 10.1.1.101-10.1.1.110 inside dhcpd dns 24.1.64.33 24.1.64.34 dhcpd wins 169.193.28.60 169.193.148.25 dhcpd lease 3600 dhcpd domain dhcp.lamrc.com dhcpd enable inside __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco sales engineer -- ARGH!
1. I think you should talk to a Systems Engineer, not Sales Engineer. 2. 6500 switch doesn't fit in your network doesn't mean Foundry is better; likewise this sale guy is idiot doesn't mean all sales guys at Cisco are idiots. I say this because I'm very happy with Cisco SEs. I've worked with at least 15 of Cisco SEs, most of them are kind, helpful and knowledgeable. Just my opion. Jim --- Kenneth Lorenzo [EMAIL PROTECTED] wrote: Is it just me or is it that Sales engineers at Cisco try to sell stuff that they don't even know will fit right for the environment at which the Cisco stuff are to be installed. Take for instance, I invited a Sales engineer to come over our office this morning showing him what our network looks like. We have about 170 users connected to HP 4000 Switches. Anyway, this guy walks in, tells me that "oh, this is not the best solution. The best solution is to go with a pair of 6500 Catalyst switches for redundancy with an intergrated router and VLANs blah blah blah". It seems like he just got off a class about 6500 and he was inspired to sell it to us using every acronymn he heard at the training class. $12000 MSRP for a 48 port 10/100 is not exactly a selling point when it comes to comparing prices with either HP or Foundry. This guy doesn't even know that 6500s aren't normally implemented in the Access Layer unless we have some spare $100,000 to throw around! Just because they work for Cisco doesn't mean they're network engineers! Whew,... that felt good. I needed to vent a little. Now, I look forward to Monday when I'm supposed to meet with a CCIE who works for Foundry... Kenneth _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
last try: tough VPN question
Hello, Let me re-describe the situation: Central office 7100 router, site office PIX (NAT overload 1 public ip address), IPSec tunnel is establised, clients at site office can't logon NT domain but can do everthing else. Today, I replaced the PIX with a 3620 router (same IPSec setup), everything works fine. Clients can logon NT domain. I think that proves 1)I don't have naming issue 2) PAT works with IPSec. I don't understand why PIX wouldn't work. Please see my PIX config. Thanks in advance. Jim PIX Version 5.2(3) access-list 100 permit ip host 24.176.210.204 167.191.0.0 255.255.0.0 ip address outside 24.176.210.204 255.255.255.0 ip address inside 10.1.1.1 255.255.255.0 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 24.176.210.1 1 sysopt connection permit-ipsec crypto ipsec transform-set IPSEC esp-des esp-md5-hmac crypto map newmap 10 ipsec-isakmp crypto map newmap 10 match address 100 crypto map newmap 10 set peer 169.193.13.2 crypto map newmap 10 set transform-set IPSEC crypto map newmap interface outside isakmp enable outside isakmp key address 169.193.13.2 netmask 255.255.255.255 isakmp identity hostname isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 1 isakmp policy 10 lifetime 86400 dhcpd address 10.1.1.101-10.1.1.110 inside dhcpd dns 24.1.64.33 24.1.64.34 dhcpd wins 169.193.28.60 169.193.148.25 dhcpd lease 3600 dhcpd domain dhcp.lamrc.com dhcpd enable inside __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Netmeeting through PIX
Hello, I'm setting up a MS Netmeeting server behind a PIX, persons outside of PIX will call in. Which ports I should open on the PIX? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Still doesn't work: tough VPN question
Hello, Thank you guys for the help. Unfortunately, I tried to put LMHOST file, still doesn't work. We use WINS and I can ping domain controller using name so I don't think it's naming issue. I used a sniffer captured some data, client is sending logon request to domain controller but didn't get any response. Looks like PIX blocks it. How do I open it(port 137, 138, 139)? Thanks in advance. Jim --- Scott Morris [EMAIL PROTECTED] wrote: Your problem is likely the propgation of broadcasts... Or lack thereof. One thing you can do (I'm assuming you have a router before (LAN-side) the PIX) is set up an ip-helper address to forward UDP-level broadcasts (like 138/139 Netbios) to the NT server. The other thing you can do is bypass that broadcast thought process by using LMHosts files on the workstations at the branch office. That will pre-load (if you use the #PRE designation) the NetBIOS cache and give you IP addresses to go to. So if you have IP reachability, things will work just fine then. In LMHOSTS. : (ip address) (Netbios name) #PRE #DOM:(domain name if domain controller) Also, to refresh without rebooting the PCs, "nbtstat -R" Hope this helps! Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Bond Sent: Thursday, December 07, 2000 1:19 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: tough VPN question Hello, I'm trying to set up a IPSec between a PIX (branch office) and router (central office). All PCs at branch office share 1 ip address. IPSec seems to be working fine because clients can ping/telnet/email/map drives from/to central office. The problem is they can't logon NT domain. They can ping domain controller though. Any idea why they can't log on NT domain? (The machines were already added to domain) Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
tough VPN question
Hello, I'm trying to set up a IPSec between a PIX (branch office) and router (central office). All PCs at branch office share 1 ip address. IPSec seems to be working fine because clients can ping/telnet/email/map drives from/to central office. The problem is they can't logon NT domain. They can ping domain controller though. Any idea why they can't log on NT domain? (The machines were already added to domain) Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX PAT problem
Hello, I'm having a problem using PIX PAT. Here is my config: PIX Version 5.2(3) ip address outside 24.176.234.252 255.255.255.0 ip address inside 172.16.1.1 255.255.255.0 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 conduit permit icmp any any route outside 0.0.0.0 0.0.0.0 24.176.234.1 1 The problem is it works fine for a while, then connection is lost. It will work again if I ping inside interface and then ping outside gateway. I'm wondering if there is a default timeout setting that I can modify? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Concentrator 3000 and PIX
Hello, I'm trying to have a PIX talk to a corportate Concentrator 3030. The problem I have is PIX gets ip address from ISP by DHCP. Is there anyway to do this? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Calendar - Get organized for the holidays! http://calendar.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Concentrator 3030
Hello, I have 2 questions regarding win2000 client for Concentrator 3030: 1. I tested win2000 client beta, everything works fine except I can't browse the network neighbor. I can map drive and use computer names to ping, telnet. 2. I tried to use Certificate service provided by Windows 2000 server. After I submitted certificate request, I can see it's pending on the server, but when I check pending request on the client, it says no pending. Any suggestion would be greately appreciated!!! Thanks in advance. Jim __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: certificate server
Hello, I'm kind of confused on certificate servers: 1. Is the certificate for devices (host, router etc.) or persons? 2. Do I have to use seperate certificates on web browsing, email, file transfer etc? If not, how does the certificate handle all these? 3. Is windows 2000 certificate server a good choice for enterprise? Or Netscape a good one? Thanks in advance. Jim __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one Place. http://shopping.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT again --- tough
Hello, My problem is this: remote site has only 1 public ip address, I use cisco 4000 do NAT overload. I have to put a BDC at remote site so users can log on locally. I forward tcp/udp port 139 to the BDC but BDC still can't replicate with PDC. Any suggestion? Here is what I did: ip nat inside source static tcp 10.1.1.20 139 204.192.3.46 139 extendable ip nat inside source static udp 10.1.1.20 139 204.192.3.46 139 extendable Thanks in advance. Jim __ Do You Yahoo!? From homework help to love advice, Yahoo! Experts has your answer. http://experts.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT
Hello, I have only 1 ip address and use 4000 do NAT. I'm wondering if I can have the 4000 forward all traffic to port 53, 80, 23 to a specific internal host? I can't find the answer on CCO. Thanks in advance. Jim __ Do You Yahoo!? From homework help to love advice, Yahoo! Experts has your answer. http://experts.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
pre-shared key for PIX
Hello, I'm wondering if IPSEC can be set up this way: 2 PIX using pre-shared key, one of them has static ip address, the other one use DHCP. I know some other vendor supports this function, but couldn't find anything on CCO. Thanks in advance. Jim __ Do You Yahoo!? From homework help to love advice, Yahoo! Experts has your answer. http://experts.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX question
Hello, Is there any way to have outside users access an internal subnet? I see from CCO that you can only have ouside users access a particular internal host. Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX PPTP, no NAT
Hello, I'm trying to set up PIX PPTP without NAT but no success. Cisco gives a sample config using NAT http://www.cisco.com/warp/public/110/pptppix.html but I don't understand why they use 192.168.1.0. Here is my topology: 172.16.1.0/24(outside)---PIX---(inside)172.16.2.0/24 I create a pool 172.16.1.100-172.16.1.200, but users from outside can't reach internal network. Any suggestion? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]