Re: Verizon Contact [7:52220]
Erich, Try the below link. About one-third of the way down the webpage, there are multiple articles involving the setup of the DSL WIC. http://www.cisco.com/warp/public/794/index.shtml Once you have an understanding of the what information is required to setup the DSL WIC, you will have to work with Verizon to obtain the information (Dynamic or Static IP, VCI/VPI settings, encapsulation). Justin From: Erich Kuehn Reply-To: Erich Kuehn To: [EMAIL PROTECTED] Subject: Verizon Contact [7:52220] Date: Wed, 28 Aug 2002 14:55:04 GMT Does anyone have a Verzion contact that could help with setting up a 2600 with a DSL wic. Or configs that might work. Thanks Erich _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52223t=52220 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: pix question [7:45639]
Anthony, From what I read in your post: Cable Modem Inside - 172.16.1.1/16 Pix Outside -172.16.1.1/16 (you have 172.161.1.1/16 below) Pix Inside - 10.1.1.1/24 default route: in your post route outside 0 0 172.16.1.2 what it should be route outside 0 0 172.16.1.1 this is based on the above information With the above configuration to be correct and the route outside statement changed, try to ping your cable modem from the pix. If this works, then move on to getting from the inside of your pix to the outside. Justin From: Anthony Ramsey Reply-To: Anthony Ramsey To: [EMAIL PROTECTED] Subject: pix question [7:45639] Date: Sun, 2 Jun 2002 18:49:24 -0400 Hi all, I appreciate any feedback to my question: I am setting up a lab environment and intially trying to configure a router and a pix behind it. my router's outside interface is connected to a cable modem and have a live ip address assigned to it. cable modempix inside hosts. the router's inside interface has a private ip add. of 172.16.1.1 /24 and the pix' outside interface is 172.161.1.2 /24. the inside interface of the pix has an ip address of 10.1.1.1 /24 and all inside hosts have that as the default gateway. securities are set up correctly on the inside and outside interfaces. I am using a global pat address, different from the one on the router's interface connected to the cable modem (no statics going on in the pix). i am unable to reach the internet even when I use the statement: conduit permit ip any any and no packets are able to reach the 172.16.1.0 network from the inside hosts not even the 172.16.1.2 address which belongs to the pix's outside interface. I have a route outside 0 0 172.16.1.2 statement as well. from the router I can ping inside hosts, with the correct route statement. hope this is enough information. please help! thanks Tony _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45669t=45639 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix 501, DNS, and solution [7:45671]
To all, I had a lot of fun with a Pix 501 in the month of March/April. After a few posts here and working with the suggestions received, the problem was narrowed down to the following: - Initial configuration of Pix, using DHCP on the inside and outside interfaces. - Pix software version 6.1 - I could telnet, send receive email using Outlook, ssh, etc through the Pix. - I could NOT browse the web. - Use of static IP addressing did not resolve the problem. - Even TAC was puzzled by the problem, and they accessed the Pix remotely to check the settings. It was discovered that I could browse the web, so long as I typed in the IP address. DNS replies were not getting through the Pix to my PC. I had/have only two PCs behind the Pix, and no MS DNS servers are being used. Eventually, I found two fixes for this problem: 1 Give the Pix a domain setting. This can be done either in the PDM or using the dhcpd domain domain name command. 2 I was able to bypass entering the domain name in the DNS suffix for this connection for TCP/IP properties in Win2K. This is located under the DNS settings in the Advanced properties. I hope this post helps others who hit this problem and cannot find a problem with their settings. Looking back, this may or may not be an issue with larger networks that use DHCP to obtain network settings. I was testing the unit before deploying it to a remote office. My thanks to Ole, Mark, Craig, Gaz, Richard, Kent, Lydia, and Leonard for their input. Justin _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45671t=45671 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DNS and Pix ... very wierd problem [7:40387]
Group, The Pix 501 is running the default NAT/PAT configuration. Through it, I can check email using Outlook to talk to an Exchange Server, telnet and SSH to devices, and browse the web provided I type in the ip address of the web server. All requests for URL translation by a DNS server fail. The IP configuration (addresses, gateways, DNS servers) are correct. The Pix is direct to the cloud with only one PC behind it. Using Debug Packet, I have confirmed that requests for DNS translations go out and come back to the Pix (on the outside interface), but they do not seem to make it back to the host that originated the request. The code is 6.1(1), and I have contacted TAC. With SSH, TAC has inspected the box and cannot see a problem with the configuration. Nor can they explain why this is occuring. Before sending it back to Cisco for a replacement, I thought I would ask here to see if anyone has run across this. There are no access-lists or conduit statements, but Cisco (the Pix literature) and Cisco Press (Cisco Secure PIX Firewalls) say that they are unnecessary for this very simple setup. My thanks in advance for your time and input. Regards, Justin _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=40387t=40387 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question on PIX 501 [7:38246]
Mark, My original question that I sent to the group somehow got lost. Ole was kind enough to respond to a direct query regarding to some fun I am having with installing a Pix (501) for the first time. My firewall background is SonicWall and Watchguard, both are very simple in configuration and work directly out of the box. I was under the impression it was pretty much plug and play, so I decided to test it by putting it between my PC and the rest of the LAN. However, after the initial setup, the Pix passed no information through it. So I went to a ping to start the troubleshooting. The curious (to me) issue was that from the console or the PDM of the Pix I can ping network addresses on both sides of the Pix. From the inside of the Pix, I cannot ping (or browse the web) through the Pix. I cannot even ping the outside interface of the Pix from the inside interface. The specific question is this ... is additional configuration of the Pix required to permit access from the inside interface to the outside interface and beyond? To expand on the topic you and Ole are discussing, is the use of the conduits (or access-lists) required for each and every type of service I want to send from the inside to the outside? I have no problem researching the commands to learn how it is done, I just want to make certain I am on the right path. Thanks, Justin From: Mark Odette II Reply-To: Mark Odette II To: [EMAIL PROTECTED] Subject: RE: Question on PIX 501 [7:38246] Date: Thu, 14 Mar 2002 12:45:59 -0500 Forgive me for not reading the book yet, as I've been quite busy too ... but, I have a question in regards to the config line you gave. I've used the PDM so far to most of the configuration of my PIX, and it creates access-lists rather than conduits. I know from others I've talked with, that Cisco is moving from conduits to access-lists on the PIX configs... this is the question I configure to allow ICMP any(Outside) any(Inside) = Echo Reply ICMP any(Outside) any(Inside) = Time Exceeded ICMP any(Outside) any(Inside) = Unreachable Does this do the same thing as what you were saying about conduit permit any any X?? I think it does, but just want to make sure that I haven't opened up ICMP completely with it being initiated from the outside. Thanks! Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ole Drews Jensen Sent: Thursday, March 14, 2002 10:42 AM To: [EMAIL PROTECTED] Subject: RE: Question on PIX 501 [7:38246] Hi Justin, When you ping, you use the ICMP protocol. When A pings B, A sends ICMP echo-request (number 8) to B, and B sends ICMP echo-reply (number 0) back to A. The PIX does not allow ICMP traffic to come from the outside to the inside, so to change that, you will need to open up for ICMP number 0 (echo-reply). The command for that is: conduit permit icmp any any 0 This is a good way to do it, because then you allow outside devices to reply to your request, but they are not allowed to do a PING themself. If you want PING to work both ways, simply use this command: conduit permit icmp any any Hth, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Justin C [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 14, 2002 10:10 AM To: [EMAIL PROTECTED] Subject: RE: Question on PIX 501 Ole, Thanks for the reply. I understand being busy. I normally try to solve these things all on my own, but I just don't have the available time. I spent six hours on it yesterday. Justin From: Ole Drews Jensen To: 'Justin C' Subject: RE: Question on PIX 501 Date: Thu, 14 Mar 2002 08:08:30 -0600 I did receive the message - I do not know why groupstudy did not. I appologize for not getting back with you yesterday, but I am so busy these days, as there are many projects I have to finish. I will see if I can find a couple of minutes to read your entire e-mail from yesterday, and help you out. Try the [EMAIL PROTECTED] again. Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Justin C [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 14, 2002 8:14 AM To: [EMAIL PROTECTED] Subject: Question on PIX 501 Ole, I apologize in advance for yet another direct message. I am just wondering if you did get the message regarding the Pix 501
Re: SOHO vpn making connection VERY VERY slow.- OFF TOPIC [7:37492]
Jerry, Check the code revisions on your Watchguard products. The SOHO units are specified by Watchguard at 500Kbits/sec of 3DES throughput. See if Watchguard support has anything to say with a specific question about that. Sometimes Watchguard is really on the stick. Sometimes they aren't. I will check my connection between my home (cable modem 384k-up/1900k-down) and the main office (T1) for bandwdith and let you know what I get. I would imagine that ISP hardware could be a limiting factor here, but I could be wrong. I am curious to know myself, so I will search the archives later tonight. In the mean time, someone from the group who is feeling a little generous with their time may have some additional insight on this. A few questions for the more knowledgeable out there: Can ISP equipment have an impact on VPN throughput? Could packet size impact throughput (500 byte versus 1500 byte)? This question might be a good one for Watchguard as well. Any other considerations? (nothing too lengthy, just a few quick answers for further investigation later) My thanks in advance your time with these questions. Regards, Justin From: Jerry Deer Reply-To: Jerry Deer To: [EMAIL PROTECTED] Subject: SOHO vpn making connection VERY VERY slow.- OFF TOPIC [7:37465] Date: Wed, 6 Mar 2002 15:10:27 -0500 Hello All , I am having problems running over a fast satellite connection. I do a speed test from the pc hooked to the satellite equipment and the actual satellite connection is getting average 700k BUT as soon as a slap on the ol watchgaurd vpn solution it and hook a computer to that the speed drops to below a 56k I know this is not a cisco problem but watchgaurd support is very lacking in my humble opinion and was hoping someone may have had simular experience and could point me in right direction. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37492t=37492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Starter amp; Lab Equipment [7:37312]
Danie, I built my home lab entirely from Ebay. There are some good vendors on there, but the phrase buyer beware always comes to mind. I always look at the sellers feedback, not just for positive ratings but to see if they have sold equipment in the dollar value I am purchasing. Look to see if the seller has positive feedback on equipment in that price range. The sellers I can recommend (based on my own purchases and those of people I personally know) are: networkhardwareresale - great packaging, good prices, quick shipment; bluedesperateboy - good packaging, fair prices (little high, but top notch equipment); ciscoware; www.whirled-routes.com; magi-tech; snootfull; lskok If you look up their feedbacks, you will see the amount of business they do. If you are after good deals, be patient about purchasing and watch for good products at good-to-fair prices. It took me two months to build my home lab (Catalyst 5000 w/ Sup 2, 2-2501, 2-2503, 1-2502, 1-2513, 1-4000M, 1-2620, 1-2522, 1-2511RJ, 2-2900 Cat switches, plus all serial/ethernet cables) for around $9500. All of it from Ebay, and all of it worked when I received it. Costly yes, but nothing beats continuous hands on experience with the equipment for months (six so far) on end. Plus, I can configure almost anything I find in the CCNP and CCIE books I have (save some Token Ring and ATM of course), which is nice when you have questions about technologies and want to experiment to learn more about them. Personally, I will rent rack time to get at the 3900/3920 switches and ATM configurations. Also, I have not purchased from them, but Optsys.net has some pretty good deals on 2501 and 2503 router packages. I will be purchasing an ISDN simulator from them later this month. As for the Catalyst 5000 switch, you can substitute a Catalyst 2901 or a Catalyst 2926T (the T means 10/100T connections on the supervisor module versus the 10/100 Fiber connections on the 2926F). Search the archives for additional information on rack recommendations AND Ebay sellers to steer clear of as the topic gets brought up at least once a month. Best of luck to you in your studies. My apologies to the group for any perceived waste of bandwidth on this often discussed topic. After reading about it for the past seven months, I just wanted to drop my $.05 on the table. Regards, Justin Cluer From: Danie Strydom Reply-To: Danie Strydom To: [EMAIL PROTECTED] Subject: CCIE Starter [7:37283] Date: Tue, 5 Mar 2002 13:04:08 -0500 Dear All, I've recently started active study on CCIE and have limited experience but CCNP knowledge on Cisco kit. I'm in the process of buying what I need and I need some advice on where to start and would like to find out how you guys started out. What do I need for my home lab? I've looked at auctions on Ebay, is it alright to buy second-hand? Is there IOS upgrades available free from Cisco? If any of you know a good link to a specific equipment list I need I'd be very grateful, I've had a look on the Cisco Routing and Switching Lab equipment list but they only had the following - no real specifics: 2500 series routers 2600 series routers 3600 series routers 4000 and 4500 series routers 3900 series token ring switches Catalyst 5000 series switches I can only afford up to 3600 series routers, what can I do about the rest? Thank you for your help and I think this is a great group. Kind Regards, Danie Strydom London, UK _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37312t=37312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Anyone Higher? - FR Uptime [7:30920]
Our main facility (Los Angeles) has a T1 FR with Pacbell (SBC). In the seven months I have been running the the IT department, I have seen the T1 go down twice. Once was due to the re-routing of the phone lines that come into the building. The building is 70 years old, and the lines used to come in underground and now come in above ground. This was done in June, and I can see how this would cause some grief. The second time was in November, and SBC admitted the problem but gave no reasons. Service was unavailable for one hour. One of our remote sites (Cincinnati) had a 128K FR with Williams Communications. This was installed before I was responsible for network. Other than the initial startup problems (which I was told lasted about four months), the line seemed to run flawlessly. The connection between the two offices was run on the private SBC backbone ... I.E. - the Cincinnati traffic to the Internet ran through our T1 line here LA, then back out the same T1 line to the Internet. It was pretty ugly. Even worse than that, the cost of the 128K FR from Williams was almost equal to the T1 line from SBC. I switched this remote site to DSL from Cincinnati Bell, and connect to the main site through a VPN. They get 560kB/s down and 350kB/s up. As they have nothing that is mission critical and the company will never cough out for VoIP, it is perfect for them. Over the course of six months, the DSL service was unavailable once, and was restored within an hour. The biggest delta is the price. While I am on the subject, you may enjoy a good laugh. This company is privately owned, and had a teletype until 1995. They only got rid of it because Pacbell said it was no longer supported. Email was not implemented until the Summer of 1999. Justin From: Ole Drews Jensen Reply-To: Ole Drews Jensen To: [EMAIL PROTECTED] Subject: Anyone Higher? - FR Uptime [7:30920] Date: Fri, 4 Jan 2002 09:31:57 -0500 During the years I have been administering frame relay, I have been dealing with four different providers and four different telco's, but I have so far not seen any circuit being up for a long time without problems. I believe that the longest I have seen a f.r. circuit being up is about a little less the half a year, and one of our providers had an average of downing one of our circuit every 1.5 months. We have four circuits (three branch offices and one corp.) with a provider, and all three branch offices has now been down once (at different dates) in less than four months. So, I am looking for a possitive story in the Frame Relay world. Who can with a smile tell me about a frame relay connection that has been up for a year or more - or would that be totally sci-fi??? I am getting SO frustrated and irritated that I have to deal with so much trouble with simple WAN connections. Thanks, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30951t=30920 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: monitoring activity on watchgaurd firebox and soho [7:29499]
Beth, If you have a Firebox (not a SOHO), you can use the Host Watch feature of the Watchguard Live Security System (LSS) to monitor all connections through the Firebox live. It will display the source/destination IP address as well as the destination port. Give the Firebox a minute to catch up on DNS resolution, and it will resolve outside IP addresses to their names and display them as well. In addition to that, you can always log the activity to a Syslog server. The Firebox/LSS system will allow you to log based on port activity as well. This would allow you to log any activity going out the Firebox on ports 6699 (Napster) and 5050 (Yahoo Messenger). While you are including Yahoo Messenger, you may want to look at Instant Messenger on port 5190 as well. The next question you have to ask, is if there is activity, what if anything will be done about it. That seems like a question best directed to your companies management, so that it can be included in the corporate security policy. Also, be mindful if these connections are going through any kind of proxy server. You will want to understand the flow of this information through your network so that you can present all available options to management should they decide to curtail these programs. Good luck, Justin From: beth shriver Reply-To: beth shriver To: [EMAIL PROTECTED] Subject: monitoring activity on watchgaurd firebox and soho [7:29285] Date: Sat, 15 Dec 2001 09:50:58 -0500 Hey Gang, does anyone have any experience with monitoring user activity with watchgaurd firebox or soho? I am wondering exactly if these can be used to see if someone is using napster like programs or using yahoo messenger etc. merry xmas! _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29499t=29499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
GroupStudy we have a problem.... [7:28983]
Paul, Please forward an address, I would like to contribute. Happy Holidays, Justin Cluer _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28983t=28983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GroupStudy we have a problem.... [7:28901]
Paul, For the past few months, I have taken advantage of the extremely valuable database at Groupstudy. In early November, I took the CCDA exam and passed. Two questions on that exam were topics covered in the discussions here. I have the CCDP and the CCIE Written exams coming up this month, and I would be more than willing to kick out some money to continue to keep this resource available. As with others who posted on this subject, give me an address and I will give you a check. Happy Holidays to all, Justin Cluer From: Paul Borghese Reply-To: Paul Borghese To: [EMAIL PROTECTED] Subject: GroupStudy we have a problem [7:28901] Date: Wed, 12 Dec 2001 11:37:31 -0500 Hey gang, Servers database became corrupt thus preventing messages from being sent out. It has been fixed so if you do not see your posting, please resend. I have shipped more memory to InFlow. Lon has agreed to install it for us. This should help. So by the way, the server will be down for a little while tomorrow :-) The truth is we desperately need some better equipment. Currently we are using a server I built for $500 dollars two years ago. I purchased a used Dell Server but need to upgrade the RAID array and a few other things before putting it online. Take care, Paul _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28930t=28901 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE#8387 [7:26309]
Nigel, Congradulations on your achievement. It is always nice to read about this kind of accomplishment. It reminds the rest of us who aspire to meet and conquer this Herculean challenge that it can be done. With the holidays just around the corner, I hope you find time to relax and to relish in the magnitude of your success. Regards, Justin Cluer From: Nigel Taylor Reply-To: Nigel Taylor To: [EMAIL PROTECTED] Subject: CCIE#8387 [7:26309] Date: Wed, 14 Nov 2001 19:55:28 -0500 Well as it would turn out it's my turn to write that awesome email... I just got back from RTP today where after checking my email, I was awarded CCIE#8387. What a journey/process this has been and I must say that I'm relieved that it's now over. After countless hours of study and practicing on the rack the reward was most definitely worth the sacrifice. I didn't sleep a any last night as I awaited the results of my lab score which I was unable to check until 12 noon today. So on that note I'm off to catch up on the sleep that escaped me last night. More to follow once I get rested up.. Nigel Taylor CCIE#8387 and all that other stuff.. :- _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=26389t=26309 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Users Group in LA [7:25003]
Group, I have searched for a Cisco Users Group in the LA/Orange areas online, but have yet to find anything. This thread leads me to believe that there is one. How would one go about joining? Regards, Justin Cluer From: BC Reply-To: BC To: [EMAIL PROTECTED] Subject: Re: Cisco Users Group in LA tonight [7:24984] Date: Thu, 1 Nov 2001 17:02:56 -0500 InfoNet in El Segundo I think Dennis Laganiere wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I don't know... Where is it? --- Dennis -Original Message- From: BC [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 01, 2001 12:40 PM To: [EMAIL PROTECTED] Subject: Cisco Users Group in LA tonight [7:24984] Anyone going? -- _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25003t=25003 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OFF TOPIC - watchgaurd win2k problem - NEED HELP [7:23544]
Jerry, I have yet to send anything to the group, so I hope this comes through. When using Win2K with the Watchguard, there are few things to be mindful of. 1 - If you have not already, upgrade to version 4.61 of the Watchguard Live Security System (LSS). For those of you who do not know and are interested, LSS is the control center for the Watchguard product which runs on a PC. 2 - Upgrade your SOHO units to the latest firmware. 3 - Whatever box is running the LSS needs to be running Win2K SP2. This is not an option. Personally, when I moved our DC's to Win2K, I reestablished the VPN's to three remote sites from the ground up. While it seems to be the long way around the problem, it worked without any noticible problems. Are you using their VPN manager? The VPN setup I have is relatively small, but I am told it works rather well even with high numbers of SOHO units and VPN Clients. Finally, if their support group is dragging their heels, call your area sales rep. Mine was extremely helpful in obtaining immediate help from tech-support. In addition, the sales rep might be able to point you to another Watchguard customer who can provide some additional insight. Regards, Justin Cluer From: Jerry Deer Reply-To: Jerry Deer To: [EMAIL PROTECTED] Subject: OFF TOPIC - watchgaurd win2k problem - NEED HELP [7:22894] Date: Fri, 12 Oct 2001 10:33:54 -0400 We recently changed to a windows 2000 domain controller at which time all windows 2000 computers using watchgaurd vpn soho's stopped working on our network. Watchgaurd has been less then helpful so i was wondering if somone on this group has had a simular problem and could offer some insight. THANKS for ANY help in advance! Jerry _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=23544t=23544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]