Re: Syslog server [7:65217]
KIWI From: Tariq Reply-To: Tariq To: [EMAIL PROTECTED] Subject: Syslog server [7:65217] Date: Wed, 12 Mar 2003 22:09:12 GMT I am looking for a good free ware PIX / CISCO syslog server. Any recommendations??? Tariq _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65229t=65217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN Client behind PIX [7:64358]
I couldnt have said it better myself!! From: brett spunt To: 'Kevin O'Gilvie' , Subject: RE: VPN Client behind PIX [7:64358] Date: Wed, 5 Mar 2003 19:17:26 -0800 It's not possible, and here's why. The pix Vpn only supports IPSEC over UDP. Ipsec over UDP is NOT supported when sitting behind a stateful firewall (such as the pix). You need to use Ipsec over TCP if using the vpn client sitting behind a pix, or like stated before, you could create a site to site VPN, setting up to peer with the pix at your work. The reason a concentrator will work, is it's supports ipsec over tcp connections, in addition to standard ipsec, and ipsec over UDP.. HTH, Brett Michael Spunt CCNP,CIPT,MCSE Computer Network Innovations [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin O'Gilvie Sent: Tuesday, March 04, 2003 7:23 PM To: [EMAIL PROTECTED] Subject: Re: VPN Client behind PIX [7:64358] I am assuming he is behind a cable modem or dsl. If so, even cisco says this is not possible. If someone has this working pleas advise.. From: Greg Owens Reply-To: Greg Owens To: [EMAIL PROTECTED] Subject: Re: VPN Client behind PIX [7:64358] Date: Tue, 4 Mar 2003 19:09:16 GMT You just need to open the ports you are using, ie 500, 47 1 From: Steve Smith Date: 2003/03/04 Tue AM 11:15:21 EST To: [EMAIL PROTECTED] Subject: VPN Client behind PIX [7:64358] OK gang here is the scenario. We have a PIX at work running VPN. I have a 515 at home. Before I put the 515 at home in I could use the VPN client to connect to work. Now I can not. I remember a year or so back reading a Cisco article about this and that you had to use a certain IP range on the remote (my house) network. Does anyone know anything about this? Any suggestions? Thanks! Steve Smith Enterprise Engineer 901-758-8179 ext. 108 TEKSELL [EMAIL PROTECTED] Greg Owens 202-398-2552 _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64567t=64358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Partnership [7:64496]
Has anyone in this group benefitted from being a Cisco Partner? If so at what level and how consistent was your referral flow? Thanks, Kevin _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64496t=64496 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Client behind PIX [7:64358]
You have to do a IPSEC tunnel from Pix to Pix or Purchase VPN Concentrator. I have the same issue. From: Steve Smith Reply-To: Steve Smith To: [EMAIL PROTECTED] Subject: VPN Client behind PIX [7:64358] Date: Tue, 4 Mar 2003 16:15:21 GMT OK gang here is the scenario. We have a PIX at work running VPN. I have a 515 at home. Before I put the 515 at home in I could use the VPN client to connect to work. Now I can not. I remember a year or so back reading a Cisco article about this and that you had to use a certain IP range on the remote (my house) network. Does anyone know anything about this? Any suggestions? Thanks! Steve Smith Enterprise Engineer 901-758-8179 ext. 108 TEKSELL [EMAIL PROTECTED] _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64367t=64358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Client behind PIX [7:64358]
I am assuming he is behind a cable modem or dsl. If so, even cisco says this is not possible. If someone has this working pleas advise.. From: Greg Owens Reply-To: Greg Owens To: [EMAIL PROTECTED] Subject: Re: VPN Client behind PIX [7:64358] Date: Tue, 4 Mar 2003 19:09:16 GMT You just need to open the ports you are using, ie 500, 47 1 From: Steve Smith Date: 2003/03/04 Tue AM 11:15:21 EST To: [EMAIL PROTECTED] Subject: VPN Client behind PIX [7:64358] OK gang here is the scenario. We have a PIX at work running VPN. I have a 515 at home. Before I put the 515 at home in I could use the VPN client to connect to work. Now I can not. I remember a year or so back reading a Cisco article about this and that you had to use a certain IP range on the remote (my house) network. Does anyone know anything about this? Any suggestions? Thanks! Steve Smith Enterprise Engineer 901-758-8179 ext. 108 TEKSELL [EMAIL PROTECTED] Greg Owens 202-398-2552 _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64426t=64358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Easy question [7:63002]
You need to enter config reg 0x2102 depends on the router.. What kind of router? - Original Message - From: Johnson, Richard (NY Int) To: Sent: Thursday, February 13, 2003 11:21 PM Subject: Easy question [7:63002] Hi all, Every time I boot my router, it asks if I want to configure my router. I know I have to type some sort of confreg line in. Can someone tell me which one so I can boot my router correctly, without having to reconfigure it each time. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63029t=63002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSIDS - 9E0-100 [7:60920]
Go Oletu!! - Original Message - From: Godswill Oletu To: Sent: Wednesday, January 15, 2003 12:27 PM Subject: Re: CSIDS - 9E0-100 [7:60920] I completed the CSS1 last year and will be going for the SAFE before the expiration in September. I will want to take the SAFE exam as close as possible to the expiration. My advice is, since you have come so close, please go ahead and complete your S! then the SAFE exam. Agreed your current job does not require those skills. However, that give you more confidence for new openings in that field, moreso of what use will it be to you after going this far and for failure to move ahead, Cisco render your CSS1 null and void. It then means, in time to come, if you pick up the interest in the Cisco Security track, you will have to start from beginning all over again. my 2 cents. Regards. Godswill - Original Message - From: Hanna, Keith To: Sent: Tuesday, January 14, 2003 6:26 AM Subject: RE: CSIDS - 9E0-100 [7:60920] Thinking about it at the minute. I completed CSS1 the same week Cisco announced the CCSP, so I only need to take the SAFE exam, but I'm not sure yet if I'll bother. My current position doesn't deal as much with security as I'd like (corporate team to do that), and if I changed positions/company, I suppose it would depend on what I was doing in the new one. I am tempted to 'just do it', but I tend not to be very motivated when there's no reward KEith -Original Message- From: Kim Graham [mailto:[EMAIL PROTECTED]] Sent: 14 January 2003 10:38 To: [EMAIL PROTECTED] Subject: RE: CSIDS - 9E0-100 [7:60920] Maybe I should have asked if anyone is studying for the CCSP? What exams have you accomplished and what is your next step? I may be amungst the group of first participants in this set of exams (v3) and others are waiting to get information concerning the exams before attempting. *grins* Kim / Zukee Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61126t=60920 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IAS Authentication with Pix 515 [7:61023]
Hi All, Does anyone know how to make IAS use Active directory to authenticate VPN users.. I have the sample from cisco but that only displays local authentication.. Thanks a bunch, Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61023t=61023 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IAS Authentication with Pix 515 (Disregard) [7:61028]
I found it.. Thanks, Kevin - Original Message - From: Kevin O'Gilvie To: [EMAIL PROTECTED] Sent: Monday, January 13, 2003 10:16 PM Subject: IAS Authentication with Pix 515 Hi All, Does anyone know how to make IAS use Active directory to authenticate VPN users.. I have the sample from cisco but that only displays local authentication.. Thanks a bunch, Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61028t=61028 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT Apple chooses wireless 802.11g [7:60542]
The Airports have been out forever and are pretty stable.. I must say that apple has been ahead of the game in the wireless arena!! - Original Message - From: Priscilla Oppenheimer To: Sent: Tuesday, January 07, 2003 7:06 PM Subject: OT Apple chooses wireless 802.11g [7:60542] That's what I like about Apple. They aren't mamby-pamby. They choose a technology and go with it, even if it's not standardized yet! Today at MacWorld they announced new notebooks that will ship with 802.11g wireless cards. They also announced a new 802.11g access point. This is the 54 Mbps 2.4 GHz standard that IEEE is working on. I think this is the way to go since 802.11g is compatible with the slew of 802.11b devices already deployed, whereas 802.11a is not compatible. 802.11a has some advantages. For example, it has fewer problems with overlapping access points and it's shipping (and standardized, I think?) Thoughts, anyone? What does Cisco have up its sleeve, I wonder? Are they going to take their normal agnostic standpoint and support 802.11 a, b, and g? Go Apple! :-) Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60608t=60542 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fwd: RE: CCIE Vs. BS or MS dergree [7:59481]
Thank you Howard for laying the foundation for us to grow on.. -Kevin - Original Message - From: Howard C. Berkowitz To: Sent: Friday, December 20, 2002 10:22 AM Subject: Re: Fwd: RE: CCIE Vs. BS or MS dergree [7:59481] At 1:37 PM + 12/20/02, Mr piyush shah wrote: Dear friends It has been quite long that I have been hearing whether CCIE is superior or MS. I thing it is high time we should wrap the topic.I dont understand ,whether why this forum for ? It should b a purely technical. For a typically type of questioning like this, there are resposes which lasts for weeks but there are some questions for whom nobody seems to be bothered ? There was a queation which was thrown on this on TACACS ACS whether What could the issue that I am able to authenticate and not authorisation ,not a single person on this site bothered to answered ,not even Priscilla . Let's consider whether people bother to respond. First, remember that everyone who does so is volunteering their time. They are not a substitute for the TAC or reference materials. Have you considered that at the time you asked the question, Priscilla might be on vacation, another expert has limited list access while on business travel (perhaps behind a strict firewall), and two others are trying to finish projects for which they are paid? The latter might scan the list, but not have 10-30 minutes to write a post. Indeed, many of those experts do not have the answer memorized, but would have to look it up -- admittedly much faster than would a beginner. Which sounds to be very starnge. There are so many people who r new to networking tech ,hence comes with some querry which might b stupid to some of our colleages but pls ensure that u were also like them during your initial phase , The following is not meant to be a put-down, but a reality of how some people started in networking technology. I was first responsible for a network in 1970, using Bell 100 series modems (300 bps) to a PDP-11 running critical medical applications. Most links were acoustically coupled dialups, but we did have a few dedicated lines (again at 300 bps). With about 10 user ports on the machine, we sometimes just ran out. Since one of the dedicated lines was only needed for backups at night, and another for reporting, I realized I could switch them to dialup during the day. There was no Black Box Catalog or the like. I needed to get a copy of RS-232 and learn the wiring, decide how many pins I had to switch, go to the electronics store and get an appropriate rotary switch and other components, and physically build the box, soldering the wires to the switch. I made some incorrect assumptions the first time, and had to use electronic test instruments to find what I had done wrong -- it turned out I wasn't clear about the functions of the Pin 1 and Pin 7 grounds. At the same time all of this was going on, I was the head of software development for the medical applications, so needed to both design, write, and manage development, as well as researching expert system rules for blood banking and clinical chemistry. So no, not everyone had the luxury of a list or even colleagues. hence try to rectify the querry rather than spending your precious time on stupid questions like ccie is superior or MS , what is the salary of CCIE ? And I will be perfectly honest. Sometimes, I may be in a hurry when reading the list, and there's a stupid question that I can answer from personal experience. Even when I answer a technical question with which I am very familiar, I often check the documentation -- Cisco or IETF -- to be sure I'm referring to the right document. On another list, for example, there was a DNS question. I knew the answer was in RFC 1033, 1034, or 1035, but wasn't sure which, and didn't have time to look it up. I cited the three documents, and said I _thought_ it was 1034. Looking it up later, it was 1035. I hope the message is clear to everybody Regards PIYUSH Note: forwarded message attached. Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com X-Apparently-To: [EMAIL PROTECTED] via web8002.mail.in.yahoo.com; 20 Dec 2002 07:36:38 +0500 (IST) Return-Path: X-Track: 1: 100 Return-Path: Received: from groupstudy.com (66.220.63.9) by mta102.in.mail.yahoo.com with SMTP; 20 Dec 2002 07:34:44 +0500 (IST) Received: from localhost (mail@localhost) by groupstudy.com (8.9.3/8.9.3) with SMTP id CAA32069; Fri, 20 Dec 2002 02:04:32 GMT Received: by groupstudy.com (bulk_mailer v1.13); Fri, 20 Dec 2002 01:26:50 + Received: (from listserver@localhost) by groupstudy.com (8.9.3/8.9.3) id BAA23691 GroupStudy Mailer; Fri, 20 Dec 2002 01:26:48 GMT Received: (from nobody@localhost) by groupstudy.com (8.9.3/8.9.3) id BAA23686
Re: Aironet 1200 [7:59310]
You are right. The 1200's dont support briging as yet, they are just WAP's. How much bandwidth does the 350 offer? - Original Message - From: Charlie Wehner To: Sent: Monday, December 16, 2002 9:07 PM Subject: RE: Aironet 1200 [7:59310] What type of throughput does the remote office need? With two 1200 series access points you can: a) Run one AP as Root and the other in Repeater mode. b) Blast the signal across the street with just one AP I don't think you can bridge with 1200s series APs. You might be better off buying 350 bridges instead depending on your environment. You could also buy a WGB to connect to one of the APs. That's another option. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59369t=59310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Aironet 1200 [7:59310]
This is the opposite as to what cisco was telling me. I definately have line of site, they told me (2) 1200's with the outdoor antennas is all I would need. Are you saying I would need the bridges as well? How much bandwith is that offereing? I am only using the wireless for the data for now. i will look into the voice aspect later.. TIA, -Kevin - Original Message - From: Mac To: Sent: Tuesday, December 17, 2002 1:14 AM Subject: Re: Aironet 1200 [7:59310] You will have to buy 2 wireless bridges. The 350 series wireless bridges are 802.11b. 100 milliwat, and support rp-tnc connectors, this will allow you to choose a range of antennas to use. I would supose you have 3 major issues to worry about 1. I am assuming you have line of sight currently, are there any trees that will grow leaves in the spring in your path? 2. Current voice and data integration - there are 2 likely ways that you may be intagrated a. using a channel bank on your csu-dsu e.g. 1 serial port to your pbx, 1 to your router, and the same thing on the oposite side of the T1 line b. you are doing a voip integration with Drop and Insert cards if you are running choice a, then you will have to deal with your voice integration, if choice b, then you will just to reconfigure your router to support the new wan integration 3. Wireless security- Luckily cisco access points and bridges support dynamic wep key rotation. If you are implimenting bridges then you will have to configure Leap. This makes it necessary to configure Internet Authentication Server, or Cisco Secure ACS server, or whater radius implimentation of your choice. Hope this helps, Colin McNamara Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am looking to get rid of the fractional T1. We have 12 voice 12 data.. We can save money going wireless and increse the throughput.. I want to go 802.11b all the way.. Isnt the bridge 11a. If I have antennas on both sides wont that be enough? Please let me know your thoughts.. there will be about 20 users in the remote office.. TIA, Kevin From: Charlie Wehner Reply-To: Charlie Wehner To: [EMAIL PROTECTED] Subject: RE: Aironet 1200 [7:59310] Date: Tue, 17 Dec 2002 02:07:40 GMT What type of throughput does the remote office need? With two 1200 series access points you can: a) Run one AP as Root and the other in Repeater mode. b) Blast the signal across the street with just one AP I don't think you can bridge with 1200s series APs. You might be better off buying 350 bridges instead depending on your environment. You could also buy a WGB to connect to one of the APs. That's another option. _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59368t=59310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Aironet 1200 [7:59310]
Exactly.. We have an external CSU/DSU for the PBX.. - Original Message - From: Mac To: Sent: Tuesday, December 17, 2002 10:43 AM Subject: Re: Aironet 1200 [7:59310] 11 megabit, for 802.11b, so with headers and encryption, 8-9 megabit. Weather conditions, distance, and interferance can nock this rate down. the 2 db dipole rubber ducky antenna's that come stock with AP's and some Bridges have about a 200 meter range. If you have any questions on what antennas, cables and towers may be appropriate for you just go to cisco.com tac tools, and aironet antenna calculator. This will tell you how much distance/throughput/antenna hieght you will need/get. Question on your voice integration, does the PBX connect directly into an external csu/dsu that the router does (such as a kentrox with 2 v.35 connections) or does it plug into your router into a vwic card ?. Cheers, Colin McNamara Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You are right. The 1200's dont support briging as yet, they are just WAP's. How much bandwidth does the 350 offer? - Original Message - From: Charlie Wehner To: Sent: Monday, December 16, 2002 9:07 PM Subject: RE: Aironet 1200 [7:59310] What type of throughput does the remote office need? With two 1200 series access points you can: a) Run one AP as Root and the other in Repeater mode. b) Blast the signal across the street with just one AP I don't think you can bridge with 1200s series APs. You might be better off buying 350 bridges instead depending on your environment. You could also buy a WGB to connect to one of the APs. That's another option. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59383t=59310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Aironet 1200 [7:59310]
Dear All, I am purchasing (2) the Cisco Aironet 1200 and respective outdoor antennas to connect a remote office across the street, I am wondering if anyone has done this and has some advice for me.. -Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59310t=59310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Aironet 1200 [7:59310]
I am looking to get rid of the fractional T1. We have 12 voice 12 data.. We can save money going wireless and increse the throughput.. I want to go 802.11b all the way.. Isnt the bridge 11a. If I have antennas on both sides wont that be enough? Please let me know your thoughts.. there will be about 20 users in the remote office.. TIA, Kevin From: Charlie Wehner Reply-To: Charlie Wehner To: [EMAIL PROTECTED] Subject: RE: Aironet 1200 [7:59310] Date: Tue, 17 Dec 2002 02:07:40 GMT What type of throughput does the remote office need? With two 1200 series access points you can: a) Run one AP as Root and the other in Repeater mode. b) Blast the signal across the street with just one AP I don't think you can bridge with 1200s series APs. You might be better off buying 350 bridges instead depending on your environment. You could also buy a WGB to connect to one of the APs. That's another option. _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59339t=59310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Resricicting Certain Users -Pix 515 UR [7:58861]
Yeah, Its starts at version 6.2. Its great, drastically reduces your config lines.. From: Andrew Larkins Reply-To: Andrew Larkins To: [EMAIL PROTECTED] Subject: RE: Resricicting Certain Users -Pix 515 UR [7:58861] Date: Wed, 11 Dec 2002 16:32:13 GMT Maybe a dumb question - but is there a certain software version for that command (object group) - haven't seen it before -Original Message- From: Kevin O'Gilvie [mailto:[EMAIL PROTECTED]] Sent: 10 December 2002 22:15 To: [EMAIL PROTECTED] Subject: Re: Resricicting Certain Users -Pix 515 UR [7:58861] Sounds good.. But websense is very expensive.. Wont lists do the job as well: e.g object-group network REST-LAN-USR network-object 10.1.x.x 255.255.255.0 object-group network Rest-SRV network-object host 64.232.56.99 network-object host 209.123.45.67 access-list RESTRICTED permit tcp object-group REST-LAN-USR object-group Rest-SRV eq www And just put those users in that subnet? Thanks Brad From: Brad Reply-To: Brad To: [EMAIL PROTECTED] Subject: Re: Resricicting Certain Users -Pix 515 UR [7:58861] Date: Tue, 10 Dec 2002 15:42:54 GMT Kevin, Hi! I would say the best way to do something like this would probably be using Websense (or similar software) in conjunction with your Pix. I've setup Websense before, and it's pretty easy. thanks, -Brad Ellis CCIE#5796 (RS / Security) Network Learning Inc [EMAIL PROTECTED] www.optsys.net (Cisco hardware) Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, I would like to create a group lets say x,x,x,x-x.x.x.x and restrict them to only certain websites, I am guessing I will have to use ip addresses of those sites, but still allow them to access the local network.. Whats the best way to go about this. I have been using groups in my configs thus far.. BTW- I love you guys in this group, it has to be the best news group around right now, lets keep the standards high and weed out the slackers that are trying to water down the CCIE's. We are doing more work for less money and the main reason why is because we are settling, we work damn hard and invest time and money to achieve these goals, and should be awarded as such. I dont see doctors building practice labs in there homes to cure patients, nor lawyers building practice court rooms.. Sorry for the ranting but every year it seems you have to have more and more letters after your name to earn a decent living in this technology arena, when we are the ones that are enabling these million and billion dollar companies to do business seemlessly anytime and anywhere.. -Kevin _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail _ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail _ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58992t=58861 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Resricicting Certain Users -Pix 515 UR [7:58861]
Sounds good.. But websense is very expensive.. Wont lists do the job as well: e.g object-group network REST-LAN-USR network-object 10.1.x.x 255.255.255.0 object-group network Rest-SRV network-object host 64.232.56.99 network-object host 209.123.45.67 access-list RESTRICTED permit tcp object-group REST-LAN-USR object-group Rest-SRV eq www And just put those users in that subnet? Thanks Brad From: Brad Reply-To: Brad To: [EMAIL PROTECTED] Subject: Re: Resricicting Certain Users -Pix 515 UR [7:58861] Date: Tue, 10 Dec 2002 15:42:54 GMT Kevin, Hi! I would say the best way to do something like this would probably be using Websense (or similar software) in conjunction with your Pix. I've setup Websense before, and it's pretty easy. thanks, -Brad Ellis CCIE#5796 (RS / Security) Network Learning Inc [EMAIL PROTECTED] www.optsys.net (Cisco hardware) Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, I would like to create a group lets say x,x,x,x-x.x.x.x and restrict them to only certain websites, I am guessing I will have to use ip addresses of those sites, but still allow them to access the local network.. Whats the best way to go about this. I have been using groups in my configs thus far.. BTW- I love you guys in this group, it has to be the best news group around right now, lets keep the standards high and weed out the slackers that are trying to water down the CCIE's. We are doing more work for less money and the main reason why is because we are settling, we work damn hard and invest time and money to achieve these goals, and should be awarded as such. I dont see doctors building practice labs in there homes to cure patients, nor lawyers building practice court rooms.. Sorry for the ranting but every year it seems you have to have more and more letters after your name to earn a decent living in this technology arena, when we are the ones that are enabling these million and billion dollar companies to do business seemlessly anytime and anywhere.. -Kevin _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail _ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58918t=58861 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Resricicting Certain Users -Pix 515 UR [7:58861]
Hi All, I would like to create a group lets say x,x,x,x-x.x.x.x and restrict them to only certain websites, I am guessing I will have to use ip addresses of those sites, but still allow them to access the local network.. Whats the best way to go about this. I have been using groups in my configs thus far.. BTW- I love you guys in this group, it has to be the best news group around right now, lets keep the standards high and weed out the slackers that are trying to water down the CCIE's. We are doing more work for less money and the main reason why is because we are settling, we work damn hard and invest time and money to achieve these goals, and should be awarded as such. I dont see doctors building practice labs in there homes to cure patients, nor lawyers building practice court rooms.. Sorry for the ranting but every year it seems you have to have more and more letters after your name to earn a decent living in this technology arena, when we are the ones that are enabling these million and billion dollar companies to do business seemlessly anytime and anywhere.. -Kevin _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58861t=58861 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BSCI [7:57165]
Has anyone taken this exam yet and can offer some feedback on preparation. Thanks, Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57165t=57165 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Security Boot Camp [7:57042]
Has anyone taken this? I am thinking about going since my job is willing to pay or any other recommendations on CCIE Security Training? TIA, Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57042t=57042 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Study Groups [7:56997]
Dear All, I am curious to how the current established study groups are working out. I would like some feedback on best practices and what doesnt as far as having a succesful study group as we are starting one as we speak. I am sure there are some great stories out there as well as some bad ones. Thanks, Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56997t=56997 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Looking for Mac Support Engineer NYC [7:57013]
If anyone knows of someone who is very skilled in Macintosh OS 9/ X and Applications please forward the resume to me. We are looking to fill this position ASAP. I am not a recruiter this is a real position. No 3rd parties please. Thanks, Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57013t=57013 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ESAFE Spam Filter.. [7:56344]
I just ordered it.. Anyone implemeted this yet? -Kevin _ Broadband? Dial-up? Get reliable MSN Internet Access. http://resourcecenter.msn.com/access/plans/default.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56344t=56344 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco IDS [7:56100]
Dear All, I am looking to purchase Cisco IDS next week. Anyone implemented this yet? thanks in advance, -Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56100t=56100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Setting Up VTP Domain [7:55943]
You Rock Priscilla!! I am honored to have your advice. Thank you, Kevin - Original Message - From: Priscilla Oppenheimer To: Sent: Monday, October 21, 2002 5:20 PM Subject: RE: Setting Up VTP Domain [7:55943] Kevin O'Gilvie wrote: Dear All, I have a Cat5k and about 15 Cat29xx . All 29xx are connected to the Cat 5, the Cat 5 cpnnects to the Pix, Pix Connects to the router. There are no Vlans in place. I would like to enable VTP Domain but I would like to know the best way to go about thist. Some of our 29xx are old some are new, I heard horror stories of VTP taking down the network. I would like to make the Cat5k my vtp Server and all the 29xx 's vtp clients. I'm more of an expert on real LANs than virtual LANs ;-), so somebody will correct me if I say anything wrong, but I think your plan sounds fine. You may want to have one other switch act as a VTP server as a backup. The other switches should be clients, as you have planned. You should enter VLAN information on the primary server switch normally and only enter information on the other switch acting as a VTP server if you know for sure that the primary server is going to be down for a while. Or, just keep it simple, and have just one VTP server switch, as you have planned. Cisco requires VTP, by the way, so you will have to use it once you start implementing VLANs. You will probably want to put all the switches in the same VTP domain since your network is small, which you can easily do by simply supplying the same domain name for all of the switches. Be very careful with the spelling so that the domain name is exactly the same on all the switches. The name is case-sensitive, by the way. Most problems with VTP are due to non-systematic updating of VLAN data by novice network engineers. As mentioned, you should have no more than one or two switches acting as a server, and you should only make changes on one of those switches, unless the other one is down and will be down for a while. A switch looks at the configuration revision number (CRN) of a VTP advertisement. If a VTP server or client receives an advertisement where the received CFN is higher then the current CFN, the switch sends a request to the originating server for a subset advertisement. The switch then replaces its VLAN configuration with the contents of the subset advertisement. The switch floods the original summary advertisement out all trunk ports. A switch in transparent mode ignores the advertisement and floods it out all trunk ports. Note that when a server or client receives a VTP subset advertisement, the switch erases its old VLAN configuration and replaces it with the new information from the advertising server. This behavior can result in problems. Consider the case where you have configured a switch off-line before connecting it to a network. Now suppose you have configured the switch to be a VTP server and that you made many changes as you were working, resulting in a switch with a higher CFN than exists in the running network. When you connect the new switch to the network, its VLAN configuration replaces that of all the switches in the network. VTP does not add to existing configurations; it replaces them. So, you may have just wiped out numerous VLANs that already existed. Any ports that were in the deleted VLANs are now disabled. The network becomes unusable at this point! VTP is a powerful tool, but it must be used with care. To avoid problems, be sure to document the VLAN names and IDs that are in use, using network management software or an Excel spreadsheet. And that's probably way more verbiage than you needed! ;-) But I hope it is helpful. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Your Advice is Greatly appreciated, Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56039t=55943 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Setting Up VTP Domain [7:55943]
Dear All, I have a Cat5k and about 15 Cat29xx . All 29xx are connected to the Cat 5, the Cat 5 cpnnects to the Pix, Pix Connects to the router. There are no Vlans in place. I would like to enable VTP Domain but I would like to know the best way to go about thist. Some of our 29xx are old some are new, I heard horror stories of VTP taking down the network. I would like to make the Cat5k my vtp Server and all the 29xx 's vtp clients. Your Advice is Greatly appreciated, Kevin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55943t=55943 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IDS-Security [7:55780]
I was looking at A Cisco IDS solution.. Is that not any good? From: Peter Walker : [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], @groupstudy.com Reply-To: Peter Walker : [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], @groupstudy.com To: [EMAIL PROTECTED] Subject: Re: IDS-Security [7:55780] Date: Fri, 18 Oct 2002 08:44:05 GMT just a couple of comments. 1) I think you misinterpreted the original poster's comment. You dont have to buy OpenBSD because similar to linux it is free. Like with linux you may want to buy a CD unless you like internet installs :-) 2) Unlike most linux distro's, OpenBSD is pretty much secure after a default install. This should be important to you for an IDS host. Peter Walker Gragido, William wrote: You don't have to buy a copy of OpenBSD. Snort runs on Linux and has been ported to, you guessed it, Windoze as well. I have been working with it for quite a long time and I love it. -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com] Sent: Thursday, October 17, 2002 8:27 PM To: [EMAIL PROTECTED] Subject: RE: IDS-Security [7:55780] If you are looking for a great IDS solution take a look a snort. www.snort.org Buy a copy of OpenBSD and install snort. Snort is open source and it awesome IDS software. If it is good enough for Northcutt it is good enough for anybody _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55870t=55780 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 9/11 [7:53084]
May God bless and keep you all.. \From: Jake Reply-To: Jake To: [EMAIL PROTECTED] Subject: 9/11 [7:53084] Date: Wed, 11 Sep 2002 11:46:35 GMT Lets take a moment to remember are fallen heros, all who have parished, and the families they left behind. Thanks _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53097t=53084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to manage the pix 501 remotely via telnet or pdm [7:52868]
If your are on 6.X u can use ssh from anywhere in the world. There is a doc on cco on how to enable ssh.. Cheers, Kevin From: Mark W. Odette II Reply-To: Mark W. Odette II To: [EMAIL PROTECTED] Subject: RE: How to manage the pix 501 remotely via telnet or pdm [7:52831] Date: Fri, 6 Sep 2002 22:25:06 GMT HUH!?!?! What does ICMP have to do with Telnet or the PDM?? Mindiani- To answer your question, yes there is an alleged way of doing what you're wanting to do. I have not done it myself yet, but there is an example on CCO of how to do such a configuration. Pad Pad Pad http://www.cisco.com/warp/public/110/pdm_vpntun.html For Telnet, as far as I know, there isn't a way to telnet to the PIX from the outside- it's considered a security risk by the firewall group at Cisco, so they don't allow for it. If you want to telnet to the PIX, create a rule on the PIX that allows your specific Internet Host to connect to a telnet device such as a Switch or a Unix box (or even the Telnet Server on Win2K if I dare suggest it), and then hit the PIX from that telnet host. Be sure and configure the PIX with the telnet 'inside-host-ip' 255.255.255.255 inside command. Good luck, and let us know how you do! Mark -Original Message- From: Dain Deutschman [mailto:[EMAIL PROTECTED]] Sent: Friday, September 06, 2002 4:28 PM To: [EMAIL PROTECTED] Subject: Re: How to manage the pix 501 remotely via telnet or pdm [7:52826] do you have the conduit configured to allow icmp? I think the PIX blocks icmp unless you specifically open a conduit for it. Dain mindiani mindiani wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi I just installed two PIX 501 with vpn tunnel over the internet for my client and I would like to allow telnet and pdm from one site to the other. The tunnels are up and I able to send traffic in both directions but I cannot telnet into the remote Pix from my PC.I tried the following command: telnet 172.16.1.2 255.255.255.255 outside This command would not allow my PC (IP address172.16.1.2) to telnet to the remote site but I am able to telnet to my servers behind the PIX. i have the same problem with PDM. Join the worlds largest e-mail service with MSN Hotmail. Click Here _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52868t=52868 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PDM [7:52870]
PDM PDM PDM.. I dont see why anyone uses PDM.. With 6.X you can create groups, objects etc..Which really reduces the lines in your config.. I am CLI all the way!!! Is there a PDM for routers too?? LOL!! Just my opinion.. CLI helps you learn the IOS much better then PDM.. Cheers, Kevin _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52870t=52870 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PDM [7:52870]
LOL.. I gotcha.. From: Eric Rogers Reply-To: Eric Rogers To: [EMAIL PROTECTED] Subject: Re: PDM [7:52870] Date: Sun, 8 Sep 2002 02:36:05 GMT Remember, firewalls and routers perform two different functions. The PDM is being developed to counter Checkpoint's. Checkpoint is the leader in the firewall market and it has an excellent GUI. Granted there are issue's with CP concerning licensing, OS hardening and support. In a large production firewall environment it's really nice to have a GUI and not go blind trying to read straight text on a daily basis. Rules that I can see quickly with color a GUI. Logs that I can see quickly with a color GUI. Imagine a company with 20,000 people spread across a continent with a dozen server farms. Now imagine a over hundred or so rules placed on the firewalls to facilitate the needs of the various business groups. Then you take 9 to 15 fulltime admin's managing this on a 24x7 basis and you'll find just how quickly you wish you had that GUI come your shift. Think about it. Somehow there's a server hack and suddenly you've got your boss breathing down your neck and your boss' boss breathing down your neck too, all the while your scrolling through the CLI trying to figure out who, what, where. Finally, printing out the entire running config and going through it line by line with a color marker. I've seen this happen. It's an ugly sight. Just some food for thought... -Eric - Original Message - From: Kevin O'Gilvie To: Sent: Saturday, September 07, 2002 6:44 PM Subject: PDM [7:52870] PDM PDM PDM.. I dont see why anyone uses PDM.. With 6.X you can create groups, objects etc..Which really reduces the lines in your config.. I am CLI all the way!!! Is there a PDM for routers too?? LOL!! Just my opinion.. CLI helps you learn the IOS much better then PDM.. Cheers, Kevin _ Send and receive Hotmail on your mobile device: http://mobile.msn.com _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52873t=52870 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Exchange 5.5 in DMZ [7:52126]
Dear All, What is the correct way to set up exchange in the DMZ.. I know how to set it up in the inside interface but that is a security risk. I would like to put IMC and OWA on the DMZ. And keep the Mail Server on the inside Thanks, Kevin _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52126t=52126 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Does Pix Support? [7:51519]
Hi All, I am pretty sure you all are in the same boat of spam management.. Does the Pix have any pluggins for spam blocking.. Can you guys reccommend a product for spam blocking for Exchange 5.5. I am looking at Mail Sweeper? Also looking for A gooD AV for Exchange 5.5, I am currently using innoculate but There patters come out too lATE.. TIA, KEVIN _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51519t=51519 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Looking for BSCN in PDF format [7:50039]
LOL!! From: Jay Greenberg Reply-To: Jay Greenberg To: [EMAIL PROTECTED] Subject: Re: Looking for BSCN in PDF format [7:50039] Date: Mon, 29 Jul 2002 18:09:21 GMT Sure, 150 bucks, and I'll even give you a *real* book instead of the pdf. Wouldn't it be nice if everything were free? On Mon, 2002-07-29 at 13:28, Bond, Jeffrey T wrote: Does anyone have a copy of BSCN in pdf format that they wouldn't mind sharing. thanks Jeff _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50043t=50039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Looking for BSCN in PDF format [7:50039]
You tell him Juan, No pirates here!! Just techies trying to sail..Alot of us are just trying to swim..Or at least learning to float!! LOL!! From: Juan Blanco Reply-To: Juan Blanco To: [EMAIL PROTECTED] Subject: RE: Looking for BSCN in PDF format [7:50039] Date: Mon, 29 Jul 2002 20:09:19 GMT Jeff, Give us a break, on this group we are very negative to this type of behaviors, I just went and spent $120 in two books, I did not go to the movies, I did not go outI just went and bought the books because I need them, like myself most of the people in this group do the same thing, they sacrificed them self and buy whatever is require to learn the technology which will help them to move up to new levels, the same way the authors of many books whom worked very hard to put together a book that will help everyone. My advise to you is, in this field you can't be worried about how much a book cost.This is very costly field, very costly my wife is ready give the divorced and kick me out the house with my rack, routers, switches and course many, many books... Good luck in getting your BSCN'S PDF.. jb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bond, Jeffrey T Sent: Monday, July 29, 2002 1:29 PM To: [EMAIL PROTECTED] Subject: Looking for BSCN in PDF format [7:50039] Does anyone have a copy of BSCN in pdf format that they wouldn't mind sharing. thanks Jeff _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50051t=50039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Got it to work (Pix 515 behind cable modem) [7:49744]
Thanks Everyone, I thought that the pix would automatically assign dns servers to the clents if you have dhcpd auto turned on on the outside interface. I was wrong. I manually added dhcp to one client and ..BANG!! I was on google.com..LOL.. I then configured dhcpd on the inside interface with a private pool and all is well.. Thank you all.. I couldnt have done it w/o you..I guess the outside interface doesnt care about dns.. Oh yeah -- no need for route outside statement..I did a show route and 'setroute' is doing his job just fine.. -Kevin From: Craig Columbus To: Kevin O'Gilvie CC: [EMAIL PROTECTED] Subject: Re: Can get it to work (Pix 515 behind cable modem [7:49744] Date: Fri, 26 Jul 2002 12:09:50 -0400 Kevin, Kim's right... If you've posted your entire config, then you've not opened any ports. By default, the PIX won't allow traffic through. You have to specifically enable what you want. Create an access list and apply it to the inside interface: access-list acl_inside permit ip any any access-group acl_inside in interface inside Craig At 03:49 PM 7/26/2002 +, you wrote: hi Kim, Thanks for your advice, ill try it.. -Kevin From: Kim Graham To: Kevin O'Gilvie , Subject: Re: Can get it to work (Pix 515 behind cable modem) [7:49744] Date: Fri, 26 Jul 2002 7:34:51 -0400 I am new to the pix so please verify these entries before you try them (older version of pix) you need to add conduit statements. This version of PIX (6.2(2)) may be able to use access lists so check on that prior to putting in the conduits. Once you have entered the conduit statements clear the xlate and then try to initiate a session to the outside world. (show conduit, show xlate, clear xlate) example: conduit permit icmp any any conduit permit tcp any any eq www Kim From: Kevin O'Gilvie Date: 2002/07/26 Fri AM 01:20:23 EDT To: [EMAIL PROTECTED] Subject: Can get it to work (Pix 515 behind cable modem) [7:49744] Dear All, Below is my config. Can someone tell me why ckients on the inside interface cant get to the internet (browwse, ping, nothing) Yet show xlate shows clients Pat(ing) to outside address.. I am so frustrated, dont know whats the issue???!!! PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 names pager lines 24 logging on logging trap debugging logging host inside 192.168.0.2 interface ethernet0 100full interface ethernet1 100full interface ethernet2 100full mtu outside 1500 mtu inside 1500 mtu dmz 1500 ip address outside dhcp setroute ip address inside 192.168.0.1 255.255.255.0 ip address dmz 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 timeout xlate 0:30:00 timeout conn 0:15:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec sysopt connection permit-pptp no sysopt route dnat telnet 192.168.0.2 255.255.255.255 inside telnet timeout 60 ssh timeout 5 dhcpd auto_config outside terminal width 80 Cryptochecksum:0d7e04757f9b50f2a77acb163265e3ea : end [OK] _ Send and receive Hotmail on your mobile device: http://mobile.msn.com _ Send and receive Hotmail on your mobile device: http://mobile.msn.com _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49977t=49744 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can get it to work (Pix 515 behind cable modem [7:49744]
Theoretically yes. But the ip is reserved and nearly ever changes.. From: Jake Reply-To: Jake To: [EMAIL PROTECTED] Subject: Re: Can get it to work (Pix 515 behind cable modem [7:49744] Date: Fri, 26 Jul 2002 15:44:35 GMT Is the outside interface doing DHCP from the ISP with the setroute command. If so, this would mean that your global ip on your outside interface changes. Am I correct to assume this?? Kevin O'Gilvie wrote in message news:[EMAIL PROTECTED]... Dear All, Below is my config. Can someone tell me why ckients on the inside interface cant get to the internet (browwse, ping, nothing) Yet show xlate shows clients Pat(ing) to outside address.. I am so frustrated, dont know whats the issue???!!! PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 names pager lines 24 logging on logging trap debugging logging host inside 192.168.0.2 interface ethernet0 100full interface ethernet1 100full interface ethernet2 100full mtu outside 1500 mtu inside 1500 mtu dmz 1500 ip address outside dhcp setroute ip address inside 192.168.0.1 255.255.255.0 ip address dmz 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 timeout xlate 0:30:00 timeout conn 0:15:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec sysopt connection permit-pptp no sysopt route dnat telnet 192.168.0.2 255.255.255.255 inside telnet timeout 60 ssh timeout 5 dhcpd auto_config outside terminal width 80 Cryptochecksum:0d7e04757f9b50f2a77acb163265e3ea : end [OK] _ Send and receive Hotmail on your mobile device: http://mobile.msn.com _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49787t=49744 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can get it to work (Pix 515 behind cable modem [7:49744]
Thanks Ill let u know what the outcome is.. From: Craig Columbus To: Kevin O'Gilvie CC: [EMAIL PROTECTED] Subject: Re: Can get it to work (Pix 515 behind cable modem [7:49744] Date: Fri, 26 Jul 2002 12:09:50 -0400 Kevin, Kim's right... If you've posted your entire config, then you've not opened any ports. By default, the PIX won't allow traffic through. You have to specifically enable what you want. Create an access list and apply it to the inside interface: access-list acl_inside permit ip any any access-group acl_inside in interface inside Craig At 03:49 PM 7/26/2002 +, you wrote: hi Kim, Thanks for your advice, ill try it.. -Kevin From: Kim Graham To: Kevin O'Gilvie , Subject: Re: Can get it to work (Pix 515 behind cable modem) [7:49744] Date: Fri, 26 Jul 2002 7:34:51 -0400 I am new to the pix so please verify these entries before you try them (older version of pix) you need to add conduit statements. This version of PIX (6.2(2)) may be able to use access lists so check on that prior to putting in the conduits. Once you have entered the conduit statements clear the xlate and then try to initiate a session to the outside world. (show conduit, show xlate, clear xlate) example: conduit permit icmp any any conduit permit tcp any any eq www Kim From: Kevin O'Gilvie Date: 2002/07/26 Fri AM 01:20:23 EDT To: [EMAIL PROTECTED] Subject: Can get it to work (Pix 515 behind cable modem) [7:49744] Dear All, Below is my config. Can someone tell me why ckients on the inside interface cant get to the internet (browwse, ping, nothing) Yet show xlate shows clients Pat(ing) to outside address.. I am so frustrated, dont know whats the issue???!!! PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 names pager lines 24 logging on logging trap debugging logging host inside 192.168.0.2 interface ethernet0 100full interface ethernet1 100full interface ethernet2 100full mtu outside 1500 mtu inside 1500 mtu dmz 1500 ip address outside dhcp setroute ip address inside 192.168.0.1 255.255.255.0 ip address dmz 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 timeout xlate 0:30:00 timeout conn 0:15:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec sysopt connection permit-pptp no sysopt route dnat telnet 192.168.0.2 255.255.255.255 inside telnet timeout 60 ssh timeout 5 dhcpd auto_config outside terminal width 80 Cryptochecksum:0d7e04757f9b50f2a77acb163265e3ea : end [OK] _ Send and receive Hotmail on your mobile device: http://mobile.msn.com _ Send and receive Hotmail on your mobile device: http://mobile.msn.com _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49786t=49744 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can get it to work (Pix 515 behind cable modem) [7:49744]
Thanks Peter, Ill try that.. From: Peter zhang Reply-To: Peter zhang To: [EMAIL PROTECTED] Subject: RE: Can get it to work (Pix 515 behind cable modem) [7:49744] Date: Fri, 26 Jul 2002 17:56:38 GMT change the outside interface to auto, create dhcpd address pool and enable dhcpd pool inside. int e0 auto dhcpd enable inside dhcpd address 192.168.0.1-192.168.0.15 inside _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49806t=49744 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can get it to work (Pix 515 behind cable modem) [7:49744]
I cant change any configurations on the Modem. Its a Motorola Surfboard usXXX optimum online set it up. Do u know how I can go about getting into that modem to check the configs? From: Mike Sweeney Reply-To: Mike Sweeney To: [EMAIL PROTECTED] Subject: RE: Can get it to work (Pix 515 behind cable modem) [7:49744] Date: Fri, 26 Jul 2002 12:27:42 GMT Have you verified that the cable modem(bridge) can really talk 100 full? you have the outside port hardcoded to 100 full. On my 501, I had to place it at 10 1/2 in order for the cable modem to work properly. Which is not a big deal as total bandwidth at that point at best is 3Mbps downstream.. but 1.2 is much more reasonable so there is not any need for 100Mb MikeS www dot packetattack dot com _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49780t=49744 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CLI vs PDM [7:49774]
Juan, I love your quote. Keep the CLI going I think that keeps you more tuned.. Dont want to become Checkpoint!! Or Windows vs Unix.. From: Juan Blanco Reply-To: Juan Blanco To: [EMAIL PROTECTED] Subject: CLI vs PDM [7:49774] Date: Fri, 26 Jul 2002 14:45:39 GMT Team, For those security people on the Cisco World, Normally which interface do you use the most, the CLI or the PDM. I am in the process of setting up standards and we would like to define one for having access to our Pix. Thanks, Juan Blanco The greatest glory in living lies not in never falling, but in rising every time we fall . -- Nelson Mandela _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49777t=49774 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Here we go again ( Pix 515) [7:49492]
I wouldnt put dhcp on the firewall for 300 users. But for 10 or 15 I would. Thanks, -Kevin From: Gaz Reply-To: Gaz To: [EMAIL PROTECTED] Subject: Re: Here we go again ( Pix 515) [7:49492] Date: Wed, 24 Jul 2002 22:37:12 GMT What's everybody's view on using the Pix as a DHCP server? I used it once, only because after arriving on site to install the Pix the customer mentioned that his old Firewall was doing DHCP and he had no plans to do it on anything else. Seemed to go fine, but would like to know if people have come across limitations/issues. I tend to agree with the view Right box for the job, i.e. don't make the Pix do things it's not made for, but if pushed into the situation, how does it compare. Cheers, Gaz Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Kelly, You are absolutely right, and I love your strategy. That is the way I did it 2 years ago, but the only thing now is finding a vpn solution for the Macs. I used Pix for the PC's last time round but never had to do this for the Mac's. Any ideas? From: Kelly Cobean Reply-To: Kelly Cobean To: [EMAIL PROTECTED] Subject: RE: Here we go again ( Pix 515) [7:49492] Date: Wed, 24 Jul 2002 02:18:38 GMT Man, you aren't asking much, are you? ;-) Ok, here's the order I'd do things in... First things first, get that firewall in place. You don't list what their internet connectivity is, but if they bought a PIX, it's safe to assume that they have a persistent connection, and that being true, they're really hanging it out there for someone to cut off, so to speak. Network security is always a primary concern, and the firewall won't take alot of time to set up. Not setting it up could be very costly. If they already have a light(er)-weight firewall like a Linux host running IP chains or IP tables, replacing this first will save your users down-time later because you can pre-configure your internet rulebase/access in preparation for your private addressing. Next, I'd do the DHCP and Private Addressing. These go hand in hand, and since your firewall is now in place, you can do the NAT/PAT translations as needed and not have to rethink these later. Third, get Exchange up and running. If it's going on a different system than Quick mail is running on, great! Now you can get them running in parallel, and move users accounts over one at a time or in batches. There are probably tools out there to do the mailbox format conversion. Now that your network is secure at layer3/4, you can focus on the nitty-gritty of the user data. (Oh yeah, don't forget that backup!!!) It's a 10,000 foot view, but that's how I'd do it. I'm not really a MAC guy, but I'd venture a guess that most or all of your MAC's run TCP/IP and support DHCP, so from an L3/4 standpoint, they're really no different than your PC's. When doing multiple projects like this, I tend to work along the OSI model. If the wiring is horrible, or the NIC's are all old 10Base2 nics and have transceivers to hook them to your BaseT network, take care of the layer 1 stuff first. Next, if the network is all unmanaged hubs, and your network is one gigantic broadcast domain, start installing switches to quiet down the network. Next, get VLANs/routing/security in place for Layer3/4. Next, work on the upper layers where all of your apps and data live and talk. Just my $0.02 worth. HTH, Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer ATT Government Solutions, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin O'Gilvie Sent: Tuesday, July 23, 2002 9:07 PM To: [EMAIL PROTECTED] Subject: Here we go again ( Pix 515) [7:49492] Dear All, I am jumping into a similar mess as when I started at my current company, but this time the Macs out number the PC's. Well here is the scoop: 180 Macs 50 PC's Static Ip's No DHCP No FW Quick Mail Server and a whole bunch of other nasty things.. - They just purchases a Pix 515 - They just bought Exchange 5.5 My projects are: Set up DHCP Set up Pix Set up Private Addressing Set up Exchange Migrate them from Quick Mail etc etc I have done this before but maybe you guys can help as to how I should go about this the quickest. Thanks, Kevin _ Send and receive Hotmail on your mobile device: http://mobile.msn.com _ Send and receive Hotmail on your mobile device: http://mobile.msn.com _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=4965
RE: Here we go again ( Pix 515) [7:49492]
Hey, No flames aginst NT admins. In these tuff times Network Admins need to know all FW's, Servers, PC's, Mac's, Switches, Routers, even Cabling.. In order to survive. Like myself!! From: Juan Blanco Reply-To: [EMAIL PROTECTED] To: 'Kevin O'Gilvie' , [EMAIL PROTECTED] Subject: RE: Here we go again ( Pix 515) [7:49492] Date: Thu, 25 Jul 2002 11:14:08 -0400 Team, The way I see it, dhcp on the firewall is only for small number of users, when it comes to mid-size-up network you don't want to use a firewall for a DHCPCan you see an NT administrator making changes in your firewall because he/she is having problems with DHCP(This network will be available to hackers in the Theater near You) My two cents. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin O'Gilvie Sent: Thursday, July 25, 2002 10:27 AM To: [EMAIL PROTECTED] Subject: Re: Here we go again ( Pix 515) [7:49492] I wouldnt put dhcp on the firewall for 300 users. But for 10 or 15 I would. Thanks, -Kevin From: Gaz Reply-To: Gaz To: [EMAIL PROTECTED] Subject: Re: Here we go again ( Pix 515) [7:49492] Date: Wed, 24 Jul 2002 22:37:12 GMT What's everybody's view on using the Pix as a DHCP server? I used it once, only because after arriving on site to install the Pix the customer mentioned that his old Firewall was doing DHCP and he had no plans to do it on anything else. Seemed to go fine, but would like to know if people have come across limitations/issues. I tend to agree with the view Right box for the job, i.e. don't make the Pix do things it's not made for, but if pushed into the situation, how does it compare. Cheers, Gaz Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Kelly, You are absolutely right, and I love your strategy. That is the way I did it 2 years ago, but the only thing now is finding a vpn solution for the Macs. I used Pix for the PC's last time round but never had to do this for the Mac's. Any ideas? From: Kelly Cobean Reply-To: Kelly Cobean To: [EMAIL PROTECTED] Subject: RE: Here we go again ( Pix 515) [7:49492] Date: Wed, 24 Jul 2002 02:18:38 GMT Man, you aren't asking much, are you? ;-) Ok, here's the order I'd do things in... First things first, get that firewall in place. You don't list what their internet connectivity is, but if they bought a PIX, it's safe to assume that they have a persistent connection, and that being true, they're really hanging it out there for someone to cut off, so to speak. Network security is always a primary concern, and the firewall won't take alot of time to set up. Not setting it up could be very costly. If they already have a light(er)-weight firewall like a Linux host running IP chains or IP tables, replacing this first will save your users down-time later because you can pre-configure your internet rulebase/access in preparation for your private addressing. Next, I'd do the DHCP and Private Addressing. These go hand in hand, and since your firewall is now in place, you can do the NAT/PAT translations as needed and not have to rethink these later. Third, get Exchange up and running. If it's going on a different system than Quick mail is running on, great! Now you can get them running in parallel, and move users accounts over one at a time or in batches. There are probably tools out there to do the mailbox format conversion. Now that your network is secure at layer3/4, you can focus on the nitty-gritty of the user data. (Oh yeah, don't forget that backup!!!) It's a 10,000 foot view, but that's how I'd do it. I'm not really a MAC guy, but I'd venture a guess that most or all of your MAC's run TCP/IP and support DHCP, so from an L3/4 standpoint, they're really no different than your PC's. When doing multiple projects like this, I tend to work along the OSI model. If the wiring is horrible, or the NIC's are all old 10Base2 nics and have transceivers to hook them to your BaseT network, take care of the layer 1 stuff first. Next, if the network is all unmanaged hubs, and your network is one gigantic broadcast domain, start installing switches to quiet down the network. Next, get VLANs/routing/security in place for Layer3/4. Next, work on the upper layers where all of your apps and data live and talk. Just my $0.02 worth. HTH, Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer ATT Government Solutions, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin O'Gilvie Sent: Tuesday, July 23, 2002 9:07 PM To: [EMAIL PROTECTED] Subject: Here we go again ( Pix 515) [7:49492] Dear All, I am jumping into a similar mess as when I start
RE: Here we go again ( Pix 515) [7:49492]
Hi Kelly, You are absolutely right, and I love your strategy. That is the way I did it 2 years ago, but the only thing now is finding a vpn solution for the Macs. I used Pix for the PC's last time round but never had to do this for the Mac's. Any ideas? From: Kelly Cobean Reply-To: Kelly Cobean To: [EMAIL PROTECTED] Subject: RE: Here we go again ( Pix 515) [7:49492] Date: Wed, 24 Jul 2002 02:18:38 GMT Man, you aren't asking much, are you? ;-) Ok, here's the order I'd do things in... First things first, get that firewall in place. You don't list what their internet connectivity is, but if they bought a PIX, it's safe to assume that they have a persistent connection, and that being true, they're really hanging it out there for someone to cut off, so to speak. Network security is always a primary concern, and the firewall won't take alot of time to set up. Not setting it up could be very costly. If they already have a light(er)-weight firewall like a Linux host running IP chains or IP tables, replacing this first will save your users down-time later because you can pre-configure your internet rulebase/access in preparation for your private addressing. Next, I'd do the DHCP and Private Addressing. These go hand in hand, and since your firewall is now in place, you can do the NAT/PAT translations as needed and not have to rethink these later. Third, get Exchange up and running. If it's going on a different system than Quick mail is running on, great! Now you can get them running in parallel, and move users accounts over one at a time or in batches. There are probably tools out there to do the mailbox format conversion. Now that your network is secure at layer3/4, you can focus on the nitty-gritty of the user data. (Oh yeah, don't forget that backup!!!) It's a 10,000 foot view, but that's how I'd do it. I'm not really a MAC guy, but I'd venture a guess that most or all of your MAC's run TCP/IP and support DHCP, so from an L3/4 standpoint, they're really no different than your PC's. When doing multiple projects like this, I tend to work along the OSI model. If the wiring is horrible, or the NIC's are all old 10Base2 nics and have transceivers to hook them to your BaseT network, take care of the layer 1 stuff first. Next, if the network is all unmanaged hubs, and your network is one gigantic broadcast domain, start installing switches to quiet down the network. Next, get VLANs/routing/security in place for Layer3/4. Next, work on the upper layers where all of your apps and data live and talk. Just my $0.02 worth. HTH, Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer ATT Government Solutions, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin O'Gilvie Sent: Tuesday, July 23, 2002 9:07 PM To: [EMAIL PROTECTED] Subject: Here we go again ( Pix 515) [7:49492] Dear All, I am jumping into a similar mess as when I started at my current company, but this time the Macs out number the PC's. Well here is the scoop: 180 Macs 50 PC's Static Ip's No DHCP No FW Quick Mail Server and a whole bunch of other nasty things.. - They just purchases a Pix 515 - They just bought Exchange 5.5 My projects are: Set up DHCP Set up Pix Set up Private Addressing Set up Exchange Migrate them from Quick Mail etc etc I have done this before but maybe you guys can help as to how I should go about this the quickest. Thanks, Kevin _ Send and receive Hotmail on your mobile device: http://mobile.msn.com _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49522t=49492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Here we go again ( Pix 515) [7:49492]
Dear All, I am jumping into a similar mess as when I started at my current company, but this time the Macs out number the PC's. Well here is the scoop: 180 Macs 50 PC's Static Ip's No DHCP No FW Quick Mail Server and a whole bunch of other nasty things.. - They just purchases a Pix 515 - They just bought Exchange 5.5 My projects are: Set up DHCP Set up Pix Set up Private Addressing Set up Exchange Migrate them from Quick Mail etc etc I have done this before but maybe you guys can help as to how I should go about this the quickest. Thanks, Kevin _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49492t=49492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Setting up a lab w/ [7:48213]
Hi All, I currently have a pix 515, and a checkpoint FW1 for my home lab.. I am looking for some ideas on how i should set this up for the best learning experience.. I currently have a cable modem connection and no static IP's.. Indeed i will purchase routers, but before I do I wanted to ask the experts ( Thats you guys of couse!!).I want to accieve my cisco security certifications as well as checkpoint..Please list the material I should purchase as well as some great lab guides.. Thanks A million, -Kevin CCNA 2.0, BCRAN, Switching 2.0 _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48213t=48213 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: New York Study Group [7:23580]
We have one already.. Just send me ya contact info we will get together.. -Kevin From: John C Piedrahita Reply-To: John C Piedrahita To: [EMAIL PROTECTED] Subject: Re: New York Study Group [7:23580] Date: Mon, 29 Oct 2001 14:50:02 -0500 Count me in too! John ALFREDO TORRES wrote: I would be interested in being part of the cisco study group. - Original Message - From: Philip Jache To: Sent: Friday, October 19, 2001 8:24 PM Subject: RE: New York Study Group [7:23580] We could start one. Philip Jache Sports Illustrated 135 West 50th Street New York, NY 10020 _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25006t=23580 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN and Outlook [7:17692]
I have the same problem, but its due to the fact that users are pulling so much data from exchange over a 56k link latency is expected. My users that have dsl and cable modems have no complaints. Kevin From: Randall Yoo Reply-To: Randall Yoo To: [EMAIL PROTECTED] Subject: RE: VPN and Outlook [7:17692] Date: Wed, 29 Aug 2001 15:26:11 -0400 Judging from the fact that Tom's doing VPN, I'd say 'with Exchange.' I realize that you already have VPN 3000 Concentrator; but, try Netscreen VPN, it's lightening fast. Randall -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 29, 2001 10:42 AM To: [EMAIL PROTECTED] Subject: RE: VPN and Outlook [7:17692] Are you using Outlook w/ Exchange or POP/IMAPing? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tom Richs Sent: Wednesday, August 29, 2001 08:55 AM To: [EMAIL PROTECTED] Subject: VPN and Outlook [7:17692] I have a VPN 3000 concentrator installed. When Microsoft Outlook is launched with the VPN client connection, Outlook is extremely slow. Has anyone encounter this or have any insight on this. Thanks. Tom _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=17730t=17692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PBX Tech needed in NY!!!! [7:9989]
Hello All, Sorry for this Post but a friend of mine is looking for a PBX tech in NY. The pay is really well so if you know of anyone please have them email me asap.. Thanks, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9989t=9989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passed BSCN but..............? [7:7719]
I am planning to take this exam next week, what Boson exam do you recommend, and what advise can you give re: must know's.. From: cheekin Reply-To: cheekin To: [EMAIL PROTECTED] Subject: Re: Passed BSCN but..? [7:7719] Date: Tue, 12 Jun 2001 03:20:41 -0400 I must have been the unlucky one over here. Got a lot of scenario questions that tested me on the understanding of the routing protocols and questions on redistribution. Regards, cheekin - Original Message - From: Remmert Veen To: Sent: Monday, June 11, 2001 18:28 Subject: RE: Passed BSCN but..? [7:7719] Hmmmjust passed the BSCN as well, amazingly with a 919, just like you! My findings are completely the same, the exam was way too easy. While I was preparing for tough, in-depth questions and a lot of CLI commands, the exam stuck at the level of 'What do the letters BGP stand for?'. A shame, let's hope the switching-exam will be of a bit better quality. Regards, Remmert _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=8148t=7719 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Windows 2000 Server Architechture/ Data Organization [7:5310]
Hi Everyone, I am in the process of reorginizing this my network, Prior to me everything was just put everywhere and I need to come up with a full proof plan. My questions are: -For a 60 user enviorment how many servers do I need to run Active Directory on, Should AD be on a dedicated box? -How should I organize data, (users / corp data/ Fin Data) What restrictions should I put on these shares? -DNS, Wins, DHCP, Exchange, SQL, IIS5, Inoculate, Backup Exec, Print Services, What should be on dedicated boxes what shouldnt? TIA, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=5310t=5310 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows 2000 Server Architechture/ Data Organization [7:5328]
Donald, Sorry I wasnt kidding, maybe I am just not as advanced as you and look to learn from taking advice from peers. Am I wrong for that. Stupid me.. Kevin From: Donald B Johnson jr To: Kevin O'Gilvie , Subject: Re: Windows 2000 Server Architechture/ Data Organization [7:5310] Date: Mon, 21 May 2001 15:49:20 -0700 (Kevin) Your kidding right, that was hillarious!!! Personally I don't think IIS5 should be on a dedicated box, instead it should be Apache on a E250 minimum. (Group)I was trying to be quiet for a few days with all this anti- (Quasi)flame rhetoric goin-on. Please forgive me, my new leaf just floated away, hope I'm not using too much bandwidth though. Previous scolders need not reply. Don - Original Message - From: Kevin O'Gilvie To: Sent: Monday, May 21, 2001 12:10 PM Subject: Windows 2000 Server Architechture/ Data Organization [7:5310] Hi Everyone, I am in the process of reorginizing this my network, Prior to me everything was just put everywhere and I need to come up with a full proof plan. My questions are: -For a 60 user enviorment how many servers do I need to run Active Directory on, Should AD be on a dedicated box? -How should I organize data, (users / corp data/ Fin Data) What restrictions should I put on these shares? -DNS, Wins, DHCP, Exchange, SQL, IIS5, Inoculate, Backup Exec, Print Services, What should be on dedicated boxes what shouldnt? TIA, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=5328t=5328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Just been Hacked!!!!! [7:3452]
Apparently over the weekend Poison Box got pass my Pix and overwrote some files on the intranet Box and maybe more damage than I know of at this Moment. I need help on finding out hjw they got in and how to prevent it happeneing in the future. Please help. Thanks, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3452t=3452 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Setting up Radius Server on Windows 2000 Server [7:2742]
Does any one have any info on setting this up? TIA Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2742t=2742 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Blocking Napster and Aol on Pix config/Setting up Tacus or Radius
Before I ask this question I would like to give something back, below is the config to block aim and napster: access-list acl_out deny tcp any any eq 5190 access-list acl_out deny tcp any any eq 8875 access-list acl_out deny tcp any any eq access-list acl_out deny tcp any any eq 6699 access-list acl_out deny tcp any any eq access-group acl_out in interface inside access-list acl_out permit tcp any any access-list acl_out permit ip any any Now I would like to setup a Tacus+ or Radius Server on My network I have a widows 2000 domain and I am unsure of how to do this. Please advise. TIA, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Block Instant Messenger from the Pix..
Does anyone know what command blocks this port.. Regards, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix Performance Issues
I have a pix 515 R, and I have noticed that I have to clear xlate at least once a day in order to keep it from slowing down internet access, also I have users complaining on how slow the vpn is, I am using ms pptp, due to the fact that the windows 2000 client has not come out yet. How can I get this pix maximize performance without upgrading to the UR, which is what cisco recommends which is a 6k investment. Is anypne else running into these issues? Also I have noticed since I am using local authentication, there is no security on my domain, once in all users can map drives , delete and so on. I have about 60 users. Keep in mind that I have global users that use 56k dial up and then pptp to the fw. TIA -Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Performance Issues
I only have 32 megs on the 515r, the upgrade adds 32 m and a licence which makes it 515UR for 6k. I was thinking that it was pptp, but since I am using local authentication, users authenticate at the fw with one username and password, authentication is very fast but checking email browsing network and saving files etc., is at a crawl. Just opening outlook can take 20 min. I am hoping that the win2k client will solve some of these problems, can someone send me the link.. TIA Kevin From: "Allen May" [EMAIL PROTECTED] To: "Kevin O'Gilvie" [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Pix Performance Issues Date: Mon, 2 Apr 2001 11:32:31 -0500 Yes. It's not a PIX issue causing the slow VPN. It's a Microsoft issue. I validated this by putting a vpn test box outside the firewall. The encryption overhead and known issues with TCP/IP being slower on Windows add up and cause PPTP to crawl. Add on top of that 56K + internet traffic between users your network and it's even worse. I do believe I saw a post in here saying the Win2K client is available now but I could be mistaken. I'm not sure why you're having to do clear xlate daily. I only have to do that when I change static, conduit, or ACL statements (as required in docs). How much memory do you have in the PIX? Allen - Original Message - From: "Kevin O'Gilvie" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 02, 2001 10:51 AM Subject: Pix Performance Issues I have a pix 515 R, and I have noticed that I have to clear xlate at least once a day in order to keep it from slowing down internet access, also I have users complaining on how slow the vpn is, I am using ms pptp, due to the fact that the windows 2000 client has not come out yet. How can I get this pix maximize performance without upgrading to the UR, which is what cisco recommends which is a 6k investment. Is anypne else running into these issues? Also I have noticed since I am using local authentication, there is no security on my domain, once in all users can map drives , delete and so on. I have about 60 users. Keep in mind that I have global users that use 56k dial up and then pptp to the fw. TIA -Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Firewall Issue
Does anyone know of a vpn client for Windows 2000, I have Cisco Secure but it doesnt run on 2000, I need to implement a vpn solution for my company that will integrate with the PIX 515 that I just purchased.. Regards, Kevin From: "Kenny Sallee" [EMAIL PROTECTED] Reply-To: "Kenny Sallee" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Pix Firewall Issue Date: Wed, 7 Feb 2001 15:55:14 -0800 Actually it's not a good idea to do a 'conduit permit icmp any any'. If you want ping traffic to originate inside then do this: conduit permit icmp 208.184.23.0 255.255.255.0 any echoreply Think about the way ping works - your workstation sends an icmp echo - the end station sends an icmp echo-reply - which from the PIX standpoint is a new inbound packet ( cuz it's stateless ). Therefore - let the echo-reply in only. Not all ICMP messages. Kenny "Daniel Cotts" [EMAIL PROTECTED] wrote in message 303479FA060CD211B893F805A88AA10F4C@EXCHANGE1">news:303479FA060CD211B893F805A88AA10F4C@EXCHANGE1... You're not telling us from where you are pinging. From the PIX? From a host behind the Firewall? From a host outside the Firewall? Anyway this command is good to have in later versions if you want pings to traverse the PIX. conduit permit icmp any any You may also want to modify that command or eliminate it, if you want to enforce a stronger policy. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/con fig.htm#xtocid1091627 -Original Message- From: exchange [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 07, 2001 1:09 PM To: '[EMAIL PROTECTED]' Subject: Pix Firewall Issue Hi Gang, I have a Pix Firewall 520 and wondered if this was a feature or a configuration issue on my firwall. We have an entire class C address say 208.184.23.x to use for our network. We use the 192.168.1.x network for our internal network. I am having problems pinging a machine's Internet ip address say 208.184.23.11 which I noticed is statically mapped to it's internal address say 192.168.1.10 on the pix. For example, If I ping another box 208.184.23.12 and not statically mapped to a internal ip address on the pix, I get a response. Any help or hints would be greatly appreciated. Thanks! _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Firewall Issue
Can you point me in the right direction of where I can research the alternatives.. Regards, Kevin From: "Kenny Sallee" [EMAIL PROTECTED] To: "Kevin O'Gilvie" [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Pix Firewall Issue Date: Fri, 9 Feb 2001 08:23:24 -0800 Right now there is no Win2k client available from Cisco. There is a beta out of the Altiga 3000 client - which can work with the PIX as well. You may be able to call TAC and request a copy. Though if you are hiding behind PAT and terminating on a PIX you are still SOL. The alternative for win2k clients is PPTP with MPPE. Very simple to implement and is a hold over until the 2k client is available. You can either terminate on the PIX and use Funk software radius server ( cisco secure ACS doesn't support MPPE ), a local database created on the PIX, or put a beefy win2k server in a DMZ and pass the PPTP traffic to that server. It'll need to be dual homed and secure as much as possible. Good luck Kenny - Original Message - From: "Kevin O'Gilvie" [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, February 09, 2001 7:29 AM Subject: Re: Pix Firewall Issue Does anyone know of a vpn client for Windows 2000, I have Cisco Secure but it doesnt run on 2000, I need to implement a vpn solution for my company that will integrate with the PIX 515 that I just purchased.. Regards, Kevin From: "Kenny Sallee" [EMAIL PROTECTED] Reply-To: "Kenny Sallee" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Pix Firewall Issue Date: Wed, 7 Feb 2001 15:55:14 -0800 Actually it's not a good idea to do a 'conduit permit icmp any any'. If you want ping traffic to originate inside then do this: conduit permit icmp 208.184.23.0 255.255.255.0 any echoreply Think about the way ping works - your workstation sends an icmp echo - the end station sends an icmp echo-reply - which from the PIX standpoint is a new inbound packet ( cuz it's stateless ). Therefore - let the echo-reply in only. Not all ICMP messages. Kenny "Daniel Cotts" [EMAIL PROTECTED] wrote in message 303479FA060CD211B893F805A88AA10F4C@EXCHANGE1">news:303479FA060CD211B893F805A88AA10F4C@EXCHANGE1... You're not telling us from where you are pinging. From the PIX? From a host behind the Firewall? From a host outside the Firewall? Anyway this command is good to have in later versions if you want pings to traverse the PIX. conduit permit icmp any any You may also want to modify that command or eliminate it, if you want to enforce a stronger policy. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/co n fig.htm#xtocid1091627 -Original Message- From: exchange [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 07, 2001 1:09 PM To: '[EMAIL PROTECTED]' Subject: Pix Firewall Issue Hi Gang, I have a Pix Firewall 520 and wondered if this was a feature or a configuration issue on my firwall. We have an entire class C address say 208.184.23.x to use for our network. We use the 192.168.1.x network for our internal network. I am having problems pinging a machine's Internet ip address say 208.184.23.11 which I noticed is statically mapped to it's internal address say 192.168.1.10 on the pix. For example, If I ping another box 208.184.23.12 and not statically mapped to a internal ip address on the pix, I get a response. Any help or hints would be greatly appreciated. Thanks! _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Pix Firewall 515
Thanks for the overwhelming response to my Total Virus Solution, You guys are great!! Now I have another issue we just purchased the Cisco Pix, I am a checkpoint guy that kinda walked into this situation. Now i have the 515 sitting here and with 2 ehternet interfaces. I need to set up VPN, IP Nat ( this company is currently using all public IP's dont ask me why), and a security policy. I am figuring that to complete my tasks I need another interface for my DMZ zone ( i.e exchange , DNS, and Web severs). What steps do you think I should take to complete this task? Best Regards, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE Lab Preparation Book
Dear All, I currently have a study group with about 6 members , we are in desperate need of lab materials that we can practice in order to get us ready for our exams. i.e. setting up atm, voip, frame really, token ring, etc. If anyone knows ant good books or lab guides that can help us it would be greatly appreciated. Thanks in Advance, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Lab Preparation Book
Thanks alot for your help I appreciate it. From: "John Huston" [EMAIL PROTECTED] Reply-To: "John Huston" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: CCIE Lab Preparation Book Date: Sun, 21 Jan 2001 17:12:27 -0600 Give these guys a try http://www.solutionlabs.com/ and also www.certificationzone.com . For some pretty simple ones to get your started buy the Cisco CCIE All-In-One Lab Study Guide with CDROM. Good Luck, JH ""Kevin O'Gilvie"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, I currently have a study group with about 6 members , we are in desperate need of lab materials that we can practice in order to get us ready for our exams. i.e. setting up atm, voip, frame really, token ring, etc. If anyone knows ant good books or lab guides that can help us it would be greatly appreciated. Thanks in Advance, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passed BCRAN.. need help for BCSN
1-1603 2-2521 2-2503 1-7000 Its a group effort me and my study group.. Do you guys think this is good enough? -Original Message- From: Rah Sta [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 21, 2000 12:17 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Passed BCRAN.. need help for BCSN Kevin, Lucky you six routers. I be lucky to get two. So what are those six routers. Have fun. PEACE Raheem From: "Kevin O'Gilvie" [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: "Rah Sta" [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: RE: Passed BCRAN.. need help for BCSN Date: Mon, 20 Nov 2000 18:21:10 -0500 No hands on, I just ordered my lab recently form Ebay.. I got six routers it should be here by next week.. I plan to go crazy with my labs in order to prepare for my CCNP/CCIE certifications / new job hopefully.. -Original Message- From: Rah Sta [mailto:[EMAIL PROTECTED]] Sent: Monday, November 20, 2000 6:19 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Passed BCRAN.. need help for BCSN Kevin, Did you have any hands on? I plan on buying two router. maybe a 2502 and 2501 or 2503. Thanks. Raheem From: "Kevin O'Gilvie" [EMAIL PROTECTED] Reply-To: "Kevin O'Gilvie" [EMAIL PROTECTED] To: "Rah Sta" [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: Passed BCRAN.. need help for BCSN Date: Mon, 20 Nov 2000 16:00:27 -0500 Cisco Press BCRAN book by Catherine Paquet , Boson Test #1, Studied hard for two weeks non stop and passed!!! -Original Message- From: Rah Sta [mailto:[EMAIL PROTECTED]] Sent: Monday, November 20, 2000 3:51 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Passed BCRAN.. need help for BCSN Kevin, What did you use to help you pass the BCRAN exam? Thamk you. Raheem From: "Kevin O'Gilvie" [EMAIL PROTECTED] Reply-To: "Kevin O'Gilvie" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Passed BCRAN.. need help for BCSN Date: Fri, 17 Nov 2000 15:50:49 -0500 Hello Cisco Lovers, thanks to all your wonderful posts, I passed my second exam on the road to CCNP, I need some links for BCSN resources due to the fact that I am waiting on my book from Cisco Press that is currently out of stock... Please Advise, Kevin _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ _ _ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com _ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passed BCRAN.. need help for BCSN
Cisco Press BCRAN book by Catherine Paquet , Boson Test #1, Studied hard for two weeks non stop and passed!!! -Original Message- From: Rah Sta [mailto:[EMAIL PROTECTED]] Sent: Monday, November 20, 2000 3:51 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Passed BCRAN.. need help for BCSN Kevin, What did you use to help you pass the BCRAN exam? Thamk you. Raheem From: "Kevin O'Gilvie" [EMAIL PROTECTED] Reply-To: "Kevin O'Gilvie" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Passed BCRAN.. need help for BCSN Date: Fri, 17 Nov 2000 15:50:49 -0500 Hello Cisco Lovers, thanks to all your wonderful posts, I passed my second exam on the road to CCNP, I need some links for BCSN resources due to the fact that I am waiting on my book from Cisco Press that is currently out of stock... Please Advise, Kevin _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Resume Help..
Hello again Cisco Lovers, I am trying to put my resume together , I am a Sytems Administrator with about 2 years experience in NT primarily, Checkpoint, Mac and client OS's. I was wondering if you guys can send me some resume's so I can get a basic idea of what mine should look like.. Thanks in advance, Kevin _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passed BCRAN.. need help for BCSN
No hands on, I just ordered my lab recently form Ebay.. I got six routers it should be here by next week.. I plan to go crazy with my labs in order to prepare for my CCNP/CCIE certifications / new job hopefully.. -Original Message- From: Rah Sta [mailto:[EMAIL PROTECTED]] Sent: Monday, November 20, 2000 6:19 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Passed BCRAN.. need help for BCSN Kevin, Did you have any hands on? I plan on buying two router. maybe a 2502 and 2501 or 2503. Thanks. Raheem From: "Kevin O'Gilvie" [EMAIL PROTECTED] Reply-To: "Kevin O'Gilvie" [EMAIL PROTECTED] To: "Rah Sta" [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: Passed BCRAN.. need help for BCSN Date: Mon, 20 Nov 2000 16:00:27 -0500 Cisco Press BCRAN book by Catherine Paquet , Boson Test #1, Studied hard for two weeks non stop and passed!!! -Original Message- From: Rah Sta [mailto:[EMAIL PROTECTED]] Sent: Monday, November 20, 2000 3:51 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Passed BCRAN.. need help for BCSN Kevin, What did you use to help you pass the BCRAN exam? Thamk you. Raheem From: "Kevin O'Gilvie" [EMAIL PROTECTED] Reply-To: "Kevin O'Gilvie" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Passed BCRAN.. need help for BCSN Date: Fri, 17 Nov 2000 15:50:49 -0500 Hello Cisco Lovers, thanks to all your wonderful posts, I passed my second exam on the road to CCNP, I need some links for BCSN resources due to the fact that I am waiting on my book from Cisco Press that is currently out of stock... Please Advise, Kevin _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passed BCRAN.. need help for BCSN
Hello Cisco Lovers, thanks to all your wonderful posts, I passed my second exam on the road to CCNP, I need some links for BCSN resources due to the fact that I am waiting on my book from Cisco Press that is currently out of stock... Please Advise, Kevin _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Please Help with CCNP/CCIE lab decision
Hi guys, I currently have a study group of seven people we are going to chip in for CCNP/CCIE hardware. I just wanted to make sure before we spend the money that we are getting the right stuff at the right price. Please advise as to what we are missing besides ATM and Voice over IP which we plan to purchase later.. Below is the quote: 1 2501Cisco 2501 Router 1 $1,195.00 $1,195.00 2 2503Cisco 2503 Router 1 $1,295.00 $1,295.00 3 2504Cisco 2504 Router 1 $995.00 $995.00 4 2509Cisco 2509 Router 1 $1,295.00 $1,295.00 5 2513Cisco 2513 Router 1 $1,295.00 $1,295.00 6 V35MT/V35FC-W Serial Cross Over Cable 4 $100.00 $400.00 7 4000-M Cisco 4000-M Modular Router 1 $995.00 $995.00 8MB Main, 4MB Shared 8MB Flash Memory 8 NP-4T 4000 4 Port Serial Interface1 $750.00 $750.00 9 WS-C1924C-EN24 Port 10bT+1 Port 100bT + 1 $595.00 $595.00 1 Port 100bFX SuB Total $8,815.00 Discount$881.50 Total $7,933.50 Thanks in advance, Kevin _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please Help with CCNP/CCIE lab decision
Where can I get a ISDN simulator from ? How much do the cost? Can I do without the 5000 switch for now because they are too expensive?? How much do the used 5x00 switches run for? How much should we be looking to spend in total? -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 08, 2000 2:55 PM To: 'Kevin O'Gilvie'; [EMAIL PROTECTED] Subject: RE: Please Help with CCNP/CCIE lab decision ISDN simulator. Catalyst 5000 Switch and modules. -Original Message- From: Kevin O'Gilvie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 08, 2000 1:37 PM To: [EMAIL PROTECTED] Subject: Please Help with CCNP/CCIE lab decision Hi guys, I currently have a study group of seven people we are going to chip in for CCNP/CCIE hardware. I just wanted to make sure before we spend the money that we are getting the right stuff at the right price. Please advise as to what we are missing besides ATM and Voice over IP which we plan to purchase later.. Below is the quote: 1 2501Cisco 2501 Router 1 $1,195.00 $1,195.00 2 2503Cisco 2503 Router 1 $1,295.00 $1,295.00 3 2504Cisco 2504 Router 1 $995.00 $995.00 4 2509Cisco 2509 Router 1 $1,295.00 $1,295.00 5 2513Cisco 2513 Router 1 $1,295.00 $1,295.00 6 V35MT/V35FC-W Serial Cross Over Cable 4 $100.00 $400.00 7 4000-M Cisco 4000-M Modular Router 1 $995.00 $995.00 8MB Main, 4MB Shared 8MB Flash Memory 8 NP-4T 4000 4 Port Serial Interface1 $750.00 $750.00 9 WS-C1924C-EN24 Port 10bT+1 Port 100bT + 1 $595.00 $595.00 1 Port 100bFX SuB Total $8,815.00 Discount $881.50 Total $7,933.50 Thanks in advance, Kevin _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please Help with CCNP/CCIE lab decision
Which router should I add or replace for the token ring MAU? -Original Message- From: Brian [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 08, 2000 3:41 PM To: Kevin O'Gilvie Cc: Daniel Cotts; [EMAIL PROTECTED] Subject: RE: Please Help with CCNP/CCIE lab decision On Wed, 8 Nov 2000, Kevin O'Gilvie wrote: Where can I get a ISDN simulator from ? ebay usually has some. How much do the cost? $1500 - $1800 usually. Can I do without the 5000 switch for now because they are too expensive?? You can try to find a 2901 for about $1500 if your lucky. You don't need the 1924 switch below if you have a Cat 2901, 2926T, 5002, etc. Also you have no tokein ring MAU below, you will want one of those as well. Also 2 or so more cross over cables would be nice. You need 3 cables just to do full mesh. You may wish to have a couple routers back to back in addition to the mesh. How much do the used 5x00 switches run for? How much should we be looking to spend in total? -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 08, 2000 2:55 PM To: 'Kevin O'Gilvie'; [EMAIL PROTECTED] Subject: RE: Please Help with CCNP/CCIE lab decision ISDN simulator. Catalyst 5000 Switch and modules. -Original Message- From: Kevin O'Gilvie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 08, 2000 1:37 PM To: [EMAIL PROTECTED] Subject: Please Help with CCNP/CCIE lab decision Hi guys, I currently have a study group of seven people we are going to chip in for CCNP/CCIE hardware. I just wanted to make sure before we spend the money that we are getting the right stuff at the right price. Please advise as to what we are missing besides ATM and Voice over IP which we plan to purchase later.. Below is the quote: 1 2501Cisco 2501 Router 1 $1,195.00 $1,195.00 2 2503Cisco 2503 Router 1 $1,295.00 $1,295.00 3 2504Cisco 2504 Router 1 $995.00 $995.00 4 2509Cisco 2509 Router 1 $1,295.00 $1,295.00 5 2513Cisco 2513 Router 1 $1,295.00 $1,295.00 6 V35MT/V35FC-W Serial Cross Over Cable 4 $100.00 $400.00 7 4000-M Cisco 4000-M Modular Router 1 $995.00 $995.00 8MB Main, 4MB Shared 8MB Flash Memory 8 NP-4T 4000 4 Port Serial Interface1 $750.00 $750.00 9 WS-C1924C-EN24 Port 10bT+1 Port 100bT + 1 $595.00 $595.00 1 Port 100bFX SuB Total $8,815.00 Discount$881.50 Total $7,933.50 Thanks in advance, Kevin _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Please Help with CCNP/CCIE lab decision
Cool thanks alot Brian and company you have been a great help. I am going to have to expand my group because this is going to get expensive but at least we will all get the hands on we need to compete in the marketplace. If anyone in NY is interested in joining our group just shoot me a email.. Cheers, Kevin MCP+I, MCSE, CCNA 2.0, CCNP 2.0 (3 more to go..passed BCMSN) -Original Message- From: Brian [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 08, 2000 3:58 PM To: Kevin O'Gilvie Cc: Daniel Cotts; [EMAIL PROTECTED] Subject: RE: Please Help with CCNP/CCIE lab decision On Wed, 8 Nov 2000, Kevin O'Gilvie wrote: Which router should I add or replace for the token ring MAU? A token ring MAU is like the equivelent of an ethernet hub. Your 2513 and 2504 could plug into it so they could communicate. You can get one for about $10 - $20 on ebay. Brian -Original Message- From: Brian [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 08, 2000 3:41 PM To: Kevin O'Gilvie Cc: Daniel Cotts; [EMAIL PROTECTED] Subject: RE: Please Help with CCNP/CCIE lab decision On Wed, 8 Nov 2000, Kevin O'Gilvie wrote: Where can I get a ISDN simulator from ? ebay usually has some. How much do the cost? $1500 - $1800 usually. Can I do without the 5000 switch for now because they are too expensive?? You can try to find a 2901 for about $1500 if your lucky. You don't need the 1924 switch below if you have a Cat 2901, 2926T, 5002, etc. Also you have no tokein ring MAU below, you will want one of those as well. Also 2 or so more cross over cables would be nice. You need 3 cables just to do full mesh. You may wish to have a couple routers back to back in addition to the mesh. How much do the used 5x00 switches run for? How much should we be looking to spend in total? -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 08, 2000 2:55 PM To: 'Kevin O'Gilvie'; [EMAIL PROTECTED] Subject: RE: Please Help with CCNP/CCIE lab decision ISDN simulator. Catalyst 5000 Switch and modules. -Original Message- From: Kevin O'Gilvie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 08, 2000 1:37 PM To: [EMAIL PROTECTED] Subject: Please Help with CCNP/CCIE lab decision Hi guys, I currently have a study group of seven people we are going to chip in for CCNP/CCIE hardware. I just wanted to make sure before we spend the money that we are getting the right stuff at the right price. Please advise as to what we are missing besides ATM and Voice over IP which we plan to purchase later.. Below is the quote: 1 2501Cisco 2501 Router 1 $1,195.00 $1,195.00 2 2503Cisco 2503 Router 1 $1,295.00 $1,295.00 3 2504Cisco 2504 Router 1 $995.00 $995.00 4 2509Cisco 2509 Router 1 $1,295.00 $1,295.00 5 2513Cisco 2513 Router 1 $1,295.00 $1,295.00 6 V35MT/V35FC-W Serial Cross Over Cable 4 $100.00 $400.00 7 4000-M Cisco 4000-M Modular Router 1 $995.00 $995.00 8MB Main, 4MB Shared 8MB Flash Memory 8 NP-4T 4000 4 Port Serial Interface1 $750.00 $750.00 9 WS-C1924C-EN24 Port 10bT+1 Port 100bT + 1 $595.00 $595.00 1 Port 100bFX SuB Total $8,815.00 Discount $881.50 Total $7,933.50 Thanks in advance, Kevin _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) --- Brian Feeny, CCNP, CCDP [EMAIL PROTECTED] Network Administrator ShreveNet Inc. (ASN 11881) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Bcran Question
What is the difference between an access server and a router in Cisco terminology? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
This is a test please reply
This is a test please reply _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]