Re: Syslog server [7:65217]

[Kevin O'Gilvie]

KIWI


From: Tariq 
Reply-To: Tariq 
To: [EMAIL PROTECTED]
Subject: Syslog server [7:65217]
Date: Wed, 12 Mar 2003 22:09:12 GMT

I am looking for a good free ware PIX / CISCO syslog server. Any
recommendations???

Tariq
_
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65229t=65217
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN Client behind PIX [7:64358]

[Kevin O'Gilvie]

I couldnt have said it better myself!!

From: brett spunt 
To: 'Kevin O'Gilvie' , 
Subject: RE: VPN Client behind PIX [7:64358]
Date: Wed, 5 Mar 2003 19:17:26 -0800

It's not possible, and here's why. The pix Vpn only supports IPSEC over
UDP. Ipsec over UDP is NOT supported when sitting behind a stateful
firewall (such as the pix). You need to use Ipsec over TCP if using the
vpn client sitting behind a pix, or like stated before, you could create
a site to site VPN, setting up to peer with the pix at your work. The
reason a concentrator will work, is it's supports ipsec over tcp
connections, in addition to standard ipsec, and ipsec over UDP..

HTH,

Brett Michael Spunt
CCNP,CIPT,MCSE
Computer Network Innovations
[EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Kevin O'Gilvie
Sent: Tuesday, March 04, 2003 7:23 PM
To: [EMAIL PROTECTED]
Subject: Re: VPN Client behind PIX [7:64358]

I am assuming he is behind a cable modem or dsl.
If so, even cisco says this is not possible.
If someone has this working pleas advise..


 From: Greg Owens
 Reply-To: Greg Owens
 To: [EMAIL PROTECTED]
 Subject: Re: VPN Client behind PIX [7:64358]
 Date: Tue, 4 Mar 2003 19:09:16 GMT
 
 You just need to open the ports you are using, ie 500, 47 1
  
   From: Steve Smith
   Date: 2003/03/04 Tue AM 11:15:21 EST
   To: [EMAIL PROTECTED]
   Subject: VPN Client behind PIX [7:64358]
  
   OK gang here is the scenario. We have a PIX at work running VPN. I
have
   a 515 at home. Before I put the 515 at home in I could use the VPN
   client to connect to work. Now I can not. I remember a year or so
back
   reading a Cisco article about this and that you had to use a certain
IP
   range on the remote (my house) network. Does anyone know anything
about
   this? Any suggestions?
  
   Thanks!
  
   Steve Smith
   Enterprise Engineer
   901-758-8179 ext. 108
   TEKSELL
   [EMAIL PROTECTED]
 Greg Owens
 202-398-2552
_
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
_
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64567t=64358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco Partnership [7:64496]

[Kevin O'Gilvie]

Has anyone in this group benefitted from being a Cisco Partner?
If so at what level and how consistent was your referral flow?

Thanks,

Kevin


_
Add photos to your e-mail with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=features/featuredemail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64496t=64496
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Client behind PIX [7:64358]

[Kevin O'Gilvie]

You have to do a IPSEC tunnel from Pix to Pix or Purchase VPN Concentrator.
I have the same issue.







From: Steve Smith 
Reply-To: Steve Smith 
To: [EMAIL PROTECTED]
Subject: VPN Client behind PIX [7:64358]
Date: Tue, 4 Mar 2003 16:15:21 GMT

OK gang here is the scenario. We have a PIX at work running VPN. I have
a 515 at home. Before I put the 515 at home in I could use the VPN
client to connect to work. Now I can not. I remember a year or so back
reading a Cisco article about this and that you had to use a certain IP
range on the remote (my house) network. Does anyone know anything about
this? Any suggestions?

Thanks!

Steve Smith
Enterprise Engineer
901-758-8179 ext. 108
TEKSELL
[EMAIL PROTECTED]
_
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64367t=64358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Client behind PIX [7:64358]

[Kevin O'Gilvie]

I am assuming he is behind a cable modem or dsl.
If so, even cisco says this is not possible.
If someone has this working pleas advise..


From: Greg Owens 
Reply-To: Greg Owens 
To: [EMAIL PROTECTED]
Subject: Re: VPN Client behind PIX [7:64358]
Date: Tue, 4 Mar 2003 19:09:16 GMT

You just need to open the ports you are using, ie 500, 47 1
 
  From: Steve Smith
  Date: 2003/03/04 Tue AM 11:15:21 EST
  To: [EMAIL PROTECTED]
  Subject: VPN Client behind PIX [7:64358]
 
  OK gang here is the scenario. We have a PIX at work running VPN. I have
  a 515 at home. Before I put the 515 at home in I could use the VPN
  client to connect to work. Now I can not. I remember a year or so back
  reading a Cisco article about this and that you had to use a certain IP
  range on the remote (my house) network. Does anyone know anything about
  this? Any suggestions?
 
  Thanks!
 
  Steve Smith
  Enterprise Engineer
  901-758-8179 ext. 108
  TEKSELL
  [EMAIL PROTECTED]
Greg Owens
202-398-2552
_
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64426t=64358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Easy question [7:63002]

[Kevin O'Gilvie]

You need to enter config reg 0x2102
depends on the router..
What kind of router?
- Original Message -
From: Johnson, Richard (NY Int) 
To: 
Sent: Thursday, February 13, 2003 11:21 PM
Subject: Easy question [7:63002]


 Hi all,


 Every time I boot my router, it asks if I want to configure my router. I
 know I have to type some sort of confreg line in. Can someone tell me
which
 one so I can boot my router correctly, without having to reconfigure it
each
 time.


 Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63029t=63002
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CSIDS - 9E0-100 [7:60920]

[Kevin O'Gilvie]

Go Oletu!!
- Original Message -
From: Godswill Oletu 
To: 
Sent: Wednesday, January 15, 2003 12:27 PM
Subject: Re: CSIDS - 9E0-100 [7:60920]


 I completed the CSS1 last year and will be going for the SAFE before the
 expiration in September. I will want to take the SAFE exam as close as
 possible to the expiration.

 My advice is, since you have come so close, please go ahead and complete
 your S! then the SAFE exam. Agreed your current job does not require those
 skills. However, that give you more confidence for new openings in that
 field, moreso of what use will it be to you after going this far and for
 failure to move ahead, Cisco render your CSS1 null and void. It then
means,
 in time to come, if you pick up the interest in the Cisco Security track,
 you will have to start from beginning all over again.

 my 2 cents.

 Regards.
 Godswill




 - Original Message -
 From: Hanna, Keith
 To:
 Sent: Tuesday, January 14, 2003 6:26 AM
 Subject: RE: CSIDS - 9E0-100 [7:60920]


  Thinking about it at the minute.
  I completed CSS1 the same week Cisco announced the CCSP, so I only need
to
  take the SAFE exam, but I'm not sure yet if I'll bother.
  My current position doesn't deal as much with security as I'd like
  (corporate team to do that), and if I changed positions/company, I
suppose
  it would depend on what I was doing in the new one.
 
  I am tempted to 'just do it', but I tend not to be very motivated when
  there's no reward
 
  KEith
 
  -Original Message-
  From: Kim Graham [mailto:[EMAIL PROTECTED]]
  Sent: 14 January 2003 10:38
  To: [EMAIL PROTECTED]
  Subject: RE: CSIDS - 9E0-100 [7:60920]
 
 
  Maybe I should have asked if anyone is studying for the CCSP?  What
exams
  have you accomplished and what is your next step?  I may be amungst the
  group of first participants in this set of exams (v3) and others are
 waiting
  to get information concerning the exams before attempting.  *grins*
 
  Kim / Zukee




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61126t=60920
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IAS Authentication with Pix 515 [7:61023]

[Kevin O'Gilvie]

Hi All,

Does anyone know how to make IAS use Active directory to authenticate VPN
users..
I have the sample from cisco but that only displays local authentication..

Thanks a bunch,

Kevin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61023t=61023
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IAS Authentication with Pix 515 (Disregard) [7:61028]

[Kevin O'Gilvie]

I found it..

Thanks,

Kevin
  - Original Message -
  From: Kevin O'Gilvie
  To: [EMAIL PROTECTED]
  Sent: Monday, January 13, 2003 10:16 PM
  Subject: IAS Authentication with Pix 515


  Hi All,

  Does anyone know how to make IAS use Active directory to authenticate VPN
users..
  I have the sample from cisco but that only displays local authentication..

  Thanks a bunch,

  Kevin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61028t=61028
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT Apple chooses wireless 802.11g [7:60542]

[Kevin O'Gilvie]

The Airports have been out forever and are pretty stable..
I must say that apple has been ahead of the game in the wireless arena!!
- Original Message -
From: Priscilla Oppenheimer 
To: 
Sent: Tuesday, January 07, 2003 7:06 PM
Subject: OT Apple chooses wireless 802.11g [7:60542]


 That's what I like about Apple. They aren't mamby-pamby. They choose a
 technology and go with it, even if it's not standardized yet!

 Today at MacWorld they announced new notebooks that will ship with 802.11g
 wireless cards. They also announced a new 802.11g access point. This is
the
 54 Mbps 2.4 GHz standard that IEEE is working on.

 I think this is the way to go since 802.11g is compatible with the slew of
 802.11b devices already deployed, whereas 802.11a is not compatible.
802.11a
 has some advantages. For example, it has fewer problems with overlapping
 access points and it's shipping (and standardized, I think?) Thoughts,
anyone?

 What does Cisco have up its sleeve, I wonder? Are they going to take their
 normal agnostic standpoint and support 802.11 a, b, and g?

 Go Apple! :-)

 Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=60608t=60542
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fwd: RE: CCIE Vs. BS or MS dergree [7:59481]

[Kevin O'Gilvie]

Thank you Howard for laying the foundation for us to grow on..

-Kevin
- Original Message -
From: Howard C. Berkowitz 
To: 
Sent: Friday, December 20, 2002 10:22 AM
Subject: Re: Fwd: RE: CCIE Vs. BS or MS dergree [7:59481]


 At 1:37 PM + 12/20/02, Mr piyush shah wrote:
 Dear friends
 It has been quite long that I have been hearing
 whether CCIE is superior or MS. I thing it is high
 time we should wrap the topic.I dont understand
 ,whether why this forum for ? It should b a purely
 technical. For a typically type of questioning like
 this, there are resposes which lasts for weeks but
 there are some questions for whom nobody seems to be
 bothered ?
 There was a queation which was thrown on this on
 TACACS ACS  whether What could the issue that I am
 able to authenticate and not authorisation ,not a
 single person on this site bothered to answered ,not
 even Priscilla .

 Let's consider whether people bother to respond.  First, remember
 that everyone who does so is volunteering their time. They are not a
 substitute for the TAC or reference materials.  Have you considered
 that at the time you asked the question, Priscilla might be on
 vacation, another expert has limited list access while on business
 travel (perhaps behind a strict firewall), and two others are trying
 to finish projects for which they are paid?

 The latter might scan the list, but not have 10-30 minutes to write a
 post. Indeed, many of those experts do not have the answer memorized,
 but would have to look it up -- admittedly much faster than would a
 beginner.

 Which sounds to be very starnge. There are so many
 people who r new to networking tech ,hence comes with
 some querry which might b stupid to some of our
 colleages but pls ensure that u were also like them
 during your initial  phase ,

 The following is not meant to be a put-down, but a reality of how
 some people started in networking technology.  I was first
 responsible for a network in 1970, using Bell 100 series modems (300
 bps) to a PDP-11 running critical medical applications. Most links
 were acoustically coupled dialups, but we did have a few dedicated
 lines (again at 300 bps).

 With about 10 user ports on the machine, we sometimes just ran out.
 Since one of the dedicated lines was only needed for backups at
 night, and another for reporting, I realized I could switch them to
 dialup during the day.

 There was no Black Box Catalog or the like.  I needed to get a copy
 of RS-232 and learn the wiring, decide how many pins I had to switch,
 go to the electronics store and get an appropriate rotary switch and
 other components, and physically build the box, soldering the wires
 to the switch.

 I made some incorrect assumptions the first time, and had to use
 electronic test instruments to find what I had done wrong -- it
 turned out I wasn't clear about the functions of the Pin 1 and Pin 7
 grounds.

 At the same time all of this was going on, I was the head of software
 development for the medical applications, so needed to both design,
 write, and manage development, as well as researching expert system
 rules for blood banking and clinical chemistry.

 So no, not everyone had the luxury of a list or even colleagues.

 hence try to  rectify the
 querry rather than spending your precious time on
 stupid questions like  ccie is superior or MS , what
 is the salary of CCIE ? 

 And I will be perfectly honest.  Sometimes, I may be in a hurry when
 reading the list, and there's a stupid question that I can answer
 from personal experience.  Even when I answer a technical question
 with which I am very familiar, I often check the documentation --
 Cisco or IETF -- to be sure I'm referring to the right document.  On
 another list, for example, there was a DNS question.  I knew the
 answer was in RFC 1033, 1034, or 1035, but wasn't sure which, and
 didn't have time to look it up.  I cited the three documents, and
 said I _thought_ it was 1034.  Looking it up later, it was 1035.

 I hope the message is clear to everybody
 Regards
 
 PIYUSH
 
 
 
 
 Note: forwarded message attached.
 
 
 Missed your favourite TV serial last night? Try the new, Yahoo! TV.
 visit http://in.tv.yahoo.com
 X-Apparently-To: [EMAIL PROTECTED] via web8002.mail.in.yahoo.com;
20 Dec 2002 07:36:38 +0500 (IST)
 Return-Path:
 X-Track: 1: 100
 Return-Path:
 Received: from groupstudy.com (66.220.63.9) by mta102.in.mail.yahoo.com
with SMTP; 20 Dec 2002 07:34:44 +0500 (IST)
 Received: from localhost (mail@localhost) by groupstudy.com
(8.9.3/8.9.3) with SMTP id CAA32069; Fri, 20 Dec 2002 02:04:32 GMT
 Received: by groupstudy.com (bulk_mailer v1.13); Fri, 20 Dec 2002
01:26:50 +
 Received: (from listserver@localhost) by groupstudy.com (8.9.3/8.9.3) id
BAA23691 GroupStudy Mailer; Fri, 20 Dec 2002 01:26:48 GMT
 Received: (from nobody@localhost) by groupstudy.com (8.9.3/8.9.3) id
BAA23686 

Re: Aironet 1200 [7:59310]

[Kevin O'Gilvie]

You are right.
The 1200's dont support briging as yet, they are just WAP's.
How much bandwidth does the 350 offer?

- Original Message -
From: Charlie Wehner 
To: 
Sent: Monday, December 16, 2002 9:07 PM
Subject: RE: Aironet 1200 [7:59310]


 What type of throughput does the remote office need?  With two 1200 series
 access points you can:

 a) Run one AP as Root and the other in Repeater mode.
 b) Blast the signal across the street with just one AP

 I don't think you can bridge with 1200s series APs.  You might be better
off
 buying 350 bridges instead depending on your environment.

 You could also buy a WGB to connect to one of the APs.  That's another
 option.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59369t=59310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Aironet 1200 [7:59310]

[Kevin O'Gilvie]

This is the opposite as to what cisco was telling me.
I definately have line of site, they told me (2) 1200's with the outdoor
antennas is all I would need. Are you saying I would need the bridges as
well?
How much bandwith is that offereing? I am only using the wireless for the
data for now.
i will look into the voice aspect later..

TIA,

-Kevin
- Original Message -
From: Mac 
To: 
Sent: Tuesday, December 17, 2002 1:14 AM
Subject: Re: Aironet 1200 [7:59310]


 You will have to buy 2 wireless bridges.
 The 350 series wireless bridges are 802.11b. 100 milliwat, and support
 rp-tnc connectors, this will allow you to choose a range of antennas to
use.
 I would supose you have 3 major issues to worry about
 1. I am assuming you have line of sight currently, are there any trees
that
 will grow leaves in the spring in your path?
 2. Current voice and data integration - there are 2 likely ways that you
may
 be intagrated
 a. using a channel bank on your csu-dsu e.g. 1 serial port to your
pbx,
 1 to your router, and the same thing on the oposite side of the T1 line
 b. you are doing a voip integration with Drop and Insert cards
 if you are running choice a, then you will have to deal with your
voice
 integration, if choice b, then you will just to reconfigure your router to
 support the new wan
 integration
 3. Wireless security- Luckily cisco access points and bridges support
 dynamic wep key rotation. If you are implimenting bridges then you will
have
 to configure
 Leap. This makes it necessary to configure Internet Authentication
 Server, or Cisco Secure ACS server, or whater radius implimentation of
your
 choice.

 Hope this helps,
 Colin McNamara


 Kevin O'Gilvie  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I am looking to get rid of the fractional T1.
  We have 12 voice 12 data..
  We can save money going wireless and increse the throughput..
  I want to go 802.11b all the way..
  Isnt the bridge 11a.
  If I have antennas on both sides wont that be enough?
  Please let me know your thoughts..
  there will be about 20 users in the remote office..
 
  TIA,
 
  Kevin
 
 
 
  From: Charlie Wehner
  Reply-To: Charlie Wehner
  To: [EMAIL PROTECTED]
  Subject: RE: Aironet 1200 [7:59310]
  Date: Tue, 17 Dec 2002 02:07:40 GMT
  
  What type of throughput does the remote office need?  With two 1200
 series
  access points you can:
  
  a) Run one AP as Root and the other in Repeater mode.
  b) Blast the signal across the street with just one AP
  
  I don't think you can bridge with 1200s series APs.  You might be
better
  off
  buying 350 bridges instead depending on your environment.
  
  You could also buy a WGB to connect to one of the APs.  That's another
  option.
  _
  Add photos to your e-mail with MSN 8. Get 2 months FREE*.
  http://join.msn.com/?page=features/featuredemail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59368t=59310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Aironet 1200 [7:59310]

[Kevin O'Gilvie]

Exactly..
We have an external CSU/DSU for the PBX..
- Original Message -
From: Mac 
To: 
Sent: Tuesday, December 17, 2002 10:43 AM
Subject: Re: Aironet 1200 [7:59310]


 11 megabit, for 802.11b, so with headers and encryption, 8-9 megabit.
 Weather conditions, distance, and interferance can nock this rate down.
 the 2 db dipole rubber ducky antenna's that come stock with AP's and
some
 Bridges have about a 200 meter range.  If you have any questions on what
 antennas, cables and towers may be appropriate for you just go to
cisco.com
 tac tools, and aironet antenna calculator. This will tell you how much
 distance/throughput/antenna hieght you will need/get.

 Question on your voice integration, does the PBX connect directly into an
 external csu/dsu that the router does (such as a kentrox with 2 v.35
 connections) or does it plug into your router into a vwic card ?.

 Cheers,
 Colin McNamara

 Kevin O'Gilvie  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  You are right.
  The 1200's dont support briging as yet, they are just WAP's.
  How much bandwidth does the 350 offer?
 
  - Original Message -
  From: Charlie Wehner
  To:
  Sent: Monday, December 16, 2002 9:07 PM
  Subject: RE: Aironet 1200 [7:59310]
 
 
   What type of throughput does the remote office need?  With two 1200
 series
   access points you can:
  
   a) Run one AP as Root and the other in Repeater mode.
   b) Blast the signal across the street with just one AP
  
   I don't think you can bridge with 1200s series APs.  You might be
better
  off
   buying 350 bridges instead depending on your environment.
  
   You could also buy a WGB to connect to one of the APs.  That's another
   option.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59383t=59310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Aironet 1200 [7:59310]

[Kevin O'Gilvie]

Dear All,

I am purchasing (2) the Cisco Aironet 1200 and respective outdoor antennas
to connect a remote office across the street, I am wondering if anyone has
done this and has some advice for me..

-Kevin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59310t=59310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Aironet 1200 [7:59310]

[Kevin O'Gilvie]

I am looking to get rid of the fractional T1.
We have 12 voice 12 data..
We can save money going wireless and increse the throughput..
I want to go 802.11b all the way..
Isnt the bridge 11a.
If I have antennas on both sides wont that be enough?
Please let me know your thoughts..
there will be about 20 users in the remote office..

TIA,

Kevin



From: Charlie Wehner 
Reply-To: Charlie Wehner 
To: [EMAIL PROTECTED]
Subject: RE: Aironet 1200 [7:59310]
Date: Tue, 17 Dec 2002 02:07:40 GMT

What type of throughput does the remote office need?  With two 1200 series
access points you can:

a) Run one AP as Root and the other in Repeater mode.
b) Blast the signal across the street with just one AP

I don't think you can bridge with 1200s series APs.  You might be better 
off
buying 350 bridges instead depending on your environment.

You could also buy a WGB to connect to one of the APs.  That's another
option.
_
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59339t=59310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Resricicting Certain Users -Pix 515 UR [7:58861]

[Kevin O'Gilvie]

Yeah,

Its starts at version 6.2.
Its great, drastically reduces your config lines..






From: Andrew Larkins 
Reply-To: Andrew Larkins 
To: [EMAIL PROTECTED]
Subject: RE: Resricicting Certain Users -Pix 515 UR [7:58861]
Date: Wed, 11 Dec 2002 16:32:13 GMT

Maybe a dumb question - but is there a certain software version for that
command  (object group) - haven't seen it before

-Original Message-
From: Kevin O'Gilvie [mailto:[EMAIL PROTECTED]]
Sent: 10 December 2002 22:15
To: [EMAIL PROTECTED]
Subject: Re: Resricicting Certain Users -Pix 515 UR [7:58861]


Sounds good..
But websense is very expensive..
Wont lists do the job as well: e.g

object-group network REST-LAN-USR
   network-object 10.1.x.x 255.255.255.0
object-group network Rest-SRV
   network-object host 64.232.56.99
   network-object host 209.123.45.67

access-list RESTRICTED permit tcp object-group REST-LAN-USR object-group
Rest-SRV eq www

And just put those users in that subnet?

Thanks Brad






 From: Brad
 Reply-To: Brad
 To: [EMAIL PROTECTED]
 Subject: Re: Resricicting Certain Users -Pix 515 UR [7:58861]
 Date: Tue, 10 Dec 2002 15:42:54 GMT
 
 Kevin,
 
 Hi!  I would say the best way to do something like this would probably be
 using Websense (or similar software) in conjunction with your Pix.  I've
 setup Websense before, and it's pretty easy.
 
 thanks,
 -Brad Ellis
 CCIE#5796 (RS / Security)
 Network Learning Inc
 [EMAIL PROTECTED]
 www.optsys.net (Cisco hardware)
 
 Kevin O'Gilvie  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Hi All,
  
   I would like to create a group lets say x,x,x,x-x.x.x.x and restrict
 them
 to
   only certain websites, I am guessing I will have to use ip addresses 
of
   those sites, but still allow them to access the local network..
   Whats the best way to go about this.
   I have been using groups in my configs thus far..
  
   BTW- I love you guys in this group, it has to be the best news group
 around
   right now, lets keep the standards high and weed out the slackers that
 are
   trying to water down the CCIE's. We are doing more work for less money
 and
   the main reason why is because we are settling, we work damn hard and
 invest
   time and money to achieve these goals, and should be awarded as such. 
I
 dont
   see doctors building practice labs in there homes to cure patients, 
nor
   lawyers building practice court rooms..
  
   Sorry for the ranting but every year it seems you have to have more 
and
 more
   letters after your name to earn a decent living in this technology
 arena,
   when we are the ones that are enabling these million and billion 
dollar
   companies to do business seemlessly anytime and anywhere..
  
   -Kevin
  
   _
   The new MSN 8: smart spam protection and 2 months FREE*
   http://join.msn.com/?page=features/junkmail
_
Add photos to your messages with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
_
Add photos to your messages with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58992t=58861
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Resricicting Certain Users -Pix 515 UR [7:58861]

[Kevin O'Gilvie]

Sounds good..
But websense is very expensive..
Wont lists do the job as well: e.g

object-group network REST-LAN-USR
  network-object 10.1.x.x 255.255.255.0
object-group network Rest-SRV
  network-object host 64.232.56.99
  network-object host 209.123.45.67

access-list RESTRICTED permit tcp object-group REST-LAN-USR object-group 
Rest-SRV eq www

And just put those users in that subnet?

Thanks Brad






From: Brad 
Reply-To: Brad 
To: [EMAIL PROTECTED]
Subject: Re: Resricicting Certain Users -Pix 515 UR [7:58861]
Date: Tue, 10 Dec 2002 15:42:54 GMT

Kevin,

Hi!  I would say the best way to do something like this would probably be
using Websense (or similar software) in conjunction with your Pix.  I've
setup Websense before, and it's pretty easy.

thanks,
-Brad Ellis
CCIE#5796 (RS / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.optsys.net (Cisco hardware)

Kevin O'Gilvie  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi All,
 
  I would like to create a group lets say x,x,x,x-x.x.x.x and restrict 
them
to
  only certain websites, I am guessing I will have to use ip addresses of
  those sites, but still allow them to access the local network..
  Whats the best way to go about this.
  I have been using groups in my configs thus far..
 
  BTW- I love you guys in this group, it has to be the best news group
around
  right now, lets keep the standards high and weed out the slackers that 
are
  trying to water down the CCIE's. We are doing more work for less money 
and
  the main reason why is because we are settling, we work damn hard and
invest
  time and money to achieve these goals, and should be awarded as such. I
dont
  see doctors building practice labs in there homes to cure patients, nor
  lawyers building practice court rooms..
 
  Sorry for the ranting but every year it seems you have to have more and
more
  letters after your name to earn a decent living in this technology 
arena,
  when we are the ones that are enabling these million and billion dollar
  companies to do business seemlessly anytime and anywhere..
 
  -Kevin
 
  _
  The new MSN 8: smart spam protection and 2 months FREE*
  http://join.msn.com/?page=features/junkmail
_
Add photos to your messages with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58918t=58861
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Resricicting Certain Users -Pix 515 UR [7:58861]

[Kevin O'Gilvie]

Hi All,

I would like to create a group lets say x,x,x,x-x.x.x.x and restrict them to 
only certain websites, I am guessing I will have to use ip addresses of 
those sites, but still allow them to access the local network..
Whats the best way to go about this.
I have been using groups in my configs thus far..

BTW- I love you guys in this group, it has to be the best news group around 
right now, lets keep the standards high and weed out the slackers that are 
trying to water down the CCIE's. We are doing more work for less money and 
the main reason why is because we are settling, we work damn hard and invest 
time and money to achieve these goals, and should be awarded as such. I dont 
see doctors building practice labs in there homes to cure patients, nor 
lawyers building practice court rooms..

Sorry for the ranting but every year it seems you have to have more and more 
letters after your name to earn a decent living in this technology arena, 
when we are the ones that are enabling these million and billion dollar 
companies to do business seemlessly anytime and anywhere..

-Kevin

_
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58861t=58861
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BSCI [7:57165]

[Kevin O'Gilvie]

Has anyone taken this exam yet and can offer some feedback on preparation.

Thanks,

Kevin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=57165t=57165
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Security Boot Camp [7:57042]

[Kevin O'Gilvie]

Has anyone taken this?
I am thinking about going since my job is willing to pay or any other
recommendations on CCIE Security Training?

TIA,

Kevin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=57042t=57042
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco Study Groups [7:56997]

[Kevin O'Gilvie]

Dear All,

I am curious to how the current established study groups are working out.
I would like some feedback on best practices and what doesnt as far as
having a succesful study group as we are starting one as we speak. I am sure
there are some great stories out there as well as some bad ones.

Thanks,

Kevin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56997t=56997
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Looking for Mac Support Engineer NYC [7:57013]

[Kevin O'Gilvie]

If anyone knows of someone who is very skilled in Macintosh OS 9/ X and
Applications please forward the resume to me. We are looking to fill this
position ASAP. I am not a recruiter this is a real position. No 3rd parties
please.

Thanks,

Kevin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=57013t=57013
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ESAFE Spam Filter.. [7:56344]

[Kevin O'Gilvie]

I just ordered it..
Anyone implemeted this yet?

-Kevin



_
Broadband? Dial-up? Get reliable MSN Internet Access. 
http://resourcecenter.msn.com/access/plans/default.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56344t=56344
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco IDS [7:56100]

[Kevin O'Gilvie]

Dear All,

I am looking to purchase Cisco IDS next week.
Anyone implemented this yet?

thanks in advance,

-Kevin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56100t=56100
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Setting Up VTP Domain [7:55943]

[Kevin O'Gilvie]

You Rock Priscilla!!
I am honored to have your advice.

Thank you,

Kevin
- Original Message -
From: Priscilla Oppenheimer 
To: 
Sent: Monday, October 21, 2002 5:20 PM
Subject: RE: Setting Up VTP Domain [7:55943]


 Kevin O'Gilvie wrote:
 
  Dear All,
 
  I have a Cat5k and about 15 Cat29xx .
  All 29xx are connected to the Cat 5, the Cat 5 cpnnects to the
  Pix, Pix
  Connects to the router.
  There are no Vlans in place.
  I would like to enable VTP Domain but I would like to know the
  best way to
  go about thist.
  Some of our 29xx are old some are new, I heard horror stories
  of VTP taking
  down the network. I would like to make the Cat5k my vtp Server
  and all the
  29xx 's vtp clients.

 I'm more of an expert on real LANs than virtual LANs ;-), so somebody will
 correct me if I say anything wrong, but I think your plan sounds fine. You
 may want to have one other switch act as a VTP server as a backup. The
other
 switches should be clients, as you have planned. You should enter VLAN
 information on the primary server switch normally and only enter
information
 on the other switch acting as a VTP server if you know for sure that the
 primary server is going to be down for a while. Or, just keep it simple,
and
 have just one VTP server switch, as you have planned.

 Cisco requires VTP, by the way, so you will have to use it once you start
 implementing VLANs. You will probably want to put all the switches in the
 same VTP domain since your network is small, which you can easily do by
 simply supplying the same domain name for all of the switches. Be very
 careful with the spelling so that the domain name is exactly the same on
all
 the switches. The name is case-sensitive, by the way.

 Most problems with VTP are due to non-systematic updating of VLAN data by
 novice network engineers. As mentioned, you should have no more than one
or
 two switches acting as a server, and you should only make changes on one
of
 those switches, unless the other one is down and will be down for a while.

 A switch looks at the configuration revision number (CRN) of a VTP
 advertisement. If a VTP server or client receives an advertisement where
the
 received CFN is higher then the current CFN, the switch sends a request to
 the originating server for a subset advertisement. The switch then
replaces
 its VLAN configuration with the contents of the subset advertisement. The
 switch floods the original summary advertisement out all trunk ports. A
 switch in transparent mode ignores the advertisement and floods it out all
 trunk ports.

 Note that when a server or client receives a VTP subset advertisement, the
 switch erases its old VLAN configuration and replaces it with the new
 information from the advertising server. This behavior can result in
 problems. Consider the case where you have configured a switch off-line
 before connecting it to a network. Now suppose you have configured the
 switch to be a VTP server and that you made many changes as you were
 working, resulting in a switch with a higher CFN than exists in the
running
 network. When you connect the new switch to the network, its VLAN
 configuration replaces that of all the switches in the network. VTP does
not
 add to existing configurations; it replaces them. So, you may have just
 wiped out numerous VLANs that already existed. Any ports that were in the
 deleted VLANs are now disabled. The network becomes unusable at this
point!
 VTP is a powerful tool, but it must be used with care. To avoid problems,
be
 sure to document the VLAN names and IDs that are in use, using network
 management software or an Excel spreadsheet.

 And that's probably way more verbiage than you needed! ;-) But I hope it
is
 helpful.

 ___

 Priscilla Oppenheimer
 www.troubleshootingnetworks.com
 www.priscilla.com

 
  Your Advice is Greatly appreciated,
 
  Kevin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56039t=55943
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Setting Up VTP Domain [7:55943]

[Kevin O'Gilvie]

Dear All,

I have a Cat5k and about 15 Cat29xx .
All 29xx are connected to the Cat 5, the Cat 5 cpnnects to the Pix, Pix
Connects to the router.
There are no Vlans in place.
I would like to enable VTP Domain but I would like to know the best way to
go about thist.
Some of our 29xx are old some are new, I heard horror stories of VTP taking
down the network. I would like to make the Cat5k my vtp Server and all the
29xx 's vtp clients.

Your Advice is Greatly appreciated,

Kevin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=55943t=55943
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IDS-Security [7:55780]

[Kevin O'Gilvie]

I was looking at A Cisco IDS solution..
Is that not any good?



From: Peter Walker : [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], 
@groupstudy.com
Reply-To: Peter Walker : [EMAIL PROTECTED], [EMAIL PROTECTED],   
  [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], 
@groupstudy.com
To: [EMAIL PROTECTED]
Subject: Re: IDS-Security [7:55780]
Date: Fri, 18 Oct 2002 08:44:05 GMT

just a couple of comments.

1) I think you misinterpreted the original poster's comment.  You dont
have to buy OpenBSD because similar to linux it is free.  Like with
linux you may want to buy a CD unless you like internet installs :-)

2) Unlike most linux distro's, OpenBSD is pretty much secure after a
default install. This should be important to you for an IDS host.

Peter Walker

Gragido, William wrote:
 
  You don't have to buy a copy of OpenBSD.  Snort runs on Linux and has 
been
  ported to, you guessed it, Windoze as well.  I have been working with it
for
  quite a long time and I love it.
 
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com]
  Sent: Thursday, October 17, 2002 8:27 PM
  To: [EMAIL PROTECTED]
  Subject: RE: IDS-Security [7:55780]
 
  If you are looking for a great IDS solution take a look a snort.
  www.snort.org
 
  Buy a copy of OpenBSD and install snort.  Snort is open source and it
  awesome IDS software.  If it is good enough for Northcutt it is good 
enough
  for anybody
_
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=55870t=55780
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 9/11 [7:53084]

[Kevin O'Gilvie]

May God bless and keep you all..

\From: Jake 
Reply-To: Jake 
To: [EMAIL PROTECTED]
Subject: 9/11 [7:53084]
Date: Wed, 11 Sep 2002 11:46:35 GMT

Lets take a moment to remember are fallen heros, all who have parished, and
the families they left behind.

Thanks
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53097t=53084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to manage the pix 501 remotely via telnet or pdm [7:52868]

[Kevin O'Gilvie]

If your are on 6.X u can use ssh from anywhere in the world.
There is a doc on cco on how to enable ssh..

Cheers,

Kevin


From: Mark W. Odette II 
Reply-To: Mark W. Odette II 
To: [EMAIL PROTECTED]
Subject: RE: How to manage the pix 501 remotely via telnet or pdm [7:52831]
Date: Fri, 6 Sep 2002 22:25:06 GMT

HUH!?!?! What does ICMP have to do with Telnet or the PDM??

Mindiani- To answer your question, yes there is an alleged way of doing
what you're wanting to do.  I have not done it myself yet, but there is
an example on CCO of how to do such a configuration.

Pad Pad Pad  http://www.cisco.com/warp/public/110/pdm_vpntun.html

For Telnet, as far as I know, there isn't a way to telnet to the PIX
from the outside- it's considered a security risk by the firewall group
at Cisco, so they don't allow for it.

If you want to telnet to the PIX, create a rule on the PIX that allows
your specific Internet Host to connect to a telnet device such as a
Switch or a Unix box (or even the Telnet Server on Win2K if I dare
suggest it), and then hit the PIX from that telnet host.  Be sure and
configure the PIX with the telnet 'inside-host-ip' 255.255.255.255
inside command.

Good luck, and let us know how you do!

Mark

-Original Message-
From: Dain Deutschman [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 06, 2002 4:28 PM
To: [EMAIL PROTECTED]
Subject: Re: How to manage the pix 501 remotely via telnet or pdm
[7:52826]

do you have the conduit configured to allow icmp? I think the PIX blocks
icmp unless you specifically open a conduit for it.
Dain
mindiani mindiani  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi  I just installed two PIX 501 with vpn tunnel over the internet for
my
  client and I would like to allow telnet and pdm from one site to the
  other. The tunnels are up and I able to send traffic in both
directions
  but I cannot telnet into the remote Pix from my PC.I tried the
following
  command: telnet 172.16.1.2  255.255.255.255 outside  This command
would
  not allow my PC (IP address172.16.1.2) to telnet to the remote site
but I
  am able to telnet to my servers behind the PIX. i have the same
problem
  with PDM.
 
 

 
  Join the worlds largest e-mail service with MSN Hotmail. Click Here
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52868t=52868
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PDM [7:52870]

[Kevin O'Gilvie]

PDM
PDM
PDM..

I dont see why anyone uses PDM..
With 6.X you can create groups, objects etc..Which really reduces the lines 
in your config..
I am CLI all the way!!!
Is there a PDM for routers too??
LOL!!

Just my opinion..

CLI helps you learn the IOS much better then PDM..

Cheers,

Kevin

_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52870t=52870
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PDM [7:52870]

[Kevin O'Gilvie]

LOL..
I gotcha..



From: Eric Rogers 
Reply-To: Eric Rogers 
To: [EMAIL PROTECTED]
Subject: Re: PDM [7:52870]
Date: Sun, 8 Sep 2002 02:36:05 GMT

Remember, firewalls and routers perform two different functions. The PDM is
being developed to counter Checkpoint's. Checkpoint is the leader in the
firewall market and it has an excellent GUI. Granted there are issue's with
CP concerning licensing, OS hardening and support. In a large production
firewall environment it's really nice to have a GUI and not go blind trying
to read straight text on a daily basis. Rules that I can see quickly with
color a GUI. Logs that I can see quickly with a color GUI.

Imagine a company with 20,000 people spread across a continent with a dozen
server farms. Now imagine a over hundred or so rules placed on the 
firewalls
to facilitate the needs of the various business groups. Then you take 9 to
15 fulltime admin's managing this on a 24x7 basis and you'll find just how
quickly you wish you had that GUI come your shift. Think about it. Somehow
there's a server hack and suddenly you've got your boss breathing down your
neck and your boss' boss breathing down your neck too, all the while your
scrolling through the CLI trying to figure out who, what, where. Finally,
printing out the entire running config and going through it line by line
with a color marker.

I've seen this happen. It's an ugly sight.

Just some food for thought...

-Eric

- Original Message -
From: Kevin O'Gilvie
To:
Sent: Saturday, September 07, 2002 6:44 PM
Subject: PDM [7:52870]


  PDM
  PDM
  PDM..
 
  I dont see why anyone uses PDM..
  With 6.X you can create groups, objects etc..Which really reduces the
lines
  in your config..
  I am CLI all the way!!!
  Is there a PDM for routers too??
  LOL!!
 
  Just my opinion..
 
  CLI helps you learn the IOS much better then PDM..
 
  Cheers,
 
  Kevin
 
  _
  Send and receive Hotmail on your mobile device: http://mobile.msn.com
_
Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52873t=52870
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Exchange 5.5 in DMZ [7:52126]

[Kevin O'Gilvie]

Dear All,

What is the correct way to set up exchange in the DMZ..
I know how to set it up in the inside interface but that is a security risk.
I would like to put IMC and OWA on the DMZ.
And keep the Mail Server on the inside

Thanks,

Kevin




_
Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52126t=52126
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Does Pix Support? [7:51519]

[Kevin O'Gilvie]

Hi All,

I am pretty sure you all are in the same boat of spam management..
Does the Pix have any pluggins for spam blocking..
Can you guys reccommend a product for spam blocking for Exchange 5.5.
I am looking at Mail Sweeper?
Also looking for A gooD AV for Exchange 5.5, I am currently using innoculate 
but There patters come out too lATE..
TIA,

KEVIN




_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51519t=51519
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Looking for BSCN in PDF format [7:50039]

[Kevin O'Gilvie]

LOL!!


From: Jay Greenberg 
Reply-To: Jay Greenberg 
To: [EMAIL PROTECTED]
Subject: Re: Looking for BSCN in PDF format [7:50039]
Date: Mon, 29 Jul 2002 18:09:21 GMT

Sure, 150 bucks, and I'll even give you a *real* book instead of the
pdf.

Wouldn't it be nice if everything were free?

On Mon, 2002-07-29 at 13:28, Bond, Jeffrey T wrote:
  Does anyone have a copy of BSCN in pdf format that they wouldn't mind
  sharing.
 
 
  thanks
 
 
  Jeff
_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50043t=50039
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Looking for BSCN in PDF format [7:50039]

[Kevin O'Gilvie]

You tell him Juan,

No pirates here!!
Just techies trying to sail..Alot of us are just trying to swim..Or at least 
learning to float!!

LOL!!


From: Juan Blanco 
Reply-To: Juan Blanco 
To: [EMAIL PROTECTED]
Subject: RE: Looking for BSCN in PDF format [7:50039]
Date: Mon, 29 Jul 2002 20:09:19 GMT

Jeff,
Give us a break, on this group we are very negative to this type of
behaviors, I just went and spent $120 in two books, I did not go to the
movies, I did not go outI just went and bought the books because I need
them, like myself most of the people in this group do the same thing, they
sacrificed them self and buy whatever is require to learn the technology
which will help them to move up to new levels, the same way the authors of
many books whom worked very hard to put together a book that will help
everyone. My advise to you is, in this field you can't be worried about how
much a book cost.This is very costly field, very costly my wife is 
ready
give the divorced and kick me out the house with my rack, routers, switches
and course many, many books...

Good luck in getting your BSCN'S PDF..

jb

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bond, Jeffrey T
Sent: Monday, July 29, 2002 1:29 PM
To: [EMAIL PROTECTED]
Subject: Looking for BSCN in PDF format [7:50039]


Does anyone have a copy of BSCN in pdf format that they wouldn't mind
sharing.


thanks


Jeff
_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50051t=50039
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Got it to work (Pix 515 behind cable modem) [7:49744]

[Kevin O'Gilvie]

Thanks Everyone,

I thought that the pix would automatically assign dns servers to the clents 
if you have dhcpd auto turned on on the outside interface. I was wrong. I 
manually added dhcp to one client and ..BANG!! I was on google.com..LOL..
I then configured dhcpd on the inside interface with a private pool and all 
is well.. Thank you all.. I couldnt have done it w/o you..I guess the 
outside interface doesnt care about dns..
Oh yeah -- no need for route outside statement..I did a show route and 
'setroute' is doing his job just fine..

-Kevin


From: Craig Columbus 
To: Kevin O'Gilvie 
CC: [EMAIL PROTECTED]
Subject: Re: Can get it to work (Pix 515 behind cable modem [7:49744]
Date: Fri, 26 Jul 2002 12:09:50 -0400

Kevin,

Kim's right...  If you've posted your entire config, then you've not opened
any ports.  By default, the PIX won't allow traffic through.  You have to
specifically enable what you want.
Create an access list and apply it to the inside interface:

access-list acl_inside permit ip any any
access-group acl_inside in interface inside

Craig





At 03:49 PM 7/26/2002 +, you wrote:
hi Kim,

Thanks for your advice, ill try it..

-Kevin

 From: Kim Graham
 To: Kevin O'Gilvie ,
 Subject: Re: Can get it to work (Pix 515 behind cable modem) [7:49744]
 Date: Fri, 26 Jul 2002 7:34:51 -0400
 
 I am new to the pix so please verify these entries before you try them
 (older version of pix) you need to add conduit statements.  This version 
of
 PIX (6.2(2)) may be able to use access lists so check on that prior to
 putting in the conduits.  Once you have entered the conduit statements
 clear the xlate and then try to initiate a session to the outside world.
 (show conduit, show xlate, clear xlate)
 
 example:
 conduit permit icmp any any
 conduit permit tcp any any eq www
 
 Kim
 
  
   From: Kevin O'Gilvie
   Date: 2002/07/26 Fri AM 01:20:23 EDT
   To: [EMAIL PROTECTED]
   Subject: Can get it to work (Pix 515 behind cable modem) [7:49744]
  
   Dear All,
  
   Below is my config.
   Can someone tell me why ckients on the inside interface cant get to 
the
   internet (browwse, ping, nothing)
   Yet show xlate shows clients Pat(ing) to outside address..
   I am so frustrated, dont know whats the issue???!!!
  
   PIX Version 6.2(2)
   nameif ethernet0 outside security0
   nameif ethernet1 inside security100
   nameif ethernet2 dmz security50
   enable password 8Ry2YjIyt7RRXU24 encrypted
   passwd 2KFQnbNIdI.2KYOU encrypted
   hostname pixfirewall
   fixup protocol ftp 21
   fixup protocol http 80
   fixup protocol h323 h225 1720
   fixup protocol h323 ras 1718-1719
   fixup protocol ils 389
   fixup protocol rsh 514
   fixup protocol rtsp 554
   fixup protocol sqlnet 1521
   fixup protocol sip 5060
   fixup protocol skinny 2000
   no fixup protocol smtp 25
   names
   pager lines 24
   logging on
   logging trap debugging
   logging host inside 192.168.0.2
   interface ethernet0 100full
   interface ethernet1 100full
   interface ethernet2 100full
   mtu outside 1500
   mtu inside 1500
   mtu dmz 1500
   ip address outside dhcp setroute
   ip address inside 192.168.0.1 255.255.255.0
   ip address dmz 127.0.0.1 255.255.255.255
   ip audit info action alarm
   ip audit attack action alarm
   pdm history enable
   arp timeout 14400
   global (outside) 1 interface
   nat (inside) 1 0.0.0.0 0.0.0.0 0 0
   timeout xlate 0:30:00
   timeout conn 0:15:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
   0:05:00 si
   p 0:30:00 sip_media 0:02:00
   timeout uauth 0:05:00 absolute
   aaa-server TACACS+ protocol tacacs+
   aaa-server RADIUS protocol radius
   aaa-server LOCAL protocol local
   no snmp-server location
   no snmp-server contact
   snmp-server community public
   no snmp-server enable traps
   floodguard enable
   sysopt connection permit-ipsec
   sysopt connection permit-pptp
   no sysopt route dnat
   telnet 192.168.0.2 255.255.255.255 inside
   telnet timeout 60
   ssh timeout 5
   dhcpd auto_config outside
   terminal width 80
   Cryptochecksum:0d7e04757f9b50f2a77acb163265e3ea
   : end
   [OK]
  
   _
   Send and receive Hotmail on your mobile device: http://mobile.msn.com
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com
_
Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49977t=49744
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can get it to work (Pix 515 behind cable modem [7:49744]

[Kevin O'Gilvie]

Theoretically yes.
But the ip is reserved and nearly ever changes..


From: Jake 
Reply-To: Jake 
To: [EMAIL PROTECTED]
Subject: Re: Can get it to work (Pix 515 behind cable modem [7:49744]
Date: Fri, 26 Jul 2002 15:44:35 GMT

Is the outside interface doing DHCP from the ISP with the setroute command.
If so, this would mean that your global ip on your outside interface
changes. Am I correct to assume this??

Kevin O'Gilvie  wrote in message
news:[EMAIL PROTECTED]...
  Dear All,
 
  Below is my config.
  Can someone tell me why ckients on the inside interface cant get to the
  internet (browwse, ping, nothing)
  Yet show xlate shows clients Pat(ing) to outside address..
  I am so frustrated, dont know whats the issue???!!!
 
  PIX Version 6.2(2)
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  nameif ethernet2 dmz security50
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  hostname pixfirewall
  fixup protocol ftp 21
  fixup protocol http 80
  fixup protocol h323 h225 1720
  fixup protocol h323 ras 1718-1719
  fixup protocol ils 389
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sqlnet 1521
  fixup protocol sip 5060
  fixup protocol skinny 2000
  no fixup protocol smtp 25
  names
  pager lines 24
  logging on
  logging trap debugging
  logging host inside 192.168.0.2
  interface ethernet0 100full
  interface ethernet1 100full
  interface ethernet2 100full
  mtu outside 1500
  mtu inside 1500
  mtu dmz 1500
  ip address outside dhcp setroute
  ip address inside 192.168.0.1 255.255.255.0
  ip address dmz 127.0.0.1 255.255.255.255
  ip audit info action alarm
  ip audit attack action alarm
  pdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0 0 0
  timeout xlate 0:30:00
  timeout conn 0:15:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
  0:05:00 si
  p 0:30:00 sip_media 0:02:00
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server RADIUS protocol radius
  aaa-server LOCAL protocol local
  no snmp-server location
  no snmp-server contact
  snmp-server community public
  no snmp-server enable traps
  floodguard enable
  sysopt connection permit-ipsec
  sysopt connection permit-pptp
  no sysopt route dnat
  telnet 192.168.0.2 255.255.255.255 inside
  telnet timeout 60
  ssh timeout 5
  dhcpd auto_config outside
  terminal width 80
  Cryptochecksum:0d7e04757f9b50f2a77acb163265e3ea
  : end
  [OK]
 
  _
  Send and receive Hotmail on your mobile device: http://mobile.msn.com
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49787t=49744
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can get it to work (Pix 515 behind cable modem [7:49744]

[Kevin O'Gilvie]

Thanks
Ill let u know what the outcome is..


From: Craig Columbus 
To: Kevin O'Gilvie 
CC: [EMAIL PROTECTED]
Subject: Re: Can get it to work (Pix 515 behind cable modem [7:49744]
Date: Fri, 26 Jul 2002 12:09:50 -0400

Kevin,

Kim's right...  If you've posted your entire config, then you've not opened
any ports.  By default, the PIX won't allow traffic through.  You have to
specifically enable what you want.
Create an access list and apply it to the inside interface:

access-list acl_inside permit ip any any
access-group acl_inside in interface inside

Craig





At 03:49 PM 7/26/2002 +, you wrote:
hi Kim,

Thanks for your advice, ill try it..

-Kevin

 From: Kim Graham
 To: Kevin O'Gilvie ,
 Subject: Re: Can get it to work (Pix 515 behind cable modem) [7:49744]
 Date: Fri, 26 Jul 2002 7:34:51 -0400
 
 I am new to the pix so please verify these entries before you try them
 (older version of pix) you need to add conduit statements.  This version 
of
 PIX (6.2(2)) may be able to use access lists so check on that prior to
 putting in the conduits.  Once you have entered the conduit statements
 clear the xlate and then try to initiate a session to the outside world.
 (show conduit, show xlate, clear xlate)
 
 example:
 conduit permit icmp any any
 conduit permit tcp any any eq www
 
 Kim
 
  
   From: Kevin O'Gilvie
   Date: 2002/07/26 Fri AM 01:20:23 EDT
   To: [EMAIL PROTECTED]
   Subject: Can get it to work (Pix 515 behind cable modem) [7:49744]
  
   Dear All,
  
   Below is my config.
   Can someone tell me why ckients on the inside interface cant get to 
the
   internet (browwse, ping, nothing)
   Yet show xlate shows clients Pat(ing) to outside address..
   I am so frustrated, dont know whats the issue???!!!
  
   PIX Version 6.2(2)
   nameif ethernet0 outside security0
   nameif ethernet1 inside security100
   nameif ethernet2 dmz security50
   enable password 8Ry2YjIyt7RRXU24 encrypted
   passwd 2KFQnbNIdI.2KYOU encrypted
   hostname pixfirewall
   fixup protocol ftp 21
   fixup protocol http 80
   fixup protocol h323 h225 1720
   fixup protocol h323 ras 1718-1719
   fixup protocol ils 389
   fixup protocol rsh 514
   fixup protocol rtsp 554
   fixup protocol sqlnet 1521
   fixup protocol sip 5060
   fixup protocol skinny 2000
   no fixup protocol smtp 25
   names
   pager lines 24
   logging on
   logging trap debugging
   logging host inside 192.168.0.2
   interface ethernet0 100full
   interface ethernet1 100full
   interface ethernet2 100full
   mtu outside 1500
   mtu inside 1500
   mtu dmz 1500
   ip address outside dhcp setroute
   ip address inside 192.168.0.1 255.255.255.0
   ip address dmz 127.0.0.1 255.255.255.255
   ip audit info action alarm
   ip audit attack action alarm
   pdm history enable
   arp timeout 14400
   global (outside) 1 interface
   nat (inside) 1 0.0.0.0 0.0.0.0 0 0
   timeout xlate 0:30:00
   timeout conn 0:15:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
   0:05:00 si
   p 0:30:00 sip_media 0:02:00
   timeout uauth 0:05:00 absolute
   aaa-server TACACS+ protocol tacacs+
   aaa-server RADIUS protocol radius
   aaa-server LOCAL protocol local
   no snmp-server location
   no snmp-server contact
   snmp-server community public
   no snmp-server enable traps
   floodguard enable
   sysopt connection permit-ipsec
   sysopt connection permit-pptp
   no sysopt route dnat
   telnet 192.168.0.2 255.255.255.255 inside
   telnet timeout 60
   ssh timeout 5
   dhcpd auto_config outside
   terminal width 80
   Cryptochecksum:0d7e04757f9b50f2a77acb163265e3ea
   : end
   [OK]
  
   _
   Send and receive Hotmail on your mobile device: http://mobile.msn.com
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com
_
Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49786t=49744
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Can get it to work (Pix 515 behind cable modem) [7:49744]

[Kevin O'Gilvie]

Thanks Peter,

Ill try that..


From: Peter zhang 
Reply-To: Peter zhang 
To: [EMAIL PROTECTED]
Subject: RE: Can get it to work (Pix 515 behind cable modem) [7:49744]
Date: Fri, 26 Jul 2002 17:56:38 GMT

change the outside interface to auto, create dhcpd address pool and enable
dhcpd pool inside.

int e0 auto
dhcpd enable inside
dhcpd address 192.168.0.1-192.168.0.15 inside
_
Chat with friends online, try MSN Messenger: http://messenger.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49806t=49744
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Can get it to work (Pix 515 behind cable modem) [7:49744]

[Kevin O'Gilvie]

I cant change any configurations on the Modem.
Its a Motorola Surfboard usXXX
optimum online set it up.
Do u know how I can go about getting into that modem to check the configs?


From: Mike Sweeney 
Reply-To: Mike Sweeney 
To: [EMAIL PROTECTED]
Subject: RE: Can get it to work (Pix 515 behind cable modem) [7:49744]
Date: Fri, 26 Jul 2002 12:27:42 GMT

Have you verified that the cable modem(bridge) can really talk 100 full? 
you
have the outside port hardcoded to 100 full. On my 501, I had to place it 
at
10 1/2 in order for the cable modem to work properly. Which is not a big
deal as total bandwidth at that point at best is 3Mbps downstream.. but 1.2
is much more reasonable so there is not any need for 100Mb

MikeS
www dot packetattack dot com
_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49780t=49744
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CLI vs PDM [7:49774]

[Kevin O'Gilvie]

Juan,

I love your quote.
Keep the CLI going I think that keeps you more tuned..
Dont want to become Checkpoint!!
Or Windows vs Unix..



From: Juan Blanco 
Reply-To: Juan Blanco 
To: [EMAIL PROTECTED]
Subject: CLI vs PDM [7:49774]
Date: Fri, 26 Jul 2002 14:45:39 GMT

Team,
For those security people on the Cisco World, Normally which interface do
you use the most, the CLI or the PDM. I am in the process of setting up
standards and we would like to define one for having access to our Pix.

Thanks,


Juan Blanco

The greatest glory in living lies not in never falling,
  but in rising every time we fall .
  -- Nelson Mandela

_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49777t=49774
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Here we go again ( Pix 515) [7:49492]

[Kevin O'Gilvie]

I wouldnt put dhcp on the firewall for 300 users.
But for 10 or 15 I would.

Thanks,

-Kevin


From: Gaz 
Reply-To: Gaz 
To: [EMAIL PROTECTED]
Subject: Re: Here we go again ( Pix 515) [7:49492]
Date: Wed, 24 Jul 2002 22:37:12 GMT

What's everybody's view on using the Pix as a DHCP server?

I used it once, only because after arriving on site to install the Pix the
customer mentioned that his old Firewall was doing DHCP and he had no plans
to do it on anything else.
Seemed to go fine, but would like to know if people have come across
limitations/issues.

I tend to agree with the view Right box for the job, i.e. don't make the
Pix do things it's not made for, but if pushed into the situation, how does
it compare.

Cheers,

Gaz

Kevin O'Gilvie  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi Kelly,
 
  You are absolutely right, and I love your strategy.
  That is the way I did it 2 years ago, but the only thing now is finding 
a
  vpn solution for the Macs. I used Pix for the PC's last time round but
never
  had to do this for the Mac's. Any ideas?
 
 
  From: Kelly Cobean
  Reply-To: Kelly Cobean
  To: [EMAIL PROTECTED]
  Subject: RE: Here we go again ( Pix 515) [7:49492]
  Date: Wed, 24 Jul 2002 02:18:38 GMT
  
  Man, you aren't asking much, are you? ;-)
  
  Ok, here's the order I'd do things in...
  
  First things first, get that firewall in place.  You don't list what
their
  internet connectivity is, but if they bought a PIX, it's safe to assume
  that
  they have a persistent connection, and that being true, they're really
  hanging it out there for someone to cut off, so to speak.  Network
security
  is always a primary concern, and the firewall won't take alot of time 
to
  set
  up.  Not setting it up could be very costly.  If they already have a
  light(er)-weight firewall like a Linux host running IP chains or IP
tables,
  replacing this first will save your users down-time later because you 
can
  pre-configure your internet rulebase/access in preparation for your
private
  addressing.
  
  Next, I'd do the DHCP and Private Addressing.  These go hand in hand, 
and
  since your firewall is now in place, you can do the NAT/PAT 
translations
as
  needed and not have to rethink these later.
  
  Third, get Exchange up and running.  If it's going on a different 
system
  than Quick mail is running on, great!  Now you can get them running in
  parallel, and move users accounts over one at a time or in batches.
There
  are probably tools out there to do the mailbox format conversion.  Now
that
  your network is secure at layer3/4, you can focus on the nitty-gritty 
of
  the
  user data. (Oh yeah, don't forget that backup!!!)
  
  It's a 10,000 foot view, but that's how I'd do it.  I'm not really a 
MAC
  guy, but I'd venture a guess that most or all of your MAC's run TCP/IP
and
  support DHCP, so from an L3/4 standpoint, they're really no different
than
  your PC's.
  
  When doing multiple projects like this, I tend to work along the OSI
model.
  If the wiring is horrible, or the NIC's are all old 10Base2 nics and 
have
  transceivers to hook them to your BaseT network, take care of the layer 
1
  stuff first.  Next, if the network is all unmanaged hubs, and your
network
  is one gigantic broadcast domain, start installing switches to quiet 
down
  the network.  Next, get VLANs/routing/security in place for Layer3/4.
  Next,
  work on the upper layers where all of your apps and data live and 
talk.
  Just my $0.02 worth.
  
  HTH,
  Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
  Network Engineer
  ATT Government Solutions, Inc.
  
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
  Kevin O'Gilvie
  Sent: Tuesday, July 23, 2002 9:07 PM
  To: [EMAIL PROTECTED]
  Subject: Here we go again ( Pix 515) [7:49492]
  
  
  Dear All,
  
  I am jumping into a similar mess as when I started at my current 
company,
  but this time the Macs out number the PC's. Well here is the scoop:
  180 Macs
  50 PC's
  Static Ip's
  No DHCP
  No FW
  Quick Mail Server
  and a whole bunch of other nasty things..
  - They just purchases a Pix 515
  - They just bought Exchange 5.5
  
  My projects are:
  Set up DHCP
  Set up Pix
  Set up Private Addressing
  Set up Exchange
  Migrate them from Quick Mail
  etc etc
  I have done this before but maybe you guys can help as to how I should 
go
  about this the quickest.
  
  Thanks,
  
  Kevin
  
  
  _
  Send and receive Hotmail on your mobile device: http://mobile.msn.com
  _
  Send and receive Hotmail on your mobile device: http://mobile.msn.com
_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=4965

RE: Here we go again ( Pix 515) [7:49492]

[Kevin O'Gilvie]

Hey,

No flames aginst NT admins.
In these tuff times Network Admins need to know all
FW's, Servers, PC's, Mac's, Switches, Routers, even Cabling..
In order to survive.
Like myself!!


From: Juan Blanco 
Reply-To: [EMAIL PROTECTED]
To: 'Kevin O'Gilvie' , [EMAIL PROTECTED]
Subject: RE: Here we go again ( Pix 515) [7:49492]
Date: Thu, 25 Jul 2002 11:14:08 -0400

Team,
The way I see it, dhcp on the firewall is only for small number of users,
when it comes to mid-size-up network you don't want to use a firewall for a
DHCPCan you see an NT administrator making changes in your firewall
because he/she is having problems with DHCP(This network will be
available to hackers in the Theater near You)

My two cents.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kevin O'Gilvie
Sent: Thursday, July 25, 2002 10:27 AM
To: [EMAIL PROTECTED]
Subject: Re: Here we go again ( Pix 515) [7:49492]


I wouldnt put dhcp on the firewall for 300 users.
But for 10 or 15 I would.

Thanks,

-Kevin


 From: Gaz
 Reply-To: Gaz
 To: [EMAIL PROTECTED]
 Subject: Re: Here we go again ( Pix 515) [7:49492]
 Date: Wed, 24 Jul 2002 22:37:12 GMT
 
 What's everybody's view on using the Pix as a DHCP server?
 
 I used it once, only because after arriving on site to install the Pix 
the
 customer mentioned that his old Firewall was doing DHCP and he had no 
plans
 to do it on anything else.
 Seemed to go fine, but would like to know if people have come across
 limitations/issues.
 
 I tend to agree with the view Right box for the job, i.e. don't make 
the
 Pix do things it's not made for, but if pushed into the situation, how 
does
 it compare.
 
 Cheers,
 
 Gaz
 
 Kevin O'Gilvie  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Hi Kelly,
  
   You are absolutely right, and I love your strategy.
   That is the way I did it 2 years ago, but the only thing now is 
finding
 a
   vpn solution for the Macs. I used Pix for the PC's last time round but
 never
   had to do this for the Mac's. Any ideas?
  
  
   From: Kelly Cobean
   Reply-To: Kelly Cobean
   To: [EMAIL PROTECTED]
   Subject: RE: Here we go again ( Pix 515) [7:49492]
   Date: Wed, 24 Jul 2002 02:18:38 GMT
   
   Man, you aren't asking much, are you? ;-)
   
   Ok, here's the order I'd do things in...
   
   First things first, get that firewall in place.  You don't list what
 their
   internet connectivity is, but if they bought a PIX, it's safe to 
assume
   that
   they have a persistent connection, and that being true, they're 
really
   hanging it out there for someone to cut off, so to speak.  Network
 security
   is always a primary concern, and the firewall won't take alot of time
 to
   set
   up.  Not setting it up could be very costly.  If they already have a
   light(er)-weight firewall like a Linux host running IP chains or IP
 tables,
   replacing this first will save your users down-time later because you
 can
   pre-configure your internet rulebase/access in preparation for your
 private
   addressing.
   
   Next, I'd do the DHCP and Private Addressing.  These go hand in hand,
 and
   since your firewall is now in place, you can do the NAT/PAT
 translations
 as
   needed and not have to rethink these later.
   
   Third, get Exchange up and running.  If it's going on a different
 system
   than Quick mail is running on, great!  Now you can get them running 
in
   parallel, and move users accounts over one at a time or in batches.
 There
   are probably tools out there to do the mailbox format conversion.  
Now
 that
   your network is secure at layer3/4, you can focus on the nitty-gritty
 of
   the
   user data. (Oh yeah, don't forget that backup!!!)
   
   It's a 10,000 foot view, but that's how I'd do it.  I'm not really a
 MAC
   guy, but I'd venture a guess that most or all of your MAC's run 
TCP/IP
 and
   support DHCP, so from an L3/4 standpoint, they're really no different
 than
   your PC's.
   
   When doing multiple projects like this, I tend to work along the OSI
 model.
   If the wiring is horrible, or the NIC's are all old 10Base2 nics and
 have
   transceivers to hook them to your BaseT network, take care of the 
layer
 1
   stuff first.  Next, if the network is all unmanaged hubs, and your
 network
   is one gigantic broadcast domain, start installing switches to quiet
 down
   the network.  Next, get VLANs/routing/security in place for Layer3/4.
   Next,
   work on the upper layers where all of your apps and data live and
 talk.
   Just my $0.02 worth.
   
   HTH,
   Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
   Network Engineer
   ATT Government Solutions, Inc.
   
   -Original Message-
   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf 
Of
   Kevin O'Gilvie
   Sent: Tuesday, July 23, 2002 9:07 PM
   To: [EMAIL PROTECTED]
   Subject: Here we go again ( Pix 515) [7:49492]
   
   
   Dear All,
   
   I am jumping into a similar mess as when I start

RE: Here we go again ( Pix 515) [7:49492]

[Kevin O'Gilvie]

Hi Kelly,

You are absolutely right, and I love your strategy.
That is the way I did it 2 years ago, but the only thing now is finding a 
vpn solution for the Macs. I used Pix for the PC's last time round but never 
had to do this for the Mac's. Any ideas?


From: Kelly Cobean 
Reply-To: Kelly Cobean 
To: [EMAIL PROTECTED]
Subject: RE: Here we go again ( Pix 515) [7:49492]
Date: Wed, 24 Jul 2002 02:18:38 GMT

Man, you aren't asking much, are you? ;-)

Ok, here's the order I'd do things in...

First things first, get that firewall in place.  You don't list what their
internet connectivity is, but if they bought a PIX, it's safe to assume 
that
they have a persistent connection, and that being true, they're really
hanging it out there for someone to cut off, so to speak.  Network security
is always a primary concern, and the firewall won't take alot of time to 
set
up.  Not setting it up could be very costly.  If they already have a
light(er)-weight firewall like a Linux host running IP chains or IP tables,
replacing this first will save your users down-time later because you can
pre-configure your internet rulebase/access in preparation for your private
addressing.

Next, I'd do the DHCP and Private Addressing.  These go hand in hand, and
since your firewall is now in place, you can do the NAT/PAT translations as
needed and not have to rethink these later.

Third, get Exchange up and running.  If it's going on a different system
than Quick mail is running on, great!  Now you can get them running in
parallel, and move users accounts over one at a time or in batches.  There
are probably tools out there to do the mailbox format conversion.  Now that
your network is secure at layer3/4, you can focus on the nitty-gritty of 
the
user data. (Oh yeah, don't forget that backup!!!)

It's a 10,000 foot view, but that's how I'd do it.  I'm not really a MAC
guy, but I'd venture a guess that most or all of your MAC's run TCP/IP and
support DHCP, so from an L3/4 standpoint, they're really no different than
your PC's.

When doing multiple projects like this, I tend to work along the OSI model.
If the wiring is horrible, or the NIC's are all old 10Base2 nics and have
transceivers to hook them to your BaseT network, take care of the layer 1
stuff first.  Next, if the network is all unmanaged hubs, and your network
is one gigantic broadcast domain, start installing switches to quiet down
the network.  Next, get VLANs/routing/security in place for Layer3/4.  
Next,
work on the upper layers where all of your apps and data live and talk.
Just my $0.02 worth.

HTH,
Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
Network Engineer
ATT Government Solutions, Inc.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kevin O'Gilvie
Sent: Tuesday, July 23, 2002 9:07 PM
To: [EMAIL PROTECTED]
Subject: Here we go again ( Pix 515) [7:49492]


Dear All,

I am jumping into a similar mess as when I started at my current company,
but this time the Macs out number the PC's. Well here is the scoop:
180 Macs
50 PC's
Static Ip's
No DHCP
No FW
Quick Mail Server
and a whole bunch of other nasty things..
- They just purchases a Pix 515
- They just bought Exchange 5.5

My projects are:
Set up DHCP
Set up Pix
Set up Private Addressing
Set up Exchange
Migrate them from Quick Mail
etc etc
I have done this before but maybe you guys can help as to how I should go
about this the quickest.

Thanks,

Kevin


_
Send and receive Hotmail on your mobile device: http://mobile.msn.com
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49522t=49492
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Here we go again ( Pix 515) [7:49492]

[Kevin O'Gilvie]

Dear All,

I am jumping into a similar mess as when I started at my current company, 
but this time the Macs out number the PC's. Well here is the scoop:
180 Macs
50 PC's
Static Ip's
No DHCP
No FW
Quick Mail Server
and a whole bunch of other nasty things..
- They just purchases a Pix 515
- They just bought Exchange 5.5

My projects are:
Set up DHCP
Set up Pix
Set up Private Addressing
Set up Exchange
Migrate them from Quick Mail
etc etc
I have done this before but maybe you guys can help as to how I should go 
about this the quickest.

Thanks,

Kevin


_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49492t=49492
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Setting up a lab w/ [7:48213]

[Kevin O'Gilvie]

Hi All,

I currently have a pix 515, and a checkpoint FW1 for my home lab..
I am looking for some ideas on how i should set this up for the best 
learning experience.. I currently have a cable modem connection and no 
static IP's.. Indeed i will purchase routers, but before I do I wanted to 
ask the experts ( Thats you guys of couse!!).I want to accieve my cisco 
security certifications as well as checkpoint..Please list the material I 
should purchase as well as some great lab guides..

Thanks A million,

-Kevin
CCNA 2.0, BCRAN, Switching 2.0

_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=48213t=48213
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: New York Study Group [7:23580]

[Kevin O'Gilvie]

We have one already..
Just send me ya contact info we will get together..

-Kevin



From: John C Piedrahita 
Reply-To: John C Piedrahita 
To: [EMAIL PROTECTED]
Subject: Re: New York Study Group [7:23580]
Date: Mon, 29 Oct 2001 14:50:02 -0500

Count me in too!

John

ALFREDO TORRES wrote:

  I would be interested in being part of the cisco study group.
 
  - Original Message -
  From: Philip Jache
  To:
  Sent: Friday, October 19, 2001 8:24 PM
  Subject: RE: New York Study Group [7:23580]
 
   We could start one.
  
   Philip Jache
   Sports Illustrated
   135 West 50th Street
   New York, NY 10020
_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=25006t=23580
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN and Outlook [7:17692]

[Kevin O'Gilvie]

I have the same problem, but its due to the fact that users are pulling so 
much data from exchange over a 56k link latency is expected. My users that 
have dsl and cable modems have no complaints.

Kevin


From: Randall Yoo 
Reply-To: Randall Yoo 
To: [EMAIL PROTECTED]
Subject: RE: VPN and Outlook [7:17692]
Date: Wed, 29 Aug 2001 15:26:11 -0400

Judging from the fact that Tom's doing VPN, I'd say 'with Exchange.'

I realize that you already have VPN 3000 Concentrator; but, try Netscreen
VPN, it's lightening fast.


Randall


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 29, 2001 10:42 AM
To: [EMAIL PROTECTED]
Subject: RE: VPN and Outlook [7:17692]


Are you using Outlook w/ Exchange or POP/IMAPing?
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Tom Richs
Sent: Wednesday, August 29, 2001 08:55 AM
To: [EMAIL PROTECTED]
Subject: VPN and Outlook [7:17692]


I have a VPN 3000 concentrator installed.  When Microsoft Outlook is
launched with the VPN client connection, Outlook is extremely slow.  Has
anyone encounter this or have any insight on this.  Thanks.

Tom

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=17730t=17692
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PBX Tech needed in NY!!!! [7:9989]

[Kevin O'Gilvie]

Hello All,

Sorry for this Post but a friend of mine is looking for a PBX tech in NY. 
The pay is really well so if you know of anyone please have them email me 
asap..

Thanks,

Kevin
_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=9989t=9989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Passed BSCN but..............? [7:7719]

[Kevin O'Gilvie]

I am planning to take this exam next week, what Boson exam do you recommend, 
and what advise can you give re: must know's..


From: cheekin 
Reply-To: cheekin 
To: [EMAIL PROTECTED]
Subject: Re: Passed BSCN but..? [7:7719]
Date: Tue, 12 Jun 2001 03:20:41 -0400

I must have been the unlucky one over here.  Got a lot of scenario 
questions
that tested me on the understanding of the routing protocols and questions
on redistribution.

Regards,
cheekin

- Original Message -
From: Remmert Veen
To:
Sent: Monday, June 11, 2001 18:28
Subject: RE: Passed BSCN but..? [7:7719]


  Hmmmjust passed the BSCN as well, amazingly with a 919, just like 
you!
 
  My findings are completely the same, the exam was way too easy. While I
was
  preparing for tough, in-depth questions and a lot of CLI commands, the
exam
  stuck at the level of 'What do the letters BGP stand for?'.
 
  A shame, let's hope the switching-exam will be of a bit better quality.
 
  Regards,
  Remmert
_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=8148t=7719
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Windows 2000 Server Architechture/ Data Organization [7:5310]

[Kevin O'Gilvie]

Hi Everyone,

I am in the process of reorginizing this my network, Prior to me everything 
was just put everywhere and I need to come up with a full proof plan. My 
questions are:

-For a 60 user enviorment how many servers do I need to run Active Directory 
on, Should AD be on a dedicated box?

-How should I organize data, (users / corp data/ Fin Data) What restrictions 
should I put on these shares?

-DNS, Wins, DHCP, Exchange, SQL, IIS5, Inoculate, Backup Exec, Print 
Services,  What should be on dedicated boxes what shouldnt?

TIA,

Kevin


_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=5310t=5310
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Windows 2000 Server Architechture/ Data Organization [7:5328]

[Kevin O'Gilvie]

Donald,

Sorry I wasnt kidding, maybe I am just not as advanced as you and look to 
learn from taking advice from peers. Am I wrong for that. Stupid me..

Kevin


From: Donald B Johnson jr 
To: Kevin O'Gilvie , 
Subject: Re: Windows 2000 Server Architechture/ Data Organization [7:5310]
Date: Mon, 21 May 2001 15:49:20 -0700

(Kevin) Your kidding right, that was hillarious!!! Personally I don't think
IIS5 should be on a dedicated box, instead it should be Apache on a E250
minimum.
(Group)I was trying to be quiet for a few days with all this anti-
(Quasi)flame rhetoric goin-on. Please forgive me, my new leaf just floated
away, hope I'm not using too much bandwidth though. Previous scolders need
not reply.
Don

- Original Message -
From: Kevin O'Gilvie 
To: 
Sent: Monday, May 21, 2001 12:10 PM
Subject: Windows 2000 Server Architechture/ Data Organization [7:5310]


  Hi Everyone,
 
  I am in the process of reorginizing this my network, Prior to me
everything
  was just put everywhere and I need to come up with a full proof plan. My
  questions are:
 
  -For a 60 user enviorment how many servers do I need to run Active
Directory
  on, Should AD be on a dedicated box?
 
  -How should I organize data, (users / corp data/ Fin Data) What
restrictions
  should I put on these shares?
 
  -DNS, Wins, DHCP, Exchange, SQL, IIS5, Inoculate, Backup Exec, Print
  Services,  What should be on dedicated boxes what shouldnt?
 
  TIA,
 
  Kevin
 
 
  _
  Get your FREE download of MSN Explorer at http://explorer.msn.com
  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=5328t=5328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Just been Hacked!!!!! [7:3452]

[Kevin O'Gilvie]

Apparently over the weekend Poison Box got pass my Pix and overwrote some 
files on the intranet Box and maybe more damage than I know of at this 
Moment. I need help on finding out hjw they got in and how to prevent it 
happeneing in the future. Please help.

Thanks,

Kevin
_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=3452t=3452
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Setting up Radius Server on Windows 2000 Server [7:2742]

[Kevin O'Gilvie]

Does any one have any info on setting this up?

TIA

Kevin
_
Get your FREE download of MSN Explorer at http://explorer.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=2742t=2742
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Blocking Napster and Aol on Pix config/Setting up Tacus or Radius

[Kevin O'Gilvie]

Before I ask this question I would like to give something back, below is the 
config to block aim and napster:

access-list acl_out deny tcp any any eq 5190
access-list acl_out deny tcp any any eq 8875
access-list acl_out deny tcp any any eq 
access-list acl_out deny tcp any any eq 6699
access-list acl_out deny tcp any any eq 
access-group acl_out in interface inside
access-list acl_out permit tcp any any
access-list acl_out permit ip any any


Now I would like to setup a Tacus+ or Radius Server on My network I have a 
widows 2000 domain and I am unsure of how to do this. Please advise.

TIA,

Kevin
_
Get your FREE download of MSN Explorer at http://explorer.msn.com
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Block Instant Messenger from the Pix..

[Kevin O'Gilvie]

Does anyone know what command blocks this port..

Regards,

Kevin
_
Get your FREE download of MSN Explorer at http://explorer.msn.com
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Pix Performance Issues

[Kevin O'Gilvie]

I have a pix 515 R, and I have noticed that I have to clear xlate at least 
once a day in order to keep it from slowing down internet access, also I 
have users complaining on how slow the vpn is, I am using ms pptp, due to 
the fact that the windows 2000 client has not come out yet. How can I get 
this pix maximize performance without upgrading to the UR, which is what 
cisco recommends which is a 6k investment. Is anypne else running into these 
issues? Also I have noticed since I am using local authentication, there is 
no security on my domain, once in all users can map drives , delete and so 
on. I have about 60 users.

Keep in mind that I have global users that use 56k dial up and then pptp to 
the fw.

TIA
-Kevin
_
Get your FREE download of MSN Explorer at http://explorer.msn.com
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Pix Performance Issues

[Kevin O'Gilvie]

I only have 32 megs on the 515r, the upgrade adds 32 m and a licence which 
makes it 515UR for 6k. I was thinking that it was pptp, but since I am using 
local authentication, users authenticate at the fw with one username and 
password, authentication is very fast but checking email browsing network 
and saving files etc., is at a crawl. Just opening outlook can take 20 min.
I am hoping that the win2k client will solve some of these problems, can 
someone send me the link..

TIA

Kevin

From: "Allen May" [EMAIL PROTECTED]
To: "Kevin O'Gilvie" [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Pix Performance Issues
Date: Mon, 2 Apr 2001 11:32:31 -0500

Yes.  It's not a PIX issue causing the slow VPN.  It's a Microsoft issue.  
I
validated this by putting a vpn test box outside the firewall.  The
encryption overhead and known issues with TCP/IP being slower on Windows 
add
up and cause PPTP to crawl.  Add on top of that 56K + internet traffic
between users  your network and it's even worse.  I do believe I saw a 
post
in here saying the Win2K client is available now but I could be mistaken.

I'm not sure why you're having to do clear xlate daily.  I only have to do
that when I change static, conduit, or ACL statements (as required in 
docs).
How much memory do you have in the PIX?

Allen
- Original Message -
From: "Kevin O'Gilvie" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 02, 2001 10:51 AM
Subject: Pix Performance Issues


  I have a pix 515 R, and I have noticed that I have to clear xlate at 
least
  once a day in order to keep it from slowing down internet access, also I
  have users complaining on how slow the vpn is, I am using ms pptp, due 
to
  the fact that the windows 2000 client has not come out yet. How can I 
get
  this pix maximize performance without upgrading to the UR, which is what
  cisco recommends which is a 6k investment. Is anypne else running into
these
  issues? Also I have noticed since I am using local authentication, there
is
  no security on my domain, once in all users can map drives , delete and 
so
  on. I have about 60 users.
 
  Keep in mind that I have global users that use 56k dial up and then pptp
to
  the fw.
 
  TIA
  -Kevin
  _
  Get your FREE download of MSN Explorer at http://explorer.msn.com
_
Get your FREE download of MSN Explorer at http://explorer.msn.com
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Pix Firewall Issue

[Kevin O'Gilvie]

Does anyone know of a vpn client for Windows 2000, I have Cisco Secure but 
it doesnt run on 2000, I need to implement a vpn solution for my company 
that will integrate with the PIX 515 that I just purchased..

Regards,

Kevin


From: "Kenny Sallee" [EMAIL PROTECTED]
Reply-To: "Kenny Sallee" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Pix Firewall Issue
Date: Wed, 7 Feb 2001 15:55:14 -0800

Actually it's not a good idea to do a 'conduit permit icmp any any'.  If 
you
want ping traffic to originate inside then do this:

conduit permit icmp 208.184.23.0 255.255.255.0 any echoreply

Think about the way ping works - your workstation sends an icmp echo - the
end station sends an icmp echo-reply - which from the PIX standpoint is a
new inbound packet ( cuz it's stateless ).  Therefore - let the echo-reply
in only.  Not all ICMP messages.

Kenny

"Daniel Cotts" [EMAIL PROTECTED] wrote in message
303479FA060CD211B893F805A88AA10F4C@EXCHANGE1">news:303479FA060CD211B893F805A88AA10F4C@EXCHANGE1...
  You're not telling us from where you are pinging. From the PIX? From a
host
  behind the Firewall? From a host outside the Firewall?
  Anyway this command is good to have in later versions if you want pings 
to
  traverse the PIX.
  conduit permit icmp any any
  You may also want to modify that command or eliminate it, if you want to
  enforce a stronger policy.
 
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/con
  fig.htm#xtocid1091627
 
   -Original Message-
   From: exchange [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, February 07, 2001 1:09 PM
   To: '[EMAIL PROTECTED]'
   Subject: Pix Firewall Issue
  
  
   Hi Gang,
  
   I have a Pix Firewall 520 and wondered if this was a feature or a
   configuration issue on my firwall.  We have an entire class C
   address say
   208.184.23.x to use for our network. We use the 192.168.1.x
   network for our
   internal network.  I am having problems pinging a machine's
   Internet ip
   address say 208.184.23.11 which I noticed is statically mapped to it's
   internal address say 192.168.1.10 on the pix.
  
   For example, If I ping another box 208.184.23.12 and not
   statically mapped
   to a internal ip address on the pix, I get a response.
  
   Any help or hints would be greatly appreciated.
  
   Thanks!
  
   _
   FAQ, list archives, and subscription info:
   http://www.groupstudy.com/list/cisco.html
   Report misconduct
   and Nondisclosure violations to [EMAIL PROTECTED]
  
 
  _
  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 


_
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Pix Firewall Issue

[Kevin O'Gilvie]

Can you point me in the right direction of where I can research the 
alternatives..

Regards,

Kevin


From: "Kenny Sallee" [EMAIL PROTECTED]
To: "Kevin O'Gilvie" [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Pix Firewall Issue
Date: Fri, 9 Feb 2001 08:23:24 -0800

Right now there is no Win2k client available from Cisco.  There is a beta
out of the Altiga 3000 client - which can work with the PIX as well.  You
may be able to call TAC and request a copy.  Though if you are hiding 
behind
PAT and terminating on a PIX you are still SOL.  The alternative for win2k
clients is PPTP with MPPE.  Very simple to implement and is a hold over
until the 2k client is available.  You can either terminate on the PIX and
use Funk software radius server ( cisco secure ACS doesn't support MPPE ), 
a
local database created on the PIX, or put a beefy win2k server in a DMZ and
pass the PPTP traffic to that server.  It'll need to be dual homed and
secure as much as possible.  Good luck

Kenny

- Original Message -
From: "Kevin O'Gilvie" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, February 09, 2001 7:29 AM
Subject: Re: Pix Firewall Issue


  Does anyone know of a vpn client for Windows 2000, I have Cisco Secure 
but
  it doesnt run on 2000, I need to implement a vpn solution for my company
  that will integrate with the PIX 515 that I just purchased..
 
  Regards,
 
  Kevin
 
 
  From: "Kenny Sallee" [EMAIL PROTECTED]
  Reply-To: "Kenny Sallee" [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Subject: Re: Pix Firewall Issue
  Date: Wed, 7 Feb 2001 15:55:14 -0800
  
  Actually it's not a good idea to do a 'conduit permit icmp any any'.  
If
  you
  want ping traffic to originate inside then do this:
  
  conduit permit icmp 208.184.23.0 255.255.255.0 any echoreply
  
  Think about the way ping works - your workstation sends an icmp echo -
the
  end station sends an icmp echo-reply - which from the PIX standpoint is 
a
  new inbound packet ( cuz it's stateless ).  Therefore - let the
echo-reply
  in only.  Not all ICMP messages.
  
  Kenny
  
  "Daniel Cotts" [EMAIL PROTECTED] wrote in message
  303479FA060CD211B893F805A88AA10F4C@EXCHANGE1">news:303479FA060CD211B893F805A88AA10F4C@EXCHANGE1...
You're not telling us from where you are pinging. From the PIX? From 
a
  host
behind the Firewall? From a host outside the Firewall?
Anyway this command is good to have in later versions if you want
pings
  to
traverse the PIX.
conduit permit icmp any any
You may also want to modify that command or eliminate it, if you 
want
to
enforce a stronger policy.
   
 
 http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/co
n
fig.htm#xtocid1091627
   
 -Original Message-
 From: exchange [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 07, 2001 1:09 PM
 To: '[EMAIL PROTECTED]'
 Subject: Pix Firewall Issue


 Hi Gang,

 I have a Pix Firewall 520 and wondered if this was a feature or a
 configuration issue on my firwall.  We have an entire class C
 address say
 208.184.23.x to use for our network. We use the 192.168.1.x
 network for our
 internal network.  I am having problems pinging a machine's
 Internet ip
 address say 208.184.23.11 which I noticed is statically mapped to
it's
 internal address say 192.168.1.10 on the pix.

 For example, If I ping another box 208.184.23.12 and not
 statically mapped
 to a internal ip address on the pix, I get a response.

 Any help or hints would be greatly appreciated.

 Thanks!

 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct
 and Nondisclosure violations to [EMAIL PROTECTED]

   
_
FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to 
[EMAIL PROTECTED]
   
  
  
  _
  FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 
  _
  Get your FREE download of MSN Explorer at http://explorer.msn.com
 
 



_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco Pix Firewall 515

[Kevin O'Gilvie]

Thanks for the overwhelming response to my Total Virus Solution, You guys 
are great!!

Now I have another issue we just purchased the Cisco Pix, I am a checkpoint 
guy that kinda walked into this situation. Now i have the 515 sitting here 
and with 2 ehternet interfaces. I need to set up VPN, IP Nat ( this company 
is currently using all public IP's dont ask me why), and a security policy. 
I am figuring that to complete my tasks I need another interface for my DMZ 
zone ( i.e exchange , DNS, and Web severs).

What steps do you think I should take to complete this task?


Best Regards,

Kevin
_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Lab Preparation Book

[Kevin O'Gilvie]

Dear All,

I currently have a study group with about 6 members , we are in desperate 
need of lab materials that we can practice in order to get us ready for our 
exams. i.e. setting up atm, voip, frame really, token ring, etc. If anyone 
knows ant good books or lab guides that can help us it would be greatly 
appreciated.

Thanks in Advance,

Kevin
_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Lab Preparation Book

[Kevin O'Gilvie]

Thanks alot for your help I appreciate it.


From: "John Huston" [EMAIL PROTECTED]
Reply-To: "John Huston" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: CCIE Lab Preparation Book
Date: Sun, 21 Jan 2001 17:12:27 -0600

Give these guys a try http://www.solutionlabs.com/ and also
www.certificationzone.com .  For some pretty simple ones to get your 
started
buy the Cisco CCIE All-In-One Lab Study Guide with CDROM.

Good Luck,

JH






""Kevin O'Gilvie"" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Dear All,
 
  I currently have a study group with about 6 members , we are in 
desperate
  need of lab materials that we can practice in order to get us ready for
our
  exams. i.e. setting up atm, voip, frame really, token ring, etc. If 
anyone
  knows ant good books or lab guides that can help us it would be greatly
  appreciated.
 
  Thanks in Advance,
 
  Kevin
  _
  Get your FREE download of MSN Explorer at http://explorer.msn.com
 
  _
  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 


_
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passed BCRAN.. need help for BCSN

[Kevin O'Gilvie]

1-1603
2-2521
2-2503
1-7000

Its a group effort me and my study group.. Do you guys think this is good
enough?

-Original Message-
From: Rah Sta [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 21, 2000 12:17 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Passed BCRAN.. need help for BCSN


Kevin,

Lucky you six routers. I be lucky to get two. So what are those six routers.
Have fun. PEACE


   Raheem


From: "Kevin O'Gilvie" [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: "Rah Sta" [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: RE: Passed BCRAN.. need help for BCSN
Date: Mon, 20 Nov 2000 18:21:10 -0500

No hands on, I just ordered my lab recently form Ebay.. I got six routers
it
should be here by next week.. I plan to go crazy with my labs in order to
prepare for my CCNP/CCIE certifications / new job hopefully..


-Original Message-
From: Rah Sta [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 20, 2000 6:19 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Passed BCRAN.. need help for BCSN


Kevin,

Did you have any hands on? I plan on buying two router. maybe a 2502 and
2501 or 2503. Thanks.


      Raheem


 From: "Kevin O'Gilvie" [EMAIL PROTECTED]
 Reply-To: "Kevin O'Gilvie" [EMAIL PROTECTED]
 To: "Rah Sta" [EMAIL PROTECTED], [EMAIL PROTECTED]
 Subject: RE: Passed BCRAN.. need help for BCSN
 Date: Mon, 20 Nov 2000 16:00:27 -0500
 
 Cisco Press BCRAN book by Catherine Paquet , Boson Test #1, Studied hard
 for
 two weeks non stop and passed!!!
 
 -Original Message-
 From: Rah Sta [mailto:[EMAIL PROTECTED]]
 Sent: Monday, November 20, 2000 3:51 PM
 To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Subject: Re: Passed BCRAN.. need help for BCSN
 
 
 Kevin,
 
 What did you use to help you pass the BCRAN exam? Thamk you.
 
 
   Raheem
 
 
  From: "Kevin O'Gilvie" [EMAIL PROTECTED]
  Reply-To: "Kevin O'Gilvie" [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Subject: Passed BCRAN..  need help for BCSN
  Date: Fri, 17 Nov 2000 15:50:49 -0500
  
  Hello Cisco Lovers,
  
  thanks to all your wonderful posts,
  I passed my second exam on the road to CCNP, I need some links for BCSN
  resources due to the fact that I am waiting on my book from Cisco Press
  that
  is currently out of stock...
  
  Please Advise,
  
  Kevin
  
  
  _
  FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 
 _
 Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
 
 Share information about yourself, create your own public profile at
 http://profiles.msn.com.
 
 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
_
_
Get more from the Web.  FREE MSN Explorer download :
http://explorer.msn.com



_
Get more from the Web.  FREE MSN Explorer download : http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passed BCRAN.. need help for BCSN

[Kevin O'Gilvie]

Cisco Press BCRAN book by Catherine Paquet , Boson Test #1, Studied hard for
two weeks non stop and passed!!!

-Original Message-
From: Rah Sta [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 20, 2000 3:51 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Passed BCRAN.. need help for BCSN


Kevin,

What did you use to help you pass the BCRAN exam? Thamk you.


 Raheem


From: "Kevin O'Gilvie" [EMAIL PROTECTED]
Reply-To: "Kevin O'Gilvie" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Passed BCRAN..  need help for BCSN
Date: Fri, 17 Nov 2000 15:50:49 -0500

Hello Cisco Lovers,

thanks to all your wonderful posts,
I passed my second exam on the road to CCNP, I need some links for BCSN
resources due to the fact that I am waiting on my book from Cisco Press
that
is currently out of stock...

Please Advise,

Kevin


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Resume Help..

[Kevin O'Gilvie]

Hello again Cisco Lovers,

I am trying to put my resume together , I am a Sytems Administrator with
about 2 years experience in NT primarily, Checkpoint, Mac and client OS's. I
was wondering if you guys can send me some resume's so I can get a basic
idea of what mine should look like..

Thanks in advance,

Kevin


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passed BCRAN.. need help for BCSN

[Kevin O'Gilvie]

No hands on, I just ordered my lab recently form Ebay.. I got six routers it
should be here by next week.. I plan to go crazy with my labs in order to
prepare for my CCNP/CCIE certifications / new job hopefully..


-Original Message-
From: Rah Sta [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 20, 2000 6:19 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Passed BCRAN.. need help for BCSN


Kevin,

Did you have any hands on? I plan on buying two router. maybe a 2502 and
2501 or 2503. Thanks.


 Raheem


From: "Kevin O'Gilvie" [EMAIL PROTECTED]
Reply-To: "Kevin O'Gilvie" [EMAIL PROTECTED]
To: "Rah Sta" [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: RE: Passed BCRAN.. need help for BCSN
Date: Mon, 20 Nov 2000 16:00:27 -0500

Cisco Press BCRAN book by Catherine Paquet , Boson Test #1, Studied hard
for
two weeks non stop and passed!!!

-Original Message-
From: Rah Sta [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 20, 2000 3:51 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Passed BCRAN.. need help for BCSN


Kevin,

What did you use to help you pass the BCRAN exam? Thamk you.


      Raheem


 From: "Kevin O'Gilvie" [EMAIL PROTECTED]
 Reply-To: "Kevin O'Gilvie" [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: Passed BCRAN..  need help for BCSN
 Date: Fri, 17 Nov 2000 15:50:49 -0500
 
 Hello Cisco Lovers,
 
 thanks to all your wonderful posts,
 I passed my second exam on the road to CCNP, I need some links for BCSN
 resources due to the fact that I am waiting on my book from Cisco Press
 that
 is currently out of stock...
 
 Please Advise,
 
 Kevin
 
 
 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


_
Get more from the Web.  FREE MSN Explorer download : http://explorer.msn.com

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Passed BCRAN.. need help for BCSN

[Kevin O'Gilvie]

Hello Cisco Lovers,

thanks to all your wonderful posts,
I passed my second exam on the road to CCNP, I need some links for BCSN
resources due to the fact that I am waiting on my book from Cisco Press that
is currently out of stock...

Please Advise,

Kevin


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Please Help with CCNP/CCIE lab decision

[Kevin O'Gilvie]

Hi guys,

I currently have a study group of seven people we are going to chip in for
CCNP/CCIE hardware. I just wanted to make sure before we spend the money
that we are getting the right stuff at the right price. Please advise as to
what we are missing besides ATM and Voice over IP which we plan to purchase
later.. Below is the quote:
1   2501Cisco 2501 Router   1   $1,195.00   $1,195.00
2   2503Cisco 2503 Router   1   $1,295.00   $1,295.00
3   2504Cisco 2504 Router   1   $995.00 $995.00
4   2509Cisco 2509 Router   1   $1,295.00   $1,295.00
5   2513Cisco 2513 Router   1   $1,295.00   $1,295.00
6   V35MT/V35FC-W   Serial Cross Over Cable 4   $100.00 $400.00
7   4000-M  Cisco 4000-M Modular Router 1   $995.00 $995.00
8MB Main, 4MB Shared
8MB Flash Memory
8   NP-4T   4000 4 Port Serial Interface1   $750.00 $750.00
9   WS-C1924C-EN24 Port 10bT+1 Port 100bT + 1   $595.00 $595.00
1 Port 100bFX

SuB Total   $8,815.00
Discount$881.50
Total   $7,933.50

Thanks in advance,

Kevin

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Please Help with CCNP/CCIE lab decision

[Kevin O'Gilvie]

Where can I get a ISDN simulator from ?  How much do the cost? Can I do
without the 5000 switch for now because they are too expensive?? How much do
the used 5x00 switches run for? How much should we be looking to spend in
total?

-Original Message-
From: Daniel Cotts [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 08, 2000 2:55 PM
To: 'Kevin O'Gilvie'; [EMAIL PROTECTED]
Subject: RE: Please Help with CCNP/CCIE lab decision


ISDN simulator.
Catalyst 5000 Switch and modules.

 -Original Message-
 From: Kevin O'Gilvie [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, November 08, 2000 1:37 PM
 To: [EMAIL PROTECTED]
 Subject: Please Help with CCNP/CCIE lab decision


 Hi guys,

 I currently have a study group of seven people we are going
 to chip in for
 CCNP/CCIE hardware. I just wanted to make sure before we
 spend the money
 that we are getting the right stuff at the right price.
 Please advise as to
 what we are missing besides ATM and Voice over IP which we
 plan to purchase
 later.. Below is the quote:
 1 2501Cisco 2501 Router   1   $1,195.00
 $1,195.00
 2 2503Cisco 2503 Router   1   $1,295.00
 $1,295.00
 3 2504Cisco 2504 Router   1   $995.00 $995.00
 4 2509Cisco 2509 Router   1   $1,295.00
 $1,295.00
 5 2513Cisco 2513 Router   1   $1,295.00
 $1,295.00
 6 V35MT/V35FC-W   Serial Cross Over Cable 4   $100.00
   $400.00
 7 4000-M  Cisco 4000-M Modular Router 1   $995.00
   $995.00
   8MB Main, 4MB Shared
   8MB Flash Memory
 8 NP-4T   4000 4 Port Serial Interface1   $750.00
   $750.00
 9 WS-C1924C-EN24 Port 10bT+1 Port 100bT + 1
 $595.00   $595.00
   1 Port 100bFX

 SuB Total $8,815.00
 Discount  $881.50
 Total $7,933.50

 Thanks in advance,

 Kevin

 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct
 and Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Please Help with CCNP/CCIE lab decision

[Kevin O'Gilvie]

Which router should I add or replace for the token ring MAU?

-Original Message-
From: Brian [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 08, 2000 3:41 PM
To: Kevin O'Gilvie
Cc: Daniel Cotts; [EMAIL PROTECTED]
Subject: RE: Please Help with CCNP/CCIE lab decision


On Wed, 8 Nov 2000, Kevin O'Gilvie wrote:

 Where can I get a ISDN simulator from ?

ebay usually has some.

How much do the cost?

$1500 - $1800 usually.

 Can I do
 without the 5000 switch for now because they are too expensive??

You can try to find a 2901 for about $1500 if your lucky.  You don't need
the 1924 switch below if you have a Cat 2901, 2926T, 5002, etc.

Also you have no tokein ring MAU below, you will want one of those as
well.  Also 2 or so more cross over cables would be nice.  You need 3
cables just to do full mesh.  You may wish to have a couple routers back
to back in addition to the mesh.




How much do
 the used 5x00 switches run for? How much should we be looking to spend in
 total?

 -Original Message-
 From: Daniel Cotts [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, November 08, 2000 2:55 PM
 To: 'Kevin O'Gilvie'; [EMAIL PROTECTED]
 Subject: RE: Please Help with CCNP/CCIE lab decision


 ISDN simulator.
 Catalyst 5000 Switch and modules.

  -Original Message-
  From: Kevin O'Gilvie [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, November 08, 2000 1:37 PM
  To: [EMAIL PROTECTED]
  Subject: Please Help with CCNP/CCIE lab decision
 
 
  Hi guys,
 
  I currently have a study group of seven people we are going
  to chip in for
  CCNP/CCIE hardware. I just wanted to make sure before we
  spend the money
  that we are getting the right stuff at the right price.
  Please advise as to
  what we are missing besides ATM and Voice over IP which we
  plan to purchase
  later.. Below is the quote:
  1   2501Cisco 2501 Router   1   $1,195.00
  $1,195.00
  2   2503Cisco 2503 Router   1   $1,295.00
  $1,295.00
  3   2504Cisco 2504 Router   1   $995.00 $995.00
  4   2509Cisco 2509 Router   1   $1,295.00
  $1,295.00
  5   2513Cisco 2513 Router   1   $1,295.00
  $1,295.00
  6   V35MT/V35FC-W   Serial Cross Over Cable 4   $100.00
  $400.00
  7   4000-M  Cisco 4000-M Modular Router 1   $995.00
  $995.00
  8MB Main, 4MB Shared
  8MB Flash Memory
  8   NP-4T   4000 4 Port Serial Interface1   $750.00
  $750.00
  9   WS-C1924C-EN24 Port 10bT+1 Port 100bT + 1
  $595.00 $595.00
  1 Port 100bFX
 
  SuB Total   $8,815.00
  Discount$881.50
  Total   $7,933.50
 
  Thanks in advance,
 
  Kevin
 
  _
  FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
  Report misconduct
  and Nondisclosure violations to [EMAIL PROTECTED]
 

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


---
Brian Feeny, CCNP, CCDP   [EMAIL PROTECTED]
Network Administrator
ShreveNet Inc. (ASN 11881)

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Please Help with CCNP/CCIE lab decision

[Kevin O'Gilvie]

Cool thanks alot Brian and company you have been a great help. I am going to
have to expand my group because this is going to get expensive but at least
we will all get the hands on we need to compete in the marketplace. If
anyone in NY is interested in joining our group just shoot me a email..

Cheers,

Kevin
MCP+I, MCSE, CCNA 2.0, CCNP 2.0 (3 more to go..passed BCMSN)

-Original Message-
From: Brian [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 08, 2000 3:58 PM
To: Kevin O'Gilvie
Cc: Daniel Cotts; [EMAIL PROTECTED]
Subject: RE: Please Help with CCNP/CCIE lab decision


On Wed, 8 Nov 2000, Kevin O'Gilvie wrote:

 Which router should I add or replace for the token ring MAU?

A token ring MAU is like the equivelent of an ethernet hub.  Your 2513 and
2504 could plug into it so they could communicate.  You can get one for
about $10 - $20 on ebay.

Brian



 -Original Message-
 From: Brian [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, November 08, 2000 3:41 PM
 To: Kevin O'Gilvie
 Cc: Daniel Cotts; [EMAIL PROTECTED]
 Subject: RE: Please Help with CCNP/CCIE lab decision


 On Wed, 8 Nov 2000, Kevin O'Gilvie wrote:

  Where can I get a ISDN simulator from ?

 ebay usually has some.

 How much do the cost?

 $1500 - $1800 usually.

  Can I do
  without the 5000 switch for now because they are too expensive??

 You can try to find a 2901 for about $1500 if your lucky.  You don't need
 the 1924 switch below if you have a Cat 2901, 2926T, 5002, etc.

 Also you have no tokein ring MAU below, you will want one of those as
 well.  Also 2 or so more cross over cables would be nice.  You need 3
 cables just to do full mesh.  You may wish to have a couple routers back
 to back in addition to the mesh.




 How much do
  the used 5x00 switches run for? How much should we be looking to spend
in
  total?
 
  -Original Message-
  From: Daniel Cotts [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, November 08, 2000 2:55 PM
  To: 'Kevin O'Gilvie'; [EMAIL PROTECTED]
  Subject: RE: Please Help with CCNP/CCIE lab decision
 
 
  ISDN simulator.
  Catalyst 5000 Switch and modules.
 
   -Original Message-
   From: Kevin O'Gilvie [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, November 08, 2000 1:37 PM
   To: [EMAIL PROTECTED]
   Subject: Please Help with CCNP/CCIE lab decision
  
  
   Hi guys,
  
   I currently have a study group of seven people we are going
   to chip in for
   CCNP/CCIE hardware. I just wanted to make sure before we
   spend the money
   that we are getting the right stuff at the right price.
   Please advise as to
   what we are missing besides ATM and Voice over IP which we
   plan to purchase
   later.. Below is the quote:
   1 2501Cisco 2501 Router   1   $1,195.00
   $1,195.00
   2 2503Cisco 2503 Router   1   $1,295.00
   $1,295.00
   3 2504Cisco 2504 Router   1   $995.00 $995.00
   4 2509Cisco 2509 Router   1   $1,295.00
   $1,295.00
   5 2513Cisco 2513 Router   1   $1,295.00
   $1,295.00
   6 V35MT/V35FC-W   Serial Cross Over Cable 4   $100.00
 $400.00
   7 4000-M  Cisco 4000-M Modular Router 1   $995.00
 $995.00
 8MB Main, 4MB Shared
 8MB Flash Memory
   8 NP-4T   4000 4 Port Serial Interface1   $750.00
 $750.00
   9 WS-C1924C-EN24 Port 10bT+1 Port 100bT + 1
   $595.00   $595.00
 1 Port 100bFX
  
   SuB Total $8,815.00
   Discount  $881.50
   Total $7,933.50
  
   Thanks in advance,
  
   Kevin
  
   _
   FAQ, list archives, and subscription info:
   http://www.groupstudy.com/list/cisco.html
   Report misconduct
   and Nondisclosure violations to [EMAIL PROTECTED]
  
 
  _
  FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 

 ---
 Brian Feeny, CCNP, CCDP   [EMAIL PROTECTED]
 Network Administrator
 ShreveNet Inc. (ASN 11881)


---
Brian Feeny, CCNP, CCDP   [EMAIL PROTECTED]
Network Administrator
ShreveNet Inc. (ASN 11881)

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Bcran Question

[Kevin O'Gilvie]

What is the difference between an access server and a router in Cisco
terminology?


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

This is a test please reply

[Kevin O'Gilvie]

This is a test please reply

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]