Cisco 1600 Router Down/Flapping ? Update
Hi guys, I just wanted to send an update in terms of the problem that I had with a Cisco 1600 router in Seattle that went down (Frame-relay). Last Monday our users in Seattle could not log into our network and we were sent a page from HP Openview that the Seattle router stopped responding. I immediately call MCI to report the outage and they did a test and told me that everything on their side was OK and that the problem lies in my side (CPE). So I did some checks on my router and my configs was fine and later found out that my LMI readings were indicating that the router and cable that connects to the DCE was fine too (after much trouble). Then someone told me to do a sh frame-relay pvc and that was when I saw the PVC was DELETED. To make a long story short, I again called MCI and told them what I found and they sneakily put back the PVC. They said it was always up. BUT actually these goof balls in their haste to bring the PVC back up, put the wrong IP address to point to the international switch. Instead of 222 in the 3rd octet, they only put 22. Once I found out about it and told them to change , it our link to Seattle went back up. I would like to thank James C., Atom, Jim D., Tim L., Darren H. and last but not least Leigh Anne C. This is a great list which contains tonnes of brilliant individuals. Rgds, Manolito _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 1600 Router Down/Flapping ?
Hi Guys, Thank you for all your tips and suggestions. How can I tell if it is the cable or the interface that is the problem. If I do a sh frame-relay lmi and don't see see the Num Status msgs Rcvd and the Num Status Enq Sent incrementing plus I do a sh frame-relay pvc and the status is inactive. Does this mean cable or interface problem. I am thinking cable but not totally sure. I think the cable is a cab-v35mt and cost about a $100usd. I don't want to purchase that unless I know for certain that it is the problem. Actually does anyone know of a place in Seattle that I can get that cable from. Last time I had to order it from Cisco. Thank you once again. rgds, Manolito -Original Message- From: Tony van Ree [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 06, 2001 5:25 PM To: Liwanag. Manolito; Cisco Group Study Subject: Re: Cisco 1600 Router Down/Flapping ? Hi, do 'sh frame pvc' check what the status is. Does it indicate it is active, Deleted, inactive. Is the pvc up and solid? (probably not) Check the counters on the PVC as well. Look at the serial interface and check for interface resets and/or transitions. Is the physical link up and solid? (Maybe) If the remote LMI and Physical are not tansitioning and the PVC is not deleted then do the same for the end that is being called. Have fun Just some thoughts. Teunis, Hobart, Tasmania Australia On Tuesday, February 06, 2001 at 05:07:58 PM, Liwanag. Manolito wrote: Hi Guys, I have a 1600 Cisco router in Seattle that is giving me a headache. This router is connected to our network via frame-relay. From corporate, I am not able to ping or access this router and hence the users in that remote branch can't log into the network and browse the net. All I-net traffic goes through Corporate PIX. I called MCI and they assured me that their network is fine and they even sent a technician to the office to check the CSU/DSU and it was also OK. I was able to get to the router through PC anywhere and when I checked the configuration it was fine. The LAN side is working fine but when I do a "sh int s0.1" it gives me a line down and protocol down. When I reload the router it gives me Line and protocol up. I give it about 10 seconds and then the line and protocol goes down on the serial interface. What gives ? any ideas ? Could it be flapping ? but then again it is not going back up. It only goes back up when I reload. Any help is appreciated. Thank you in advanced. rgds, Manolito _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -- www.tasmail.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Show Router Model
Hi guys, Can anyone tell me how to tell what model router you have from CLI ? I am trying to figure out what model we have in a few branches remotely (through telnet) but my brain is frozen. I can't recall the command. Can any one help ? I tried doing a sh tech but the info was flying by. How do I slow that info down ? Thank you in advanced. rgds, Manolito _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Show Router Model
Hi Guys, Thank you for unfreezing my brain. So embarrassed. I feel that I should return my Cisco certs rgds, Manolito -Original Message- From: Evan Francen [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 06, 2001 10:53 AM To: 'Liwanag, Manolito'; 'Cisco Group Study' Subject: RE: Show Router Model show version, or show hardware, it will give you the base router model. Then you can determine from the interfaces installed, what router you have. Evan -Original Message- From: Liwanag, Manolito [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 06, 2001 9:51 AM To: 'Cisco Group Study' Subject: Show Router Model Hi guys, Can anyone tell me how to tell what model router you have from CLI ? I am trying to figure out what model we have in a few branches remotely (through telnet) but my brain is frozen. I can't recall the command. Can any one help ? I tried doing a sh tech but the info was flying by. How do I slow that info down ? Thank you in advanced. rgds, Manolito _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco 1600 Router Down/Flapping ?
Hi Guys, I have a 1600 Cisco router in Seattle that is giving me a headache. This router is connected to our network via frame-relay. From corporate, I am not able to ping or access this router and hence the users in that remote branch can't log into the network and browse the net. All I-net traffic goes through Corporate PIX. I called MCI and they assured me that their network is fine and they even sent a technician to the office to check the CSU/DSU and it was also OK. I was able to get to the router through PC anywhere and when I checked the configuration it was fine. The LAN side is working fine but when I do a "sh int s0.1" it gives me a line down and protocol down. When I reload the router it gives me Line and protocol up. I give it about 10 seconds and then the line and protocol goes down on the serial interface. What gives ? any ideas ? Could it be flapping ? but then again it is not going back up. It only goes back up when I reload. Any help is appreciated. Thank you in advanced. rgds, Manolito _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN through ADSL
I want one of our remote branch to access the internet via ADSL. The remote branch will have the Alcatel ADSL router that the ISP will provide as well as a Linksys router behind it for PAT and firewalling capabilities. I also want to place a Cisco VPN client at a workstation in the remote branch to connect to Corporate. Corporate has a PIX firewall with VPN capabilities. My question is - Since the ISP uses DHCP to lease addresses for the ADSL connection , will this affect my vpn connection? My Answer is - No since the branch workstation will be PATed anyway. Interesting traffic as defined by the VPN policy will allow packets to go through to the Corporate location. Can anyone verify if this train of thought is correct or is there a better way to do this ? Basically the remote branch needs access a Unix server in corporate to be able to send a print job to the branch. Thank you in advanced Rgds, Manolito _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Off Topic - CCNA in New England
I have a friend who is being offered a network position in New England in the range of 60k to 65k. He is not part of this list but he was asking me what is the % of income tax that they would take ? We are both Canadians and he is just comparing apples to apples to determine if it is worth making the move to New England. Thanks in Advance. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Off Topic - CCNA in New England
I am not. But my buddy is with a TN Visa. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, January 15, 2001 1:05 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Off Topic - CCNA in New England Are you allowed to work in the USA? will the company sponsor you? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix Firewall License R or UR ?
Try, sh tech rgds, Manolito -Original Message- From: A.C [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 06, 2001 3:53 PM To: [EMAIL PROTECTED] Subject: Pix Firewall License R or UR ? Hi, Does anyone know a command on Pix Firewall 520 that shows what kind of license it has (R -UR license)? Thank you _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: mail and PIX
Jeff, I don't know if you have tried this. static (inside,outside) 64.1.2.3 192.168.1.1 netmask 255.255.255.255 0 0 conduit permit tcp host 64.1.2.3 eq smtp any conduit permit tcp host 64.1.2.3 eq pop3 any conduit permit tcp host 64.1.2.3 eq www any conduit permit tcp host 64.1.2.3 eq 443 any I just used 64.1.2.3 as an example. If you will be using Web access in Exchange then you need to open www. Otherwise, perhaps just use the first two conduit lines. Hope that helps. Rgds, Manolito -Original Message- From: Jeff Frontera [mailto:[EMAIL PROTECTED]] Sent: Monday, December 18, 2000 11:09 PM To: [EMAIL PROTECTED] Subject: mail and PIX I've recently installed a (2) interface PIX 515...everything seems to be fine except that remote users can no longer retrieve their email. My client has only one exchange server set up on the inside network. All local inside users can send and receive mail with no problem. The DNS is maintained by the client's ISP and has MX record indicating the mail server's public IP address. thanks in advance Jeff _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX firewall Configuration
I work for a small company with 5 branches. I have a frame connection to all the sites which connects to the central office where I am (hub and spoke). In the central office, I have set up a PIX firewall. Behind the firewall sits an exchange server and a new server which I plan on installing next week. I want to install a BDC that will have Symantec's I-gear/Mail-gear. This is an email and internet filtering product. I will place this behind the firewall. Here is what I want to do: 1) I want all the client PC to connect to the I-gear/Mail-gear server to access the internet. Of course I will static my own address and those that are nice to me to by-pass the proxy and go straight through the PIX. 2) I want to allow only certain traffic to go back in the pix from the outside. 3) I will need an inside and outside IP address on this server. Here is my proposed solution: 1) Install 2 network cards on the server and install the mentioned software. 2) Stop all traffic from being PATed across the PIX currently. Currently I have Nat (inside) 1 0.0.0.0 0.0.0.0 3) Add a new NAT to let out the BDC server machine. NAT (inside) 1 10.0.0.12 255.255.254.0 NAT (inside) 2 10.0.1.1 255.255.254.0 (my own PC for example) 4) Let the BDC out of the PIX Static (inside,outside)193.236.234.88 10.0.0.12 netmask 255.255.255.255 0 0 Conduit permit tcp host 193.236.234.88 eq smtp any Conduit permit tcp host 193.236.234.88 eq www any Conduit permit tcp host 193.236.234.88 eq pop3 any Conduit permit tcp host 193.236.234.88 eq 443 any 5) Change the gateway that they (the clients) are pointing (( right now it is router (10.0.0.1) that connects to the pix)) to, to point to the BDC server 10.0.0.12. I think that will work but I am very green when it comes to configuring these PIXes. I got lucky a few months ago when I did an IPSec tunnel between 2 PIXes and I would like to replicated that success. I would certainly appreciate some pointers before I go ahead and do this next week with my heart in my mouth and as I experience shortness of breath... not a good feeling :) Any comments would surely be appreciated. rgds, Manolito This message, including any attachments, is privileged and may contain confidential information intended only for the person(s) named above. Any other distribution, copying or disclosure is strictly prohibited. If you are not the intended recipient or have received this message in error, please notify us immediately by reply email and permanently delete the original transmission from us, including any attachments, without making a copy. Thank you. *** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router Firewall Config
I agree with Jason. Alternatively, you might also want to use a software base firewall like Black Ice defender or Zone Alarm. Both are excellent products and Zone Alarm is free for home use. www.zonealarm.com FYI - I don't work for either companies. Also since this is a cisco group forum you might go ahead and use the router as a firewall with a good access list and CBAC. Just my $0.02 CDN Rgds, Manolito -Original Message- From: Jason Roysdon [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 29, 2000 11:23 PM To: [EMAIL PROTECTED] Subject: Re: Router Firewall Config 1605R w/ IP PLUS FW works great for me at home doing exactly what you're asking. Actually, I run IP PLUS FW/IPSEC56 and have a VPN tunnel into my office. The nice thing about IOS for FW/NAT is that you can do port redirection, while the PIX cannot (only Public IP to Private IP). So, with a single IP, I could have a ton of services running on any number of servers (one per port if I like, and multiple per port as well), while I can still telnet to my router on port 23. -- Jason Roysdon, CCNA, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ ""A.Strobel"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a cable connection to the Internet with one static IP and I am running a webserver as well. For security, I would like to use a Cisco router as a firewall. Has anyone implemented such a setup? Will a router with two Ethernet interfaces cut it? I would appreciate if you could share your (masked) configuration. I found this link on CCO http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs003.htm but it is calling for and additional serial interface and more than one static IP. Any input highly appreciated. A. Strobel Get free email and a permanent address at http://www.amexmail.com/?A=1 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco 3000 Concentrator
Has anyone used the CVPN 3xxx as a solution for vpn ? I have read most of the propaganda that Cisco has and I am impress with it. I also checked out PC mag which gave it good reviews. I would like to hear from anyone on this list that has experience using this product. We are currently using the IRE client on our laptops to VPN to our PIX but it is not that user friendly for our staff. Thanks in advanced. Manolito Liwanag B.Sc.,MCSE,CCNA ITT Department DRAKE INTERNATIONAL 416.216.1122 This message, including any attachments, is privileged and may contain confidential information intended only for the person(s) named above. Any other distribution, copying or disclosure is strictly prohibited. If you are not the intended recipient or have received this message in error, please notify us immediately by reply email and permanently delete the original transmission from us, including any attachments, without making a copy. Thank you. *** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3060 Concentrator
Does anyone have any idea on the cost of a Cisco 3060 concentrator ? I have read and heard good things about it. Manolito This message, including any attachments, is privileged and may contain confidential information intended only for the person(s) named above. Any other distribution, copying or disclosure is strictly prohibited. If you are not the intended recipient or have received this message in error, please notify us immediately by reply email and permanently delete the original transmission from us, including any attachments, without making a copy. Thank you. *** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: GRE VS. IPSEc
See Below... -Original Message- From: Adam Quiggle [mailto:[EMAIL PROTECTED]] Sent: Friday, November 24, 2000 4:20 PM To: Liwanag, Manolito; [EMAIL PROTECTED] Subject: RE: GRE VS. IPSEc Manolito, At 01:44 PM 11/23/00, you wrote: Thanks for the detailed replied. BTW my first name is Manolito. No big deal. Take a look at my comments below when you have a minute -Original Message- From: Adam Quiggle [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 23, 2000 1:13 PM To: Liwanag, Manolito; 'Cisco Group Study' Subject: Re: GRE VS. IPSEc 1) Are there just two sites that need to be connected together? (i.e. are there plans for a large scale deployment?) Right now yes.. This remote branch that I want to connect to corporate is using ISDN to get to corporate and the Net. Recent expansion have raised the number of ee to 40 and the bandwidth is now super saturated. I was planning on getting an ADSL connection to replace the ISDN. Basically I want that remote branch to access the internet locally - not to go through our PIX at the corporate site - but other network traffic to go through an IPSec tunnel to corporate. What do you mean you have the number of ee to 40? What is ee? Answer : Employees It is easy to encrypt traffic destined for the corporate site and let the other "Internet" traffic go directly to it, not through the corporate site. Just make sure the access list used in your crypto map only identifies traffic to the corporate office as traffic to be encrypted. If you are talking about PC's that need this functionality it is a little bit more difficult. Your VPN client would have to support "split mode". I believe the Cisco 3000 VPN router (formerly Altiga) can support this type of behavior, although I don't have the details as to how it works. 2) Do you need encryption? Yes 3) Do you need authentication? I think yes as well 4) Do you need to protect against a replay attack? Yes 5) Who are you protecting your data from? everyone that is not an employee With regard to protecting your data, will you be transmitting trade secrets? What would be the potential of having someone intercept your messages? Don't use a shotgun to kill a mosquito. How about using IPSEc with GRE in it ? Any suggestions are very helpfull for me as I am new in this field. I have set up an IPsec tunnel to our other PIX in Australia and I figured that I could do the same for a 1605-R router to the corporate PIX. There is nothing wrong with using IPSec to encrypt a GRE tunnel, it is perfectly acceptable. The question is, do you want to spend the time learning IPSec (this is a good thing) or do you just want to get it done? Realize that the skills required to implement CET are not quite 1/2 the skills/knowledge you need to implement IPSec (in your particular instance). Also realize that you can get bogged down in the details once you realize the features that can be deployed with IPSec. AQ p.s. Sorry about the name. I did get it right this time. :-) No worries Mate :D Thank you very much for the feedback. I am using this small project to learn a bit more about IPsec and GRE. ** Adam Quiggle Senior Network Engineer MCI Worldcom/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
GRE VS. IPSEc
I have a remote site that I want to connect to our central site that has a PIX. I was thinking of using IPSec with context based access control. But I was wondering if GRE is just as good ? ( to Qualify - reliable, easy to set up, secure and can handle plenty of tunnels) Can anyone advise ? Manolito _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CBAC - IPSEC tunnel to the PIX
I have a remote branch that I want to change from a frame connection to Corporate to an ADSL connection. I currently have a 1604 router in that branch. The 1604 has a bri module on it. Is it possible to buy a wic for that router that supports ADSL ? or do I have get a 1700 ? Second question: With an ADSL connection to the internet, I want to create an access list with CBAC to connect the private inside network out to the internet to our PIX at corporate. I will block most traffic coming in from the internet. I will also need to create an IPSEC tunnel to our pix. Can anybody give me some feedback on this line of thinking. I think it will work :D Manolito Liwanag ITT Department DRAKE INTERNATIONAL _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX VPNs
Austin, Try this http://www.cisco.com/warp/customer/110/38.html -Original Message- From: Austin [mailto:[EMAIL PROTECTED]] Sent: Monday, November 20, 2000 2:55 PM To: [EMAIL PROTECTED] Subject: PIX VPNs I am looking for sample configs on PIX to PIX VPNs. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CBAC - IPSEC tunnel to the PIX
I have a remote branch that I want to change from a frame connection to Corporate to an ADSL connection. I currently have a 1604 router in that branch. The 1604 has a bri module on it. Is it possible to buy a wic for that router that supports ADSL ? or do I have get a 1700 ? Second question: With an ADSL connection to the internet, I want to create an access list with CBAC to connect the private inside network out to the internet to our PIX at corporate. I will block most traffic coming in from the internet. I will also need to create an IPSEC tunnel to our pix. Can anybody give me some feedback on this line of thinking. I think it will work :D Manolito Liwanag ITT Department DRAKE INTERNATIONAL _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Enhancing ISDN Connection
ISDN Gurus, I have a remote branch that connects to the Central office using ISDN. Due to the FRUGALITY of my company they are not planning on boosting up the link. The branch has grown from 18 users to 40 and they have started to complain about internet access speed, File sharing on the PDC and connection to our Exchange server(Opening attachements are slow). I think I have configured the router correctly to maximize the link between us. See below: interface BRI0 description Link to Timbuktu no ip address no ip directed-broadcast encapsulation ppp dialer rotary-group 0 isdn switch-type basic-ni isdn spid1 # isdn spid2 # no fair-queue no cdp enable ! interface Dialer0 description connected to Timbuktu ip address 10.79.1.5 255.255.255.252 no ip directed-broadcast encapsulation ppp dialer in-band dialer idle-timeout 300 dialer map ip 10.79.1.6 name TIMGW broadcast dialer map ip 10.79.1.6 name TIMGW broadcast dialer hold-queue 10 dialer load-threshold 1 either dialer-group 1 no fair-queue no cdp enable ppp authentication chap ppp multilink ** Can anyone tell me if there are any other modification that I might be able to add to fully utilize this link ? Secondly, I have tried to look at traffic that is coming accross and I am not clear on how to interpret what I see in sh int bri , sh isdn status, debug dialer. I can see that the second line is coming up but I need to know if the lines are maxed out or not so that I can present it to the "BIG CHEESE" so that we can get higher bandwidth. Is there a link on cisco that anyone can point me to to translate those codes ? Thanks in advanced. Manolito Liwanag ITT Department DRAKE INTERNATIONAL _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Enhancing ISDN Connection
ISDN Gurus, I have a remote branch that connects to the Central office using ISDN. Due to the FRUGALITY of my company they are not planning on boosting up the link. The branch has grown from 18 users to 40 and they have started to complain about internet access speed, File sharing on the PDC and connection to our Exchange server(Opening attachements are slow). I think I have configured the router correctly to maximize the link between us. See below: interface BRI0 description Link to Timbuktu no ip address no ip directed-broadcast encapsulation ppp dialer rotary-group 0 isdn switch-type basic-ni isdn spid1 # isdn spid2 # no fair-queue no cdp enable ! interface Dialer0 description connected to Timbuktu ip address 10.79.1.5 255.255.255.252 no ip directed-broadcast encapsulation ppp dialer in-band dialer idle-timeout 300 dialer map ip 10.79.1.6 name TIMGW broadcast dialer map ip 10.79.1.6 name TIMGW broadcast dialer hold-queue 10 dialer load-threshold 1 either dialer-group 1 no fair-queue no cdp enable ppp authentication chap ppp multilink ** Can anyone tell me if there are any other modification that I might be able to add to fully utilize this link ? Secondly, I have tried to look at traffic that is coming accross and I am not clear on how to interpret what I see in sh int bri , sh isdn status, debug dialer. I can see that the second line is coming up but I need to know if the lines are maxed out or not so that I can present it to the "BIG CHEESE" so that we can get higher bandwidth. Is there a link on cisco that anyone can point me to to translate those codes ? Thanks in advanced. Manolito Liwanag ITT Department DRAKE INTERNATIONAL _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: telnet
Dennis, Can I assume that the servers that you are trying to access allow telnet sessions ? If you are using a PIX firewall and an IRE client you might try this: telnet 10.127.6.5 255.255.254.0 inside telnet timeout 5 where 10.127.6.5 is the PIX inside IP address. it works in my lab. rgds, Manolito -Original Message- From: Dennis Ighomereho [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 09, 2000 7:11 AM To: [EMAIL PROTECTED] Subject: telnet Hi, Can anyone help on this.I do a VPN connection on a client machine on to my network.when the connection is established, I get assigned an IP address.Then I try to telnet unto my servers which refuse the connection.I have a firewall in between doing NAT.I can ping the firewall alright but cant telnet. would be grateful if I can get any help. cheers, Dennis _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN Connection
Thank You for the info. Does anybody else have any experience with this ? The Branch office that I was referring to does not have any domain controllers. It is a small branch with less than 10 people that I have a Cisco 800 router with IP Address-Helper to connect to the Central Office. -Original Message- From: Ding So [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 26, 2000 11:24 AM To: Liwanag, Manolito Cc: 'Cisco Group Study' Subject: Re: VPN Connection It works great. Performance is awesome. In my company, we use 520 in the central office and 506 in the branch. If you can, get Sdsl and get min of 5 ips for the branch office. I configure bdc, exchange site server in the branch office. Ding On Thu, 26 Oct 2000, Liwanag, Manolito wrote: I have several branch offices that connect to our central office using frame relay. I have recently configured our PIX 520 in our central office to accept VPN connections. I want to take advantage of the lower DSL cost over Frame Relay and want to implement our remote branches to use DSL with a VPN connection to the central office. Can anyone that has done this type of setup give me some feedback please. I am also concerned with security. Is there an ADSL router out there that can act like a PIX firewall so that unwanted internet traffic does not come in and out to our vpn connection to the central office ? Or do I have to purchase a separate pix for the branch. My company wants to keep the WAN cost down and by using ADSL we could be saving up to 70%. Thanks in Advanced rgds, Manolito _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Connection
I have several branch offices that connect to our central office using frame relay. I have recently configured our PIX 520 in our central office to accept VPN connections. I want to take advantage of the lower DSL cost over Frame Relay and want to implement our remote branches to use DSL with a VPN connection to the central office. Can anyone that has done this type of setup give me some feedback please. I am also concerned with security. Is there an ADSL router out there that can act like a PIX firewall so that unwanted internet traffic does not come in and out to our vpn connection to the central office ? Or do I have to purchase a separate pix for the branch. My company wants to keep the WAN cost down and by using ADSL we could be saving up to 70%. Thanks in Advanced rgds, Manolito _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP Helper causing an Election
I have several subnet on a single domain separated by several routers. I use IP helper-address for the remote sites to get to the DHCP server. I noticed that in my event viewer on my PDC I am getting a RDR error 8003. An election is being held for the Master Browser. I checked tech-net and I found that the problem is which port 137 and port 138 Netbios Nameserver and Datagram server. My question is ... how do I disable these 2 ports ? If anyone has had similar experience I would interested in hearing about it and your solutions. Thanks in advanced rgds, Manolito **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: IP Helper causing an Election
Nevermind.. I found it. no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm ip forward-protocol udp bootpc When I checked my event viewer on the PDC I am no longer seeing RDR error 8003 where elections for the master browser where constantly occurring. Now I have more bandwidth to do more productive things. :) rgds, Manolito -Original Message- From: Liwanag, Manolito Sent: Thursday, October 05, 2000 9:29 AM To: 'Cisco Group Study' Subject: IP Helper causing an Election I have several subnet on a single domain separated by several routers. I use IP helper-address for the remote sites to get to the DHCP server. I noticed that in my event viewer on my PDC I am getting a RDR error 8003. An election is being held for the Master Browser. I checked tech-net and I found that the problem is which port 137 and port 138 Netbios Nameserver and Datagram server. My question is ... how do I disable these 2 ports ? If anyone has had similar experience I would interested in hearing about it and your solutions. Thanks in advanced rgds, Manolito **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Copying PIX Config to TFTP
Is there a way to copy the current PIX config to a TFTP server so that I can use the identical configs on another PIX? I don't want to have to retype most of the commands. I have done this on several routers with copy flash tftp but this is a no go for the PIX. Any ideas. . . Rgds, Manolito **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Blocking Napster on the PIX
Can anyone give me a pointer on how to stop our internal users from downloading things using Napster. I have a PIX 520 firewall with 5.03. I tried : outbound 300 deny 64.124.41.35 255.255.255.240 0 tcp outbound 300 deny 208.178.175.128 255.255.255.248 0 tcp outbound 300 deny 208.49.239.240 255.255.255.240 0 tcp outbound 300 deny 208.49.228.0 255.255.255.0 0 tcp outbound 300 deny 208.184.216.0 255.255.255.0 0 tcp outbound 300 deny 208.178.163.56 255.255.255.248 0 tcp apply (inside) 300 outgoing_dest Unfortunately this did not stop users with the Napster client already installed from donwloading mp3s. Any sound advice is most welcomed. rgds, Manolito **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Permanent ISDN Connection
Try the config below to get the Dialer and the BRI working. Just increase the Dialer idle-timeout to a larger number than 300 (5 min), 30 minutes or even higher. Depending on the interesting traffic crossing, this should keep the line up all the time as I am sure than during business hour someone will be sending traffic to the link within the set time frame. Hope that helps. Branch B Config Interface BRI0 description Connected to Branch A no ip address no ip directed-broadcast encapsulation ppp dialer rotary-group 0 isdn switch-type basic-ni isdn spid1 phone # Branch B isdn spid2 phone # Branch B no fair-queue no cdp enable ! ! interface Dialer0 description Connected to Branch A ip address 10.1.1.5 255.0.0.0 no ip directed-broadcast encapsulation ppp dialer in-band dialer idle-timeout 300 dialer map ip 10.1.1.9 name ROUTERB broadcast Branch B phone # dialer map ip 10.1.1.9 name ROUTERB broadcast Branch B phone # dialer hold-queue 10 dialer load-threshold 200 either dialer-group 1 no fair-queue no cdp enable ppp authentication chap ppp multilink Just reverse this for the other side. Manolito Liwanag ITT Department DRAKE INTERNATIONAL 416.216.1122 ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cable Question
Pin # 1 Orange/white Pin # 2 Orange Pin # 3 Green/White Pin # 4 Blue Pin # 5 Blue/White Pin # 6 Green Pin # 7 Brown/White Pin # 8 Brown Crossover Cable : Pin #1 to Pin # 3 Pin #2 to Pin # 6 Pin #3 to Pin # 1 Pin # 6 to Pin # 2 Used to connect to: Hub to Switch, hub to hub, router to router, pc to pc no hub and switch to switch Rollover cable : Pin 1 to Pin 8 Pin 2 to Pin 7 Pin 3 to Pin 6 etc. etc. etc. Used by Cisco to configure router by console. Hope that helps :) Rgds, Manolito Liwanag -Original Message- From: jeongwoo park [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 17, 2000 2:40 AM To: Groupstudy Subject: Cable Question Hi all Can someone tell me the difference of crossover cable and rollover cable? Are they same? just different name for same cable? Where are they used? Thanks in advance. jeongwoo __ Do You Yahoo!? Send instant messages get email alerts with Yahoo! Messenger. http://im.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]