Urgent .... ISDN Help
Dear all, Please Help me.. I have a big problem related with ISDN. I have 2600 router with 8 bri ports, right, and I want to install two bri ports with to PC dialup connection ove ISDN ofcourse. the first customer is already connected. I tried to connect the second customer by using the same configuration of the first one but I failed to establish the connection. the configuration as the following: the first one conf. is: interface BRI1/0 description connected to Dial-inPCs(ISDN) no ip address no ip directed-broadcast encapsulation ppp no ip mroute-cache ip policy route-map r2000 dialer rotary-group 1 isdn switch-type basic-net3 no fair-queue no cdp enable ! interface Dialer1 description connected to Dial-inPCs(ISDN) ip unnumbered Ethernet0/0 no ip directed-broadcast encapsulation ppp no ip split-horizon ip policy route-map r2000 keepalive 3600 dialer in-band dialer load-threshold 1 either dialer-group 1 peer default ip address pool ISDNUSERS no fair-queue no cdp enable ppp authentication chap pap callin ppp multilink ! ip local pool ISDNUSERS 212.3.61.104 ip default-gateway 212.3.61.100 ! I added the following conf for the second bri1/1 But it didnot work: interface BRI1/1 description connected to Dial-inPCs(ISDN) no ip address no ip directed-broadcast encapsulation ppp no ip mroute-cache ip policy route-map r2000 dialer rotary-group 1 isdn switch-type basic-net3 no fair-queue no cdp enable ! interface Dialer2 description connected to Dial-inPCs(ISDN) ip unnumbered Ethernet0/0 no ip directed-broadcast encapsulation ppp no ip split-horizon ip policy route-map r2000 keepalive 3600 dialer in-band dialer load-threshold 1 either dialer-group 1 peer default ip address pool ISDNUSERS2 no fair-queue no cdp enable ppp authentication chap pap callin ppp multilink ! ip local pool ISDNUSERS2 212.3.61.108 ip default-gateway 212.3.61.100 Can any one have any Idea to fix this problem ??? Regards, Magdy _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Two ISDN Sources connected to my router with one BRI port
Hi All, With a single BRI port on a Cisco router, can I have separate ISDN sources accessing the router simultaneously? Can any one tell me how to use of dialer profiles. and how to configure one dialer interface per customer, and link them to the BRI. Please I need your help _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX firewall and outside ACS2.6!!! [7:39]
Dear All, I have a simple question about PIX authentication. I am trying to configure my PIX506 with IOS5.1 to use cisco secure ACS2.6 to authenticate my internal users when they try to access the internet.. The ACS located on the outside network with real IP. When I try to access the internet the authentication window comes up with username and password... when I typed a username and password from the ACS users database it failed to authenticate that user with this massege: Error: Authen Rejected even that user can telnet the access server or my router. and the outlook express did not work when I put that conf. with Error massege: this is the configuration which I put in my PIX to run the aaa-authentication: aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ (outside) host 213.131.67.10 cisco timeout 5 aaa authentication include any outbound 192.168.111.0 255.255.255.0 0.0.0.0 0.0. 0.0 TACACS+ aaa authorization include any outbound 192.168.111.0 255.255.255.0 0.0.0.0 0.0.0 .0 TACACS+ Please any idea Regards,,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39&t=39 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX autentication ISSUE!!!! [7:705]
Dear All, I hope to find an expert in PIX firewall to help me to solve this problem: About PIX authentication With ACS2.3. I am trying to configure my PIX506 with IOS5.1 to use cisco secure ACS2.3 to authenticate my internal users when they try to access the internet.. The ACS located on the inside network with vertual IP 192.168.111.2 while the PIX inside IP is 192.168.111.2. When I try to access the internet after applying the authentication commands the authentication window comes up with username and password... when I typed a username and password from the ACS users database it failed to authenticate that user with this massege: Error: Authen Rejected even that user can telnet the access server or my router. and the outlook express did not work when I put that conf. with Error massege. this is the configuration which I put in my PIX to run the aaa-authentication: aaa-server PIXGroup protocol tacacs+ aaa-server PIXGroup (inside) host 213.131.67.10 cisco timeout 5 aaa authentication include any outbound 192.168.111.0 255.255.255.0 0.0.0.0 0.0.0.0 PIXGroup aaa authorization include any outbound 192.168.111.0 255.255.255.0 0.0.0.0 0.0.0.0 PIXGroup Please any idea Please help me sooon Regards,,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=705&t=705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dialup behind PIX and Telephony services!!!! [7:2539]
Dear All, I installed my PIX firewall and configured my Dialup users to work behind it ofcourse using private IPs for the dialup and the PIX do NAT to access the internet.. Many clients complain that they could not use the telephony services such as MSN calling services and others... Is this problem caused by the PIX firewall??? If so, then what is the solution or setting to aviod this issue Please help me soon as I am going to lose my clients because of this problem... Worm regards Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2539&t=2539 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Is it possible, ATM single mode fiber IR to LR connection? [7:38593]
I am trying to connect my Cisco Router Cisco 3661 Router with ATM Interface Single mode Intermediate REACH to ISP router 7513 with ATM Interface Single mode LONG REACH via direct Fiber cable between the two sites ( Distance 1.5 Km ) Is this possible ? OR Should I have the two router with the same interface type IR or LR ?? Please help us Thanks Magdy Hossein Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38593&t=38593 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ACS2.6 users on Cluster Servers!! [7:13481]
Hi guys, I installed ACS2.6 on 2 nodes cluster , using Win2k to provide high availability , so when any ACS service stop on one node the ACS will failover to the other node . The problem I'm facing is that the ACS configuration replicated well when ACS moves from one node to the other , but the users database not !! , So are there any way to replicate the users database from Windows registry , If answer is yes , which key I'll need to copy ? Any suggestions will be appriciated . Thanks in advance, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=13481&t=13481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CAR configuration [7:14461]
Hi Rock, It's recommended to configure CAR at your provider's router. If you're an ISP it's helpful to control any traffice through every serial interface you assign to any of your clients.. I think it's useless to configure it on your router if you are not bandwidth provider: What you'll control from your router more than your traffic if you are not a bandwidth provider?? Hope this help Magdy ""BASSOLE Rock"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi group, > > > I want to set up a Commited Access Rate (CAR) on my serial interface to the > Internet. Cisco recommends that we set up the same CAR on our provider's > router. I want to know why we need to do so. Is it to have better service > quality or is it for functionnaly reasons?. > Any information is welcome. > > CAR Configuration: > > interface Serial 0 > rate limit input access-group 102 128000 8000 8000 conform-action transmit > exceed-action drop > > access-list 102 permit icmp any any echo > access-list 102 permit icmp any any echo-reply > > > Thank you. > > Rock BASSOLE > Til: +33 (0) 1 45 96 22 03 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14468&t=14461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX failover!! [7:15848]
Dear All, Sorry for the stupid question but I want to confirm it. I have to configure my PIX 515UR bundle... How can I know the primary unit from the secondary unit?? Is that from the failover cable only OR there is an other thing marked the unit as primary or secondary??? Please advice me soon,,, Regards,,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15848&t=15848 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
blocking PORTS ON PIX!!! [7:16275]
Dear All, I have a question about how to block ports on PIX firewall: my case is: I have mail server working behind PIX so I opened POP3 and SMTP ports for this mail server. my mail server accessed from inside and outside interfaces. I want to limit my internal IP only to work with POP3 "using outlook express or any mail client" from my mail server and deny any request for POP3 from outside mail servers such as hotmail or yahoo. can I do something like that ??? Please advice me ASAP... here is my shortcut of my PIX conf.: static (inside,outside) 62.21.55.68 10.0.0.21 netmask 255.255.255.255 0 0 access-group acl_in in interface inside conduit permit icmp any any conduit permit tcp host 62.21.55.66 eq smtp any conduit permit tcp host 62.21.55.66 eq pop3 any Regards, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16275&t=16275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: blocking PORTS ON PIX!!! [7:16275]
Hi Allen, Actually my point it hot to restrict my outbound POP3 from access the outside mail servers.. I want to block any internal request for external POP3 from accessing that target. you got it?? I hope you may help me in this??? Magdy ""Allen May"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Maybe I missed the point of the question, but just don't open POP3 on the > outside interface for inbound and that will restrict all outside users from > using POP3. Unless inside users pass through the PIX to get to the POP3 > server you won't need to add anything to the PIX to allow inside users POP3 > (or anything else for that matter). The rest of the configuration for mail > server restrictions can be done at the mail server if you want to tighten it > down even further for inside users. > > Hope that helps. > > Allen > > - Original Message - > From: "Magdy H. Ibrahim" > To: > Sent: Thursday, August 16, 2001 7:46 AM > Subject: blocking PORTS ON PIX!!! [7:16275] > > > > Dear All, > > > > I have a question about how to block ports on PIX firewall: > > my case is: I have mail server working behind PIX so I opened POP3 and > SMTP > > ports for this mail server. > > my mail server accessed from inside and outside interfaces. > > I want to limit my internal IP only to work with POP3 "using outlook > express > > or any mail client" from my mail server and deny any request for POP3 from > > outside mail servers such as hotmail or yahoo. > > can I do something like that ??? > > Please advice me ASAP... > > here is my shortcut of my PIX conf.: > > static (inside,outside) 62.21.55.68 10.0.0.21 netmask > > 255.255.255.255 0 0 > > access-group acl_in in interface inside > > conduit permit icmp any any > > conduit permit tcp host 62.21.55.66 eq smtp any > > conduit permit tcp host 62.21.55.66 eq pop3 any > > > > Regards, > > > > Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16293&t=16275 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Content engine question! [7:43101]
Dear All, I am studying this days on How to configure and implement Cisco Content Engine590 on my network... When I browsed Cisco online Guide I found the following regarding Router configuration for HTTP traffice and WCCP version2. I found the following: "The router or switch must be running a version of IOS that supports the Web Cache Communication Protocol (WCCP) Version 2." My question is: How to know if the Router Or switch IOS supports the Web Cache Communicatio Protocol (WCCP) Version2 Please Advice me Regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43101&t=43101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TIME TO STOP RE: 'It's not the US they want to destroy. [7:20111]
Hi Paul and All, I think we have to stop this thread before we convert this List to an other thing not related to our feild.. By the way Karl, I disagree with all attackers and there actions especially the Tuesday Attacks... As muslim man I realised that you have not any knowledge about what you told this list about islam So, it's not fair to say that holy war against Islam amd muslims About the attack... Do you remember the 2 nuclear bombs in the second War?.. The Tuesday attacks excuted by individuals may they are muslims... but they still individuals not all muslims did that... but the two bombs on Japan excuted by the government of USA I mean if we considered these individuals terrorists then we can consider the USA as terrorist country because of the 2 bombs on Jaban in the second war... Please do not forget the USA crimes in Veitnam and 3rd world countries, and do not forget what the Israeli army did with supporting of the USA with teh palestinian peoples... I think you need to study the history with carefully reading to know some thing good about Islam and then talk about it... Again I do not agree with any attack against any one on the earth but you have to be fair when you talk about the others.. Is that clear MR. Karl??? I doubt Regards for the list Magdy Dear Apologist for Genocide I am perfectly entitled to my opinion and I would simply point out that in most of the so called Muslim countries I have been to and seen, intolerance is a watchword for daily life. The usual one party states or army states with a poor and ill educated population mostly led by men who profess their religion and humility before some god and profit greatly from the poor and the disenfranchised. Women are subjugated and mere breeders, young men used as cannon fodder in some so called holy war which turns out to have more in common with a wallet than a valuation of human life. How dare you complain about insults to a so called religion who's members excuse their crimes through some so called god and lies. What am I to expect nowa Fatwah of death (a.k.a. Salman Rushdh) because I have a contary opinion. You intolerance to the "insults" of your so called religion are quite simply unbelievable. I have fought terrorists and been injured as a result, they (the terrorists) always excuse themselves through religion when really criminal behaviour and greed is what they wish to hide. It does not matter whether it is the great sky god of the Roman Catholic faith and the scum of the IRA or the immature rantings of the most recent hate filled Mullah. There is the EVIL. I strongly suggest that those who are apologists for murder and cannot tolerate democracy would be very wise at this juncture to hold their tongues. I can understand why you would not wish this thread to continue as it might draw attention away from the criminal activities of this so called murderous cult. I know much of Islam and know down through history how the concept of Holy War is abused by men time and time again! It is a religion that has not come out of the middle ages and should have been left there. I have the deepest shock at what I have seen and understand clearly how powerless America was at that instant. There was no mercy and the name of Allah was invoked...that was evil and until the Muslim world categorically removes itself from that evil and hands up its criminals/terrorists then at least I and I think many others will judge it to be evil. I'm sorry if some faint hearts found this upsettingthe poor dears..at least they are alive! Karl Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20111&t=20111 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: ARMAGEDON R: TIME TO STOP RE: 'It's not the US they want to [7:20243]
Hey, I thin that we Have to start thinking with proffesional way to find out the real attackers as the following: Have we all forgotten the Benjamin Franklin's prophecy that he had made at the Philadelphia Constitutional Convention of 1787 in which he had pleaded that "If you do not exclude them from these United States, in this constitution, in less than 200 years they will have swarmed here in such great numbers that they will dominate and devour the land and change our form of government, for which we Americans have shed our blood, given our lives, our substance and jeopardized our liberty. If you do not exclude them, in less than 200 years our descendants will be working in the fields to furnish them substance, while they will be in the counting houses rubbing their hands. I warn you, gentlemen, if you do not exclude them for all time, your children will curse you in your graves." Of course we have forgotten these words; otherwise we would have seen the villains through along with their viles. In the midst of the attacks in WTC and Pentagon, we are being led to believe that this kind of operation has been launched by someone from the dark corners of the world putting the whole American intelligence apparatus at bay. Dont we understand as to who exactly are the real beneficiaries of this episode. Look at the precision work with which this operation has been conducted and the way commercial jetliners were rammed into the WTCs; the only parallel we can draw is the Entebbe Operation. This kind of precision and accuracy could have only been achieved by just one country in the world. They knew well that this operation would open the gates of backlash against their archrivals. The Christians have been used in the past, yet they are going to be used again. Every one knows about the plans to blow up the Temple in Jerusalem (Dome of the Rock) to rebuild the temple -it was therefore necessary for the WTC operation planners to arrange it in a way so that their ends are achieved by killing all the birds with one stone. Now the forces of whole of Western Europe and the US are being garnered to strike the East-another series of the Crusades are in the offing, for which there would be the offering of the animal sacrifice with the blood of humanity at large. Grace Halsell had warned in her book, "Forcing God Hands", published by Crossroads International Publishing , Washington DC, about all those millions who are praying for a quick rapture and destruction of planet earth and all those who are anxiously waiting and striving to hasten the Armageddon to happen. Rev. Jerry Falwell had told Pastor's Conference on January 15, 1999 that the Anti Christ - portrayed for some 2000 years as evil incarnate - may be a Jew alive today. Israel is contemplating on the destruction and defiling of the Temple in Jerusalem (i.e. the present Dome of the Rock) and is using the garb of the West-East clash of civilization. It would not have been possible without causing this colossal damage in the NYC and by injecting anger amongst the Americans against the whole Islamic World. We must see through the prism the stark reality and let us not be led through by the mindless zealots. Should America and the Americans become pawns in the Great Game? Are we guinea pigs in the hands of those who are trying to impose their New World Order on us? Let us join hands in fighting these rascals. We must know that who will roost the pigeon in the end? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20243&t=20243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ARMAGEDON R: TIME TO STOP RE: 'It's not the US they want to [7:20248]
Hey take a look on these two articles and tell me your opinion. Have we all forgotten the Benjamin Franklin's prophecy that he had made at the Philadelphia Constitutional Convention of 1787 in which he had pleaded that "If you do not exclude them from these United States, in this constitution, in less than 200 years they will have swarmed here in such great numbers that they will dominate and devour the land and change our form of government, for which we Americans have shed our blood, given our lives, our substance and jeopardized our liberty. If you do not exclude them, in less than 200 years our descendants will be working in the fields to furnish them substance, while they will be in the counting houses rubbing their hands. I warn you, gentlemen, if you do not exclude them for all time, your children will curse you in your graves." Of course we have forgotten these words; otherwise we would have seen the villains through along with their viles. In the midst of the attacks in WTC and Pentagon, we are being led to believe that this kind of operation has been launched by someone from the dark corners of the world putting the whole American intelligence apparatus at bay. Dont we understand as to who exactly are the real beneficiaries of this episode. Look at the precision work with which this operation has been conducted and the way commercial jetliners were rammed into the WTCs; the only parallel we can draw is the Entebbe Operation. This kind of precision and accuracy could have only been achieved by just one country in the world. They knew well that this operation would open the gates of backlash against their archrivals. The Christians have been used in the past, yet they are going to be used again. Every one knows about the plans to blow up the Temple in Jerusalem (Dome of the Rock) to rebuild the temple -it was therefore necessary for the WTC operation planners to arrange it in a way so that their ends are achieved by killing all the birds with one stone. Now the forces of whole of Western Eur ope and the US are being garnered to strike the East-another series of the Crusades are in the offing, for which there would be the offering of the animal sacrifice with the blood of humanity at large. Grace Halsell had warned in her book, "Forcing God Hands", published by Crossroads International Publishing , Washington DC, about all those millions who are praying for a quick rapture and destruction of planet earth and all those who are anxiously waiting and striving to hasten the Armageddon to happen. Rev. Jerry Falwell had told Pastor's Conference on January 15, 1999 that the Anti Christ - portrayed for some 2000 years as evil incarnate - may be a Jew alive today. Israel is contemplating on the destruction and defiling of the Temple in Jerusalem (i.e. the present Dome of the Rock) and is using the garb of the West-East clash of civilization. It would not have been possible without causing this colossal damage in the NYC and by injecting anger amongst the Americans against the whole Islamic World. We must see through the prism the stark reality and let us not be led through by the mindless zealots. Should America and the Americans become pawns in the Great Game? Are we guinea pigs in the hands of those who are trying to impose their New World Order on us? Let us join hands in fighting these rascals. We must know that who will roost the pigeon in the end? NEWS EMBARGO AFTER ISRAELI LINK LEAK Stern-Intel (Canada). A US military intelligence source revealed details of an internal intelligence memo that points to the Israeli Mossad intelligence service having links to the World Trade Center and Pentagon attacks. The intelligence source, who requested his name be withheld, confirmed the internal US intelligence memo circulated four weeks ago described information that pointed to the threat of a covert Israeli operation on US soil to turn mass public opinion against Palestinian Arabs via an apparent terrorist attack on US interests that would give Israel the green light to implement a large scale military onslaught against the Palestinian Arab population. The 11 September attack has been described by experts as being too sophisticated for a lone terrorist group to execute. "This attack required a high level of military precision and the resources of an advanced intelligence agency. In addition, the attackers would have needed to be extremely familiar with both air force one flight operations, civil airline flight paths and aerial assault tactics on sensitive US cities like Washington," Stated David Stern an expert on Israeli intelligence operations. The attacks targeted the Pentagon, World Trade Center towers, with the White House and air force also being targets according to the FBI. "The attacks have certainly turned US public opinion firmly back in Israel's favor after 11 months of Palestinian uprising, heavy criticism of Israel over war crimes allegations and racism by a UN conference in Durban. The at
Re: Telnet on PIX outside interface [7:20271]
Hi, If your inside servers run W2k then you can setup the remote access service on the W2k server and add static command on your PIX with conduit command to permit remote access from outside to your W2k server. then permit telnetting for this server to the inside interface... if you want exactly the command mail me again and I'll be pleased to help.. Bytheway there is no way to telnet on the outside interface... Magdy H. Ibrahim ""NRB"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Guys/Gurus, > > Can anyone please help me in setting up Telnet access on outside interface > of PIX. > I heard that we need to uses IPSec and Cisco VPN client. I do not have VPN > client, > can it still be done. Please help. > > Thanks, > NRB Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20277&t=20271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Telnet on PIX outside interface [7:20271]
I was talking about normal telnetting from outside without extra setting for vpdn/pptp... Just my two cents;-) Regards,, Magdy ""Eric Hoffman"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > With version 5.1, you can setup a vpdn/pptp connection to telnet to the > outside interface of the pix. > > Watch the wrap. > > http://www.cisco.com/warp/public/110/pptppix.html > > > > -Original Message- > From: Magdy H. Ibrahim [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 18, 2001 10:38 AM > To: [EMAIL PROTECTED] > Subject: Re: Telnet on PIX outside interface [7:20271] > > > Hi, > > If your inside servers run W2k then you can setup the remote access service > on the W2k server and add static command on your PIX with conduit command to > permit remote access from outside to your W2k server. then permit telnetting > for this server to the inside interface... > > if you want exactly the command mail me again and I'll be pleased to help.. > Bytheway there is no way to telnet on the outside interface... > > Magdy H. Ibrahim > > > > ""NRB"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Guys/Gurus, > > > > Can anyone please help me in setting up Telnet access on outside > interface > > of PIX. > > I heard that we need to uses IPSec and Cisco VPN client. I do not have > VPN > > client, > > can it still be done. Please help. > > > > Thanks, > > NRB Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20282&t=20271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to make sure that the CE590 are working properly?? [7:56591]
Hi all, I just installed my first CE590 and configured it and connected it to my system... Actually I do not feel a major different changes when I start using it... My question is: - How to make sure that my CE do caching and provide me a good service better than before? - And how to test it to feel it caches the requested which my users asked for I just want to know how to feel better using Content Engine pluged to my System.. Please advise me Regards,, magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56591&t=56591 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Caller ID Conf. How to?? [7:57768]
Hi all, I want your help to run the Caller ID feature on my Cisco 3661 access router.. Do I need to specific version of IOS?? I am running ACS2.6 as my authentication sever, and this ACS able to view the caller id.. the exchange already ran the Caller Id feature on my Dialed number which my clients dial it to access the internet... Also do I need extra conf. to make my cisco 3660 to send the caller id to my ACS2.6??? Please advice me ASAP Thanx in advance Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57768&t=57768 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco CE590 issue! [7:59714]
Hi all, I really looking for someone who can help me in this issue, I have a client I installed cisco ce590 on his site and the CE590 works properly saving rate is about 39%. When I checked its contents by requesting a homepage when the CE connected to the internet and I disconnect my main router and rerequest the same homepage I get an error on my browser tells me this page cannot be displayed... by logic it will display on my browser, because it's already cached on the CE... Is that true??? and if Yes, what must be the problem when I disconnect the main router and request site already cached but my browser give this page cannot be displayed? I faced this problem and I do not know how to fix it... Please help me thanx Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59714&t=59714 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
running Realserver behind PIX to server realplayer in the [7:48909]
Hi all, I have internal LAN behind my PIX firewall with 6.0(1)... My realserver8.0 installed in the internal LAN . I need to allow the outside users using real player to access and run videos and movies... My PIX conf.as the following: fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 no fixup protocol skinny 2000 fixup protocol rtsp 554 fixup protocol rtsp 8554 ! static (inside,outside) 62.32.20.15 10.0.10.1 netmask 255.255.255.255 0 0 conduit permit tcp host 62.32.20.15 eq 554 any conduit permit tcp host 62.32.20.15 eq www any conduit permit tcp host 62.32.20.15 eq 7070 any conduit permit tcp host 62.32.20.15 eq 4040 any conduit permit udp host 62.32.20.15 eq 554 any conduit permit udp host 62.32.20.15 eq www any conduit permit udp host 62.32.20.15 eq 7070 any conduit permit udp host 62.32.20.15 eq 4040 any are there any extra commands I need to add to allow the outside users to access and run the movies and clips which running on the Internal real server 8.0 Please help Best regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48909&t=48909 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACS & PIX [7:50589]
need for more info Magdy ""Mohannad Khuffash"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear all, > > Why not the usage time in the user property not increased when I pass > through the PIX which get Authentication & Authorization and send accounting > to ACS? Not like the dialup access? > > The version of ACS is 3.0 and I have PIX 515. > > > > Thanks for your response. > > > -- > > > > > > > > Mohannad N. Khuffash > Network Administrator > Palestine Telecommunication Company > Tel: 00972-02-2982330 > Fax:00972-02-2980235 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50622&t=50589 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP new version!!! [7:50623]
Dear All, I just want to get more info about what is new in CCNP Version3 and Is there any new materials for thsi version?? Please advise me Best regards,,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50623&t=50623 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ACS2.6 on w2k server with bugs!!! [7:50624]
Hi all, I have ACS2.6 server runs on W2k server used to authenticate my dialup users when they connect to the internet.. few days ago, it started a strange behaves which are: 1- When I tried to modify or editing an existing user to make some changes on his privileges. when I clicked on that user it gives me the add new user window with "NEW USER" statement ... " that user already exist in the ACS user database... 2- some usernames the ACS refused to add them, I do not know why... unless I change it to an other username 3- most times when a user disconnected, and after a while "10 min or more" when this user trys to reconnect again the ACS does not allow him to reconnect unless I purge all the users and they connect again and the Access server where the user connected still show me that the user still logging to the server??? Please is there any solution to fix this problem?? and if I upgrade to ACS3.0 these problems will fixes or those bugs still exist. I need your advices ASAP. Best regards,,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50624&t=50624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ICQ and blocking the thing-PIX [7:52285]
Hi Farhan, Welcome back Farhan;-) That is a good Idea, I tried it with some services and it works fine... But, what if he does not have DNS server?? I mean if his DNS at his ISP Location??? Best regards,, Magdy ""FAhmed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You can try with putting the wrong ip for icq domain in newly created zone > in your dns servers > > Best Regards > Have A Good Day!! > ++ > Farhan Ahmed > MCSE+I, MCP Win2k, CCA, CCDA, CCNA, CSE , CCNP > Network Engineer > Mideast Data Systems Abu Dhabi Uae. www.mdsemirates.com > > Tel: 97126274000Cellular: 971507903578 > ++ > > > Be a builder, not a destroyer!!! > > > > Disclaimer: > Privileged/Confidential Information may be contained in this message or > Attachments hereto. Please advise immediately if you or your employer do > not consent to Internet email for messages of this kind. Errors and > Omissions may occur in the contents of this e-mail arising out of or in > connection with data transmission, network malfunction or failure, machine > or software error, malfunction, or by the person who is sending the email. > Mideast Data Systems accepts no responsibility for any such errors or > omissions Opinions, Conclusions and other information in this message that > do not relate to the Official business of this company shall be understood > as neither given nor Endorsed by it. > > > > -Original Message- > From: Chuck's Long Road [mailto:[EMAIL PROTECTED]] > Sent: Saturday, August 31, 2002 1:20 AM > To: [EMAIL PROTECTED] > Subject: Re: ICQ and blocking the thing-PIX [7:52285] > > > In a complex organization ( complex not meaning size or number of > departments, but in the way people need to work ) one might consider third > party applications such as Web Sense. > > A couple of comments below: > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" > > > > > ""Roberts, Larry"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Try my approach.. > > > > Tell people no and put it in your security policy. They violate the > > policy they get fired.. > > CL: that assumes that 1) the policy will be acceptable to management 2) the > policy will be enforced by management and 3) you have the luxury of being > able to fire people for whatever reason you deem fit, trivial or otherwise. > Even in today's bad economy, companies may not have this luxury. > > > > > Oh wait a minute, I think that goes along with cut-off desktop > > internet access I guess. > > CL: like it or not, internet access at the desktop has become one of those > intangible fringe benefits, right up there with using the photocopier for > personal business, using the telephone for personal business, using the fax > machine for personal business. When was the last time someone got fired for > making persoanl phone calls at work? Or photocopying their tax returns at > work? > > > > > Its is a VERY effective deterrent though don't you think > > CL: sure - IF management enforces it, or even agrees to it > > > > > Or I guess you could also just route your home subnet ( not just your > single > > home IP ) to Null0. > > I have found that effective of blocking sites when I don't have the > ability > > to walk around and see what people are doing... > > > > Trust me, for every way you can find out, I can find a way to block > > it. We may play cat and mouse for a while, but I never tire of it... > > > CL: works really well until the person you block is some Senior vice > President, or one of the top sales people ( read - revenue producers ) in > the company, and makes the claim that the service is absolutely necessary > for success on the job. That's why this stuff has to work at a policy level, > and cannot nor should be considered a matter for firewall administrators to > deal with. > > CL You gots to know your organization. > > > > > > > > Thanks > > > > Larry > > > > > > -Original Message- > > From: mike greenberg [mailto:[EMAIL PROTECTED]] > > Sent: Friday, August 30, 2002 2:18 PM > > To: [EMAIL PROTECTED] > > Subject: RE: ICQ and blocking the thing-PIX [7:52285] > > > > > > If port 80 is open for outbound, I can change the ssh port on my linux > > firewall to listen on port 80 as well As I've said before, the > > only to stop me from IM is to cut off Internet access to my desktop > > completely. Isn't Unix a wonderful thing? > > > > Creighton Bill-BCREIGH1 wrote:>There is no way for you to stop me > > because unless you cut off Internet > > >access on my desktop completely. > > > > Or until SSH port 22 is closed on the firewall > > > > Bill Creighton CCNP > > Senior System Engineer > > Motorola > > iDEN CNRC Packet Data > > > > > > -Original Message- > > From: mike greenberg [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, August 29, 2002 7:50 PM > > To: [EMAIL PROTECTED] > > Subject: Re: ICQ and blocking the thing-PI
AGAIN... aCS2.6 on W2k advanced server with bug!!!! [7:52527]
Dear All, This is my second post regarding ACS2.6 bugs... The problem is: As you know;-) I have an acs2.6 server on W2k advanced server , My users Using it to connect to the internet and sometimes many of my users logged into my network through the acs and when they disconnected from my system, I noticed that they still exist on the acs server , and since i made a single session to my users , they cannot enter again till i make a purge to the user. Please this is a big problem for me so can u help me to solve it? Thanx in advance... Regards,, Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52527&t=52527 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AGAIN... aCS2.6 on W2k advanced server with bug!!!! [7:52530]
Patrick, The problem not Why my users disconnected... this may happened because he ended the session stop using the internet.. etc. The problem is why that user still exist on the ACS server, preventing him from reconnecting again till I purge him from the ACS server So why ACS act such behave?? and how to fix this strange behave?? Thanx Magdy ""Patrick Donlon"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a similar set-up, ACS on Win2k, what do error message do you see in > the event log? > > > ""Magdy H. Ibrahim"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Dear All, > > > > This is my second post regarding ACS2.6 bugs... > > The problem is: > > As you know;-) I have an acs2.6 server on W2k advanced server , My users > > Using it to connect to the internet and sometimes many of my users logged > > into my network through the acs and when they disconnected from my system, > I > > noticed that they still exist on the acs server , and since i made a > single > > session to my users , they cannot enter again till i make a purge to the > > user. > > Please this is a big problem for me so can u help me to solve it? > > > > Thanx in advance... > > > > Regards,, > > > > Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52530&t=52530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AGAIN... aCS2.6 on W2k advanced server with bug!!!! [7:52534]
Patrick, I am using ACS Dbase and when I check the error I found the following: "exceeds maximum session" So, I am wondering, this user not connected, then why he failed to reconnect and why he still exist in the connected users Dbase??? Thanx Magdy ""Patrick Donlon"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Sorry some text dissappeared along the way the group should say "Mapped by > External Authenticaror" > > ""Patrick Donlon"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > If you check the user who is listed in the acs they will be in the group > > . This is normal when you use NT to > > authenticate users by mapping an external db. Why they are can't > re-connect > > should be in the logs (reports then failed attempts), if they have a > > successful authentication then it's somewhere else like you NT > > authentication. > > > > > > ""Magdy H. Ibrahim"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Patrick, > > > > > > The problem not Why my users disconnected... this may happened because > he > > > ended the session stop using the internet.. etc. > > > The problem is why that user still exist on the ACS server, preventing > him > > > from reconnecting again till I purge him from the ACS server > > > So why ACS act such behave?? and how to fix this strange behave?? > > > > > > Thanx > > > > > > Magdy > > > > > > > > > ""Patrick Donlon"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > I have a similar set-up, ACS on Win2k, what do error message do you > see > > in > > > > the event log? > > > > > > > > > > > > ""Magdy H. Ibrahim"" wrote in message > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > Dear All, > > > > > > > > > > This is my second post regarding ACS2.6 bugs... > > > > > The problem is: > > > > > As you know;-) I have an acs2.6 server on W2k advanced server , My > > users > > > > > Using it to connect to the internet and sometimes many of my users > > > logged > > > > > into my network through the acs and when they disconnected from my > > > system, > > > > I > > > > > noticed that they still exist on the acs server , and since i made a > > > > single > > > > > session to my users , they cannot enter again till i make a purge to > > the > > > > > user. > > > > > Please this is a big problem for me so can u help me to solve it? > > > > > > > > > > Thanx in advance... > > > > > > > > > > Regards,, > > > > > > > > > > Magdy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52534&t=52534 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: which exam to appear after routing 640-603 [7:52770]
Congratulations... how did you find it?? And what materials you studied to prepare to this exam. Thanx Magdy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > hi, > i need to know which exam would be more appropreate to appear for after > the routing exam towards the ccnp cert. > > thanks, > > jaffar Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52880&t=52770 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How to make real player from outside to contact real server [7:53542]
Hi All, I have a client wants to create Real server behind Pix firewall and I am trying to make the outside real player to contact the inside server but I failed.. Is there any extra commands more than the following commands on the PIX to allow the ourside clients to communicate with the inside server?? Please advise help me the PIX configuration. fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 no fixup protocol skinny 2000 fixup protocol rtsp 554 fixup protocol rtsp 8554 names FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
