PIX and NAT with VPN
I have a PIX firewall that is being used for a VPN as well. The problem is all the inside addresses are being translated to public addresses even when the traffic is destine for the VPN tunnel. I tried the following commands but this seems to block all translations. (real IPs have been replaced for security) access-list nonat permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 nat (inside) 0 access-list nonat global (outside) 1 172.16.10.1 net 255.255.255.255 I also tried using DENY in the access list access-list nonat deny ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 This didn't work either. How can I can the traffic destined for the Internet to be translated and the traffic destined for the VPN not be translated? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Telnet to outside interface on PIX
I current setup VPNs with PIXs and have the hardest time getting the VPN to come up. Usually because the person on the other end doesn't have a clue. Security is on a concern until the VPN is up. I heard that it is possible to telnet to a PIX (not through the PIX, [i.e. NAT] because nothing exist on the other end yet that I could telnet into) through the outside interface. If anyone knows how to do this can you please provide for me some example configs. Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
pix nat
Can someone please tell me what is wrong with this config access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 nat (inside) 0 access-list nonat global (outside) 1 172.16.10.50 255.255.255.255 I get no translation at all. I have permit ip any any access lists on both interfaces and I still can't get anything to translate. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CA Server
Does anyone know where I can download a certificate server that will work with Cisco routers, PIX and Check Point firewall. I am only looking for a shareware or freeware version. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Secondary IP add
I use secondary IPs when the IP scheme is changing (192.168.x.x to 172.16.x.x) and I don't want to take the network down. This way I can change the IPs on the PCs and have no disruption in service. Otherwise I would have to change them all at once and until I did change them they would work. - Original Message - From: "Frank Mendoza" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 20, 2001 7:00 PM Subject: Secondary IP add > Hi there, > > Could someone explain why (in some cases) is required to configure secondary ip add and how to do it?. Is there any good doco (URL) you may point me to. > > Thanks, > > Frank. > > > Are you a web investor? Free email at http://www.webinvestor.com.au > EquityCafe: for web investors. Click here: http://www.equitycafe.com.au > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
2600 Route Processor
I find on Cisco's web page that the 2600 series routers are capable of inter-vlan routing. Does this mean that a 2600 can be used as a route processor for an MLS? Or does it just mean that it can route between vlans because it can has to Ethernet ports? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Secure VPN Client
The Cisco VPN client doesn't work with win2k; however, the company that wrote the client software for Cisco also puts out a product call safe-net (www.ire.com) that will work with win2k. It is almost identical to the Cisco client. I believe that it costs 75$ per seat. Cisco isn't coming out with a client that will work with win2k until March. - Original Message - From: "VanHaaren, Nicole" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "VanHaaren, Nicole" <[EMAIL PROTECTED]> Sent: Thursday, January 11, 2001 5:44 PM Subject: Cisco Secure VPN Client > Has anyone tried using this product? It seems like it will not work with > Windows 2000... I am getting an error when I try to run setup.exe on my > computer. Does anyone have any ideas for a workaround? Maybe a site with > other vpn client software? I can't find a patch or any other info on CCO > regarding compatability with Win2000. > > Thanks in advance for any suggestions. > Nicole > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
switch flow control
There is one thing that confuses me about switches. If you have a switch with a 100Mb port and 10Mb port and the 100 starts sending data to the 10 how does the sending station keep from overflowing the buffer on the switch since there in now flow control at layer 2? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
WS-F5521 or WS-X5530-E2
Could someone please explain to me the difference between these to cards. WS-F5521 and WS-X5530-E2 I looked on Cisco's web site but still can't get a clear picture of what the difference is. They both seem to be supervisor card with NFFC, but the WS-F5521 card is alot less expensive. Why should I by the WS-X5530-E2 when the other is less then half the price. Thanks.
Cisco VPN book
Does anyone know any good books for setting up and configuring Cisco VPNs. Or any other resources.
ubr924
I have a cable router that I am trying to get working in my house, but with no success. The problem is the service provider is not giving me an IP address and the IOS doesn't let me assign one. I believe that the service provider wants to assign it based on the hostname, because that how my PC gets it. Is there a way to send the router's hostname in the DHCP request? Or does anyone know how I can get an IP address on the cable interface. Any help would appreciated? Thanks? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPX on cisco support exam [7:2408]
Does, anyone know how much IPX is covered on the support exam? /Rick Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2408&t=2408 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Queuing over P2P frame-relay [7:2839]
I would like to implement priority queuing form a spoke and hub frame-relay network. I would like to know the best way to day this. I want all branches to have the same queuing strategy. There seems to be two way of doing this. I could place the priority-group to the interface, but I am not sure this will work. The other way is to use the frame-relay command on the sub-interface. Which way is best or is there a better way then both of these. Thanks. /Rick Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2839&t=2839 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Diffie-Hellmen [7:6539]
I am a little confused why Diffie-Hellmen's key exchange is needed for IKE. When I setup ISAKMP, regardless of the authentication I am using I need to supple a key weather pre-share, public/private, or RSA sig. If this is the case why can't the two VPN peer just use this key for setting up the VPN tunnel or vice versa why can't Diffie-Hellmen's key exchange be used instead of the ISAKMP keys. I hope my question is clear. It just seems Diffie-Hellmen is used to create secret keys and I have to create secret key myself to setup IKE. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6539&t=6539 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX 506 [7:6540]
I was told today that the PIX 506 can only support 4 VPN tunnels. It this true and does it include remote access users. I just sold a customer a 506 and he wants to connect 10 salesman to it that have laptop computers. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6540&t=6540 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
vpdn pptp [7:7211]
I am trying to configure a voluntary VPDN tunnel and am having trouble with the example config I got from Cisco's web page. The example is as follows: vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 local name cisco_pns The problem is with the PROTOCOL command. Every router that I have looked has only L2F and L2TP as valid options not PPTP. Is this an error or am I doing something wrong. I have seem this on a bunch of different IOS and on different platforms. Thanks. /Rick Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7211&t=7211 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
what is spare [7:8443]
I have seen many items on Cisco's web page listed a spare with an = sign in the part number. Can some tell me what this means? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8443&t=8443 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RADIUS solution [7:8640]
I have used one called radtac. It works good for me, but I only use it for very simple configs and don't really hit it vary hard, so I can't say much more about it. You can get a full trial version off their web sight that is good for 30 day. (www.radtac.com) /Rick - Original Message - From: "Imran Moin" To: Sent: Thursday, June 14, 2001 7:48 PM Subject: RADIUS solution [7:8640] > Hi all, > > I have to implement a RADIUS solution for my network. > Before researching, i wanted to ask you all if you > have used any product. > > How good is Cisco's Ciscosecure 2.1 > > Thanx in advance. > > Imran. > > __ > Do You Yahoo!? > Spot the hottest trends in music, movies, and more. > http://buzz.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8641&t=8640 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX 506 [7:8799]
I have been using the PIX 506 and have had hardware problems. The unit seems to loose power. The fan stays spinning, but all the LEDs go out and it doesn't function. When it is turned off and back it works for anywhere for 10 to 5 hours, then needs to be power cycled again. I have had this problem with 3 PIX 506's. Cisco has been good about returning them. I just wanted to know if anyone else has experienced these problems. /Rick Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8799&t=8799 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP Phones [7:8898]
I am looking to pass the Cisco IP Telephony and the CVOICE exams. I would like to get a hold of some cheap IP Phone for IP Telephony. Does anyone know where I can get them. I am not interested in quality, just something to test and study with. Thanks. /Rick Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8898&t=8898 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
1750 with VIC [7:14102]
I am having problems telling whether my VIC cards are working in my 1750 router. After the router powers up I see two amber LEDs that never go out. I don't know if they are suppose to stay on or not. I issue the "show voice port" command and I don't see any cards. I also try the global configuration command "voice-port" and I get an error. I also tried "show voice ?" and the only valid command I have is "show voice port". I believe that I show have many show voice commands available. When I do a "show version" I don't see any voice modules listed. I moved the voice card to every slot in the router, but no change. Can someone please tell me how I can verify the cards are working correctly. /Rick Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14102&t=14102 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Call Manager [7:15402]
I am looking to pass the CIPT exam and would like to get a copy of Call Manager. Does anyone know where I can get a copy or maybe a shareware voice or an eval? Thanks. /Rick Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15402&t=15402 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ROM Upgrade
I have an older 2503 router that I want to upgrade the flash memory for. I order 16 and installed it an the router now states that it is incompatible memory. I put is in an new 2503 router and it worked fine. I want to know if I can upgrade the ROM to a newer level if it would be able to use the flash memory that I have for it. And if so were would I get it. Thanks
Windows 2000 CA
Does anyone know if you can use the Certificate Authorities Service that come with Win2k with a Cisco VPN for digital certificates. And if so, what is involved. Thanks. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Catalyst menu and command line
I have a Catalyst 3000 and a Catalyst 1900. I want to use these switches to study for the BCMSN exam. However when I connect to the console port I a presented with a menu and I want to get to the command line to practice commands. Is there a command line option for these switches and if not can I upgrade the software on them to get a command line option. Thanks. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst menu and command line
Thanks for you help the 1900 is working as I want it. However, I download the latest version of software I could find for the Cat 3k and still can't get to a CL. Can you offer any insight on this. Thanks. - Original Message - From: "JEK" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Saturday, July 29, 2000 1:16 PM Subject: Re: Catalyst menu and command line > First of all you will have to have Enterprise IOS Feature set for both > Switches > and then once that's uploaded you and press < CTRL-R > on the 3000 for > CLI Access and then on the 1900 you will be prompted for either CLI or > MENU Management access and you choose.CLI on the 1900 will put you > into user mode and then you can run < en > and then your enable secret > password > and this will be your < priv > mode for the 1900. > > JEK > Senior Network/Hardware/Systems Engineer > > "Rick Holden" <[EMAIL PROTECTED]> wrote in message > 000f01bff8f1$c0928da0$[EMAIL PROTECTED]">news:000f01bff8f1$c0928da0$[EMAIL PROTECTED]... > > I have a Catalyst 3000 and a Catalyst 1900. I want to use these switches > to > > study for the BCMSN exam. However when I connect to the console port I a > > presented with a menu and I want to get to the command line to practice > > commands. Is there a command line option for these switches and if not can > I > > upgrade the software on them to get a command line option. Thanks. > > > > ___ > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > --- > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst menu and command line
Thanks for you help the 1900 is working as I want it. However, I download the latest version of software I could find for the Cat 3k and still can't get to a CL. Can you offer any insight on this. Thanks. - Original Message - From: "JEK" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Saturday, July 29, 2000 1:16 PM Subject: Re: Catalyst menu and command line > First of all you will have to have Enterprise IOS Feature set for both > Switches > and then once that's uploaded you and press < CTRL-R > on the 3000 for > CLI Access and then on the 1900 you will be prompted for either CLI or > MENU Management access and you choose.CLI on the 1900 will put you > into user mode and then you can run < en > and then your enable secret > password > and this will be your < priv > mode for the 1900. > > JEK > Senior Network/Hardware/Systems Engineer > > "Rick Holden" <[EMAIL PROTECTED]> wrote in message > 000f01bff8f1$c0928da0$[EMAIL PROTECTED]">news:000f01bff8f1$c0928da0$[EMAIL PROTECTED]... > > I have a Catalyst 3000 and a Catalyst 1900. I want to use these switches > to > > study for the BCMSN exam. However when I connect to the console port I a > > presented with a menu and I want to get to the command line to practice > > commands. Is there a command line option for these switches and if not can > I > > upgrade the software on them to get a command line option. Thanks. > > > > ___ > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > --- > > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
STP
I have a question on Spanning tree across the core layer. If I have switch stacks that look like the following diagram: 292429242924292429242924292429242924 292429242924292429242924292429242924 292429242924292429242924292429242924 292429242924292429242924292429242924 500050005000500050005000500050005000 6500a6500b If I have two links going to each 6500 from the 5000s and the 6500a switch is the root bridge, then is 6500b switch even going to be used. From my understanding of STP, all traffic is going to go through the root bridge in the even of redundant paths. If this is true then (not that I am downing fault tolerance) it is a waste of a switch that costs thousands of dollars just to sit there and wait for the 6500a switch to go down. Am I getting this correct or is there a way to setup STP so both 6500s get used with about the same load? ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
STP though the core
I have a question on Spanning tree across the core layer. If I have switchstacks that look like the following diagram:2924 2924 2924 2924 2924 2924 2924 2924 29242924 2924 2924 2924 2924 2924 2924 2924 29242924 2924 2924 2924 2924 2924 2924 2924 29242924 2924 2924 2924 2924 2924 2924 2924 29245000 5000 5000 5000 5000 5000 5000 5000 5000 6500a 6500bIf I have two links going to each 6500 from the 5000s and the 6500a switchis the root bridge, then is 6500b switch even going to be used. From myunderstanding of STP, all traffic is going to go through the root bridge inthe even of redundant paths. If this is true then (not that I am downingfault tolerance) it is a waste of a switch that costs thousands of dollarsjust to sit there and wait for the 6500a switch to go down. Am I gettingthis correct or is there a way to setup STP so both 6500s get used withabout the same load?
Multicast software
I am studying for the BCMSN exam and I would like to do some testing with multicasting. Does anyone know were I can download a shareware multicast server and client. Thanks ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
LANE between CAT 3k and CAT 5k [7:23722]
I was able to dig up 2 switches with ATM modules in them and wanted to practice setting up an ATM network between them; however, I can't find any documentation on directly connecting the two switches. I can only fine docu on connecting two switches together with a lightstream between them. Is it possible to configure LANE between the two. If it is possible could someone please provide some example configs for the CAT 5k; the CAT3k only has a legacy menu interface that isn't real hard to figure out. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23722&t=23722 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
