Re: [RE: tough VPN question]
Does anybody know if a Altiga Client software will work with PIX? If it does, Altiga client has options for WINS settings. Sam > I beleive your problem is WINS lookup. > Create a LMHOST file without any extension. > Write following line in your file > > #PRE #DOM > Do not Include < > signs, Just replace the words. > DONT forget NO EXTENSION to file. > Save file in WINNT\SYSTEM32\Drivers\ETC directory. > You have to copy this file on every PC. the same folder. > Good luck > MK > CCNA, MCSE, CNE > > > "Scott Morris" <[EMAIL PROTECTED]> wrote: > > Your problem is likely the propgation of broadcasts... Or lack thereof. > > One thing you can do (I'm assuming you have a router before (LAN-side) the > > PIX) is set up an ip-helper address to forward UDP-level broadcasts (like > > 138/139 Netbios) to the NT server. > > > > The other thing you can do is bypass that broadcast thought process by > using > > LMHosts files on the workstations at the branch office. That will pre-load > > (if you use the #PRE designation) the NetBIOS cache and give you IP > > addresses to go to. So if you have IP reachability, things will work just > > fine then. > > > > In LMHOSTS. : > > > > (ip address) (Netbios name) #PRE #DOM:(domain name if domain controller) > > > > Also, to refresh without rebooting the PCs, "nbtstat -R" > > > > Hope this helps! > > > > Scott > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Jim Bond > > Sent: Thursday, December 07, 2000 1:19 AM > > To: [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED] > > Subject: tough VPN question > > > > > > Hello, > > > > I'm trying to set up a IPSec between a PIX (branch > > office) and router (central office). All PCs at branch > > office share 1 ip address. IPSec seems to be working > > fine because clients can ping/telnet/email/map drives > > from/to central office. The problem is they can't > > logon NT domain. They can ping domain controller > > though. > > > > Any idea why they can't log on NT domain? (The > > machines were already added to domain) > > > > Thanks in advance. > > > > > > Jim > > > > __ > > Do You Yahoo!? > > Yahoo! Shopping - Thousands of Stores. Millions of Products. > > http://shopping.yahoo.com/ > > > > ___ > > To unsubscribe from the CCIELAB list, send a message to > > [EMAIL PROTECTED] with the body containing: > > unsubscribe ccielab > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > Get free email and a permanent address at http://www.netaddress.com/?N=1 > > ___ > To unsubscribe from the CCIELAB list, send a message to > [EMAIL PROTECTED] with the body containing: > unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: urgent PIX help
PIX 5.21 code is out now. It supports hiding behind interface IP address. Sam > Hello, > > I have only 1 ip address assigned by my ISP, how can I > use PIX to do NAT? Looks like PIX requires at least 2 > outside ip addresses, one for outside interface, one > for PAT. Is there a way to use only 1 ip address? > > Thanks in advance. > > > Jim > > __ > Do You Yahoo!? > Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! > http://photos.yahoo.com/ > > ___ > To unsubscribe from the CCIELAB list, send a message to > [EMAIL PROTECTED] with the body containing: > unsubscribe ccielab > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: urgent PIX help AGAIN
YES. PIX506 is made for small office with less than 10 computers. If you have more, keep DHCP services on your NT or Novell server. Sam > Thank you! > > One more question: when I configure PIX as DHCP > server, it only allows 10 addresses in the pool. > Here is what I got: > > pixfirewall(config)# dhcpd address > 10.1.1.101-10.1.1.150 inside > Number of addresses exceeds limit > > Is 10 max? > > Thanks in advance. > > > > Jim > > --- Todd Plambeck <[EMAIL PROTECTED]> wrote: > > In the new version of PIX software 5.2(1) you can > > nat to an interface. > > Instead of the old command "global (outside) 1 > > x.x.x.x" use the command > > " global (outside) 1 interface ". You can read up on > > this new feature at: > > > > > http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/pixrn522.h tm#xtocid752631 > > > > I hope this helps. > > > > Todd > > CCNP/CCDP > > > > Jim Bond wrote: > > > > > Hello, > > > > > > I have only 1 ip address assigned by my ISP, how > > can I > > > use PIX to do NAT? Looks like PIX requires at > > least 2 > > > outside ip addresses, one for outside interface, > > one > > > for PAT. Is there a way to use only 1 ip address? > > > > > > Thanks in advance. > > > > > > Jim > > > > > > __ > > > Do You Yahoo!? > > > Yahoo! Photos - 35mm Quality Prints, Now Get 15 > > Free! > > > http://photos.yahoo.com/ > > > > > > **NOTE: New CCNA/CCDA List has been formed. For > > more information go to > > > http://www.groupstudy.com/list/Associates.html > > > _ > > > UPDATED Posting Guidelines: > > http://www.groupstudy.com/list/guide.html > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com > > > Report misconduct and Nondisclosure violations to > > [EMAIL PROTECTED] > > > > > __ > Do You Yahoo!? > Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! > http://photos.yahoo.com/ > > ___ > To unsubscribe from the CCIELAB list, send a message to > [EMAIL PROTECTED] with the body containing: > unsubscribe ccielab > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX PPTP, no NAT
Looks like we have conflct of definations here. Whatever everybody thinks about the device is not that important. The guy who posted message might be looking for an answer to his problem rather than learning defination of router. Rather than fighting over defination let's help him. Sam > If your APC power strip had more than one interface and could route packets > between the interfaces then 'yes.' > > At 09:44 AM 10/30/00 -0800, Jay Hennigan wrote: > >On Mon, 30 Oct 2000, Andrew wrote: > > > > > The PIX absolutely has default route statements. 'ip route outside|inside' > > > >True. My APC power strip has a default route statement, does that make > >it a router? > > > >If you try not to think of a PIX as a router, it will be a lot easier to > >understand. Yes, it moves IP packets from one interface to another under > >certain defined conditions. Routers also do this. So do proxy servers. > > > >But, you still need the static (inside,outside) for non-NAT applications > >where the outside will be allowed certain conduits to the inside. And, > >for non-NAT the inside and outside interfaces are in the same subnet. > > > >The PIX documentation is pretty good. The description under "static" in > >the command reference addresses this. > > > >Without NAT, the interfaces are in the same subnet, no routing. With NAT, > > What are you talking about? If there is NO NAT that does not mean they are > on the SAME subnet. As a matter of fact you can't HAVE the interfaces in > the same subnet. > > >there's address translation taking place, but not what one would normally > >think of as routing. The PIX is capable of recognizing whether a destination > >is part of an interface's local subnet and if not forwarding it to a gateway. > > > >But, packets arriving on the outside interface with a destination of an > >inside (higher security) interface are not handled by routing. The outside > >network is unaware of the existence of the inside network without a static > >mapping. This static mapping can be to a different address with NAT. This > >isn't what I'd call routing. The static mapping can also be to the same > >address without NAT, in which case both interfaces are in the same network. > >This, IMHO, isn't routing either. > > > >-- > >Jay Hennigan - Network Administration - [EMAIL PROTECTED] > >NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ > >WestNet: Connecting you to the planet. 805 884-6323 > > ___ > To unsubscribe from the CCIELAB list, send a message to > [EMAIL PROTECTED] with the body containing: > unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX PPTP, no NAT
PIX is in lab exam for ISP-Dial not R/S. Sam - Original Message - From: "George Spahl" <[EMAIL PROTECTED]> To: "Sam Munzani" <[EMAIL PROTECTED]>; "Andrew" <[EMAIL PROTECTED]>; "Jay Hennigan" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, October 30, 2000 1:13 PM Subject: Re: PIX PPTP, no NAT > I don't think this is just splitting hairs, I think the question (what was > it again??) is being answered. I think Jay's explanations have been right > on target and are an aid in gaining an understanding of how the PIX works. > I'm surprised it isn't on the lab exam yet. > George > > At 12:19 PM 10/30/00 -0600, Sam Munzani wrote: > >Looks like we have conflct of definations here. Whatever everybody thinks > >about the device is not that important. The guy who posted message might be > >looking for an answer to his problem rather than learning defination of > >router. Rather than fighting over defination let's help him. > > > >Sam > > > > > >> If your APC power strip had more than one interface and could route > >packets > >> between the interfaces then 'yes.' > >> > >> At 09:44 AM 10/30/00 -0800, Jay Hennigan wrote: > >> >On Mon, 30 Oct 2000, Andrew wrote: > >> > > >> > > The PIX absolutely has default route statements. 'ip route > >outside|inside' > >> > > >> >True. My APC power strip has a default route statement, does that make > >> >it a router? > >> > > >> >If you try not to think of a PIX as a router, it will be a lot easier to > >> >understand. Yes, it moves IP packets from one interface to another under > >> >certain defined conditions. Routers also do this. So do proxy servers. > >> > > >> >But, you still need the static (inside,outside) for non-NAT applications > >> >where the outside will be allowed certain conduits to the inside. And, > >> >for non-NAT the inside and outside interfaces are in the same subnet. > >> > > >> >The PIX documentation is pretty good. The description under "static" in > >> >the command reference addresses this. > >> > > >> >Without NAT, the interfaces are in the same subnet, no routing. With > >NAT, > >> > >> What are you talking about? If there is NO NAT that does not mean they > >are > >> on the SAME subnet. As a matter of fact you can't HAVE the interfaces in > >> the same subnet. > >> > >> >there's address translation taking place, but not what one would normally > >> >think of as routing. The PIX is capable of recognizing whether a > >destination > >> >is part of an interface's local subnet and if not forwarding it to a > >gateway. > >> > > >> >But, packets arriving on the outside interface with a destination of an > >> >inside (higher security) interface are not handled by routing. The > >outside > >> >network is unaware of the existence of the inside network without a > >static > >> >mapping. This static mapping can be to a different address with NAT. > >This > >> >isn't what I'd call routing. The static mapping can also be to the same > >> >address without NAT, in which case both interfaces are in the same > >network. > >> >This, IMHO, isn't routing either. > >> > > >> >-- > >> >Jay Hennigan - Network Administration - [EMAIL PROTECTED] > >> >NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ > >> >WestNet: Connecting you to the planet. 805 884-6323 > >> > >> ___ > >> To unsubscribe from the CCIELAB list, send a message to > >> [EMAIL PROTECTED] with the body containing: > >> unsubscribe ccielab > > > >___ > >To unsubscribe from the CCIELAB list, send a message to > >[EMAIL PROTECTED] with the body containing: > >unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Need Advice
No offence but I thought this group was specific to lab. Sam > Dear Friends, > > Lemme introduce myself briefly > I am from a non technical background and would like to get into > networking world...I have already started taking some networking courses in > UCSC-ext... > > All i wanted to know is it possible fr a non technical guy like me to make > it to the networking world...and if the answer is yes then... > what should be my plan of Action... > > Please Advice... > Thx > Javed > > > > > > > _ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > Share information about yourself, create your own public profile at > http://profiles.msn.com. > > ___ > To unsubscribe from the CCIELAB list, send a message to > [EMAIL PROTECTED] with the body containing: > unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX security manager
Upgrade to new version. It's on CCO. - Original Message - From: "zhencai" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, September 07, 2000 12:45 AM Subject: PIX security manager > Dear friends, > > I'm trying to load PIX security manger 1.1 on a NT4 (SP5) machine but it > asked for SP4. I tried to modify NT registry to make security manager think > it's dealing with SP4 but no success. Is there a work around? I hate to > reload everything. > > Thanks a lot. > > > Zhen Cai > > ___ > To unsubscribe from the CCIELAB list, send a message to > [EMAIL PROTECTED] with the body containing: > unsubscribe ccielab > ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
