back to back frame relay tunnel using 2 2500 routers? [7:34417]
I am looking for a sample config using 2 2500 routers back to back e0/e0 tunneling, so that the 4 serial interfaces can be configured as one (4 port)frame relay switch. any one know where i can find it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34417&t=34417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
back to back frame relay tunnel using 2 2500 routers? [7:34418]
I am looking for a sample config using 2 2500 routers back to back e0/e0 tunneling, so that the 4 serial interfaces can be configured as one (4 port)frame relay switch. any one know where i can find it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34418&t=34418 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Any w2k syslog server avaiable? [7:64883]
syslog,tftp,ftp 3COM windows utilities found here http://support.3com.com/software/utilities_for_windows_32_bit.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Victor Wibawa Sent: Monday, March 10, 2003 4:53 AM To: [EMAIL PROTECTED] Subject: Re: Any w2k syslog server avaiable? [7:64883] This is for Windows: 1. Kiwi www.kiwisyslog.com/ 2. Solarwinds Syslog server www.solarwinds.net Personally I find kiwi is better... >From: "Richard Campbell" >Reply-To: "Richard Campbell" >To: [EMAIL PROTECTED] >Subject: Any w2k syslog server avaiable? [7:64883] >Date: Mon, 10 Mar 2003 09:00:02 GMT > >Hi.. I used to use unix syslog server to log the cisco device event. But >there is no unix box in my new company. Only w2k. May I know is there any >syslog software avaiable that I can install in W2k? > >Thanks > >_ >Add photos to your messages with MSN 8. Get 2 months FREE*. >http://join.msn.com/?page=features/featuredemail _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 2/25/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 2/25/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64890&t=64883 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Syslog config in router query [7:64692]
Try this, its works for me logging trap debugging logging facility local1 logging 192.168.10.x -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sunny Sent: Saturday, March 08, 2003 2:40 AM To: [EMAIL PROTECTED] Subject: Re: Syslog config in router query [7:64692] Hi Symon, Selcuk & other Cisco Buddies thnx for your reply. Actually we are getting logs for activities such as Status of Link , when I change some route config . PLS LET ME KNOW : 1. To wht extent of details can I get from router if I enable syslogging 2. If I enable Syslog , can I get details of who all tried to telnet the router & what all commands he used in the telnet session ? 3. NAT translations would be logged ? waiting for your reply. Sunny - Original Message - From: Symon Thurlow To: Sandeep Zilpe ; [EMAIL PROTECTED] Sent: Friday, March 07, 2003 1:50 PM Subject: RE: Syslog config in router query [7:64692] I think you might have to set the level of logging, perhaps by default it is only errors? There are seven levels of detail, I think the most is debug, and the least is error. Try logging trap information That should get you some activity (maybe too much) I normally set it to Logging trap warning That gets you warnings (interfaces going up and down etc) and errors. It doesn't tell you when people write the config to memory though, I think information level does that. Symon -Original Message- From: Sandeep Zilpe [mailto:[EMAIL PROTECTED] Sent: 07 March 2003 06:18 To: [EMAIL PROTECTED] Subject: Syslog config in router query [7:64692] Hi, I need help for configuring cisco router ( 1700/2600 ) for syslog I have WINSYSLOG software VER 4.2.35. I have tried with following commands in router. logging on logging 192.168.10.x logging trap logging source-interface fa0. I am not getting any output on syslog server. Same commands if I put in PIX I get proper Syslog output in Syslog server. pls guide. Regards, Sunny = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 2/25/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 2/25/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64993&t=64692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT overload as security [7:66015]
That,s not enough, download and read the cisco security executive summary at the link below for good tips on hardening your router. http://www.nsa.gov/snac/cisco/download.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Doug S Sent: Saturday, March 22, 2003 11:35 PM To: [EMAIL PROTECTED] Subject: NAT overload as security [7:66015] On my home network, I rely almost exclusively on NAT overload for security. Even though I know it's not a security measure, I've yet to hear anyone with a good explanation of why it's not enough, at least for a home network. I know there's a bunch of really bright people here, so if anyone would point out the flaws in my reasoning, I'd love to hear it. Below are some exerpts from an email converstation with a friend that explain how I think about it: --- I mostly rely on NAT overload for security. The only traffic that will be allowed in is traffic for which a translation has been created. Since these translations are only created by outbound traffic, no one from the outside can initiate a connection unless they bypass NAT by using the actual private ip addresses configured on the workstation. To do that, they'de have to have no routers between them and my router (meaning my ATT segment only) as any other router would drop packets for these addresses. To protect against that, I deny traffic for the ip's configured behind the router. access-list 151 deny any 192.168.0.0 0.0.0.255 access-list 151 permit any any (this whole acl could just as well be: access-list 165 permit any host (outside int IP address) access-list 50 permit 192.168.0.0 0.0.0.255 Int e0 ip address 192.168.0.1 255.255.255.0 ip nat inside Int e1 ip address dhcp ip nat outside ip access-group 51 in ip nat inside source list 50 int e1 overload Even though NAT isn't a security feature, I think overload works pretty well for security because no traffic will be allowed in unless an inside host has created a NAT entry by originating the flow. All legitimate flows on a home network are going to be created by CLIENT processes running on the machine, so what do I care if someone tries to connect to that port. What I mean is: 1) I go to surf the web at 200.200.200.200, my workstation uses tcp port 1456 to connect to tcp port 80 2a) tcp port 1456 is taking in traffic only for web browser, which is a client application that's only going to display what's sent back to my browser. 2b) as this traffic passes through the router a NAT entry is created: INSIDE LOCALINSIDE GLOBAL OUSIDE GLOBAL 192.168.0.100:1456 12.228.99.129:1456 200.200.200.200:80 3) A 'hole' has been created that now allows traffic to my workstation. 4) A really good hacker wants to exploit this hole. To do this, s/he's going to have to do a few tricky things: First, since this translation is only going allow traffic only from 200.200.200.200:80 to be sent to 192.168.0.100:1456, s/he's going to have to figure out how to spoof that address/port pair AND get the return traffic back to his machine (if he wants any return traffic there might be) Second, since it's only my web browser, and not some service that's running on port 1456, the only traffic that could possibly even be interpreted on that port would be html. And since that port is maintaining the tcp stream info from the original connection (seq #'s ack's) s/he's going to have to accurately spoof that too. If all this is sucessful, I guess there is malicious html code that s/he could run, but wouldn't it have been easier for the hacker just to put it up on a website and let me click on it myself? To me it seems like NAT overload on home computers meets the security idea of making it more difficult than what it's worth for the hacker. There is no way I would ever rely on this on a production network with services available, themselves initiating connections. I'd really like to hear a security expert's views about these ideas, but so far, no one I've talked to has explained to me a way that a hacker could get past NAT overload. The only two ways I can think of are 1)bypass NAT by using the actual configured ip's of the workstations inside 2)Get you to install software on you're machine that will both create a nat translation to the outside and let them connect back through that translation to a SERVICE that's listening on that port. If they are able to do that, even CBAC isn't going to stop them anyhow. Access lists trying to protect home workstations that are being NAT'ed seem for the most part redundant to me. Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 2/25/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Ver
AUX port PPP dialup link config ? [7:54797]
Hi group, I have a Cisco 2524 connecting my in house network to the Comcast (cable modem network) all works fine. I would like to now add a modem attached to the unused aux port of the 2524, so that I can dial into the router and either get transit out to the internet or access my inside network resources. I have been to the Cisco site, looked through all the Dial up cookbooks, have not found a sample config that suits my needs. Has anyone done this? If so, could you direct me to a link that has a sample config. Thanks!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54797&t=54797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Flash & MEM upgrade for 2500 series question? [7:74298]
I have several 2500 series routers I am using for a practice lab. I want to upgrade them to 16flash/16mem to support the later IOS versions if possible. Does anyone know what the required ROM version is: and how to what ROM version I now have. Also how does one go about getting the required ROM?? Thanks! --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.505 / Virus Database: 302 - Release Date: 7/30/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74298&t=74298 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
access list question [7:74370]
I have an access list (101) on my router that is tied to a cable modem network. The access list contains the following icmp deny statment. It seems to workok. The question is; what the heck does (3/13) mean in the log line?? Thanks!! from access-list 101: access-list 101 deny icmp any any redirect log from the log: list 101 denied icmp 10.132.224.1 -> 68.33.134.253 (3/13), 1 packet --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.505 / Virus Database: 302 - Release Date: 7/30/2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74370&t=74370 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
