(No Subject)
Hi all, Its a kind of weird problem.I am using a VPN(windowsNT server /PPTP) to connect to my Ofiice network.The VPN connection goes thru fine and I am able to ping my office network as well as Internet.The problem is I am unable to browse the Internet thru browser.Before Connecting to VPN it works fine.This problem is only on Internet explorer 5.0 The above problem is not to be seen in netscape. What is problem and difference between the browsers?Any setting I need to change in Internet explorer? Any help would be appreciated. cheers Ramesh Get your small business started at Lycos Small Business at http://www.lycos.com/business/mail.html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Unable to browse the web after connecting to VPN
Hi all, Its a kind of weird problem.I am using a VPN(windowsNT server /PPTP) to connect to my Ofiice network.The VPN connection goes thru fine and I am able to ping my office network as well as Internet.The problem is I am unable to browse the Internet thru browser.Before Connecting to VPN it works fine.This problem is only on Internet explorer 5.0 The above problem is not to be seen in netscape. What is problem and difference between the browsers?Any setting I need to change in Internet explorer? Any help would be appreciated. cheers Ramesh Get your small business started at Lycos Small Business at http://www.lycos.com/business/mail.html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Oracle Error
Hi, I am trying to install Oracle 8i(8.1.6)on RedHat linux 7.0.(2.2.16-22)The Glib which comes along with RedHat is glibc 2.2 The installation of Oracle is successful.But when I try to create a database I get the following error message. svrmgrl> "ORA-03113 end-of-file on communication channel" svrmgrl> I tried downgrading to glibc2.1 and started the Svrmgrl ..still the result is same.I also tried fresh install of Oracle after downgrading to glibc2.1 ..oracle installation fails. I guess many have faced this problem.Is there any solution for the same.if so what is it? Any help would be highly appreciated. thanks Regards Govind Get 250 color business cards for FREE! at Lycos Mail http://mail.lycos.com/freemail/vistaprint_index.html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CRC error
Hi cisco guru, I have a lease line(connected to serial port).I get about 60% crc error per day on the line.What could be the cause and any solutions? Thanks Regards Ramesh Get FREE Email/Voicemail with 15MB at Lycos Communications at http://comm.lycos.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Don,t scold ,out of cisco topic....
Hi, Some thing strange happend on my exchange server.My exchange server started to send out old mails.To be precise it started to send replicas of message already sent. what is the reason for this kind of strange behaviour and any solution for it? Any help would be appreciated. Sorry to post this here..but thought would get help from this knowledglable group. Thanks Regard Ramesh Get FREE Email/Voicemail with 15MB at Lycos Communications at http://comm.lycos.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NIS+ [7:1342]
I am running NIS+ Root server (solaris 8) on a Intel(#Server1).I have configured the NIS+ server and populated the tables.I have also intialised the Client(#Machine1). When I try to login at client(#Machine1) as usr1 I get a error message "unable to access home directory".But the same works on the server(NIS+ server) where the usr1 was created (#Server1). I have populated the AutoFs tables too. my auto_master: +auto_master /net -hosts /home auto_home my auto_home: +auto_home usr1 server1:/export/home/usr1 usr2 server1:/export/home/usr2 I have also shared the above as NFS share. I assume that NIS+ is working fine as I am able to ping the hosts mentioned in host table of the Nis+ server.The Nsswitch.conf is the template of nsswitch.nisplus on both client and server. Why am I not able to login as usr1 on the client machine(Machine1)?I would appreciate any help on this. Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1342&t=1342 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Snoop details [7:9944]
I did a kind of traffic study on my network and here it goes 1)I get about 2100 broadcast packets in 30minutes.Does that sound a alarm in my network? - 2)Most of the Broadcast of this type... 57 0.03870 10.65.2.192 -> 10.65.2.255 NBT Datagram Service Type=17 Source=CDTOWER[20] ETHER: - Ether Header - ETHER: ETHER: Packet 57 arrived at 14:44:47.57 ETHER: Packet size = 266 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast) ETHER: Source = 0:60:b0:b6:b2:62, ETHER: Ethertype = 0800 (IP) ETHER: IP: - IP Header - IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. = 0 (precedence) IP: ...0 = normal delay IP: 0... = normal throughput IP: .0.. = normal reliability IP: Total length = 252 bytes IP: Identification = 22165 IP: Flags = 0x0 IP: .0.. = may fragment IP: ..0. = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 64 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 091c IP: Source address = 192.65.2.192, 192.65.2.192 IP: Destination address = 192.65.2.255, 192.65.2.255 IP: No options IP: UDP: - UDP Header - UDP: UDP: Source port = 138 UDP: Destination port = 138 (NBDG) UDP: Length = 232 UDP: Checksum = (no checksum) UDP: NBT: - Netbios Datagram Service Header - NBT: NBT: Datagram Packet Type = 0x11 NBT: Datagram Flags = 0x0a NBT: Datagram ID = 0xb367 NBT: Source IP = 192.65.2.192 NBT: Source Port = 138 NBT: Datagram Length = 0x00d2 NBT: Packet Offset = 0x NBT: Source Name = CDTOWER[20] NBT: Destination Name = RND[0] NBT: Number of data bytes remaining = 142 NBT: Is this a normal behaviour or do I need to remove netbeui protocol? 3)Another type od Broadcast packet 509 0.28533? -> (broadcast) ETHER Type= (LLC/802.3), size = 110 bytes 510 1.54573? -> (broadcast) ETHER Type= (LLC/802.3), size = 110 bytes 511 0.72617? -> (broadcast) ETHER Type= (LLC/802.3), size = 110 bytes ETHER: - Ether Header - ETHER: ETHER: Packet 511 arrived at 14:51:52.90 ETHER: Packet size = 110 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast) ETHER: Source = 0:8:c7:d2:4a:ab, ETHER: IEEE 802.3 length = 96 bytes ETHER: Ethertype = (LLC/802.3) ETHER: What is this broadcast packet trying to do?Or how do i debug this for more info. Any help would be appricated Cheers Ramesh Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=9944&t=9944 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Snoop details [7:9944]
More input Today I analzsed the network for 45 minutes of which 5500 packets were caught of which 4100 were Broadcast(1650) and multicast. Does that sound any caution on my network?. The Broadcast and multicast packets header as follows ETHER: - Ether Header - ETHER: ETHER: Packet 88 arrived at 11:20:55.53 ETHER: Packet size = 494 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast) ETHER: Source = 0:10:7b:b6:ee:a0, ETHER: IEEE 802.3 length = 480 bytes ETHER: Ethertype = (LLC/802.3) ETHER: ETHER: - Ether Header - ETHER: ETHER: Packet 89 arrived at 11:20:55.59 ETHER: Packet size = 494 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast) ETHER: Source = 0:10:7b:b6:ee:a0, ETHER: IEEE 802.3 length = 480 bytes ETHER: Ethertype = (LLC/802.3) ETHER: ETHER: - Ether Header - ETHER: ETHER: Packet 90 arrived at 11:20:55.64 ETHER: Packet size = 494 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast) ETHER: Source = 0:10:7b:b6:ee:a0, ETHER: IEEE 802.3 length = 480 bytes ETHER: Ethertype = (LLC/802.3) ETHER: ETHER: - Ether Header - ETHER: ETHER: Packet 91 arrived at 11:20:55.70 ETHER: Packet size = 110 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast) ETHER: Source = 0:10:7b:b6:ee:a0, ETHER: IEEE 802.3 length = 96 bytes ETHER: Ethertype = (LLC/802.3) ETHER: ETHER: - Ether Header - ETHER: ETHER: Packet 92 arrived at 11:20:55.88 ETHER: Packet size = 52 bytes ETHER: Destination = 1:80:c2:0:0:0, (multicast) ETHER: Source = 0:90:ab:ec:f3:5, ETHER: IEEE 802.3 length = 38 bytes ETHER: Ethertype = (LLC/802.3) ETHER: ETHER: - Ether Header - ETHER: ETHER: Packet 93 arrived at 11:20:55.94 ETHER: Packet size = 45 bytes ETHER: Destination = 9:0:7:ff:ff:ff, (multicast) ETHER: Source = 0:60:b0:54:c1:7e, ETHER: IEEE 802.3 length = 31 bytes ETHER: Ethertype = 809B (EtherTalk (AppleTalk over Ethernet)) ETHER: -- On Tue, 26 Jun 2001 12:58:10 Priscilla Oppenheimer wrote: >2100 broadcasts in 30 minutes might be OK, actually. Can you tell us how >much bandwidth they are using? Can you tell us what percentage of the >packets are broadcasts? A rule of thumb that Cisco teaches is that no more >than 20% of your packets should be broadcasts. The main problem with >broadcasts is that they interrupt station CPUs, but with the high-speed of >CPUs these days, that is less of an issue. > >You seem to be running NetBT, which is NetBIOS over TCP/IP. (NetBEUI is >NetBIOS running directly on a data-link, which is not what you are >running.) NetBIOS sends lots of broadcasts. In this example, the server >CDTOWER is sending a broadcast. You need to find out if that is necessary >on your network or not. It seems a bit odd that CDTOWER is sending the >frame directly to RND at the NetBIOS layer but to a broadcast address at >the network and data-link layers. Sometimes a subnet mask misconfiguration >can cause such a problem. Check CDTOWER and RND's configs. > >The last byte of a NetBIOS name tells you what kind of device it is. >CDTOWER ends with x20, which means server, if I remember correctly. RND >ends with 0x0 and I have forgotten what that means and my NetBIOS >documentation is packed away. But you could find this somewhere on the Net >or one of our esteemed colleagues probably knows. > >I don't recognize the other broadcast packets. They have an 802.3 length >field of 0 even though there's data in the packet. It sounds like a bug? >Would it be possible to find the station sending them (0:8:c7:d2:4a:ab) and >check its configuration? > >Priscilla > >At 05:20 AM 6/26/01, Ramesh c wrote: >>I did a kind of traffic study on my network and here it goes >> >>1)I get about 2100 broadcast packets in 30minutes.Does that sound a alarm in >>my network? >> >>- >>2)Most of the Broadcast of this type... >>57 0.03870 10.65.2.192 -> 10.65.2.255 NBT Datagram Service Type=17 >>Source=CDTOWER[20] >> >>ETHER: - Ether Header - >>ETHER: >>ETHER: Packet 57 arrived at 14:44:47.57 >>ETHER: Packet size = 266 bytes >>ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast) >>ETHER: Source = 0:60:b0:b6:b2:62, >>ETHER: Ethertype = 0800 (IP) >>ETHER: >>IP: - IP Header - >>IP: >>IP: Version = 4 >>IP: Header length = 20 bytes >>IP: Type of service = 0x00 >>IP: xxx. = 0 (precedence) >>IP: ...0 = normal delay >>IP: 0... = normal throughput >>IP: .0.. = normal reliability >>IP: Total length = 252 bytes >>IP: Identific
Ethernet multicast [7:10272]
1) Does a Network Interface card support 2^47 ethernet multicast address.If so how are the Addresses generated or stored? 2)How are the Ip Multicast address mapped to Ethernet multicast address? Cheers Get 250 color business cards for FREE! http://businesscards.lycos.com/vp/fastpath/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10272&t=10272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
netflow services [7:35199]
Hi, I got some queries abt Net flow. 1)Which is defined as Flow?Packets between two entites or single packet between entites ? 2)Can net flow be enabled on switches? Cheers Go Get It! Send FREE Valentine eCards with Lycos Greetings http://greetings.lycos.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35199&t=35199 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix question [7:26832]
1) I got a pix in test(all internal) environment (configured as outside,inside and DMZ).Do I need to use NAT to connect to the outside segment from inside or vice versa.Since Pix can act as a router ,will enabling routing solve this purpose without use of NAT.Applying access list later for security. 2)I want to open all the ports of TCP connection for a particular host.How do I go about? cheers Ramesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26832&t=26832 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN between Checkpoint and Pix [7:27787]
Hi guys, Is there any site which give details(Configuration,specs)abt VPN between Pix firewall and checkpt firewall using IPSec. TIA Cheers Ramesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27787&t=27787 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ipsec funda [7:28036]
Folks, I was reading the article about IPSec and thought some of u might enlighten my doubts. As we know IETF had split the IPsec into 2 parts namely Ipsec and IKE. 1)Since IPsec(Ah or ESP)can provide all the Encryption,Authentication and intergrity,do we still need a IKE for creating Encrpytion tunnel? 2)Whats the use of IKE? Is it just used to create the key which Ipsec uses for Encryption or Authentication? Or does itself create the Encryption tunnel and authenticates?. 3)Who does the Encrption and Authentication? cheers Ramesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28036&t=28036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IOS firewall [7:28170]
Hi folx, I got a lease line connected to private network and ethernet port connected to Internet.The router is configured as IOS firewall.I am planning to do a VPN to another office. 1)Can I turn off CBAC and just use the access-list for security purpose? 2)As default Outside cannot reach inside,if i just create an access-list to allow packets from VPN to reach inside..is it safe? 3)Since its cisco devices..which VPN is good CET or IPSEC? Cheers Ramesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28170&t=28170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access-list [7:28188]
Folx, A)I got 2 networks connected by a router.I apply access-group for both in and out of the interface. Is my assumption correct? 1)The access list for "in" would be processed when the packet leaves that interface to diff network? 2)The access list for "out" would be processed when the packet arrives from different network? But in case of Pix..why there is only "in"? cheers Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28188&t=28188 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN [7:21120]
Hi corness, Thanks fer your earlier replies My setup as follows.. pvt network-RouterInternet-Pixpvt network I want to do a VPN between the private networks using ipsec.I am concerned with router side.The s0 (10.1.0.1/24) of router is connected to pvt network and e0(210.11.3.1/24) to internet. I do the following on my router access-list 101 permit 10.1.0.0 255.255.255.0 172.1.0.0 255.255.255.255 crypto ipsec transform-set set1 esp-des esp-sha-hmac crypto map vpn 10 ipsec-isakmp crypto map vpn 10 match-address 101 crypto map vpn set peer 210.14.7.2 crypto map vpn set transform-set set1 isakmp enable e0 isakmp policy 20 isakmp policy 20 encryption des isakmp policy 20 hash md5 isakmp policy 20 authentication rsa-sig isakmp policy 20 group 1 interface e0 crypto map vpn My questions... 1)What kind of static route should I add?(I want only 10.1.0.0 to talk to 172.1.0.0 and vice versa using vpn.Rest all denied) 2)Do I need this if I don`t use nat on my router? route-map nonat permit 10 match ip address 130 3)Will this access list help me with security((i.e)except for 172.1.0.0 all other network cannot reach pvt network)? access_list 140 permit ip 172.1.0.0 0.0.0.0 any access_list 140 deny ip any any acl_group 140 e0 out cheers Ramesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28256&t=21120 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN stuff [7:28289]
Folx, 1)I have set VPN between 2 private networks over the internet.I want to know how the packets are forwarded to the destination Or in other words what really happens on the router when a packet for VPN arrives? I got a static route ip route 0.0.0.0 0.0.0.0 210.23.5.6 2)Do i need to enable ip routing,if I got static routes? Cheers Ramesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28289&t=28289 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access_list [7:28686]
Folks, For network 10.1.0.0/24 ..the access list would be access_list 120 permit ip 10.1.0.0 0.0.0.255 any What would be access list if my network is 10.1.0.0/27? Cheers Ramesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28686&t=28686 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Vpn issue [7:28806]
Folx, Ther serial port of my router is connected to PVT network and ethernet is connected to Internet,throught which i am going to establish VPN(Ipsec). My question are... 1)I am not running nat on my router,do i still need to add the following on my router... access-list 130 deny ip 10.65.0.0 0.0.255.255 172.16.2.11 0.0.0.0 access-list 130 permit ip 10.65.0.0 0.0.255.255 any route-map nonat permit 10 match ip address 130 ip nat pool branch netmask ip nat inside source route-map nonat pool branch overload 2)My PVT network mask is 252...so would my access_list mask would be 0.0.0.3 access_list permit ip 192.168.5.36 0.0.0.3 172.16.3.2 0.0.0.255 Cheers Ramesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28806&t=28806 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SDSL vs ADSL [7:33144]
Folks, 1)Whats difference between ADSL and SDSL? 2)Can I have 2Pcs connected over ADSL or SDSL(Like Windows NT RAS)? 3)Does ADSL or SDSL need special telephone line or the existing line is sufficient? Cheers R Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33144&t=33144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Sun certification Books
Hello group , I am on the look out for Sun Solaris System Administration -I and Sun Solaris System Administration - II books. I prefer Sun Microsystems Course Material. The version is Solaris 7. If anyone of you is willing to sell those books please let me know.I desperately need that. Aslo I am look out for CCNP 2.0 books. Cheers Ramesh Get your FREE Email and Voicemail at Lycos Communications - http://comm.lycos.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Interface BRI0/0:1 disconnected from unknown
Hi ISDN gurus, Please find below the error message i get when i try to connect to my remote router. Both routers are running PPP CHAP authentication. What could be reson for line to get diconnected quickly. BR0/0:1 LCP: TIMEout: Time = 0x34C62A5C State = REQsent BR0/0:1 LCP: O CONFREQ [REQsent] id 196 len 28 BR0/0:1 LCP:AuthProto CHAP (0x0305C22305) BR0/0:1 LCP:MagicNumber 0x45432C9A (0x050645432C9A) BR0/0:1 LCP:MRRU 1524 (0x110405F4) BR0/0:1 LCP:EndpointDisc 1 Local (0x1309016A68656C756D) BR0/0:1 LCP: TIMEout: Time = 0x34C63230 State = REQsent BR0/0:1 LCP: O CONFREQ [REQsent] id 197 len 28 BR0/0:1 LCP:AuthProto CHAP (0x0305C22305) BR0/0:1 LCP:MagicNumber 0x45432C9A (0x050645432C9A) BR0/0:1 LCP:MRRU 1524 (0x110405F4) BR0/0:1 LCP:EndpointDisc 1 Local (0x1309016A68656C756D) BR0/0:1 LCP: TIMEout: Time = 0x34C63A04 State = REQsent BR0/0:1 LCP: O CONFREQ [REQsent] id 198 len 28 BR0/0:1 LCP:AuthProto CHAP (0x0305C22305) BR0/0:1 LCP:MagicNumber 0x45432C9A (0x050645432C9A) BR0/0:1 LCP:MRRU 1524 (0x110405F4) BR0/0:1 LCP:EndpointDisc 1 Local (0x1309016A68656C756D) %ISDN-6-DISCONNECT: Interface BRI0/0:1 disconnected from unknown , call lasted 24 seconds %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down BR0/0:1 LCP: State is Closed BR0/0:1 PPP: Phase is DOWN BR0/0:1 VP: Cleaning already proceeding BRI0/0:1: disconnecting call Send FREE Greetings for Father's Day--or any day! Click here: http://www.whowhere.lycos.com/redirects/fathers_day.rdct ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help on NAT [7:20880]
Hey gurus, I am using NAT in my setup and I find only these entires related to NAT...what is really happening here? interface Ethernet0/0 ip address 10.1.1.1 255.255.255.255 ip nat inside interface serial0 ip address xxx...(Connected to Internet) Anyone can help? Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20880&t=20880 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN [7:21120]
Hey Guys, My setup as follows Internet -- Router PIX -- Internal network We are using a 192.168.x.x network and using NAT to change to valid ip address.So when I need to setup VPN should I use the 192.168.x.x or the Valid Ip address? My internet router config interface FastEthernet0/0 ip address 192.168.y.x 255.255.255.252 ip nat inside interface Serial0/0 ip address 192.168.x.x 255.255.255.240 More which is advisable.. 1)VPN to router or VPN to PIX ? Pls explain in detail... Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=21120&t=21120 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
console break key [7:22027]
Hey guys, I am sure many would done thisplease help me I have connected my SUN SYSTEM serial port A to the laptop serial port and am using hyper terminal for console login.I get console login screen and boot up messages.Everything works fine..I am able to login. My question how do I emulate the stop + A key on the hyper terminal? OR how do I get the OK prompt (if need to boot via cdrom) cheers Ramesh Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=22027&t=22027 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Weird Problem [7:24919]
My setup as follows I got VLAN and my IP range is xxx.xxx.xxx.xxx/25 and gateway being xxx.xxx.yyy.254/20 .I got a Win2k machine with IP address xxx.xxx.xxx.129 and am able to ping the router and other systems. Now I plug in a Sun system with Ip address xxx.xxx.xxx.130 ,also specify /etc/defaultrouter xxx.xxx.yyy.254 and I am UNABLE to ping router or any other system.But am able to ping the Win2K system. Other hand if I put my SUN system as DHCP..I am able to get IP address(different subnet address) and ping default router. Since i thought subnet address might be out of range I put in another Win2k system and assinged the xxx.xxx.xxx.130 and it works fine. Why is the variation between WIN2K and Sun system and would appreciate any solution?Do I need to do any thing on Sun system for it to see the default on other subnet? My /etc/netmask file is intact. Cheers Ramesh Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24919&t=24919 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix questions [7:57686]
1)I got traffic flowing from outside to dmz.I got a mail server sitting on the dmz. access-list acl_outside permit tcp any host mail eq smtp Do I need to the following?or just the access-list will do? static (dmz,outside) mail mail netmask 255.255.255.255 0 2)Can inside access DMZ without nat commands?.Meaning can pix act as a router? __ Outgrown your current e-mail service? Get 25MB Storage, POP3 Access, Advanced Spam protection with LYCOS MAIL PLUS. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57686&t=57686 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix question [7:57869]
Configuration nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 interface ethernet0 10baset interface ethernet1 10baset interface ethernet0 100basetx ip address outside 209.165.201.2 255.255.255.248 ip address inside 192.168.7.0 255.255.255.0 ip address dmz 172.16.1.0 255.255.255.0 hostname pixfirewall arp timeout 14400 no failover names pager lines 24 logging buffered debugging access-list acl_out permit tcp any host 209.165.201.19 access-group acl_out in interface outside route outside 0.0.0.0 0.0.0.0 209.165.201.1 1 access-list ping_acl permit icmp any any access-group ping_acl in interface inside access-group ping_acl in interface dmz access-list acl_out permit icmp any any timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 My question is ,can my systems from inside initiate connection to dmz with the above configuration?.meaning can the Pix act as a router?Since i read inside can initiate connection to dmz or outside by default _ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57869&t=57869 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN Question? [7:59043]
Hi folks, My set up as follows Host A-(in)PixA(out)Internet---(out)PixB(in)HostB I have a VPN using Ipsec between Pix A and Pix B.Do I need to have a Static (inside,outside)to hostB for hostA to connect or Pix B would default route the packet to hostb. nat 0 access-list 80 access-list 80 permit ip 10.0.0.0 255.0.0.0 192.168.12.0 255.255.255.0 how does the VPn tunnel work? _ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59043&t=59043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN within intranet? [7:59284]
Can I have a VPN within my organization.my setup as follows HostAin(PIX-A)dmz-out(Pix-B)dmz-HostB Can I have a VPN established between dmz of PIX A and outside of PIX B.both are in same segment (172.16.1.xxx)Let me know if u got any example.Just for testing _ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59284&t=59284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IPsec basics?? [7:59358]
Folks, Would appreciate if anyone can explain the basics of VPN(Ipsec). I got a Ipsec running between two pix.What really happens when a packet arrives at the interface?I need the entire process... Cheers _ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59358&t=59358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPsec basics?? [7:59358]
Oops,Guess we deviated from the actual question.Would appreciate if anyone could anwser the same. Cheers -- On Tue, 17 Dec 2002 18:04:44 Daniel Cotts wrote: >You are providing a config that shows the "WAN" link that connects the two >routers. Do you also have a "LAN" side to each of those routers? That is >where your host computers would reside. The addresses for the "LAN" are what >is expected in access-list 100. Sort of FastEthernet 0/1 ip address >172.16.1.1 etc. Maybe use 172.16.2.1 on the other router's LAN. >access-list 100 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 >If you do a test ping to open the VPN tunnel use an extended ping with the >source address of your "LAN" interface. More fun to use PCs on each end. >HTH > >> -Original Message- >> From: Selcuk Kardes [mailto:[EMAIL PROTECTED]] >> Sent: Tuesday, December 17, 2002 11:09 AM >> To: [EMAIL PROTECTED] >> Subject: Re: IPsec basics?? [7:59358] >> >> >> Hi Alaerte, >> >> http://www.cisco.com/warp/public/707/17.html#Sec3.1 >> this link and your suggested configuration and also my >> confuguration are >> all same ... >> but my confuguration doesn't work . >> i am working >> >> thanks for help... >> Selcuk >> >> my configuration is: >> >> Current configuration: >> ! >> version 12.1 >> hostname test >> crypto isakmp policy 1 >> authentication pre-share >> lifetime 3000 >> crypto isakmp key cisco address 192.168.2.70 >> ! >> ! >> crypto ipsec transform-set mytransform esp-des esp-md5-hmac >> ! >> crypto map mycrypto 10 ipsec-isakmp >> set peer 192.168.2.70 >> set transform-set mytransform >> match address 100 >> ! >> interface FastEthernet0/0 >> ip address 192.168.2.69 255.255.255.192 >> duplex auto >> speed auto >> crypto map mycrypto >> ! >> ip classless >> ip route 0.0.0.0 0.0.0.0 192.168.2.97 >> no ip http server >> ! >> access-list 100 permit ip host 192.168.2.69 host 192.168.2.70 >> >> >> [EMAIL PROTECTED] wrote: >> >> >Hi, >> > >> >Here is an example: >> > >> >crypto isakmp policy 1 >> > authentication pre-share >> > lifetime 3000 >> >crypto isakmp key cisco address 192.168.14.2 >> >! >> >crypto ipsec transform-set mytransform esp-des esp-md5-hmac >> >! >> >crypto map mycrypto local-address Serial0.14 >> >crypto map mycrypto 10 ipsec-isakmp >> > set peer 192.168.14.2 >> > set transform-set mytransform >> > match address 100 >> >! >> >interface Loopback1 >> > ip address 1.1.1.1 255.255.255.0 >> >! >> >interface Serial0.14 point-to-point >> > ip address 192.168.14.1 255.255.255.0 >> > frame-relay interface-dlci 114 >> > crypto map mycrypto >> >! >> >router ospf 1 >> > log-adjacency-changes >> > network 0.0.0.0 255.255.255.255 area 0 >> >! >> >ip classless >> >ip http server >> >! >> >access-list 100 permit icmp host 1.1.1.1 host 4.4.4.4 >> > >> > >> >Regards, >> > >> >Alaerte >> > >> > >> > >> > >> > >> > >> > >> >"Selcuk Kardes" @groupstudy.com em 17/12/2002 >> >08:11:51 >> > >> >Favor responder a "Selcuk Kardes" >> > >> >Enviado Por: [EMAIL PROTECTED] >> > >> > >> >Para: [EMAIL PROTECTED] >> >cc: >> > >> >Assunto:Re: IPsec basics?? [7:59358] >> > >> > >> >hi, >> >i am trying now to run ipsec between two router >> >is there anybody have basic running konfigurasyon >> >now i am looking cisco's ipsec pages >> >but yet i can't accomplisht this issue >> > >> > >> >ramesh c wrote: >> > >> > >> > >> >>Folks, >> >>Would appreciate if anyone can explain the basics of VPN(Ipsec). >> >> >> >>I got a Ipsec running between two pix.What really happens >> when a packet >> >>arrives at the interface?I need the entire process... >> >> >> >>Cheers >> >> >> >> >> >>_ >> >>Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. >> >>http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus >> >> >> >> >> >Virus taramasi Is Net tarafindan yapilmistir. >> >This e-mail is checked by Is Net against all known types of viruses. >> >Is Net'in YILBASI HEDIYE kampanyasini duymus muydunuz? >> >http://www.isnet.net.tr/hediyesepeti/index2.html _ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59458&t=59358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
icmp messages [7:60602]
I got access list as follows on my router access-list 100 permit icmp host any host xyz ttl-exceed access-list 100 deny icmp any any when I do a traceroute from host xyz,I get reply only from some hosts .The Hitcounts on deny icmp icmp increases.the access-group is applied to the "in" Am I missing any other icmp messages?Is there a way to allow all icmp messages for the host? Cheers _ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60602&t=60602 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
