RE: Cisco 806 ? [7:73613]
Why don't you consider the VPN Concentrator 3002 Hardware Client. It offers LAN-to-LAN VPN capabilities, can be remotely upgraded automatically, etc. You can even get one with an 8-port 10/100 switch for the small locations. The CVPN3002-8E-BUN-K9 lists for $1,195. It cost more than a 831, at $649, but it does come with the 8-port switch... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Herold Heiko [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 6:10 AM To: [EMAIL PROTECTED] Subject: RE: Cisco 806 ? [7:73613] VPN client won't be possible for this project (no software installation, need vpn lan to lan). Pix can't be used due to managerial issues, doesn't like them :(. So the only remaining possibilities (beside stuff like D-Link I really wouldn't bet my security on) are routers or possibly a nokia fw-1 box. 400kb/s should probably be ok, otherwise a 831 will be more than enough I think. I'll discover soon if my testing budget gets approved, I'd hate to research and drool and then later hear "we'll outsource this" just when I hope to get hands-on experience on this stuff :(. Bye Heiko -- -- PREVINET S.p.A. www.previnet.it -- Heiko Herold [EMAIL PROTECTED] -- +39-041-5907073 ph -- +39-041-5907472 fax > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 07, 2003 11:30 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: Cisco 806 ? [7:73613] > > > Just let them go on performance, not on command set? > > I remember about 400Kb/s 3des for the 806/820's > the 830's should do 2Mb/s for 3des. > > 1700's VPN bundle carry a xtra crypto card. At least 2Mbit. > Watch for the > amount of VPN connections, too many access-lists's etc. (cpu power) > > A pix 501 or small vpn client could also do the job? > > Martijn > > -Oorspronkelijk bericht- > Van: Herold Heiko [mailto:[EMAIL PROTECTED] > Verzonden: donderdag 7 augustus 2003 11:04 > Aan: Jansen, M; [EMAIL PROTECTED] > Onderwerp: RE: Cisco 806 ? [7:73613] > > > No, it is unrelated - I just remembered the 1000 series being limited > (regarding at least NTP) and feared the 800 series, being the > replacement > for the 1000 series, could have the same limitations. > > Heiko > > -- > -- PREVINET S.p.A. www.previnet.it > -- Heiko Herold [EMAIL PROTECTED] > -- +39-041-5907073 ph > -- +39-041-5907472 fax > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 07, 2003 10:51 AM > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: RE: Cisco 806 ? [7:73613] > > > > > > What about NTP? Should it read NAT? > > > > Martijn > > > > -Oorspronkelijk bericht- > > Van: Herold Heiko [mailto:[EMAIL PROTECTED] > > Verzonden: donderdag 7 augustus 2003 8:10 > > Aan: [EMAIL PROTECTED] > > Onderwerp: RE: Cisco 806 ? [7:73613] > > > > > > Thanks! > > I just wanted to double check - some hears ago I got burnt in > > a similar > > situation, with a 1003 and (no) NTP if I remember correctly. > > Heiko > > > > -- > > -- PREVINET S.p.A. www.previnet.it > > -- Heiko Herold [EMAIL PROTECTED] > > -- +39-041-5907073 ph > > -- +39-041-5907472 fax > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, August 07, 2003 8:04 AM > > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > > Subject: RE: Cisco 806 ? [7:73613] > > > > > > > > > It does. It is IOS. Just do your CLI thing. > > > > > > Martijn > > > > > > -Oorspronkelijk bericht- > > > Van: Herold Heiko [mailto:[EMAIL PROTECTED] > > > Verzonden: woensdag 6 augustus 2003 17:21 > > > Aan: [EMAIL PROTECTED] > > > Onderwerp: Cisco 806 ? [7:73613] > > > > > > > > > Hi, > > > > > > for some tests I need something cheap to play with, having 2 > > > eth, vpn and > &g
RE: Cisco 806 ? [7:73613]
No sntp time source was available if I remember correctly, only novell
clients and servers, possibly a sco server several (isdn!) hops away.
Details are hazy now and I don't have access to the notes anymore since I
switched work some years ago, but I remember we had to live with an unsynced
clock and use the old "now the router says it's x o'clock so that log is
really from y o'clock" differential timing :(.
I think at that time on the remote network were only old netboot msdos
novell clients and we could not bring up the isdn line in order to sync the
clock or something like that. Hmm can't be, it would have synced happily
with sntp at least whenever the line was up, there must have been some other
reason. Possibly incompetence on our side :)
Heiko
--
-- PREVINET S.p.A. www.previnet.it
-- Heiko Herold [EMAIL PROTECTED]
-- +39-041-5907073 ph
-- +39-041-5907472 fax
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 07, 2003 11:10 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: Cisco 806 ? [7:73613]
>
>
> Use SNTP?
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios12
> 1/121cgcr/fun_
> r/frprt3/frd3003.htm#1020770
>
>
> sntp server
> To configure a Cisco 1003, Cisco 1004, Cisco 1005, Cisco
> 1600, Cisco 1720,
> Cisco 1750, or Cisco 800 router to use the Simple Network
> Time Protocol
> (SNTP) to request and accept Network Time Protocol (NTP)
> traffic from a
> stratum 1 time server, use the sntp server global
> configuration command. The
> no form of the command removes a server from the list of NTP servers.
>
> sntp server {address | hostname} [version number]
> no sntp server {address | hostname}
> Syntax Description
>
> address
> IP address of the time server.
>
> hostname
> Host name of the time server.
>
> version number
> (Optional) Version of NTP to use. The default is 1.
>
>
>
> Defaults
>
> The router does not accept SNTP traffic from a time server.
>
> Command Modes
>
> Global configuration
>
> Command History
>
> Release Modification
> 11.2
> This command was introduced.
>
>
>
> Usage Guidelines
>
> SNTP is a compact, client-only version of the NTP. SNMP can
> only receive the
> time from NTP servers; it cannot be used to provide time
> services to other
> systems.
>
> SNTP typically provides time within 100 milliseconds of the
> accurate time,
> but it does not provide the complex filtering and statistical
> mechanisms of
> NTP. In addition, SNTP does not authenticate traffic, although you can
> configure extended access lists to provide some protection.
>
> Enter this command once for each NTP server.
>
> You must configure the router with either this command or the
> sntp broadcast
> client command in order enable SNTP.
>
> SNTP time servers should operate only at the root (stratum 1)
> of the subnet,
> and then only in configurations where no other source of
> synchronization
> other than a reliable radio or modem time service is
> available. A stratum 2
> server cannot be used as an SNTP time server. The use of SNTP
> rather than
> NTP in primary servers should be carefully considered.
>
> Examples
>
> The following example enables the router to request and
> accept NTP packets
> from the server at 172.21.118.9 and shows sample show sntp
> command output:
>
> Router(config)# sntp server 172.21.118.9
> Router(config)# end
> Router#
> %SYS-5-CONFIG: Configured from console by console
> Router# show sntp
> SNTP server Stratum Version Last Receive
> 172.21.118.9 5 3 00:01:02Synced
> Related Commands
>
> Command Description
> show sntp
> Shows information about the SNTP on a Cisco 1003, Cisco
> 1004, Cisco 1005,
> Cisco 1600, Cisco 1720, or Cisco 1750 router.
>
> sntp broadcast client
> Configures a Cisco 1003, Cisco 1004, Cisco 1005, Cisco 1600,
> Cisco 1720, or
> Cisco 1750 router to use the SNTP to accept NTP traffic from
> any broadcast
> server.
>
>
>
>
> Martijn
>
>
> -Oorspronkelijk bericht-
> Van: Herold Heiko [mailto:[EMAIL PROTECTED]
> Verzonden: donderdag 7 augustus 2003 11:04
> Aan: Jansen, M; [EMAIL PROTECTED]
> Onderwerp: RE: Cisco 806 ? [7:73613]
>
>
> No, it is unrelated - I just remembered the 1000 series being limited
> (regarding at least NTP) and feared the 800 series, being the
> replacement
> for the 1000 series, could have the same limitations.
>
> Heiko
>
> --
> -- PREVINET S.p.A. www.previnet.it
> -- Heiko Herold [EM
RE: Cisco 806 ? [7:73613]
It does. It is IOS. Just do your CLI thing. Martijn -Oorspronkelijk bericht- Van: Herold Heiko [mailto:[EMAIL PROTECTED] Verzonden: woensdag 6 augustus 2003 17:21 Aan: [EMAIL PROTECTED] Onderwerp: Cisco 806 ? [7:73613] Hi, for some tests I need something cheap to play with, having 2 eth, vpn and (static) nat capability. Could anybody confirm if a 806 with a "IP/FW PLUS 3DES" image does support IPSEC and NAT at the same time ? >From the docs I'd say it does support both but can I have a vpn tunnel, and nat inside the local network, and nat outside the remote (on the other end of the tunnel) network ? The other endpoint would be a pix or a fw-1 although that shouldn't matter. Couldn't find any configrmation of this in the docs :( Thanks Heiko -- -- PREVINET S.p.A. www.previnet.it -- Heiko Herold [EMAIL PROTECTED] -- +39-041-5907073 ph -- +39-041-5907472 fax **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73642&t=73613 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Cisco 806 ? [7:73613]
No, it is unrelated - I just remembered the 1000 series being limited (regarding at least NTP) and feared the 800 series, being the replacement for the 1000 series, could have the same limitations. Heiko -- -- PREVINET S.p.A. www.previnet.it -- Heiko Herold [EMAIL PROTECTED] -- +39-041-5907073 ph -- +39-041-5907472 fax > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 07, 2003 10:51 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: Cisco 806 ? [7:73613] > > > What about NTP? Should it read NAT? > > Martijn > > -Oorspronkelijk bericht- > Van: Herold Heiko [mailto:[EMAIL PROTECTED] > Verzonden: donderdag 7 augustus 2003 8:10 > Aan: [EMAIL PROTECTED] > Onderwerp: RE: Cisco 806 ? [7:73613] > > > Thanks! > I just wanted to double check - some hears ago I got burnt in > a similar > situation, with a 1003 and (no) NTP if I remember correctly. > Heiko > > -- > -- PREVINET S.p.A. www.previnet.it > -- Heiko Herold [EMAIL PROTECTED] > -- +39-041-5907073 ph > -- +39-041-5907472 fax > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 07, 2003 8:04 AM > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: RE: Cisco 806 ? [7:73613] > > > > > > It does. It is IOS. Just do your CLI thing. > > > > Martijn > > > > -Oorspronkelijk bericht- > > Van: Herold Heiko [mailto:[EMAIL PROTECTED] > > Verzonden: woensdag 6 augustus 2003 17:21 > > Aan: [EMAIL PROTECTED] > > Onderwerp: Cisco 806 ? [7:73613] > > > > > > Hi, > > > > for some tests I need something cheap to play with, having 2 > > eth, vpn and > > (static) nat capability. Could anybody confirm if a 806 with > > a "IP/FW PLUS > > 3DES" image does support IPSEC and NAT at the same time ? > > From the docs I'd say it does support both but can I have a > > vpn tunnel, and > > nat inside the local network, and nat outside the remote (on > > the other end > > of the tunnel) network ? > > The other endpoint would be a pix or a fw-1 although that > > shouldn't matter. > > Couldn't find any configrmation of this in the docs :( > > Thanks > > Heiko > > > > -- > > -- PREVINET S.p.A. www.previnet.it > > -- Heiko Herold [EMAIL PROTECTED] > > -- +39-041-5907073 ph > > -- +39-041-5907472 fax > > **Please support GroupStudy by purchasing from the GroupStudy Store: > > http://shop.groupstudy.com > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73649&t=73613 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Cisco 806 ? [7:73613]
VPN client won't be possible for this project (no software installation, need vpn lan to lan). Pix can't be used due to managerial issues, doesn't like them :(. So the only remaining possibilities (beside stuff like D-Link I really wouldn't bet my security on) are routers or possibly a nokia fw-1 box. 400kb/s should probably be ok, otherwise a 831 will be more than enough I think. I'll discover soon if my testing budget gets approved, I'd hate to research and drool and then later hear "we'll outsource this" just when I hope to get hands-on experience on this stuff :(. Bye Heiko -- -- PREVINET S.p.A. www.previnet.it -- Heiko Herold [EMAIL PROTECTED] -- +39-041-5907073 ph -- +39-041-5907472 fax > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 07, 2003 11:30 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: Cisco 806 ? [7:73613] > > > Just let them go on performance, not on command set? > > I remember about 400Kb/s 3des for the 806/820's > the 830's should do 2Mb/s for 3des. > > 1700's VPN bundle carry a xtra crypto card. At least 2Mbit. > Watch for the > amount of VPN connections, too many access-lists's etc. (cpu power) > > A pix 501 or small vpn client could also do the job? > > Martijn > > -Oorspronkelijk bericht- > Van: Herold Heiko [mailto:[EMAIL PROTECTED] > Verzonden: donderdag 7 augustus 2003 11:04 > Aan: Jansen, M; [EMAIL PROTECTED] > Onderwerp: RE: Cisco 806 ? [7:73613] > > > No, it is unrelated - I just remembered the 1000 series being limited > (regarding at least NTP) and feared the 800 series, being the > replacement > for the 1000 series, could have the same limitations. > > Heiko > > -- > -- PREVINET S.p.A. www.previnet.it > -- Heiko Herold [EMAIL PROTECTED] > -- +39-041-5907073 ph > -- +39-041-5907472 fax > > > -----Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 07, 2003 10:51 AM > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: RE: Cisco 806 ? [7:73613] > > > > > > What about NTP? Should it read NAT? > > > > Martijn > > > > -Oorspronkelijk bericht- > > Van: Herold Heiko [mailto:[EMAIL PROTECTED] > > Verzonden: donderdag 7 augustus 2003 8:10 > > Aan: [EMAIL PROTECTED] > > Onderwerp: RE: Cisco 806 ? [7:73613] > > > > > > Thanks! > > I just wanted to double check - some hears ago I got burnt in > > a similar > > situation, with a 1003 and (no) NTP if I remember correctly. > > Heiko > > > > -- > > -- PREVINET S.p.A. www.previnet.it > > -- Heiko Herold [EMAIL PROTECTED] > > -- +39-041-5907073 ph > > -- +39-041-5907472 fax > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, August 07, 2003 8:04 AM > > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > > Subject: RE: Cisco 806 ? [7:73613] > > > > > > > > > It does. It is IOS. Just do your CLI thing. > > > > > > Martijn > > > > > > -Oorspronkelijk bericht- > > > Van: Herold Heiko [mailto:[EMAIL PROTECTED] > > > Verzonden: woensdag 6 augustus 2003 17:21 > > > Aan: [EMAIL PROTECTED] > > > Onderwerp: Cisco 806 ? [7:73613] > > > > > > > > > Hi, > > > > > > for some tests I need something cheap to play with, having 2 > > > eth, vpn and > > > (static) nat capability. Could anybody confirm if a 806 with > > > a "IP/FW PLUS > > > 3DES" image does support IPSEC and NAT at the same time ? > > > From the docs I'd say it does support both but can I have a > > > vpn tunnel, and > > > nat inside the local network, and nat outside the remote (on > > > the other end > > > of the tunnel) network ? > > > The other endpoint would be a pix or a fw-1 although that > > > shouldn't matter. > > > Couldn't find any configrmation of this in the docs :( > > > Thanks > > > Heiko > > > > > > -- > > > -- PREVINET S.p.A. www.previnet.it > > > -- Heiko Herold [EMAIL PROTECTED] > > > -- +39-041-5907073 ph > > > -- +39-041-5907472 fax > > > **Please support GroupStudy by purchasing from the > GroupStudy Store: > > > http://shop.groupstudy.com > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > **Please support GroupStudy by purchasing from the GroupStudy Store: > > http://shop.groupstudy.com > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73655&t=73613 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Cisco 806 ? [7:73613]
What about NTP? Should it read NAT? Martijn -Oorspronkelijk bericht- Van: Herold Heiko [mailto:[EMAIL PROTECTED] Verzonden: donderdag 7 augustus 2003 8:10 Aan: [EMAIL PROTECTED] Onderwerp: RE: Cisco 806 ? [7:73613] Thanks! I just wanted to double check - some hears ago I got burnt in a similar situation, with a 1003 and (no) NTP if I remember correctly. Heiko -- -- PREVINET S.p.A. www.previnet.it -- Heiko Herold [EMAIL PROTECTED] -- +39-041-5907073 ph -- +39-041-5907472 fax > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 07, 2003 8:04 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: Cisco 806 ? [7:73613] > > > It does. It is IOS. Just do your CLI thing. > > Martijn > > -Oorspronkelijk bericht- > Van: Herold Heiko [mailto:[EMAIL PROTECTED] > Verzonden: woensdag 6 augustus 2003 17:21 > Aan: [EMAIL PROTECTED] > Onderwerp: Cisco 806 ? [7:73613] > > > Hi, > > for some tests I need something cheap to play with, having 2 > eth, vpn and > (static) nat capability. Could anybody confirm if a 806 with > a "IP/FW PLUS > 3DES" image does support IPSEC and NAT at the same time ? > From the docs I'd say it does support both but can I have a > vpn tunnel, and > nat inside the local network, and nat outside the remote (on > the other end > of the tunnel) network ? > The other endpoint would be a pix or a fw-1 although that > shouldn't matter. > Couldn't find any configrmation of this in the docs :( > Thanks > Heiko > > -- > -- PREVINET S.p.A. www.previnet.it > -- Heiko Herold [EMAIL PROTECTED] > -- +39-041-5907073 ph > -- +39-041-5907472 fax > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73647&t=73613 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Cisco 806 ? [7:73613]
Just let them go on performance, not on command set? I remember about 400Kb/s 3des for the 806/820's the 830's should do 2Mb/s for 3des. 1700's VPN bundle carry a xtra crypto card. At least 2Mbit. Watch for the amount of VPN connections, too many access-lists's etc. (cpu power) A pix 501 or small vpn client could also do the job? Martijn -Oorspronkelijk bericht- Van: Herold Heiko [mailto:[EMAIL PROTECTED] Verzonden: donderdag 7 augustus 2003 11:04 Aan: Jansen, M; [EMAIL PROTECTED] Onderwerp: RE: Cisco 806 ? [7:73613] No, it is unrelated - I just remembered the 1000 series being limited (regarding at least NTP) and feared the 800 series, being the replacement for the 1000 series, could have the same limitations. Heiko -- -- PREVINET S.p.A. www.previnet.it -- Heiko Herold [EMAIL PROTECTED] -- +39-041-5907073 ph -- +39-041-5907472 fax > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 07, 2003 10:51 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: Cisco 806 ? [7:73613] > > > What about NTP? Should it read NAT? > > Martijn > > -Oorspronkelijk bericht- > Van: Herold Heiko [mailto:[EMAIL PROTECTED] > Verzonden: donderdag 7 augustus 2003 8:10 > Aan: [EMAIL PROTECTED] > Onderwerp: RE: Cisco 806 ? [7:73613] > > > Thanks! > I just wanted to double check - some hears ago I got burnt in > a similar > situation, with a 1003 and (no) NTP if I remember correctly. > Heiko > > -- > -- PREVINET S.p.A. www.previnet.it > -- Heiko Herold [EMAIL PROTECTED] > -- +39-041-5907073 ph > -- +39-041-5907472 fax > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 07, 2003 8:04 AM > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: RE: Cisco 806 ? [7:73613] > > > > > > It does. It is IOS. Just do your CLI thing. > > > > Martijn > > > > -----Oorspronkelijk bericht- > > Van: Herold Heiko [mailto:[EMAIL PROTECTED] > > Verzonden: woensdag 6 augustus 2003 17:21 > > Aan: [EMAIL PROTECTED] > > Onderwerp: Cisco 806 ? [7:73613] > > > > > > Hi, > > > > for some tests I need something cheap to play with, having 2 > > eth, vpn and > > (static) nat capability. Could anybody confirm if a 806 with > > a "IP/FW PLUS > > 3DES" image does support IPSEC and NAT at the same time ? > > From the docs I'd say it does support both but can I have a > > vpn tunnel, and > > nat inside the local network, and nat outside the remote (on > > the other end > > of the tunnel) network ? > > The other endpoint would be a pix or a fw-1 although that > > shouldn't matter. > > Couldn't find any configrmation of this in the docs :( > > Thanks > > Heiko > > > > -- > > -- PREVINET S.p.A. www.previnet.it > > -- Heiko Herold [EMAIL PROTECTED] > > -- +39-041-5907073 ph > > -- +39-041-5907472 fax > > **Please support GroupStudy by purchasing from the GroupStudy Store: > > http://shop.groupstudy.com > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73653&t=73613 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Cisco 806 ? [7:73613]
Hi, for some tests I need something cheap to play with, having 2 eth, vpn and (static) nat capability. Could anybody confirm if a 806 with a "IP/FW PLUS 3DES" image does support IPSEC and NAT at the same time ? >From the docs I'd say it does support both but can I have a vpn tunnel, and nat inside the local network, and nat outside the remote (on the other end of the tunnel) network ? The other endpoint would be a pix or a fw-1 although that shouldn't matter. Couldn't find any configrmation of this in the docs :( Thanks Heiko -- -- PREVINET S.p.A. www.previnet.it -- Heiko Herold [EMAIL PROTECTED] -- +39-041-5907073 ph -- +39-041-5907472 fax Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73613&t=73613 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Cisco 806 ? [7:73613]
Thanks! I just wanted to double check - some hears ago I got burnt in a similar situation, with a 1003 and (no) NTP if I remember correctly. Heiko -- -- PREVINET S.p.A. www.previnet.it -- Heiko Herold [EMAIL PROTECTED] -- +39-041-5907073 ph -- +39-041-5907472 fax > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 07, 2003 8:04 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: Cisco 806 ? [7:73613] > > > It does. It is IOS. Just do your CLI thing. > > Martijn > > -Oorspronkelijk bericht- > Van: Herold Heiko [mailto:[EMAIL PROTECTED] > Verzonden: woensdag 6 augustus 2003 17:21 > Aan: [EMAIL PROTECTED] > Onderwerp: Cisco 806 ? [7:73613] > > > Hi, > > for some tests I need something cheap to play with, having 2 > eth, vpn and > (static) nat capability. Could anybody confirm if a 806 with > a "IP/FW PLUS > 3DES" image does support IPSEC and NAT at the same time ? > From the docs I'd say it does support both but can I have a > vpn tunnel, and > nat inside the local network, and nat outside the remote (on > the other end > of the tunnel) network ? > The other endpoint would be a pix or a fw-1 although that > shouldn't matter. > Couldn't find any configrmation of this in the docs :( > Thanks > Heiko > > -- > -- PREVINET S.p.A. www.previnet.it > -- Heiko Herold [EMAIL PROTECTED] > -- +39-041-5907073 ph > -- +39-041-5907472 fax > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73643&t=73613 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Cisco 806 ? [7:73613]
Use SNTP?
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_
r/frprt3/frd3003.htm#1020770
sntp server
To configure a Cisco 1003, Cisco 1004, Cisco 1005, Cisco 1600, Cisco 1720,
Cisco 1750, or Cisco 800 router to use the Simple Network Time Protocol
(SNTP) to request and accept Network Time Protocol (NTP) traffic from a
stratum 1 time server, use the sntp server global configuration command. The
no form of the command removes a server from the list of NTP servers.
sntp server {address | hostname} [version number]
no sntp server {address | hostname}
Syntax Description
address
IP address of the time server.
hostname
Host name of the time server.
version number
(Optional) Version of NTP to use. The default is 1.
Defaults
The router does not accept SNTP traffic from a time server.
Command Modes
Global configuration
Command History
Release Modification
11.2
This command was introduced.
Usage Guidelines
SNTP is a compact, client-only version of the NTP. SNMP can only receive the
time from NTP servers; it cannot be used to provide time services to other
systems.
SNTP typically provides time within 100 milliseconds of the accurate time,
but it does not provide the complex filtering and statistical mechanisms of
NTP. In addition, SNTP does not authenticate traffic, although you can
configure extended access lists to provide some protection.
Enter this command once for each NTP server.
You must configure the router with either this command or the sntp broadcast
client command in order enable SNTP.
SNTP time servers should operate only at the root (stratum 1) of the subnet,
and then only in configurations where no other source of synchronization
other than a reliable radio or modem time service is available. A stratum 2
server cannot be used as an SNTP time server. The use of SNTP rather than
NTP in primary servers should be carefully considered.
Examples
The following example enables the router to request and accept NTP packets
from the server at 172.21.118.9 and shows sample show sntp command output:
Router(config)# sntp server 172.21.118.9
Router(config)# end
Router#
%SYS-5-CONFIG: Configured from console by console
Router# show sntp
SNTP server Stratum Version Last Receive
172.21.118.9 5 3 00:01:02Synced
Related Commands
Command Description
show sntp
Shows information about the SNTP on a Cisco 1003, Cisco 1004, Cisco 1005,
Cisco 1600, Cisco 1720, or Cisco 1750 router.
sntp broadcast client
Configures a Cisco 1003, Cisco 1004, Cisco 1005, Cisco 1600, Cisco 1720, or
Cisco 1750 router to use the SNTP to accept NTP traffic from any broadcast
server.
Martijn
-Oorspronkelijk bericht-
Van: Herold Heiko [mailto:[EMAIL PROTECTED]
Verzonden: donderdag 7 augustus 2003 11:04
Aan: Jansen, M; [EMAIL PROTECTED]
Onderwerp: RE: Cisco 806 ? [7:73613]
No, it is unrelated - I just remembered the 1000 series being limited
(regarding at least NTP) and feared the 800 series, being the replacement
for the 1000 series, could have the same limitations.
Heiko
--
-- PREVINET S.p.A. www.previnet.it
-- Heiko Herold [EMAIL PROTECTED]
-- +39-041-5907073 ph
-- +39-041-5907472 fax
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 07, 2003 10:51 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: Cisco 806 ? [7:73613]
>
>
> What about NTP? Should it read NAT?
>
> Martijn
>
> -Oorspronkelijk bericht-
> Van: Herold Heiko [mailto:[EMAIL PROTECTED]
> Verzonden: donderdag 7 augustus 2003 8:10
> Aan: [EMAIL PROTECTED]
> Onderwerp: RE: Cisco 806 ? [7:73613]
>
>
> Thanks!
> I just wanted to double check - some hears ago I got burnt in
> a similar
> situation, with a 1003 and (no) NTP if I remember correctly.
> Heiko
>
> --
> -- PREVINET S.p.A. www.previnet.it
> -- Heiko Herold [EMAIL PROTECTED]
> -- +39-041-5907073 ph
> -- +39-041-5907472 fax
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, August 07, 2003 8:04 AM
> > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: RE: Cisco 806 ? [7:73613]
> >
> >
> > It does. It is IOS. Just do your CLI thing.
> >
> > Martijn
> >
> > -Oorspronkelijk bericht-
> > Van: Herold Heiko [mailto:[EMAIL PROTECTED]
> > Verzonden: woensdag 6 augustus 2003 17:21
> > Aan: [EMAIL PROTECTED]
> > Onderwerp: Cisco 806 ? [7:73613]
> >
> >
> > Hi,
> >
> > for some tests I need something cheap to play with, having 2
> > eth, vpn and
> > (static) nat capability. Could anybody confirm if a 806 with
> > a "IP/FW PLUS
> > 3DES" image does support IPSEC and NAT at the same time ?
> > From the docs
