Hey all. Anyone know if you can successfully use a PIX firewall with
Multiple IP addresses?
For example; If you assigned a Public IP address to the outside interface is
it possible to assign a totally different Public IP address (different
subnet) for the "Global" IP addresses to be translated?
Yes. One pitfall is I don't think it'll do it's proxy arp for those
addresses, but I can't recall. As long as your forwarding that subnet
directly to the PIX's outside interface it'll be fine.
Darrell
"Rizzo, Damian" wrote:
>
> Hey all. Anyone know if you can successfully use a PIX firewall w
Hi,
I have a PIX 501 and a single network segment 192.168.1.0 including a Linux
with web server and mail server.I want to protect the internal network from
outside ,giving access only to web server and give access to outside not
to everyone.
I have a single real address 209.x.x.x
My questions
We have a Cisco 2501 that keeps crashing occasionaly, it's almost as if it
stop responding to pings, then an hour later it decided to come back up. I
have swapped out the router with another one and the problem is still there.
Last night the new router did the same thing. I checked my log and ther
Where should I place the loopback IF in an ospf environment.
I had an router configured as an ABR with area 1 and area 0. When I make my
network statement I often confused where shoul I place the loopback IF.
Should I
place it in area 0 or 1 ?
Any comments ?
Udo Konstantin / koud , GS KA
NEEF
All,
I've had good luck blocking access by denying all traffic to the IP
ranges of the login servers for those services. Currently I block all
traffic to:
AOL IM
152.163.0.0 /16 255.255.0.0
205.188.0.0 /16
64.12.0.0 /16
MSN Messenger
64.4.0.0/18 255.255.192.0
Yahoo Messen
My guess is that this router is being blasted with IP traffic
from somewhere and it can't handle it all. Are there any
interfaces doing process switching? that's just a thought.
Here is some info I found on CCO. Not too helpful...
1. %SCHED-3-THRASHING: Process thrashing on watched [chars]
Excellent information. Does anyone else have tibits like this? I've seen
bits and pieces floating around on things to watch for regarding "bad apps"
and ports.
We had an issue with a 3rd party company(now a dot-bomb) who provided
firewalling and virus scanning. We got them to block real audio bu
We might as well block all class A, B, and C addresses and kill all the
birds all together.
What is the purpose of giving users access to the Internet when you will
be blocking even the hotmail for them?
If you want them to access the company website only, then permit that
one IP address and de
I can't imagine the problem with Messenger apps. I feel that instant
communication can be handy at times. Sometimes I hate waiting for an e-mail
response, and a messenger service fits that niche nicely. And no, they
don't waste bandwidth. The messages are usually smaller than e-mail. And
no t
M. see your point Bernard and I agree with it. A few companies we
are working with at the moment are not allowed to control where their
employees go to via the internet, even using things like websense, because
it goes against their charter. Apparantly the charter encourages trust among
th
What mechanism does IBGP to prevent advertisment back to route oringator?
1)split horizon or what?
Rgds;
Vincent
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31063&t=31063
--
FAQ, list archives, and subscription info: h
Could the author or editor of CCIE Practical Studies fixed the URL for the
solutions for the last 5 labs ?
I have email CiscoPress without a response.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31064&t=31064
--
FAQ, list arc
Vincent,
There is no "mechanism" needed. IBGP routers simply do not do this. You
don't need a mechanism to prevent something when the protocol isn't
designed to do it in the first place. On the contrary, you need a
mechanism to make IBGP advertise prefixes learned from IBGP neighbors which
>The messages are usually smaller than e-mail. And
> no they aren't insecure (well besides the gaping hole AIM just patched).
A
> stateful firewall or CBAC can stop session hijacking.
It is the statement like this that makes me almost fall off my chair. What
planet
are you coming from? What ma
LOL, I hear aol member services had the solution, try calling them. They'll
fix you up real well.
Patrick Bass wrote:
>
> I think this is your problem
>
> ^^^
> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > nothing else has worked
>
>
Messag
IBGP peers do not advertise routes learned from other IBGP peers. This is
why many times IBGP peers need to be fully meshed or route reflectors or
confederations are required.
Mike
""wind"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> What mechanism does IBGP to prevent adver
Hi Vincent
The Split Horizon concept as it applies to distance verctor protocols is
used with BGP. Routes learned via IBGP are never propagated to other IBGP
peers. To alleviate this issue you have two implementation choices, use a
full-mesh IBGP setup or route-reflectors. For full mesh the numbe
I hate to break it to you, but almost all e-mail isn't encrypted either.
The log on info to MSN Messenger is not clear text. The messages are. I
sniffed MSN Messenger and it's an RSA certificate. I think you mean I can
sniff most pop accounts and see the username and password, not MSN
Messenger
It is my understanding that EIGRP and ISDN don't mix well at all. I
recommend that you don't do it
-Original Message-
From: Barry [mailto:[EMAIL PROTECTED]]
Sent: 04 January 2002 18:36
To: [EMAIL PROTECTED]
Subject: EIGRP OVER DDR [7:30965]
Does EIGRP have a command to allow for routin
My Bad. The RSA Certificate was for the Passport account. MSN Messenger
uses an MD5 hash. Still more secure than most e-mail accounts.
""Steven A. Ridder"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I hate to break it to you, but almost all e-mail isn't encrypted either.
Thank you much!
-Original Message-
From: Darrell Newcomb [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 06, 2002 3:17 AM
To: [EMAIL PROTECTED]
Subject: Re: Using a PIX firewall with multiple IP addresses [7:31052]
Yes. One pitfall is I don't think it'll do it's proxy arp for those
Let me put something into perspective here. It was said earlier about why
give access then block it. Why indeed... the why is for BUSINESS reasons..
not day trading, not stock tickers, not chatting for hours(documented) with
friends at the expense of work, viruses coming in on Hotmail attachments
On a Cisco 806 I've got a firewall using CBAC and an extended access list
coming in on the WAN port. I understand how the two work together in
general but what I'm wondering is how the machine deals with the processes.
If the CBAC config permits an inbound packet does processing stop there or
doe
I suppose it comes down to they type of company/employees. I'm more used to
companies that leave things fairly open for employees, and demand (rather
than expect) that the employee be responsible with it.
Employees will understand that monitoring needs to be done at times and
offenders be dealt wi
TEAM,
Why the popularity of the CID test is very low...Tips on this test..I
will take it next Saturday
Thanks
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31081&t=31081
--
FAQ, list archives, and subscription info: h
Russ, its time to start to sniffing. Find out where all traffic is
coming from. The last time this kind of thing happened to me, it ended
up being a couple of Win2k servers on the campus that were beginning
load balancing and spewing multicasts. There are some easy cheap
sniffers out there or
It was the only test I ever failed. If you ask me, there's not much market
demand for CCDP's (which makes the test a low priority), and for the amount
you have to study to pass the test, it's not worth it. It's good to learn
though, because it covers a lot of broad topics, from SNA to ATM LANE,
I just picked up a cat1900 and found it had standard edition software. Does
anybody know what I need to do to upgrade this bad boy to enterprise
edition? It's not for production, just a new toy to play with.
Thanks in advance for your assistance..
--- Dennis
Message Posted at:
http://www
Hi guys,
I configured two cisco routers. One is an AS 2509 (RouterA) and the other
is a 2503 (RouterB). When I do a "sh ip route" I do not see the ip
addresses of the interfaces directly connected to the routers. Can
anybody help me with that? Here is the result of the "sh ip route" command
o
Never mind, I figured it out. I thought it would be much harder then
that...
--- Dennis
-Original Message-
From: Dennis Laganiere [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 06, 2002 1:03 PM
To: [EMAIL PROTECTED]
Subject: Cat1900 from standard to enterprise [7:31084]
I just picke
Are any of the interfaces up?
If they're down, the routes won't appear (by default)
Gaz
""Stephane Wantou Siantou"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi guys,
> I configured two cisco routers. One is an AS 2509 (RouterA) and the other
> is a 2503 (RouterB). Whe
I have a customer that has an ADSL line which uses PPPoE. They can establish
a VPN Tunnel, but the throughput drops to below 28KBS and the only packets
that seem to be able to traverse the tunnel are ICMP Pings. I was told that
there is a problem with establishing VPNs over a PPPoE ADSL connection
Disregard this errant post. I posted this a week ago and it was still in my
outbox and it accidentally got sent again.
This issue was resolved with an upgrade from 12.1 to 12.2.2XK. The 12.1
version of code we were running in the 827 did not pass-thru IPSec.
Bruce
""Bruce Williams"" wrote in
If you can run 6.0(1) you can.
A search on google.com for +pix +port +forwarding brought up this link:
http://lists.gnac.net/pipermail/firewalls/2001-August/084939.html
I was about to say no to this question until I remembered the new features
just released. In older versions you definitely cou
Good catch Gaz. The serial interface on router B is shutdown.
""Gaz"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Are any of the interfaces up?
>
> If they're down, the routes won't appear (by default)
>
> Gaz
>
>
> ""Stephane Wantou Siantou"" wrote in message
> [EMAIL PROT
Sorry I mispoke. Inteface s1 is shutdown.
""Gaz"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Are any of the interfaces up?
>
> If they're down, the routes won't appear (by default)
>
> Gaz
>
>
> ""Stephane Wantou Siantou"" wrote in message
> [EMAIL PROTECTED]">news:[EMAIL P
Probably not too important that S1 is down as it's not configured. What I
was getting at was that all of the interfaces are down on both routers.
Could be wrong but would like to see a show int.
Gaz
""D. J. Jones"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Sorry I mispoke
I'd say defective FLASH. The 4500's are pretty forgiving. I have
installed 2500 and 3600 series in a pinch, with no repercussions.
Take turns removing each 8 Meg stick. It may just be one of them.
Don't lose heart, 4500 series FLASH is very cheap right now. I think I
paid around 14.99 for (2)
You should be able to connect the PIX directly to your cable modem. I know
it works no problem with my DSL modem. I don't see why it would be any
different as long as you have an Ethernet connection to your cable modem.
As far as having your web server be accessible that is no problem with one
Try emailing [EMAIL PROTECTED] and ask them to remove you.
Quoting "[EMAIL PROTECTED]" :
> When i said i tried everything , i tried everything,
> the unsubscribe command
> at the sites and all other avenues and got back
> undeliverable mail
>
> thank you,
> joseph
> [EMAIL PROTECTED]
Mess
IM isn't anywhere near as bandwidth intensive as video, audio, etc. And I
can understand blocking video and streaming audio. But if you communicate
via e-mail or IM, they can both be for business purposes. I have seen plany
of non-business related e-mails in my time, just as I'm sure you all ha
[EMAIL PROTECTED] wrote:
>
> When i said i tried everything , i tried everything, the
> unsubscribe command
> at the sites and all other avenues and got back undeliverable
> mail
I am not sure what was the problem as I was able to unsubscribe you by using
the "Listserver" box on www.groupstudy.c
For those interested, I found that old link about the guy who submerged his
motherboard in -40 degree mineral oil ;)
http://www.drffreeze.com/Test2.htm
- Original Message -
From: "Steven A. Ridder"
To:
Sent: Thursday, January 03, 2002 7:59 PM
Subject: Re: wireless max distance questio
Try dialer watch. That is what is recommended for EIGRP.
John Kaberna
CCIE #7146
www.netcginc.com
(415) 750-3800
Instructor for 5-day CCIE class for ccbootcamp.com
__
CCIE Security Training
www.netcginc.com/training.htm
""Barry"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL
I'm starting the routing track for the CCNP and the cisco press book
confuses me on nbma. It says that the point to point multicast and point to
point unicast are both partial or star meshed and do not need a dr or bdr. I
was wondering how everyone stays current if it is not full meshed and has no
Don't let the unicast/multicast thing throw you off. What matters here is
the "point-to-point" part. This is just like any old leased circuit. No
DR/BDR is needed because there are only two nodes on either end of the
circuit.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31
Ive gone blind from reading t many posts and I cant find the door
At least give us some water in here
Gavin A Welch
WCSP, CCNA, CCNP, CCIE candidate
Lead Developer
Pocket Networks
" The best way to predict the future is to invent it."
- Alan Kay
---
Outgoing mail is certified Virus
Hello,
I'd like to study Cisco VOIP. But there are too many
papers on CCO. Anyone can recommend a good URL or
book?
Thanks in advance.
Jim
__
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/
Message Post
Integrating Voice and Data Networks.
CVOICE
Look up these topics on CCO:
LLQ, FRTS, MLPPP, FRF.12, dial-peers, CallManager and H.323
--
RFC 1149 Compliant.
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [
hi for voice over ip. just read about. CVOICE. this makes u prepare for one
exam. CVOICE. there is a simulator CD available for this.
for ip telephony. u need to prepare seperately.
search for voice over ip basics in cisco. this will bring lot of articles
which teach the fundamentals of voice netw
I can't clear understand the difference between the two and the difference
in their use. Can some one give me a clear explanantion with examples if
possible.
Thanks,
John
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31103&t=31103
Contact [EMAIL PROTECTED] . he has one to sell..
Thanks
Nick
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31105&t=31051
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct
To Begin with the terms for VOIp , there is a good book by the name of Voice
over Ip fundamentals ,
then there is a gem of a book by the name of Integrating Voice and Data
Networks .
for different configurations we have a book by the name of Cisco Voice over
Frame Relay , ATM and IP .
regards,
Auto summary is turned on by default for EIGRP, and hence generates
classfull summary of the routes and propagates them to all the neighbors.
No auto summary turns this feature off, and only props. subnets in the table.
To explicitly send summaries to one neighbor and not the other, turn off
aut
There's really two reasons to block access to these services. Managers
don't want their employees wasting time, but the more important reason is
network security. If you're providing email accounts for employees, what's
the need to access Hotmail, etc? By doing so, they're bypassing your email
Priscilla,
You MUST have been in a hurry, 0 means match this bit position and 1
means
don't care. Definately can't argue with your second paragraph though.
Prof. Tom Lisa, CCAI
Community College of Southern Nevada
Cisco Regional Networking Academy
Priscilla Oppenheimer wrote:
Have you put t
Doesnt matter, even if you dont include the loopback interface anywhere, yet
the router ID will be the highest configured loopback interface address.
So for eg. if u have ip address 5.5.5.5 /24 configged . on the loopback
interface u dont need a 5.5.5.5 0.0.0.0 (or a /24 inverse mask).
If you w
Do you see RIP routes BBR...?
Also Do you see EIGRP routes on TS...?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3&t=30990
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report mis
OK- I've updated the tutorial with a new and easier font to read. I added
how to remove vlans from trunks, how to config the VTP domain and how to
upgrade the IOS. I personally think I will be tweaking the upgrade
directions a few times but I think right now it's pretty close to being
correct. I
You will be needing an Enterprise software for this After upgrading you
will get [k] Command Line option in user interface menu which will take you
from menu based to CLI mode ...
Ziyaad
- Original Message -
From: "Dennis Laganiere"
To:
Sent: Monday, January 07, 2002 2:02 AM
Sub
Very good effort, a must see for every CCNP/DP candidates out there. The
slides make for good remembering as well.
Nick
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=31115&t=31114
--
FAQ, list archives, and subscription info: ht
Hi,
I am using ISDN routers to connect to 2 remote sites, the headquarter has 2
router which will be running HSRP.
The primary router and the remote sites' router are using IPSEC
tunnel.however, the backup router is not using IPSEC.
The primary router has 2 BRI interface running 128k connecting
If I were guessing I would guess that the problem could be "@aol.com".
Possibly on several levels.
Quoting Paul Borghese :
> [EMAIL PROTECTED] wrote:
> >
> > When i said i tried everything , i tried everything,
> the
> > unsubscribe command
> > at the sites and all other avenues and got bac
Paul,
Hey, here's an idea. Membership is free, removal by list owner requires
a fee. Maybe then they will pay attention. Well, at least they will
pay. :)
Considering how many can't unsubscribe, you should cover the cost of
several new servers in no time.
Prof. Tom Lisa, CCAI
Community Colleg
Many thanks for the link. That is exactly what I was looking for - my search
on CCO went all wrong and I could not get anything close to this
Thanks again
Andrew
-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: 03 January 2002 17:24 PM
To: [EMAIL PROTECTED]; [EM
Yes you are damn right.
Best regards,
""Stefan Dozier"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Well, those were my symptons..exactly!
>
> A couple of months ago I was doing ddr configs using modems connected
> via the aux ports and everything thing worked fine at 38400.
67 matches
Mail list logo
