Hi group ,
Any idea where the problem is..thanks..
We have implemented PIX with the following configuration.We have a 3
inside networks mapped with 2 different public IP pools 203.125.152.0/26 and
203.125.150.0/24.Problem is the inside network 10.0.0.0/17(10.0.0.0 subnet
mask
The ATM connection (provider) is probably limiting
payload size to 1500. They may doing some form of
traffic policing - common these days. Ethernet LAN MTU
is 1500 so there really isn't a need to send greater
than that across ATM in this case.
--- Sean Kim wrote:
Hello,
My company has this
How are you doing, Marco?
I actually DID think about this for a bit.
To my knowledge Ethernet MTU is 1500, and ATM MTU depend on the connection.
In my case we have 3M connection, but I am not sure what the MTU is because
I have not looked at my partner company's 'sh int' result. But I would
Hi,
Beg my pardon for test mail.
_
Fe MSN Hotmail pe mobilen http://www.msn.dk/mobile
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63091t=63091
--
FAQ, list
Hello Erick,
If that's the case, than wouldn't I have problem pinging any nodes (with
over 1500 byte datagram) across the ATM link?
But I do not have pinging any other nodes. It only happens, when I am
sitting on my router pinging the other router's interface and vice-versa...
Sean
Erick B.
I have too received this problem.
To get around this I totally removed Ciscoworks and all the modules and
re-installed 5th Edition and it all works fine.
Mung Go wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I tried to upgrade Ciscoworks 2000 cd one from 4th edition to 5th
Hi,
the PIX used in the labs is one or two PIX 515 with three or
more interfaces. I bought a 501 because of the price. But I do
not have a DMZ and I cannot failover between two Firewalls.
Jens Neelsen
--- K Ali wrote:
Hi all,
Just want to clear that which Pix Firewall is being used in
the
Hello,
I am trying to install WIC-2T on the Cisco 3725/3745, it is not fitting
physically?
Can you please advise if I can use the regular WIC-2T or there is
special 2T module for the Cisco 3725?
Thanks.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63095t=63095
indeed with L3 switching, we can more closely arrive at wire speed, but in
the course of my practice, i seen L3 switches mainly interconnecting Lan's,
yes a flexwan modul exists to interconnect wan's on the same box but usually
we like to separate the lan's from wans for the sack of issolation and
U may want to change your xlate timeout
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Danial Morison
Sent: Saturday, February 15, 2003 2:58 AM
To: [EMAIL PROTECTED]
Subject: PIX 520 Xlate Problem [7:63087]
Hi group ,
Any idea where the problem
I've also had trouble with RedHat...with Snort as well as other apps. I
switched to FreeBSD and have been very pleased so far.
Interesting... I'll give that a try... thanks mate!
JR
--
Johnny Routin
)?)
-
Craig Columbus wrote in message
[EMAIL PROTECTED]">news:[EMAIL
Hello all,
I have a feeling this is more on the remote network routers, but here goes!
I have a client with several remote branches and a frame network. The
local network is 192.168.1.x. The remotes are 192.168.y.x (y=branch
number). They have a pix that I have setup with pptp and it
Greetings,
Can I configure the PIX to do both site-to-site and
Remote access VPN at the same time?
I think it is impossible since I can only apply only
one crypto map to the outside interface.
Can someone confirm?
Kim.
__
Do you Yahoo!?
Yahoo!
Try this ping from the nodes:
ping -f -l 1600 node-on-other-side-of-ATM
If this doesn't ping, then the ATM connection is only
letting 1500 through. The Ethernet router interface is
fragmenting packets to 1500 bytes (1600 packet becomes
2 packets) from the nodes. When doing a ping from the
You shuold purchase whichever one is cheaper. They should both do the trick
for you. The only reason you would want the 520 over the 501 is if you
wanted to have more than 2 interfaces. If it's the same cost, go with the
520, if the 501 is significantly cheaper, go with the 501.
thanks,
-Brad
Jason,
I'll take a stab at this one...
Configure your vty lines to 'login local'. Create a user of any name and
password. Create enable level and permitted command for certain commands
and a password for level 15. You can also use AAA with Radius or Tacacs+ in
order to centrally control these
Look into Dynamic map configuration. It's an extension of the Crypto
Map, as you can only apply one crypto map to the interface (outside).
See CCO website for more details (search Google for dynmap and PIX,
and you should find several examples). On CCO's site, do a search on
Technical Tips on
At 7:14 AM + 2/15/03, Larry Letterman wrote:
L3 is usually considered to be wire speed and uses faster
asics...
Routers such as 7200/7500 use older slower hardware to
route...
But to answer Nanda's original question, router vs. L3 switch is
really a marketing distinction. Yes, _campus_ L3
Does this WS-X5534-E1-GESX supervisor module support L3 switching? Or do I
still
need a RSM. I tried looking it up in cisco's site but I haven't had any
luck.
--
_
The harder you work, the luckier you get!
_
The only place success
Someone said Think MTU, but I would say Think IP Fragmentation and
Reassembly. :) In other words, different MTUs isn't supposed to cause a
problem for IP.
However, your partner company could be sending pings with the Don't Fragment
bit set, in which case it would fail, if there really is an MTU
Let me try to help you,
Access-group x in interface inside means, apply x access-list restriction
to all traffice entering the inside interface (AKA outbound traffic)
Access-group y in interface outside means, apply y access-list restriction
to all traffic entering the outside interface (AKA
Hello,
I was having this problem with this module, what image are you using? I did
a downgrade of the image.
regards!!
Anne Beatriz
- Original Message -
From: Mamoon Dawood
To:
Sent: Saturday, February 15, 2003 2:53 AM
Subject: WIC-2T 3725 routers [7:63095]
Hello,
I am trying
At 12:22 PM 2/15/2003 +, Juntao wrote:
indeed with L3 switching, we can more closely arrive at wire speed, but in
the course of my practice, i seen L3 switches mainly interconnecting Lan's,
yes a flexwan modul exists to interconnect wan's on the same box but usually
we like to separate the
If the port is no connected why would it attempt to send unicasts packets
through it? Passing packets to a switchport in the diconnected state would
not make sense.
I imagine that the logic built into the siwtch would not do this. I have
other switches, Extreme networks, that do not register any
There are no static routes to these ports. I guess I am in Hybrid mode. I
need to enter session 15 command to connect to router module. Then its IOS
interface. The dropped packets don't appear when doing sh int on router. I'm
starting to wonder if it could be a bad card.
The Long and Winding
Sure you can use a pair of modems, some where I heard it was done even with
internal dial-up modems, I'm sure it can be done with any pair of analog
leased-line modems. That would be useful only if the router you want to
access to, is more than the length of a console cable away, otherway I don't
Hi, I have a 4000-M router that I installed 2 4Meg flash modules in and I
partitioned them to look like its an 8 Meg module. I loaded an ios image on
it. Everything looks ok and it works fine until I power off the router.
After I power down the router and than start it back up it boots in to the
Looking to do a horse trade
What I have:::
==
2511 RJ
01 Serial
01 Ether
[AUI Transceiver included]
16 Async Ports
[RJ, no Async cable required, 16 Rolled cables included]
Memory/Flash ::: will match trade
Dennis,
I tried to pull the images but identification (username,password) was asked
from me.
Dennis Laganiere wrote:
As long as it's available to everybody, that's good enough for me.
Thanks...
--- Dennis
-Original Message-
From: Aidan Marks [mailto:[EMAIL PROTECTED]]
Sent:
Thanks Jose, I got the concept.
Ismail Al-Shelh
-Original Message-
From: Jose Canillas [mailto:[EMAIL PROTECTED]]
Sent: Sunday, February 16, 2003 1:24 AM
To: [EMAIL PROTECTED]
Subject: Re: access-group difference [7:62769]
Let me try to help you,
Access-group x in interface inside
it's real hard to offer any suggestions without knowing more. if you could
provide a sanitized show run, that might help.
also, can you provide the show int that is indicating dropped packets. I did
not see anyting in your previous offerings.
Sam Sneed wrote in message
[EMAIL
Peter van Oene wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
At 12:22 PM 2/15/2003 +, Juntao wrote:
indeed with L3 switching, we can more closely arrive at wire speed, but
in
the course of my practice, i seen L3 switches mainly interconnecting
Lan's,
yes a flexwan modul
Hello Group,
I'm currently trying to refine security for my Internet routers by
developing my ingress ACL. My routers aren't ISP routers, they are more of a
gateway/border router for your standard enterprise which connects to the
ISP. I know that the ISP may use some filtering on their end, but
Kim,
It will work, I've done it before. It is true that you can only have 1
crypto map per interface, but you can have multiple ISAKMP/IPSEC policies
for different tunnels in that crypto map. However, for dynamic crypto map
used for remote access VPN, what happens is that the dynamic crypto map
Hi all,
while practicing frame-relay lmi-n39x commonds, i can not make the
commonds work as they are supposed to be.
Scenario:
frame-relay switch RA
on RA, use lmi autosense. basic FR function works fine, following config
is abstract only
serial 0
encapsulation frame-relay
frame-relay
Hi,
The problem actually is physical, the modules can not be fitted into any
of the slots, even I tried more than one module,
Please advise,
Kindest regards,
Mamoon
-Original Message-
From: Anne Beatriz [mailto:[EMAIL PROTECTED]]
Sent: Sunday, February 16, 2003 3:18 AM
To: [EMAIL
36 matches
Mail list logo
