Re: Static NAT/NATP problem [7:35210]

Are you using NAT overload with a single outside IP (PAT)? - Original Message - From: "David Johnstad" To: Sent: Tuesday, February 12, 2002 11:28 AM Subject: Static NAT/NATP problem [7:35210] > I'm trying to nat on port 7206, however, when accessed the router responds > with port 1142

Re: hacking a firewall [7:34978]

Your best bet is to look up specs & reviews online from other experts & not depend on your own tests based on limited information about the firewall. Remembera firewall is only as good as it's configuration. They DO allow mistakes in configuration. Search on google.com & you will probably fi

Re: MAJOR OT: Free CCNPtraining for convicts [7:34039]

HOW is it people always read so much into what is said in an email? He simply stated he's sick that he has to pay & someone who committed a crime gets it for free. I can understand that. It's my tax $$ too. It's not elitism to say "hey...that's my money, why are you spending it on the guy who

test [7:34197]

test Just trying to figure out why it's taking anywhere from 6 - 20 hours for my posts to reach the site. Am I the only one? Allen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34197&t=34197 -- FAQ, list archives, and subscr

Re: Pix - Comparison - Conduit - Access-list [7:34155]

OK first of all, with NAT 0 or NAT 1+ using a global pool you would be able to access anything outside by default UNTIL you apply an outbound access-list. Deny all is implied automatically on inbound so all you need are permits in most situations. If you have any kind of access-list applied to t

Re: PIX % DNS Doctoring [7:33331]

Workstations should be in the highest security NIC & therefore should be able to connect to the DNS servers on a DMZ with no doctoring. In some cases people use an alias to translate the internal IP of the DNS server to the external for users inside the firewall trying to reach the DNS server. If

Re: Pix Question [7:32954]

501 is good for studying. You're only missing out on a few commands that can easily be learned from the manual. Failover and having a DMZ are about all you're missing. DMZ would only be having another interface/subnet & failover is very straighforward in the manual. I think you're limited to o

Re: full-duplex Ethernet cable? [7:31643]

Yep...and PIN Number, ACL List, etc. I used to bug instructors by referring to them as Network Interface Card Card's to point out what NIC Card really was ;) Allen - Original Message - From: "Patrick Ramsey" To: Sent: Friday, January 11, 2002 11:54 AM Subject: RE: full-duplex Ethernet

Re: PIX with no NAT [7:31353]

By default all outbound connections are enabled and all inbound are blocked. - Original Message - From: "Philip Sousa" To: Sent: Wednesday, January 09, 2002 12:32 AM Subject: PIX with no NAT [7:31353] > I've been on Cisco's site for hours, but cannot find a conclusive answer to > my q

Re: wireless max distance question [7:30822]

x distance question [7:30822] > The one where the guy bought 3M super computer coolant and doused his whole > computer in it? I've read any oil can work, but this won't corrode the > plastic on circuit boards. > > > ""Allen May"" wrote in message > [E

Re: PIX FW question [7:31054]

If you can run 6.0(1) you can. A search on google.com for +pix +port +forwarding brought up this link: http://lists.gnac.net/pipermail/firewalls/2001-August/084939.html I was about to say no to this question until I remembered the new features just released. In older versions you definitely cou

Re: wireless max distance question [7:30822]

That is one of the funniest hacks I've ever seen ;) Have you ever seen the one where that guy tried the ultimate coolant on his motherboard? It was some kind of non-conductive oil cooled by a refrigerator compressor to below freezing. The entire motherboard was submerged & benchmarks went way u

Re: OBTAIN A UNIVERSITY DEGREE...EASILY!! [7:30781]

Maybe I can get a PHd in Computer Science & minor in something network related! Who needs Cisco certs when you have THIS! And that other spam that just won't quit about becoming a legally ordained minister would go along nicely. Minister Allen May, PHdhas a nice ring to it Ac

Re: certification salary posting [7:30237]

Well in CA the "cost of living" includes assuming you save $$ to move when it falls into the ocean ;) J/K for those offended ;) - Original Message - From: Mark Villanova To: 'Allen May' ; Sent: Friday, December 28, 2001 10:33 AM Subject: RE: certification sal

Re: NATing 2 ip's [7:30301]

Try assigning 2 internal IP's to the inside host & NAT it that way. - Original Message - From: to cisco new To: Sent: Friday, December 28, 2001 9:58 AM Subject: NATing 2 ip's [7:30301] > hi, > > i was wondering if it is possible to NAT two ip's into one? for example i > want to NAT 6

Re: Will One Of Your New Year's Resolutions Be To Save Money? [7:30280]

ActuallyI think people on this list resolve to SPEND THOUSANDS ON ROUTERS...not save pennies ;) BTW, Paul, I checked out the mail server & it's not relaying (in case that was in your logs). Allen - Original Message - From: Long Distance Savings To: Sent: Thursday, December 27, 200

Re: certification salary posting [7:30237]

The TX ones are WAY off according to classifieds & the companies I've worked for in the past. Instead of $70K+ for MCSE+I it's more like $35K+ unless you get lucky & find a large enough company that doesn't know any better ;) - Original Message - From: c1sc0k1d To: Sent: Thursday, Dec

Re: CCIE Practical Studies by Cisco Press [7:30243]

That's what I was thinking. Maybe someone who didn't know anything about routers bought the book & had an eye-opening/book-closing experience ;) I've had people over at my house who crack open some Cisco books & security books & get a pretty confused look on their face & ask "How the !$#@#! did

Re: DirectTV [7:30136]

Hey this looks better. http://www.dishdirect.com/ Free 2 receiver system + installation. - Original Message - From: Jeff D To: Sent: Wednesday, December 26, 2001 8:00 PM Subject: OT: DirectTV [7:30136] > I was thinking about doing this, but was curious if anyone knows of anything >

Re: DirectTV [7:30136]

I love mine. The only con to it is no reception during really bad weather. It's usually a pretty severe storm with really thick clouds before I lose reception. Make sure you get the receiver with recording so you can record up to 30 hrs of shows ;) BTW I use DirectDish instead but it's pretty m

Re: PIX 501 Question [7:29208]

You shouldn't have any problems at all unless you exceed 3500 concurrent or 10Mb of traffic ;) You can allow any inbound port you like as long as the end user is being directed to port 85 rather than 80. Allen - Original Message - From: Brian To: Sent: Friday, December 14, 2001 10:41

Re: PIX [7:28083]

Whatever the default gateway of the outside interface is would need the route statement. - Original Message - From: BASSOLE Rock To: Sent: Tuesday, December 04, 2001 11:03 AM Subject: PIX [7:28083] > Hi group, > > > I'am using a PIX with 2 interfaces (inside and outside). > > -Securit

Re: PIX conduit & access lists [7:26684]

he > firewall. Would the page in response of that request be allowed through the > firewall? > > Steve > > ""Allen May"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > NAT or internal servers with "real" IP addres

Re: Cisco 700 series in Remote Access exam (640-50 [7:26975]

- Original Message - From: anil To: Allen May ; Sent: Saturday, November 24, 2001 12:52 PM Subject: RE: Cisco 700 series in Remote Access exam (640-50 [7:26975] > It took me 6 weeks :-) > Honest! > I was in Japan and they sent me the US version of ISDN which set me back a > week or 2

Re: VPN nat twice [7:27589]

By NATed twice do you mean a different network or subnet? Each subnet is set as a rule in the client so you can connect to different networks as long as the network subnets don't overlap. Allen - Original Message - From: Jim Bond To: Sent: Wednesday, November 28, 2001 4:09 PM Subject:

Re: PIX conduit & access lists [7:26684]

conduit permit icmp any any" -- > that behaved as expected. > > > Thanks, > Steve > > ""Allen May"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Very true and a good point, but the original question was about conduits

Re: NAT commands [7:27539]

You need TACACS to authenticate to a pool of internal IPs through the PIX. That gets you on the internal IP network & is controlled by access-lists. Next if you still need more authentication via VPN then connect to the server after TACACS VPN is connected. The only time I needed this second step

Re: PIX conduit & access lists [7:26684]

ay. Thanks for pointing that out though. - Original Message - From: Patrick W. Bass To: Sent: Sunday, November 25, 2001 10:14 PM Subject: Re: PIX conduit & access lists [7:26684] > ""Allen May"" wrote in message > news:[EMAIL PROTECTED]... > > I

Re: Cisco PIX 525 Multihoming [7:27305]

I'm not sure exactly what you want as an end result but I can throw a couple of pointers out. PIX can only have static routes. Therefore all of your traffic would pass through via these rules. Inside users would most likely need NAT enabled & be using only one ISP. Incoming connections would w

Re: Output Queue Drops [7:26363]

Many games these days do constant ping times. Quake style games give constant ping times on the screen. If they added a Quake style server then it definitely takes pings from users connected. - Original Message - From: John McCartney To: Sent: Thursday, November 15, 2001 8:43 AM Subje

Re: pix helding [7:25796]

Sounds like a hardware failure or bad image of the PIX OS. Have you tried reinstalling or upgrading the OS? You could also set up a SYSLOG server & set up logging to see if it's trying to tell you what's wrong. Also, just a shot in the dark, try setting duplex manually instead of setting to aut

Re: OSPF across PIX [7:24608]

OK maybe...but wouldn't that be translating an IP address of the neighboring router to something it really isn't & botch up the OSPF table on the remote router? Or are you suggesting something different than what I'm thinking? My first impression is that this probably can't be done but I'm always

Re: quick response (help) please [7:24238]

Grignore the IP range. I can't even read my own writing. You get the point tho24.15.112.0 subnet 255.255.248.0. - Original Message - From: "Allen May" To: Sent: Friday, October 26, 2001 9:00 AM Subject: Re: quick response (help) please [7:24238] >

Re: quick response (help) please [7:24238]

Look at the subnet though. 255.255.248.0. That would fit for a network of 24.15.112.0 with an IP range of 24.15.120.1 through 24.15.127.254 (usable). The broadcast would be 24.15.127.255. 24.15.125.255 is just somewhere in the middle of the usable IPs. If the subnet had been 255.255.255.0 then

Re: PIX with PAT and VPN [7:23490]

IPSec does not work with PAT on a PIX. You can with NAT though. http://www.cisco.com/warp/public/707/ipsecnat.html Allen - Original Message - From: "Theodore stout" To: Sent: Wednesday, October 24, 2001 1:02 AM Subject: RE: PIX with PAT and VPN [7:23490] > I got the same access-list

Re: test [7:22315]

fail Please submit another 2 cents to try again. - Original Message - From: "admin" To: Sent: Friday, October 05, 2001 11:19 PM Subject: test [7:22315] > test > > > > -- > Posted via MySite > http://www.dyne.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=22

Re: Personal Security Recommandation - Cisco PIX or ? [7:21012]

- Original Message - From: "Ole Drews Jensen" To: "'Allen May'" ; Sent: Tuesday, September 25, 2001 11:44 AM Subject: RE: Personal Security Recommandation - Cisco PIX or ? [7:21012] > Thanks (as always) Allen, > > I do have a couple of additional questions

Re: Personal Security Recommandation - Cisco PIX or ? [7:21012]

Comments inline: - Original Message - From: "Ole Drews Jensen" To: Sent: Tuesday, September 25, 2001 11:07 AM Subject: Personal Security Recommandation - Cisco PIX or ? [7:21012] > In regards to network design in the security area, I would like to start a > discussion / get feedback f

Re: Cisco Aironet vs Lucent ORiNOCO [7:20954]

rofl...my badI thought it said Arrowpoint...not Aironet. *slap self* - Original Message - From: "Murphy, Brian J SITI-ISET-31" To: "'Allen May'" ; Sent: Tuesday, September 25, 2001 10:43 AM Subject: RE: Cisco Aironet vs Lucent ORiNOCO [7:20954]

Re: Cisco Aironet vs Lucent ORiNOCO [7:20954]

It works via IP addresses...so yes. - Original Message - From: "Steiven Poh-(Jaring MailBox)" To: Sent: Tuesday, September 25, 2001 9:03 AM Subject: Re: Cisco Aironet vs Lucent ORiNOCO [7:20954] > Is both work with Linux OS? > > Steiven > > > > - Original Message - > From: "ne

Re: IPSec tunnel throughput [7:20640]

Sorry. PIX does not allow bandwidth modifications. It would have to be done at the router outside or inside the PIX on each end. - Original Message - From: "Eugene Kushnirskiy" To: Sent: Thursday, September 20, 2001 10:06 PM Subject: IPSec tunnel throughput [7:20640] > Is it possibl

Re: something about vpn [7:20137]

As long as the router on the other end supports IPSec and IKE you should be able to. I've connected PIX boxes to Cisco routers a few times now and seem to recall seeing documentation on connecting to other types of routers on cisco.com when I was looking for configs to do the PIX->2600 VPN. http

Re: Telnet on PIX outside interface [7:20271]

Secure only in the sense that you can limit source IP's (which can possibly be circumvented) and that the session is encrypted so it is more difficult to sniff the password. However, this would possibly allow someone on the internet to gain access to the firewall and set up thier own rules to all

Re: Information on building a Pix out of a PC [7:19775]

n on building a Pix out of a PC [7:19775] > REALLY? Makes you wonder why they would ever have mouse drivers embedded in their code! We use 525's here and I see nothing of the sort. > > Maybe they use VI to edit their code in and they just wanted cut and paste support! : ) > >

Re: Multicast traffic & PIX [7:19946]

Ummmyou might as well get rid of the PIX if you're going to allow any any on all protocols On www.cisco.com a search for +pix +multicast brought up many links for me but rather than post them all, check it out for yourself. There is alot of useful stuff in there. - Original Message

Re: Information on building a Pix out of a PC [7:19775]

And for one we could see a PIX 515 boot up without the "mouse not initialized" message ;) I could finally plug one in to make it happy...rofl. - Original Message - From: "Patrick Ramsey" To: Sent: Friday, September 14, 2001 9:49 AM Subject: Re: Information on building a Pix out of a PC

Re: The hub from hell... [7:19818]

Yeah yeah...we all know it's those sentimental 16 color EGA & standard ASCII nudie pics on there that you collected in the 80's ;) Just kidding of course ;) - Original Message - From: "Ole Drews Jensen" To: "'Allen May'" ; "Ole Drews J

Re: The hub from hell... [7:19818]

The hub wants to die. It is time. Let it go. There is nothing you can do to save it. Bid farewell and have it cremated in a burning pile of 5 1/4" floppies. - Original Message - From: "Ole Drews Jensen" To: Sent: Thursday, September 13, 2001 2:22 PM Subject: RE: The hub from hell...

Re: blocking music city [7:19806]

The easiest way is to create access-lists to block the authentication servers (if applicable) or the site itself. Keep in mind that many large sites own an entire subnet of IPs for load balancing so it may require more than just the first IP you see when you ping by name. If it's on a Microsoft

Re: spid and ldn numbers [7:19752]

izard" To: "Allen May" ; "Lists Wizard" ; Sent: Thursday, September 13, 2001 9:06 AM Subject: Re: spid and ldn numbers [7:19752] > But LDN is also assigned by the telephone comapany, is > that wright? > > Thanks > --- Allen May wrote: > > ISDN has a r

Re: spid and ldn numbers [7:19752]

ISDN has a real phone # tied to it (usually 2 separate. One for each channel). SPID can be thought of as a circuit ID (kinda). Usually it's the entire phone # inclucing area code with 0101 on the end. When dialing into an ISDN, use the real phone #. Hope that helps... Allen - Original M

Fw: A tribute to the US [7:19669]

I like the Canadian viewpoint better than the one of arrogance. > > TRIBUTE TO THE UNITED STATES > > > > This, from a Canadian newspaper, is worth sharing. > > America: The Good Neighbor. > > Widespread but only partial news coverage was given > > recently to a remarkable editorial broadcast fr

Re: US Stock [7:19433]

hings. - Original Message - From: "Wilson, Bradley" To: Sent: Wednesday, September 12, 2001 2:10 PM Subject: RE: US Stock [7:19433] > I thought you said earlier he was an atheist. Which is it? > > > -Original Message- > From: Allen May [mailto:[EMAIL

Re: US Stock [7:19433]

Yes. I don't know many people who wouldn't defend their country right now. The entire country seems to be pulled together more now than ever in history. Surely, justice is in order. I just hope it's not taken too far and is limited to being taken out on those responsible. Also, for any country

Re: US Stock [7:19433]

Wy off topic, but since the atheists got their say: Unbelievable the responses that came from this post. I agree. Amazing how many said not to push religion by pushing atheism right after you mentioned this. In a Christian society is is usually the atheists or Satanic cults that commit

Re: PIX OID [7:19241]

A search on google.com for +pix +mrtg brought me here: http://www.hcity.net/~nomad/pix.html - Original Message - From: "BASSOLE Rock" To: Sent: Monday, September 10, 2001 3:19 AM Subject: PIX OID [7:19241] > Hi group, > > > We are currently using the MRTG tool to monitor our Internet

Re: another problem about pix 515 [7:18983]

No but it sounds suspiciously like a hardware problem - Original Message - From: "fmxiao" To: Sent: Friday, September 07, 2001 10:09 AM Subject: another problem about pix 515 [7:18983] > i have a pix515, but it always dies with no responce on console port and any > other ethernet

Re: ISDN Bridging [7:18829]

Yes. Search on cisco.com for + +ISDN +Bridge +multilink and you'll probably find it. - Original Message - From: "cisco skin" To: Sent: Thursday, September 06, 2001 11:37 AM Subject: ISDN Bridging [7:18829] > Is it possible if I have 2 ISDN routers (one at corporate and one at remote

Re: 700 router problem [7:18777]

I have a 776 that is working. In the config I noticed an option for the console port. Check to see that it's: SET SERIALPORT CONFIG The other option is TPAD. Also verify the common things like 9600 baud, N81, etc. Allen - Original Message - From: "Ahmed Mamoor Amimi" To: Sent: Thurs

Re: PIX - NAT 0 problems this weekend [7:18471]

You can set up statics with a subnet mask on inside & outside ip ranges. I had problems getting it to work when the subnet included the inside interface, but other than that it works great. Allen - Original Message - From: "Michael Jia" To: Sent: Tuesday, September 04, 2001 11:08 PM S

Re: pix outbound vs acl [7:18101]

l Message - From: "Dennis H" To: Sent: Friday, August 31, 2001 12:33 PM Subject: Re: pix outbound vs acl [7:18101] > What?!? Are you suggesting there is useful information and maybe even the > answer to the question.. in the > manual???

Re: pix outbound vs acl [7:18101]

Well in the 5.1 PIX users manual it has a note in the section on outbound saying it's been superceded with the access-list command. It's in the command reference section. It says the recommend migrating outbound command statements to access-list command statements to "maintain future compatibilit

Re: PIX static command and em_limit - SYN attack [7:17994]

I put 4 for max_conns and 100 for emb_limit. I haven't got any hard evidence that this is the best way for a webserver, but it works ;) emb_limit just limits how many connections are held that have not completed the TCP 3-way handshake, thereby stopping SYN attacks from reaching the server.

Re: MRTG Horizontal shape? [7:18091]

Look at the log it creates. If the process hung it probably just didn't get any new readings. If data is in there that looks correct, you may have absmax set too low and it flatlined at the absmax. - Original Message - From: "William" To: Sent: Friday, August 31, 2001 9:50 AM Subject:

Re: vpn through pix [7:17782]

Are you running PAT on the pix? - Original Message - From: "r r" To: Sent: Wednesday, August 29, 2001 8:19 PM Subject: vpn through pix [7:17782] > does anybody have ideas on what is needed to use a vpn > client through a pix running nat? another way to put > it: i have users inside t

Re: newsgroups block behind pix [7:17727]

By default, all outbound traffic is allowed outbound unless otherwise configured in outbound rules. Make sure the newsgroup isn't restricted by source IP. Most are these days to keep use limited to their own users. - Original Message - From: "george gittins" To: Sent: Wednesday, Augu

Re: Adding NIC to the PIX ?? [7:17691]

First make sure your license supports another interface. Second, it's just another interface that needs a name, IP, and subnet like the other 2. Don't forget to set the security level. Usually people set outside to 0, inside to 100, and 3rd interface to something like 50 so inside can get to it

Re: PIX design question [7:16801]

ould require a switch. Sorry if this > wasn't clear. > > -Kent > > -Original Message- > From: Allen May [mailto:[EMAIL PROTECTED]] > Sent: Monday, August 27, 2001 7:48 AM > To: Kent Hundley; [EMAIL PROTECTED] > Subject: Re: PIX design question [7:16801] >

Re: Pix Route issue [7:17242]

Oh yeah...didn't see this part for my last reply. You're going to have a hard time getting it to work this way. I've never tried using passive RIP to see if it would learn the path..anyone else tried it? Since you can't put more than one IP on a PIX interface it would need a gateway to the othe

Re: PIX design question [7:16801]

Check out Dragon Sensor. It has a client that sits outside the firewall to communicate with the internal sensors. Personally, at the risk of starting a flame war, I hate the idea of running ANYTHING besides firewall software on a firewall. IDS just adds strain and possible added points of failu

Re: Pix Route issue [7:17242]

If it's doing NAT and IPSec you need a ruleset to not use NAT for a destination on the IPSec tunnel. It looks like that is what's happening. Allen - Original Message - From: "pat" To: Sent: Monday, August 27, 2001 1:18 AM Subject: Re: Pix Route issue [7:17242] > PIX can't route bac

Re: Code Red ! [7:16950]

gt; the only problem is that he doesn't have the code to support it. > > >>> "Allen May" 08/24/01 10:13AM >>> > Learn to use the search engine on cisco.com. It's a very valuable tool. > Searching for > +"code red" +block > yielde

Re: Code Red ! [7:16950]

Learn to use the search engine on cisco.com. It's a very valuable tool. Searching for +"code red" +block yielded many results, including this one: http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml Additional Workarounds for Handling "CodeRed" Traffic Utilize the NBAR feature in

Re: NAT using a single interface [7:16902]

Well, technically, it would be PAT if it's using the outside interface IP address to translate. A PIX can do this but I'm uncertain about a router. Look up NAT OVERLOAD on cisco.com and you should find some useful information. Allen - Original Message - From: "Leigh Anne Chisholm" To:

Re: books on PIX? [7:16720]

I don't know of any "books" but all of the manuals can be found here: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/ Allen - Original Message - From: "sam sneed" To: Sent: Tuesday, August 21, 2001 3:09 PM Subject: books on PIX? [7:16720] > Anyone know of any good introduc

Re: blocking PORTS ON PIX!!! [7:16275]

Maybe I missed the point of the question, but just don't open POP3 on the outside interface for inbound and that will restrict all outside users from using POP3. Unless inside users pass through the PIX to get to the POP3 server you won't need to add anything to the PIX to allow inside users POP3

Re: PIX static map question [7:15983]

The only config that needs a restart (that I can think of) is IPSec tunnels so they can authenticate. I've never tried without it but cisco recommended it somewhere in the documentation. Most of the time clear xlate will clear everything right up for you. However, that drops any streaming conne

Fw: Cisco 776 M question [7:16037]

- Original Message - From: "Allen May" To: Sent: Monday, August 13, 2001 4:42 PM Subject: Cisco 776 M question > Does anyone have a working config for a 776 or something in that series for > routing? The config on cisco.com stinks. It has PAT enabledI have a

Fw: Cisco 776 M question [7:16036]

- Original Message - From: "Allen May" To: Sent: Monday, August 13, 2001 4:42 PM Subject: Cisco 776 M question > Does anyone have a working config for a 776 or something in that series for > routing? The config on cisco.com stinks. It has PAT enabledI have a

Fw: Cisco 776 M question [7:16035]

- Original Message - From: "Allen May" To: Sent: Monday, August 13, 2001 4:42 PM Subject: Cisco 776 M question > Does anyone have a working config for a 776 or something in that series for > routing? The config on cisco.com stinks. It has PAT enabledI have a

Cisco 776 M question [7:15932]

Does anyone have a working config for a 776 or something in that series for routing? The config on cisco.com stinks. It has PAT enabledI have a /29 so I don't want PAT. PAT disables all inbound traffic at the router so I have no clue why their only example for routing includes PAT. If anyo

Re: Can't ping outside of PIX [7:15205]

The way I understood his question was he couldn't ping outbound. You can ping outbound by default if you are using NAT. Inbound ping definitely requires access-list or conduits. But outbound works...everything works outbound. - Original Message - From: "Farhan Ahmed"

Re: Can't ping outside of PIX [7:15205]

Looks ok to me but I tend to agree with cheekin. Try subnetting to a .128 to divide your IP range in 2 so you have half for the global range and half for the equipment on the LAN. If nothing else, just to see if that eliminates your problem for troubleshooting purposes. - Original Message

Re: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]

Lawyer? Sounds more like a politician ;) 3 paragraphs & still didn't state his age..rofl. Just having fun with ya ;) > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Greg Macaulay > Sent: Monday, July 30, 2001 9:33 AM > To: [EMAIL PROTECTED] > Sub

Re: access list w/ prime numbers [7:14117]

Welll.would using a modified version of TACACS+ script count & forcing all connections to be authenticated? ;) TACACS+ could probably do the prime # blocking...hehe. Just stirring up trouble on the thread ;) Maybe those 2 cents will all hit in one big $10 now..haha. - Original Message

Re: Test [7:13936]

Fail. ;) - Original Message - From: "cisco-commando boy" To: Sent: Friday, July 27, 2001 3:19 AM Subject: Test [7:13936] > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted

Re: Cable modems & 2501s?? [7:13626]

Ya know whatnever mind...just looked up 2501 and it's 2 serial ports & and AUI. My bad. - Original Message - From: "Greg Macaulay" To: Sent: Tuesday, July 24, 2001 4:49 PM Subject: Cable modems & 2501s?? [7:13626] > Hi all, > > I need some assistance with setting up my 2501 with

Re: Cable modems & 2501s?? [7:13626]

Get a 10 Base T Transceiver for the AUI port ;) I think someone was selling 5 of them on here the other day for like $5-15...not sure how much but it was cheap. Allen - Original Message - From: "Greg Macaulay" To: Sent: Tuesday, July 24, 2001 4:49 PM Subject: Cable modems & 2501s?? [7

Re: CCIE Expertises [7:13545]

I'm holding out for #6969 - Original Message - From: "Justin Emilio" To: Sent: Tuesday, July 24, 2001 3:10 PM Subject: Re: CCIE Expertises [7:13545] > Currently cisco claims that there are 6169 CCIEs according to their website: > http://www.cisco.com/warp/public/625/ccie/ccie_program

Re: vpn speed [7:13499]

ess of compression/and or vpn acceleration. > > -Patrick > > >>> "Allen May" 07/24/01 11:02AM >>> > I could be off here...but I believe the accelerator card only helps the cpu > intense part of encrypting/decrypting traffic. You would still be

Re: vpn speed [7:13499]

I could be off here...but I believe the accelerator card only helps the cpu intense part of encrypting/decrypting traffic. You would still be limited to internet speed which involves amount of traffic between endpoints, etc. Maximum would be 128K unless you have alot of traffic going through that

Re: To CCIE's without a job [7:12805]

Hehe..the guitar on the router thing made me remember a site someone sent me to once. It would take you IP address and something about current traffic from you & all sorts of other unknown variables would generate a song. And man did mine suck! rofl. - Original Message - From: "Ole Dr

Re: ipsec and nat [7:12825]

Just a small addition to that... IPSec has rules for only allowing certain source & destination IP addresses through. NAT changes IPs & doesn't even have the same IP/port for each transmission so IPSec would thoroughly be confused ;) - Original Message - From: "Ross McCormick" To: Sen

Re: Block Icq With Pix Firewall [7:12601]

gt; > I may also config my name server to response a false ip address for > icq.com domain. :) > > > > On 17 Jul 2001 11:49:35 -0400, [EMAIL PROTECTED] ("Allen May") wrote: > > >Well...since ICQ uses a wide range of ports it may be easier jus

Re: PIX 506 Hang up!!! [7:12653]

Sounds almsot like it's overheating & shutting off. Is the fan running in it? If you know anything about SNMP you could use software to browse the MIBs to check status. Keep in mind I never tried that. All I use SNMP for is bandwidth in/out and cpu utilization. Allen - Original Message -

Re: Block Icq With Pix Firewall [7:12601]

Well...since ICQ uses a wide range of ports it may be easier just to block access to the ICQ authentication server... - Original Message - From: "Farhan Ahmed" To: Sent: Tuesday, July 17, 2001 3:59 AM Subject: RE: Block Icq With Pix Firewall [7:12601] > outbound 10 deny 0 0 icqport tc

Re: Access List problem. [7:12525]

True, but it won't block the specific addresses inside the subnets he allowed all from above the deny all. - Original Message - From: "no mail" To: Sent: Monday, July 16, 2001 3:41 PM Subject: Re: Access List problem. [7:12525] > I like Jeremy's answer. It seems like the permit all

Re: Access List problem. [7:12525]

Oh wait...4th line down is a permit so line 3 stays. I see it in 4 lines. Anybody else see it differently? - Original Message - From: "Allen May" To: Sent: Monday, July 16, 2001 2:44 PM Subject: Re: Access List problem. [7:12525] > I'll try ;) > > Let'

Re: Access List problem. [7:12525]

I'll try ;) Let's see: 172.anything from 10.anything 172.22.30.95 from 10.11.12.anything (redundant from above line) 172.22.30.anything denied from 192.168.18.27 172.22.0.0 0.0.31.255 from 192.168.18.anything (denied 1 line above) 172.22.anything deny 192.168.18.64 0.0.0.63 (taken care of 2 lines

Re: 2008 Olympics Goes to Beijing [7:12286]

I wouldn't fly there. Being buzzed by fighter jets at close proximityno way. hehe. - Original Message - From: "William Gragido" To: Sent: Friday, July 13, 2001 2:17 PM Subject: RE: 2008 Olympics Goes to Beijing [7:12286] > Now, now, thats not a positive thing to say. I think t

  1   2   3   4   >