Correct-
It can be done, but it does require a static mapping. One question to verify
what you are asking:
You want to ping from the internet to you lan like so:
Ping from x.x.x.x to y.y.y.y, where x.x.x.x is an internet routable address,
and y.y.y.y is a static translation of your private addr
One big thing to consider is the potential for drops and jitter going over
the Internet. We use Polycom FX units (Polyspan FX in Europe) to do this
over our WAN (frame and MPLS). We have good quality most of the time, but do
get some drops on occasion. Most of the time our VP's love it, but one or
No, anyone can take the CCIE written, no prior tests or certs required.
andras
-Original Message-
From: Daniel Lafraia [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 11:16 AM
To: [EMAIL PROTECTED]
Subject: Re: ccie written [7:5225]
I could see in your signature that you have CCN
I believe that you can telnet into a pix from the outside, in the newer
versions of the os, but it isn't on by default. Who knows why you'd want to,
but you can do it.
NAT can be done high security to low, but once again, it's something that
you have to consider carefully.
andras
-Original
Anybody want to guess the amount of bandwidth the updates would take ("my
email is running really slow today")
andras
-Original Message-
From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 9:33 PM
To: [EMAIL PROTECTED]
Subject: RE: How is IS-IS more scalable tha
Have you tried any other network cables - sounds like a distance issue, but
could also easily be a bad cable.
andras
-Original Message-
From: Arun [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 10:12 PM
To: [EMAIL PROTECTED]
Subject: Regarding negotiations [7:5380]
Hi
I have cat
Couple of thoughts:
255 is an easy number to allow for.
You've configured all the routers on your network in a daisy chain?
Don't actually have a good idea on this one - any ideas?
andras
-Original Message-
From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 10:15
Have you tried putting a default route in for both of the cards? Will the
pix accept it? I don't have a pix with two Outside cards, just one outside
and one DMZ, and my lab system is in the middle of a different experiment.
If you could do each interface with a seperate default route, you might ma
Global pools on the inside doesn't solve the issues associated with actually
trying to do useful work. The only way to do anything on the inside is to
map the addresses that you want to access on the inside to an outside
address. You'll also have the possibility of ending up with name resolution
i
PROTECTED]
Subject: Re: Regarding negotiations [7:5380]
Yes i tried different cables ..at it seems i have seen this problem on
3com 3300 series switch..also with different location different cable and
different n/w cards
Regards
""Andras Bellak"" wrote in message
[EMAIL PRO
Is the IOS a plus version? Only plus versions support the voice modules, at
least in my experience.
andras
-Original Message-
From: Circusnuts [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 22, 2001 7:28 PM
To: [EMAIL PROTECTED]
Subject: Problems with a 3620 voice router [7:5500]
Hey a
Just a note from a client side perspective of an MPLS user. We currently are
using an AT&T MPLS backbone for portions of our WAN. One of the major
benefits is the fully meshed nature of the system. We have around 13 sites
up so far, all with the equivalent of a fully meshed connection. We use BGP4
David-
The 5500 switches run CatOS, which isn't quite the same as IOS (as you've
noticed). The CatOS actually saves the config as you enter lines. No copy
running startup or write mem needed.
Write Mem basically copies the running-config to the startup-config. This
insures that any changes you
Frank-
If I understand you correctly - telnet to 2511, reverse telnet to 2501, and
you want to suspend your session from 2511 to 2501. I think this is what you
are looking for:
We use 2509RJ access servers at some of our sites to enable remote
management of multiple pieces of equipment from a si
Jenny-
The warning is in relation to output voltages from the power supply.
Normally this would indicate a possible error with the ps, but it never
hurts to check out a few things. Check the sh env all / show env table and
see what the current voltage is for that marker. If you have a UPS that th
Frank-
I now know that my last reply isn't what you are looking for. I don't think
that there is a way to do this, from either NT or Unix. I would be
interested in knowing why the user would want to exit the session without
exiting telnet? I understand from a terminal server point of view, where
Hamid-
As great as the desire is to just block access to a port, or oversee all
traffic, sometimes it's just not reasonable to do so. I'm assuming that
you are with an ISP from your reference to customers. Since you really
can't just block 80, as has been suggested, might I suggest a different
app
kwards and filtering inbound URL's with websense? I don't
know if this will work, as websense only looks at the site URL, not the
page name, but it's something to look into.
Just thoughts, but I'm curious to hear any responses.
Andras Bellak
Director, WAN Engineering
[EMAI
Jeff-
Some ideas that might work:
1. Use netflow and one of the free tools (like flowscan & rrd tool).
Check caida.org
2. Webtrends Firewall suite (this is probably the best app for you, as
it has tons of reports, but it can be pricey)
3. Use an IDS system that captures all the packets, then wri
Juan-
As a possible alternative, since others have already posted instructions
on setting up a secondary address, you might try having the Win2k DHCP
server check for ip addresses on the wire before it assigns an address.
That way you can temporarily overlay the DCHP scope with the existing
subne
Nigel-
If you dig back through the NANOG archives, there was a rather in depth
and discouraging discussion of encrypting / authorizing BGP session
neighbors. The general result was that almost nobody supported it, and
many in the ISP groups that offer BGP connectivity didn't even know what
it was
pushed for it and hope to see it available to me soon.
Anarchy rules! Right?
Andras
-Original Message-
From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 20, 2001 10:49 PM
To: Andras Bellak; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Latest Hackers Target: R
Try using snmpv3
-Original Message-
From: Andrew Larkins [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 09, 2002 5:53 AM
To: [EMAIL PROTECTED]
Subject: RE: SNMP Community String [7:31373]
Not to sure about that, but you can add access lists to control who is
allowed to use those SN
I'm looking for anyone with experience with Quick Eagle or Digital Isle
DL5400 MUX products. If anyone has anything good or bad to say, or
information on using their Fast Forward feature, please contact me
off-list.
Thanks,
Andras
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7
>From Cisco's web site, it doesn't look like the WIC-2T is supported in
the NM-1E2W. The doc on the WIC-2T only lists the following:
NM-1FE1R2W
NM-1FE2W
NM-2FE2W
NM-2W
The same doc says that the WIC-2T isn't supported in the following:
Cisco 1600
NM-1E2W
NM-1E1R2W
NM-2E2W
Sorry.
-Original
And if you really feel like messing with someone - try telnetting into
the router that they are working on and doing "CLEAR LINE 0"
-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 16, 2002 5:00 PM
To: [EMAIL PROTECTED]
Subject: Re: **stup
more).
Have fun with this if you can - video and voice over ip are great ways
to wow upper management teams and are fun to play with.
Good luck
Andras Bellak
Director, WAN Engineering
-Original Message-
From: Brian Whalen [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 10, 2001 8:
. The direct frame connections are 512cir/1024port, but
we're slowing migrating them all over to MPLS (as the service becomes
more and more available).
Glad I could help out.
Andras Bellak
Director, WAN Engineering
-Original Message-
From: Thomas N. [mailto:[EMAIL PROTECTED]]
Sent: M
1600 series won't run bgp - I believe that 2500's will, and I know that
2600's will.
Andras Bellak
Director, WAN Engineering
[EMAIL PROTECTED]
-Original Message-
From: Cisco Nuts [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 17, 2001 2:06 PM
To: [EMAIL PROTECTED]
NBAR works, but only for incoming http attempts - this worm/virus has up
to 16 different attacks that it tries, and propogates via email or drive
shares just as easily, if not more so.
I know that Norton has an update that removes this, others might have
them as well at this point. One thing that
One thing to be aware of - the VPN client doesn't (at least didn't last
time I looked) support Windows 2000. It also has (once again, possibly
should be "had") big issues with some ISPs, especially aol and netzero.
I have to agree with the other folks, the concentrator (we have 3
vpn-3030 systems
Once again in the spirit of Chuck, this post from NANOG has a link to an
article on BGP instabilities that may be related to Internet worm
attacks.
Andras Bellak
Director, WAN Engineering
[EMAIL PROTECTED]
-Original Message-
From: Tim Griffin [mailto:[EMAIL PROTECTED]]
Sent: Friday
Anybody who's had to use Avaya's IP products knows that Cisco has
nothing to worry about.
-Original Message-
From: ""Steiven Poh-(Linear Online MailBox)""
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 18, 2001 10:54 AM
To: [EMAIL PROTECTED]
Subject: Re: Cisco to buy Nortel??? [7:2290
One the best documentation jobs I've seen of the amount of traffic
generated by systems doing basic housekeeping functions and actual user
and application functions was from MS Press - the title is "Notes From
the Field: Network Traffic Optimization" or something along those lines.
While it only d
Everyone that is answering ccie/sec questions seems to be responding to
a belief that the question asker is looking to find out if after passing
r/s, they can breeze through security. I'm actually curious if there is
a belief that a ccie/security could breeze through an r/s lab? (Breeze
is the wro
Actually the answer varies depending on the intent - if you just want
the password encrypted in the config, then service password-encryption
is correct. If the intent is to encrypt a telnet password while you are
using it, then the answer is you really can't, as telnet is plain-text.
You can use S
Welcome to the next big security nightmare. There are so many issues
with trying to secure the access point, at some point you'll just want
to sit in a corner with your arms around your knees rocking. In the
meantime, here are a couple of thoughts/issues to look at.
1. Running WEP is almost usele
I missed something in my last reply that some folks might not take for
granted - once you have sniffed the mac address of a wireless card,
changing your card to match is simple - I did it on a card integrated
into a notebook inside of 30 seconds - you set it in the GUI even.
Andras
-Origina
38 matches
Mail list logo