This is correct, VPN, depending on what features are implemented, can add
significant size to packets. Cisco sets the default Payload size for IPSec
on the PIX to 1380 to make up for the fact that there can be IPSec headers
close to 120 bytes.
-Original Message-
From: Peter Slow
I have VPN running over 56k dialup, and it performs rather well. It's not
the fastest, but it is functional. My users say it's about as fast as
dialing in /w/ 28000 RAS
-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 9:14 AM
To:
I think you should reload the IP stack one more time. Sounds like a binding
issue. Un-install, reboot, and then re-install.
-Original Message-
From: J. Li [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 9:54 AM
To: [EMAIL PROTECTED]
Subject:OT: Need help
That particular combination is not easy with one WC mask, but here are 2
options. Obviously, the less the lines the better.
Either
Access-list 1 deny 128.252.0.0 0.0.127.255 0-127
Access-list 1 deny 128.252.128.0 0.0.63.255 128-191
Access-list 1 deny 128.252.192.0 0.0.31.255 192-223
That should be 0.0.15.255, but that allows 240, and you have it backwards,
you need to permit the first line (access-list 1 deny 128.252.0.0
0.0.15.255), and then deny the class b , then permit all else
-Original Message-
From: fgh [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24,
Your statement (access-list 101 deny ip 128.252.0.0 0.0.255.255
128.252.240.0 0.0.255.255), will AND off the 240 part, and still block all
of the class b
Thank You,
Michael Ayers
Network Engineer
OneNeck IT Services
(480) 539-2203
(800) 272-3077
-Original Message-
From: MikeN
254
255
-Original Message-
From: Farhan Ahmed [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 1:35 PM
To: 'Ayers, Michael'; [EMAIL PROTECTED]
Subject:RE: access list.. [7:13564]
should be 0.0.15.255
but how?
-Original Message-
From
240
-Original Message-
From: fgh [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 1:23 PM
To: Ayers, Michael
Cc: [EMAIL PROTECTED]
Subject:Re: access list.. [7:13564]
He wants to block the range 128.252.0.0-128.252.240.0 and permit all else
240
-Original Message-
From: fgh [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 1:23 PM
To: Ayers, Michael
Cc: [EMAIL PROTECTED]
Subject:Re: access list.. [7:13564]
He wants to block the range 128.252.0.0-128.252.240.0 and permit all else
Only problem, your scenario should be too block all from 0 to 239 to make an
easy solution.
-Original Message-
From: Ayers, Michael
Sent: Tuesday, July 24, 2001 1:40 PM
To: 'Farhan Ahmed'; Ayers, Michael; [EMAIL PROTECTED]
Subject:RE: access list.. [7:13564
An I only have a lowly CCNP telling me. (myself)
-Original Message-
From: fgh [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 1:02 PM
To: [EMAIL PROTECTED]
Subject:Re: access list.. [7:13564]
access-list 1 deny 128.252.0.0 0.0.240.255
access-list 1 permit any
The answer was, YOU CAN'T. The 2501 has but 1 Ethernet. You nee a 2514!
-Original Message-
From: Greg Macaulay [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 3:16 PM
To: [EMAIL PROTECTED]
Subject:RE: Cable modems 2501s?? [7:13626]
Allen --
Perhaps I
Linksys makes a way cool option for this :)
-Original Message-
From: Jason Kinney [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 3:32 PM
To: [EMAIL PROTECTED]
Subject:RE: Cable modems 2501s?? [7:13626]
Can't you use a 10BaseT Transceiver in the AUI port?
I don't think you can use the same interface for the NAT outside and inside.
:)
. now if you could sub-interface... no never mind
-Original Message-
From: Leigh Anne Chisholm [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 24, 2001 3:59 PM
To: Ayers, Michael; [EMAIL
I use the Cisco TFTP server, and have had no issues with it. I also used
the Instsrv/SRVANY NT utilities to make it start as a service.
-Original Message-
From: Jason Roysdon [mailto:[EMAIL PROTECTED]]
Sent: Saturday, July 21, 2001 4:37 PM
To: [EMAIL PROTECTED]
Subject:
I use both
-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 22, 2001 6:37 PM
To: [EMAIL PROTECTED]
Subject:Re: Cisco Press Vs Sybex Which Way Forward === [7:13243]
At 03:07 PM 7/22/01, hal9001 wrote:
Howard
In some of the
Sean
Not everyone can know everything about all Networking and OS's. You
obviously know how your network runs, but is it documented?, and if so, is
the documentation in a coherent library format? Sounds to me like this
important information may not have passed on during your network
Vlan1 is a logical interface. It will clear with a reload. Remember, VLAN1
is all ports on the VLAN, so if you have 4 or 5 ports in VLAN1 connected to,
say, 24 port hubs, the VLAN collision count will be high.
Remember, that a switch running full duplex will have NO collisions, and a
duplex
I printed copies of every install guide and technology brief from Cisco on
ATM, and their Switches and Shelves. I found it enough to pass. The CCNP
scares me though (I'll need a lot more experience) :)
-Original Message-
From: ljingyu [mailto:[EMAIL PROTECTED]]
Sent: Tuesday,
SPLIT HORIZON A router will NOT advertise a route out the same interface it
received it in on. Try sub-interfaces.
Excerpt from Cisco
http://www.cisco.com/univercd/cc/td/doc/product/software/ssr83/rpc_r/53992.h
tm#xtocid2008062
Enabling and Disabling Split Horizon for IP Networks
Normally,
The router should be able to run 10Mbs. The Switching technology doesn't
care about the port speed
-Original Message-
From: Munoz, Michael [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 18, 2001 10:29 AM
To: [EMAIL PROTECTED]
Subject:Question on Cat5k [7:12836]
I am
If it is just a serial port, you'll need a DCE, and DTE v.35 or something
similar. If it is a T1 rj45 WIC, cross pins 1-4 2-5 4-1 5-2.
-Original Message-
From: Chris Headings [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 17, 2001 9:30 AM
To: [EMAIL PROTECTED]
Subject:
Is the IP address you assigned to the switch in the network for your other
VLAN? Think of the switch as a host that is built into the hub of your
network. It must be on a VLAN to be accessible, and it must have an IP on
the network it is a member of. Otherwise, it's like setting up a router on
Sounds like the NM is not compatible
Excerpt From Cisco
http://www.cisco.com/univercd/cc/td/doc/pcat/sewn__y2.htm
Hardware Specifications
The WIC-2T and WIC-A/S are supported on the Cisco 3600 (on the NM-1FE2W,
NM-2FE-2W, NM-2W, and the NM-1FE1R2W network modules), 2600 and 1720 series.
I've seen this error with the Microsoft DNS caching servers and some
Internet Unix boxes. Seems to be a DNS compatibility issue.
Here is the Scenario. You have a Microsoft DNS server that your exchange
server uses? If so, try adding another Internet DNS server to the Exchange
server's DNS
Try this: 2104 and 2102 should look the same, but 1042 would get you 1200
baud. Try setting your console to 1200 and see if it works
Michael
-Original Message-
From: Richard Bosire [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 16, 2001 12:59 PM
To: [EMAIL PROTECTED]
The first 3 conditions definitely don't overlap, so the deny is all you
need, but the next 2 lines kind of overlap, and using only the deny
statement (line 5) would block traffic that the prior permit statement
(line 4) would have allowed. The only way to get rid of one of the lines
is to see
I use nat on about 15 routers in a customer DMZ. What does your pool look
like? And what does your route map look like?
Here is an example of one
interface Ethernet0/0
ip address 172.20.4.7 255.255.255.0
ip directed-broadcast
ip nat inside
no cdp enable
!
interface Ethernet0/1
ip
I'd recommend a 3620 in the head office, with 2611's @ the remote sites.
You need extra RAM, flash, and IP+56 feature set. As to the configs, there
are plenty of examples @ Cisco.com. I found a LOT of info on VPN. You just
have to be diligent and dig.
Michael
-Original Message-
. You need to run INSTALL (or NWCONFIG if 5.x), edit the
AUTOEXEC.NCF and remove all BIND statements referencing frame types you
don't want to use. Ethernet_II is preferred.
NetWare 5.x is more restrained and tries to use IP only.
Ayers, Michael 07/11/01 12:12PM
Those were either auto generated
Look up the pinout of each rj45 I think it's a roll cable, but you need to
connect TX to RX and Visa Versa. Make sure you set up clocking one external
and one internal
-Original Message-
From: anthony moore [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 8:13 AM
To:
I'm having a problem. I'm running a PIX520 (5.3) with multiple VPNGROUPs. I
have a client installed on a WIN2k machine. The machine was using a group
that didn't split tunnel. I changed the group to a group that does, and now
I get a failed to negotiate error AFTER THE LOGON and the Your link
I recommend the McGraw Hill book also
-Original Message-
From: Robert Kimble [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 10, 2001 5:59 PM
To: [EMAIL PROTECTED]
Subject:CCNP routing? [7:11848]
I am about to start studying for the CCNP routing exam. I've just bought
OK,
See if I have it here.
The receive window is a buffer. It is specified in bytes. During the 3 way
handshake, each side tells the other it's buffer size. This is the start of
our flow control.
During the 3 way handshake, Each side also specifies a sequence number. The
other will
Excerpt from a Cisco page
http://www.cisco.com/univercd/cc/td/doc/product/software/ssr921/rn_rt921/670
85.htm
Cisco 2500 Console Ports
Cisco router console ports do not support software (XON/XOFF) or hardware
(RTS/CTS) flow control. However, on all routers except the Cisco 2500
series, the
The only way is to MUX 2 T1s together (if you are referring to trying to get
router port speed from T1 technology). 2 T1's = 3MB. A 2Mb router port on
each end will be the limiting factor, and the 2 t1's will only see 2Mb of
traffic.
Thank You,
Michael Ayers
Network Engineer
OneNeck IT
]]
Sent: Wednesday, July 11, 2001 9:43 AM
To: 'Ayers, Michael'
Subject:RE: line speed [7:11911]
2.028mb is for an e1 or European T1 which has 32 timeslots 32x64=2.048
-Original Message-
From: Ayers, Michael [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 12:44 PM
OK I'm reposting because my original got cut off.
See if I have it here.
The receive window is a buffer. It is specified in bytes. During the 3 way
handshake, each side tells the other it's buffer size. This is the start of
our flow control.
During the 3 way handshake, Each side also specifies
Those were either auto generated, or picked up from reading frames on the
wire.
-Original Message-
From: Elmer Deloso [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 11:31 AM
To: [EMAIL PROTECTED]
Subject:IPX Network addresses [7:11990]
hi, group.
I just
configuration is necessary on the router to achieve this.
Are you asking if you could multiplex two T-1s onto a single serial
interface running at 3.088Mbps?
Have I completely missed the point? Help me out here, I'm lost. ;-)
John
Ayers, Michael 7/11/01 11:08:17 AM
Yes, but I have a few
Not only that, but the PIX doesn't return traffic out the same interface it
received it in on.
-Original Message-
From: Tony Medeiros [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 1:33 AM
To: [EMAIL PROTECTED]
Subject:Re: Pix not routing for Frame Spokes
OK, last try on my post
The receive window is a buffer. It is specified in bytes. During the 3 way
handshake, each side tells the other it's buffer size. This is the start of
our flow control.
During the 3 way handshake, Each side also specifies a sequence number. The
other will reply with
Tis is true, why check 2 access lists in either direction?
One inbound
One outbound
They can be the same, but they usually are different, each tuned to manage
the traffic flowing in the direction applied. Why make a router check lines
inbound that only match outbound traffic?
-Original
43 matches
Mail list logo