I don't think the Alias command or the DNAT tricks work for the
Same Interface Routing rule, which the Pix won't do.
Sorry
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58628t=58623
--
FAQ, list archives, and subscription info:
No problem. Just plug the lights into the Cat6K with In-Line Power.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58641t=58638
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report
Another point, in a big network how does HP match
Backbonefast
Uplinkfast
PVLANning
In a big network, these things are VERY important, and I
think they are cisco proprietary ?
Can someone please comment, on STP tweaks that can be done with
HP (any stp ieee compliant switch) to equal what cisco
I have seen just blocking 1863/TCP kills this monstrosity..
However I prefer routing all the blocks MSN allocates for the program to
NULL 0
ip route 207.46.106.0 255.255.255.0 null0
ip route 207.68.171.0 255.255.255.0 null0
You will find others once these are killed, just
keep looking for
You should use private addressing behind the pix and use static's from the
/29 to map to Servers, etc. behind the pix.
Why would you ever want to put public ip's behind a pix ? especially for a
vpn ? Not cool. It makes it an easier target to spoof, as apposed to RFC1918
addresses.
Answering your
In-Line...
Perfect...
very interesting, indeed. I have long wondered about this scenario, and
have wondered how companies are implementing their site-to-site VPN's
over the internet. so you're saying (regarding your own roll out), that
your ISP assigned you two address spaces and routed your
I think your confusing SPI with a CBAC technology. AN spi is a
uni-directional IPSEC peer transform set hash (agreement on what your using
with your IPSEC PEER).
An SPI is made in each direction to each peer. The Access-list permits
flag traffic (matched by the router) as permitted for IPSEC.
4 pieces of 32MB of memory (128MB total) for the Pix515
JUST AN FYI- the PIX 515 has two DIMM slots and guess what ALMOST any ram
(except ddr, or rdram) that will fit with the chasis closed (like the narrow
sticks) will work inside.. look at my home lab pixie.
(i could have done 512MB, but only
personally i swear by service www.internetconnection.net
they have always had great pipes, with lowpings, and I have hosted
two adult sites there since 1999.
I am currently moving my new site, www.networkedfilms.com there by the end
of the month, from register.com.
They offer all the features
you can block kazaa, etc with a simple access list.. all those
fast track network front end clients (kazaa, grokster, etc)
work on tcp/1214
so for me it would be
access-list 101 deny tcp any any eq 1214
access-list 101 permit ip any any
keep adding access-list 101 deny * * eq as you find
why don't you just cut the 3640 a break.. take defaults from both
providers, (since you said your outbound loadbalancing is being
done at the firewall)
the only reason to take full, partial, or default routes is to
determine your outbound (egress) load balancing.. which ever
you take makes no
03-bf-ac-10-32-1d
What makes this mac address broadcast (at layer 2) ? Its used by MS TERM
SERVER.
I searched on google before posting here, but all I could find
out was some common ranges of broadcast mac addresses, and the
vendor code for the first part of this mac.
I was looking for a
51K to 75K in Marietta Georgia is like $150K in NYC.
I make more than 75K (with no CCIE), and I probably live worse
than someone living in GA making 40K (no car, tiny apartment, etc).
51K is my rent... (close). So, until that ad says NYC, SF, SJ CA,
Relax !
Message Posted at:
i dont think ISP's care about the BYTES part of it. their services are sold
in bits (as you know 1/8 of a byte) the difference in 1024 (power of 2) and
the 1000Mbps is so insignificant,, like once a teacher i had said its like
arguing which one of us is closer to japan.
and even though its not
its definately worth it.. combine multiple pipes at layer 2. I use MLPPP
with my ISP and it rocks.. forget all those shaky stupid CEF
and PER-PACKET configurations.. if you can get PPP going between your
carrier and you, you can get it all going to one router on their side, then
you should run
try funky MTU settings.. also if your using the AERONET solution let them
worry about it.. open a tac case.. this product is supposed to deliver lan
quality connections over wireless.. the medium should not matter here.. i
have connected to the vpn 3015 from cable, dsl, t-1, dialup, almost
Yes I would use mlppp and ios in the same sentence, as I have been running
it without a hitch on a 7200 for 6 months. also, you guys are missing his
point (t-1's to the internet) what ISP is going to run
OSPF or EIGRP with a customer ? please.
Maybe, if they managed the router, but he didnt say
true- cef if the best for most situations, certainly at the 7500 and gsr
levels where mlppp is a joke.. i m just saying for 2600 with 2 t's, also i
have experienced lots of cef problems with NAT, which you would normally do
on a little 2600. mlppp for me has not had these issues.. but i agree if
I dont think so. this can do anything the 2948G_L3 (wire speed layer 3, etc)
and it has the killer layer 2 stuff we all love !
For the price, this thing rocks!
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46515t=46510
--
FAQ,
on the 3030 make sure you are manually specifying lan to lan
(Local Network and Remote Network) using USE IP ADDRESS/WILDCARD
MASK BELOW).
While you normally don't have to do this (you can autodiscover)
Just do it to test if this is the problem.
Also make sure you have both
isakmp enable
forget the stupid attempts to block 5190/tcp, etc.. its best to completly
route to null or deny traffic to the subnets involved. (smarter users will
just specify to use 80 / tcp, and still get on)
read this from a story about this..
As of 1:22 PM 11/21/2001
Login server names - set up a Deny
Yes well said thomas. If I had just relied on his ccna book 2 years ago, I
would have failed 640-507 (CCNA). I found so many errors and
things out of order (as a baby engineer). I ended up just reading the
miserable, poorly written odom book from cisco press. I threw that piece of
junk away, when
i had the same problem; it has nothing to do with 5 c classes of ip or in my
case 1 IP on the outside for X number of internal users. Either something is
wrong with the pix 6.2 Code, or it has very aggressive timeouts. Some of the
problems you will see are short time outs on downloads, AIM dying
use traffic shaping. low overhead, easy to configure.
see http://www.cisco.com/warp/public/105/policevsshape.html#traffic
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45357t=45354
--
FAQ, list archives, and subscription info:
tested it.. works on 3548XL but not on 7206VXR (command was not under int
e4/0). On the 3548XL I just set hardcode 10, so it must be in the hardware
!3548XL
!
interface FastEthernet0/1
speed 10
port group 3
spanning-tree portfast
!
interface FastEthernet0/2
speed 10
port group 3
set ntp client enable
set ntp server 10.0.1.1
set ntp server 10.0.1.2
set timezone EST -5 0
set summertime enable
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44955t=44949
--
FAQ, list archives, and subscription info:
you need to add logging facilites for messages in the syslog.conf file in
/etc/
research setting up syslog.conf on google. also do a netstat -na
you should see
/home/jbrunner as root@ns netstat -na
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address
aren't SVC demand Circuits (use goes up, price goes up)
that would be the problem doyle is referring to. instead of multicasts act
like NBMA topology.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44543t=44529
--
FAQ, list
it does not.
even if you put the span port in the same bridge group as the firewall's
port, it still acts like a switch,
a seperate collision domain between each port and node.
why not just put the fw on a hub, and the monitoring
station on the hub. And connect the hub to the 2648G_L3 ?
2948-L3-1(config-if)#rmon ?
native Monitor the interface in native mode
promiscuous Monitor the interface in promiscuous mode
Off hours, im going to do some tests for you, with the device,
these commands and traffic director, and sniffer.
I will let you know. From Cisco's site and
Do mean if I have 2 6509 with MSFC2/PFC2's, I
configure STP for say odd vlans to go to the first MSFC and EVEN
VLAN's to the SECOND MSFC ? This is done all the time.. read up on MISTP
on cco. Basically you map vlans to instances of spanning tree protocol
also you can use the older way of setting
This is supposedly what it runs @
Local Director 416
Hardware:
_
Three 10/100BaseT interface cards
32 MB of RAM
2 MB of flash memory
300 MHz processor
DB-9 EIA/TIA-323 console interface port
3.5-inch diskette drive
19-inch rack-mount enclosure
Performance:
8000 virtual and real IP
This is what I would do in your situation.. -Listing what i have
to do to keep the boss happy and save money for your firm.
1. Keep old IP's at the old datacenter, hitting live servers
at the new datacenter
2. Prevent the need to a second set of servers with DNS entries
seperate from the
33 matches
Mail list logo