I have hooked up a second ISP to my PIX. One ISP will handle all outbound
web access and VPN (default route). The other will handle specific traffic
to several companies (individual routes).
I have some internal hosts that have statics assigned to the ISP that will
handle specific traffic. But,
Anyone used techsoup.org for non-profit Cisco ordering? An admin of $60 for
a $3000 switch seems too good to be true.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73477t=73477
--
**Please support GroupStudy by purchasing from the
You should be able to since it's a standard RADIUS server. I've been using
IAS for Cisco VPN authentication for about 6 months now. I am now
implementing ACS though and what an advantage it has over IAS. If someone so
much as farts on the network, I know about it.
In IAS just setup each device
Forgot about the user part. In IAS, Setup a remote access policy by domain
groups. Create a domain group, throw the users in it that have access to the
router and allow it in the policy.
When the user logs into the router, it will go to IAS, go down the list of
Remote Access Policies, and allow
Anyone doing this to authenticate users? I'm following the CHAP example in
the user guide and can't create the stored procedure. I'll provide more
details is someone is able to help.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72133t=72133
I am getting ready to roll out the Cisco VPN client (3.6.4) and looking for
tips on the easiest way to do this. I currently have it on a FTP site and
setup as a self extracting file that extracts to c:\temp and then launches
setup.exe automatically.
Now for the profile I want people to use. I do
I agree about either way of setting up the profile is not secure. My
thinking is if they know the group username and password, they can call up
their buddy and tell them it. But if I never give it to them, then they need
to know a little bit about the client and where that information is kept.
Thanks for your input. I'm looking around at other vendors to see what they
offer with this. One thing I don't like with the PIX vpn is the lack of
logging capabilites. I want to know when someone logged in, when the logged
out, where they went, etc. I'm looking at the concentrators but don't
I am using a PIX and VPN client 3.6 and getting in works just fine. Problem
is I want to connect to NT domain resources across the board after logging
into VPN. I know you can connect to network shares using alternate username
and password but for things like remote event logs on the domain, you
I am trying to setup a site to site VPN between a PIX running 6.2.1 and
Symantec Firewall 7.0. It is not making it past IKE and just keeps looping
the IKE phase. It matches a policy and then loops over again. In the show
crypto isakmp sa output, I get hundreds of QM_IDLE and every few seconds
a
Just curious what others use to filter their SMTP traffic for viruses and
spam. I am currently using Trend Micro Interscan and it's a piece of junk.
It doesn't have one report option which the higher ups want to see.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58639t=58639
I'm looking for something already out there that can keep an inventory of
servers, contact names, documentation, etc. Instead of having a database for
server hardware specifics, a folder for documentation, it would be nice to
bring it all together. I'm not looking for something to actually detect
I have a DEC server that communicates to the network through an AUI to
ethernet converter. It synchs up to the 6509 at 10mb/half duplex which is
all that it will run at but I'm getting many many errors on the port. I have
seen this with some other devices that we have to run the converters on.
Is anyone using Cisco Secure Access Control Server and if so, how do you
like it? I am looking for something to work with PIX VPN, RSA SecurID key
fobs, and possibly Cisco Aironet. My Cisco rep recommended ACS but I want to
make sure I'm not rush into something that isn't going to work well. The
I am setting up different closets in the building to use different VLAN's
for the PC's. But, all printers will be on the their own VLAN. So what I
would like to do is enter the printer MAC addresses in a table for using
dynamic VLAN's and have a different fallback VLAN (if the MAC isn't in the
I am gathering information so I can propose a VPN solution to my company. We
are currently using a vendor for VPN and would like to gain more control.
Here's what I have so far:
PIX running 6.2.1 with 56bit encryption
Plan to buy RSA SecureID Ace Server and Keyfobs
I plan to purchase the 168-bit
We are currently using a VPN provider to get into the network but want to
take more control and bring it in house. I did some testing though and found
that the VPN was adding about 27% overhead compared to bypassing VPN and
going direct to a server.
I'm wondering if others have done testing and
This may or may not be a Cisco issue but I am running DHCP on a NT 4.0
server and it's been giving Nacks for the past 5 days and is causing a major
headache. Every Nack has been coming from the same subnet as the DHCP server
which seems even more strange. I've watched the packets being
I inherited a PIX and need help identifying it. It's gray with a door in the
front and small lock. Inside the door is a floppy drive on the right side
and fan on the left. In the back the part number is 47-3158-01. The chassis
is only idenified as a PIX and there is no model number. In the Show
I have used Kentrox Satellite 651 CSU/DSU's before but looking at the Adtran
TSU ACE CSU/DSU. Does anyone have an opinion of the Adtran? It's a little
cheaper than the Kentrox and you don't have to buy the cables which are
about $60 each for 10'. Thanks.
Message Posted at:
I need some GBIC's for single mode fiber that will reach 40km. Cisco's GBIC
(GBIC-ZX) will go up to 70km and needs a 5-dB in-line optical attenuator to
lower the power. It is also quite pricey.
Are there other manufacturers out there that make GBIC's that work in Cisco
gear? If so, has anyone
I have a company that will be implementing a system that will be taking up
quite a bit of bandwidth across the LAN and eventually the WAN. Since it is
somewhat bandwidth intensive, they want to know what the average and peak
utilization of the network is and what the peak hours are. I'm have a
I have checked individual switches and routers for utilization before but
when asked what the average utilization of an entire network (mainly LAN)
is, what exactly makes up this figure? I am working on getting a packet
sniffer which I know will help take all the variables and give me an answer
Is anyone using clustering for 3500's and have an opinion on it? About the
only advantage I see is you can upgrade multiple switches at a time which
can save time considering all the steps involved with upgrading them. Has
anyone had problems with clustering? One thing I don't really like is the
Does anyone have input on good overall Cisco security books? I saw two books
on Cisco's website called Designing Network Security and Managing Cisco
Network Security. Anyone have an opinion on these? Thanks.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31393t=31393
Does anyone know where I can find a good listing or FAQ that compares IOS
feature sets? I know how to use Feature Navigator on Cisco's website but I'm
looking for something that will outline the major differences between them.
Thanks.
Message Posted at:
I will be upgrading the supervisor software on my 5500 from 4.5(3) to 5.5(9)
and need to know a couple things:
1. Does anyone know about how long it takes to do the upgrade.
2. As for the steps, I should just have to tftp the new software to
bootflash and then change the set boot system flash
About the versions, I was reading in the following URL that 5.5(9) is the
Recommended Supervisor Software Version:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/c5krn/sw_rns/78_6583.htm
But, in the 5.5(11) release notes, it says 5.5(7) is recommended:
I am setting up etherchannel between a 5509 and two Intel Pro/100 server
adapters and if I set the etherchannel mode to desirable on the 5509, it
shows no ports are channeling. Using auto doesn't show channeling either.
If I set it to on, then of course it shows my ports are channeling but I
read
I have worked with Vlans for another company that used a different Vlan for
every department and then had a Vlan for the servers. This goes along with
most design concepts except that at least 2 or more departments often shared
a wiring closet. When tech support would plug in PCs, they often
30 matches
Mail list logo