Hi,
Do you have any URL on Cisco site which point on how to configure
a CCS11 to provide a load balance to PIXes ?
I tried looking at cisco.com but couldn`t find it. This URL is the closest
that I found on Firewall load balance with CCS, but it doesn`t
specifically says it is a PIX.
Hans,
To assign an address to a remote client once it connected,
you have four options. These options are as follow :
1. Use Client Address (supplied by the client software)
2. Use Address from Authentication Server (supplied by an auth server)
3. Use DHCP (supplied by a DHCP server).
4. Use
Dear members,
I would like to ask about the rumour I heard regarding
Catalyst Switch 8540. According to the rumour Cat 8540
is a big failure product of Cisco switch line-up.
I have a catalog of Catalyst switches, this 8540 is not
shown on the catalog. Does anyone have information or
an
interface s0/0 pass-thru
Engelhard M. Labiro ([EMAIL PROTECTED])
Security Group, Technical Solution Center, Netmarks Inc.
2-13-34 Konan, Minato-Ku, Tokyo 108-0075
Tel: +81-3-5461-2575, Fax: +81-3-5461-2093
- Original Message -
From: IT Guy
To:
Sent: Thursday, April 11, 2002
Ping,
Have you configure the following comands on FR switch ?
1. Global config mode : frame-relay switching
2. Interface config mode: frame-relay intf-type dce
- Original Message -
From: PING
To:
Sent: Friday, April 12, 2002 10:49 AM
Subject: Frame-Relay Problem [7:41250]
If I
Cisco website
to be able to connect to the VPN 5000 concentrator...
Engelhard M. Labiro ([EMAIL PROTECTED])
Security Group, Technical Solution Center, Netmarks Inc.
2-13-34 Konan, Minato-Ku, Tokyo 108-0075
Tel: +81-3-5461-2575, Fax: +81-3-5461-2093
Message Posted at:
http
How about NetBIOS over TCP/IP (NBT) and encapsulate
it with IPSec. Another idea is using a GRE tunnel to
pass the NetBIOS to the next hop.
I don't think you can, besides bridging on every internet hop.
On Sun, 2002-04-07 at 23:14, cage wrote:
how can I make the netbios over Internet
Hi Pierre,
Yes, I am using IBM 8228 as the Token-Ring Hub, connecting
two Cisco 2612, with a straigth UTP cable. No problem so far,
the Token-ring interface can run on 16MB speed.
HTH
Engelhard M. Labiro
Security Group, Technical Solution Center, Netmarks Inc.
2-13-34 Konan, Minato-Ku, Tokyo
Rajesh
1. Item 2 : I couldn't get the following things properly : R2 should
have the summarized entry in its routing table if either R5 or R6
fails.
R5 and R6 are ABR for area 1, and requirements is
network on area 1 should be summarized before its enter
the area 0. Think of the command
The router is looking for a config file on a TFTP server
by broadcasting messages. You can disable this behaviour by
no service config command.
HTH
Hi,
Need Help in understanding why the following problem is occuring.
When I connect the CISCO 2600 router through the console port. I get the
Assuming that the 100 IP addresses you mention below are
addresses on the inside network, the answer is yes, you
can allow all of them and use only one public IP to get to the
internet. Just enable PAT (Port Address Translation) using
global (inside) command.
HTH
Hi
I have a PIX firewall,
I never experienced such stall mode problem when changing IOS
between three IOSes on a router`s flash. See below:
lone_rhino#sh flash
System flash directory:
File Length Name/status
1 10630360 c3640-is-mz_121-5_T10.bin
2 4405204 c3640-js-mz.112-18.P.bin
3 13955200
That wouldn`t work ! Telnet from outside network is prohibited
even if you define it with telnet blah outside command.
The work around is to protect the telnet traffic with IPSec
or configure SSH if you don`t want hassle with IPSec configuration.
HTH
u dont need to add a conduit for telnet
Assume that you want to access every host on 10.1.1.0
from network 205.11.1.0 with the source address tranlasted
to 10.1.1.100 , then I don`t think it is possible with a PIX.
A router would be able to do such requirement.
That is Very very Urgent!!!Please Help!!!
Does anyone know that Can
Could someone tell me how to conigure 2612 for Translational
bridging? I need to bridge ethernet and Token ring traffic in 2612.
I don't have any other routers.
This is simple config that I use on 2612:
The virtual ring is 10, the pseudo-ring for ethernet
is 110.
!
source-bridge
I heard that from another mailing-list, 6.2 will be release
around April 2002.
It seems that Cisco PIX team would not leak the 6.2 beta for public
consume, CMIIW.
Hummm, I too scanned the Cisco site for 6.2 and only found 6.1.2.
I'd heard
from the rumor-mill that 6.2 was out, but perhaps
What does this cmd. #exec-timeout 0 0 exactly do? I am confused.
Does it set the console timeout to 0 min 0 sec or to infinitynever
time out...which is what I want on my routers :-)
Which one?
The later is right. 0 0 means there will be no timeout for the
configured mode.
HTH
Configure a confederation inside the AS 200 !
Point no 4 says : Configure R7 and R8 in AS65078.-
This was done. Configure R7 and R8 such that if any new
routers were added to the 150.50.4.0 subnet they could peer
to R7 or R8 in AS200
Configure R7 and R8 as peers - This is done too
I
Hello,In an OSPF netw. in a FR hub-and-spoke topology(RTA and RTC being
the spokes and RTB being the hub), using physical intfs. and using map
statements in the spokes, and neighbor statements, why do the spokes show
a state of Attempt/Drother for the other spoke but in the hub show the
Rajesh,
I was going thru the Lab 4 of IPEXPERT notes - IGRP/EIGRP.
I couldn't follow the reason why on Router 4's serial interface ip
split-horizon is given.
This is to prevent R4`s IGRP to not re-inject the routes its learned
from R2. Remember that R2 and R4 are in the same IGRP routing
Use loopback command at the serial interface mode.
For ethernet I/F, use no keepalive command.
Could someone help me this :
Configure Serial interface up/up without a cable connecting to it...
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=32415t=32410
Hi William,
Congratulations! Passed at first time, that is impressive.
Any secrets ?
How long did you prepare for the lab after you got the written?
Any lab`s materials can you recommend other than
what we already knew ?
Regards,
First I would like to thank everyone here who has answered my
My finding is different with you. What IOS version do you use ?
This behavior may be version or router type dependent .
r8#sh controllers s0/0
Interface Serial0/0
Hardware is PowerQUICC MPC860
No serial cable attached There is no way you can spoof a serial line to
up/up state via
Re-post, groupstudy filters part of the e-mail.
-start re-post
My finding is different with you. What IOS version do you use ?
This behavior may be version or router type dependent .
r8#sh controllers s0/0
Interface Serial0/0
Hardware is PowerQUICC
I have a 3620 with 64 MB RAM 16 MB Flash. I installed module NM-1E2W and
it
works fine, but when I install the
WIC-2T in either WAN slots it doesn't recognize it. The WIC-2T works on my
1720 and 2610. I've tried 2 different IOS already
(IOS 12.2 Enterprise Plus IPSec 56 and 12.1 IP Plus
Can anyone enlighten me what does 8192K/4096K bytes mean when we
perform
show version ?
Your total DRAM memory is 8192+4096 = 12288 K.
The number before the slash (8192) is the amount of DRAM
allocated for Local Memory, and the number after the slash (4096) is
the amount of DRAM allocated
How about setup a temporary AAA server with an
userpassword and login with that username?
You can use sniffer for the IP address of AAA server
going out the PIX interface.
for my case, once I use default password cisco to enter it...
the aaa configuration take effect, and it prompt out
Without changing the interface subnetmask to /24,
break 10.0.0.0/24 to several /30 networks (10.0.0.0/30 to
10.0.0.252/30) , make a static route for each /30 network to
the interface connecting 10.0.0.0/24, and redistribute those
static routes to IGRP domain.
This kind of solution is defined at
Hi Aamer,
This is another solution without static routes. The idea is still the same,
break 10.0.0.0/24 to smaller /30 networks to fit with the interface
of IGRP domain (10.3.255.8/30), using summary-address at OSPF.
r2#sh run
router ospf 1
summary-address 10.0.0.0 255.255.255.252
Hi Jim,
Just received Cisco AVVID IP Telephony Networks book,
and according to that book, Cisco has certified Compaq DL320
and Compaq DL380 to run CallManager. Refer to this URL
regarding the approved hardware for Compaq ProLiant
Does anyone have any info on the IDS test. Specifically, Do you have to
memories the couple hundered pages of Signatures in the IDS book ?
Yes, there are specific questions about signatures. I didn`t spend
too much time with signatures and only try to understand the points
and memories the
It uses TCP port 1863. See the detail at MSN page itself
http://messenger.msn.com/support/firewall.asp
HTH
Can anyone tell me how can I block msn messanger on my
network..What
port in the access list should I block to stop workers from using msn
messanger ??Does it uses a fix port ?I
I am trying to set-up a point-to-point subinterface but I do not see the
point-to-point or multipoint options under the physical interface as
follows:
r5-s(config)#interface serial 0.1 ?
I am having problems creating the point-to-point subinterface on both the
2500 and 2600 router
Would you share us the sources for QoS exam ?
Appreciate for any pointers.
- Original Message -
From: Steven A Ridder
To:
Sent: Thursday, December 20, 2001 1:18 AM
Subject: Re: Cisco RIP Off [7:29612]
I took it. It took us 4 guys with books, internet and 8 hours to get two
people
How to connect console through serial port of linux machine?
Try minicom , refer to this link:
http://rtfm.phpwebhosting.com/tips/2000/06/13/34.shtml
HTH
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=28660t=28660
--
FAQ,
the command to stay in Priviliged Exce
Mode, the router keep kicking me out and I have to type enable password
again to login if I let router idle for a while..
Add exec-timeout 0 0 to VTY for telnet or CON for console.
HTH
Message Posted at:
Ciscos ( Unixes) use ICMP time-exceeded reply
to the host that doing traceroute, so not return
icmp time-exceeded or drop all the icmp packet
would be better, eg:
access-list 101 deny icmp any any and assign it
to the interface to the Internet.
Can someone share with me the experience in
Assume that router1 initiates call to router2, the password
that router1 send to router2 must be the SAME with the
password configured at router2.
router1#sh run
username router2 password 0 router2
router2#sh run
Building configuration...
Current configuration:
!
version 12.0
Is it me or does BGP not allow you to form a peering session unless you
have
a route to the host in the routing table, no matter what.
Yes, eBGP won`t form a session if the peer address is not in
its route table.
It closes
connected sessions even if I have policy route data forwarding
does any body knows the tentative date of the new version of CCIE R/S
written qualificationt test would be applied
The rumour is January 2002.
how much material
difference it would be compared to the old one ?
Have no idea.
I'm preparing for CCIE R/S written test, and it seems to be a bad
If you have an CCO account, using the IOS Feature Navigator
could easily search base on Feature or IOS version which
router platform support which feature.
Searching with IGRP keyword, the result is 1000 series is
the lowest Cisco router that support IGRP.
AFAIK PIX Failover only provides redundancy, no traffic load balance.
If you need Firewall load-balance, go to the Nokia IP series
firewall, or Checkpoint+Stonebeat combo (www.stonebeat.com)
HTH
I wish to know wheather 2 cisco pix firewalls can be configured for
redundancy
as well as Load
I have a question here, I got my CCNA 1.0 before and I completed the
CCNP 2.0 today. Do I need to re-exam CCNA 2.0??
FYI, you can monitor your cert. progress and the expiration
date for each certification you earned through
http://www.galton.com/~cisco.
HTH
Message Posted at:
The network 192.168.30.0/24 and 192.168.31.0/24
are in different networks, the routers won`t see
each other. Change the netmask to 16 bits.
CDP will finds the other neighbour since it operates
at Layer 2.
HTH
Router A:
int e0/0
ip address 192.168.30.0 255.255.255.0
ip ospf network
Hi,
Normaly use ebgp-multihop if you put the IP address
of loopback interface of your peer at the neighbor command eg:
if your peer loopback is 1.1.1.1, the command will be
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 update-source loopback
neighbor 1.1.1.1 ebgp-multihop.
As the document says
Pat,
Since OSPF uses IP protocol 89, permit this protocol between
the two OSPF routers with access-list applied at outside and inside
PIX interfaces, something like this:
access-list 101 permit 89 host 1.1.1.1 host 2.2.2.2
access-list 102 permit 89 host 2.2.2.2 host 1.1.1.1
access-group 101
Sorry, replying my own message.
The access-list below assumes that you are able to
use nat 0 command (no NAT translation will occur
for the internal IP addressess to be seen from outside
network). If you are doing NAT then a global and
nat combination need to represent the internal IP addresses
Hi,
At the virtual link line for both routers,
add a message-digest authentication, eg:
Router A
area 1 virtual link 192.168.5.5 message-digest-key 1 md5 pass
The area 0 auth message-digest is needed at RouterA
also since it is ABR for area 3.
HTH
Ran into following during a lab scenario, but
Use a CAT 5 straight cable, plug one end
to the router`s RJ45 and the other end
to the IBM MAU`s connector.
This connector which I don`t know whats its name,
you plug it to the IBM 8228 and its has
a RJ45 at the other end.
Someone point me out to use IBM 8228 as Token Ring
switch a while before,
AFAIK the link is no longer available even if you have CCO account.
I am studying for my third Cisco exam. I've heard about taking the Colt
testing for a practice dry run. How do I get into the COLT? I have a CCO
account, but I can't seem to find the COLT within the CISCO website.
Try expect script.
HTH
- Original Message -
From: Sim, CT (Chee Tong)
To:
Sent: Wednesday, August 22, 2001 7:09 PM
Subject: how to clear a router counter at frequency basis [7:16787]
Hi.. I need to clear counter on a router at frequency basis eg:1 day and
save it to file in a
Hi Cisco Lover,
Looks like the DLCIs advertised by the FR-Switch,
try use no frame-relay inversearp to disable
the spokes router keeps hearing the DLCIs from FR-Switch.
HTH
Oopss
Sorry guys...I donto know where it lost in b/w..Any way..I have write it
here again.
Thanks for the kind
There are two books that cover for PIX Firewall for several chapters:
1. MCNS by Michael Wenstrom
2. Cisco Secure Internet Solutions by Andrew G. Mason.
I have these two but I think the informations provided
in these books, anyone can find it on CCO instead.
HTH
Anyone know of any good
This URL may help you :
http://www.cisco.com/pcgi-bin/front.x/newConfig/config_root.pl
HTH
- Original Message -
From: Scarlett Tony
To:
Sent: Monday, August 20, 2001 9:31 PM
Subject: DS3 Question [7:16533]
Hi,
I have been reading the threads in this group for several months now and
Press Shift-Ctrl and 6 , two times.
hi ,
how can we quit in between when router is tracerouteing any destination
from
traceroute or cancel the traceroute
thanx
kaushlender
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=16498t=16494
While you are doing reverse telnet, then
the command below will send you back
to the terminal_server instead of stopping
the traceroute command.
ctrl+shift+6
then press x
Best Regards
Have A Good Day!!
***
Farhan Ahmed*
MCSE+I, MCP
Permit the following for IPSEC traffic:
IKE : UDP port 500
ESP: protocol 50
HTH
- Original Message -
From: Andy
To:
Sent: Friday, August 17, 2001 10:38 PM
Subject: Access list to allow IPSEC traffic through? [7:16367]
Hi
Does anyone know the correct requirements to allow IPSEC
Hi,
I have 4 2612 (one RJ45 Token Ring I/F), how
do I connect these routers` Token Ring I/Fs
back-to-back?
I tried using a UTP 5 straigh/cross cable but
the link is down/down state.
Searching the CCO but only come up connecting
MAU to RJ-45 as you mention below.
Any idea ?
Thanks,
-
Hi group,
I have two routers R1 and R2 in front of C2948-L3 switch
and a Lotus Notes server and several servers behind
the C2948 switch. I want to control the traffic coming to
and going out from the Lotus Notes server goes through
R2 only and the others traffic should goes to router R1.
Does it
Hi,
I prepared using Michael Wenstrom book and Donald C. Lee`s
book (Enhanced IP Services for Cisco Networks, Chapter 6-8
ISBN 1-57870-106-6). I think Donald`s book is easy to
understand than Michael`s which looks like a manual that
anyone can download from CCO.
Understanding the concept to pass
Hi,
CVOICE 640-647 retired for individual NP specialization,
but it is still available as a specialization requirement for
Field Engineer at Cisco Partner, see
http://www.cisco.com/warp/public/765/partner_programs/specialization/voice_a
ccess/requirements.shtml
EML
CCNP+Voice, CCDP
-
Hi
Passing score is 700.
BTW, the exam is already retired as May 15.
HTH
Engelhard M. Labiro
Netmarks Inc.
3rd Group, Network Solution Department, Technology Eng. Division
1-3-12 Moto Akasaka, Minato-Ku, Tokyo, Japan 107
- Original Message -
From:
To:
Sent: Wednesday, May 30, 2001 8
Laszlo,
CVOICE 640-647 is retired also as CCNP Specialization exam,
as May 14, 2001. However it still available for Cisco Partner qualification.
HTH
Engelhard M. Labiro
Netmarks Inc.
3rd Group, Network Solution Department, Technology Eng. Division
1-3-12 Moto Akasaka, Minato-Ku, Tokyo, Japan
63 matches
Mail list logo
