"split-tunnel" is the command, set per group.
-TV
""Simer Mayo"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> How do (or can) you enable split tunnelling on PIX 520?
>
> Thanks
>
> SM
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=47903&t=47898
-
All interfaces can see all, regardless of security.
""Karagozian Sarkis"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> HI all
>
> BCMS book says: permit ping access thru the PIX Firewall with the
> conduit permit icmp any any command, letting hosts on the inside ping
> outsid
Here is a "in production" example of a 2610 one static Internet IP
using a split-tunnel to a dynamic IP 1720 with basically
the same config; except the ip on the dialer is "ip address negotiated".
-TV
hostname 2610
!
!
!
clock timezone EST -5
clock summer-time EST recurring
ip subnet-zero
no ip
Hi Priscilla,
I have actually had this scenario (multiple times), but due to the Telco's
misconfiguration.
Specifically we were expecting b8zs/esf. Unfortunately I can't confirm
which was configured incorrectly, but I can confirm that going through
all of the different combinations available at t
One thing the Cisco IDS has, and why we went with it is because of the
host sensors, and the ability to cooralate all the hosts data with the
network data. Although we haven't purchased the hosts as of yet,
we know it's viable.
-TV
""Brian Zeitz"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL
It's use is placing a second, different network, on a single interface,
generally it's not a good design, but if you are aware of the
routing behavior, it works. For IPX it's not recommended,
subs are.
Behavior is different based on the routing protocol, which
these characteristics are best looke
Just open the mask to include whatever new users you need.
So for 31 inside ips, ip address inside 10.254.2.1 255.255.255.224
-Todd
""GEORGE"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi you all , imp trying to use this config from Cisco web site
> http://www.cisco.com/w
NAT is one to one so all ports can be utilized as I sure
you know, depending on the NAT device you can use
outside NAT to solve the duplicate address issue
-Todd
""Kenny Smith"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi.. May I know is there any advantage of dynamics N
Sounds like a STP loop, a guess; when you put the 3550 a different
root bride is elected. Spanning tree disabled somewhere on the
old layer 2 device?
-Todd
""Firesox"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Folks, I have an urgent issue.
> My customer has network consis
""[EMAIL PROTECTED]"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> i dont have a concentrator and was wondering how can i establish a vpn
> connection
> to my internal network. i own a pix 520 and would like to connect to the
> internal
> network while im with a isp
> what soft
Yes, using statics.
""Wayne Jang"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> I think this will work:
> I have a customer that would like to use two connections to the Internet
> (one sdsl and one frame)
> I want the two servers to use the DSL for Internet and the 20
With the assumption that all set correctly, nat cooralates to global, etc,
etc.
and you cleared all caches after set up;which I would say somewhere they
are not, I would run icmp debugs, take all acl's off except the one's needed
for
the nat/pat, and watch the packets, you'll find it.
-TV
""Anth
Also has a free SSH add on.
-TV
"". ."" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> what is a popular (and free) telnet terminal for all of you using?
>
> _
> Chat with friends online, try MSN Messenger: http://
I'm not sure about the marketing term, but this is a relativity new
VPN solution. Basically how it works is for QOS and for
MPLS VPN solutions the "tagging" bits/info are placed in
the actual IP header that traverses the Public network
AFTER the encryption. The IPSEC in GRE is mainly used for
tran
If the pix is not reachable via an internet routable IP
and you want to ssh through an outside router without
changing anything on it, then no you can't.
You have to set it up on the pix and allow it thru the
outside, or connect to the outside router first.
""Gaz"" wrote in message
[EMAIL PROTE
our capital and do the analysis
> before investing!
>
> Kidding about the insane thing BTW. Now, for a really
> good investment, the Bank of Rob is taking deposits,
> cash only please!
>
>
> --- ItsMe <[EMAIL PROTECTED]> wrote:
> > Myself and a few others ar
Myself and a few others are buying. Same story as yourself couldn't afford
it before. As for going to hell in a hand basket; if Cisco went down the
tubes, there would be many other things you would be worried about then the
money you would be investing with now. (i.e. radiation poising from the
Nu
PIX, by itself doesn't route. It won't work.
"Doug Roberts" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I've had a request to have our Pix firewall catch inbound traffic headed
> for host A and redirect it to host B. We do not have NAT enabled on the
Pix
>
If the pvc's are provisioned do a sh frame-relay pvc.
You can see the built pvc before you configure.
(Assuming you have the T up and encapsulated)
""John Gotti"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all...quick question; We have 4 offices, NY, Ch
I took the same exam Monday. It was lnnn, as it should being a beta.
But it wasn't
difficult. When its goes public, with the 40 questions or so, it will be
easy. Wait till you take the
CID or IE written.
"Mihai Dumitru" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL P
We have set up a "more" redundant solution similar to your infrastructure,
and the same ISP.
We have one T come in from Boston, and the second from DC. We split our
customer CIR
across the 2. This works out nicely. From the router perspective we have
another identical
router set and ready to go if
DB50v2
"Rizzo Damian" <[EMAIL PROTECTED]> wrote in message
49C181ACF35ED311A7DC00508B5AF61102E524D5@NAEXCHANGE">news:49C181ACF35ED311A7DC00508B5AF61102E524D5@NAEXCHANGE...
>
> Anyone know if a 3102 Router's serial port is the DB-60 kind of today or
> not so much?
>
>
>
>
> Damian Rizzo
> Senior
Well, since you can't reserve the LAB until you pass,
and they are booked into August,
I think April is impossible.
""Shaheed, Manzur"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]..
.
> Group,
>
> I just passed CCIE - Routing and Switching written exam.
>
> I co
Yes, I hear what your saying!!!...
Oh, by the way, you are in the UK...hmmm...
Dear Lauren,
Please allow me to introduce myself. I am a highly certified and
knowledgable...
Sorry, couldn't resist.
"Lauren Child" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Use a "static" to itself, takes presidence over NAT.
Or you can use NAT 0 but you can only use it once.
""Rick Holden"" <[EMAIL PROTECTED]> wrote in message
002001c097b6$60c466a0$[EMAIL PROTECTED]">news:002001c097b6$60c466a0$[EMAIL PROTECTED]...
> I have a PIX firewall that is being used for a VP
Wow, they must have a bad batch. This is the third time I've heard this
recently.
""Joe Johonness"" <[EMAIL PROTECTED]> wrote in message
001201c09234$cbf59d40$[EMAIL PROTECTED]">news:001201c09234$cbf59d40$[EMAIL PROTECTED]...
> I passed the CCIE written today. The test crashed right in the middl
My fault, I'm talking about the CCIE written.
<[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Cisco exams will tell you how many selections to choose if there are more
> than one right answer. At least I know it was this way for the CCNA 1.0
and
> the BCRAN 2.
When taking a test with a "multiple answer" implies 2 or more. I recently
talked myself into selecting 2 answers based on this assumption, and felt
strongly only one was correct.
As far as the correct English interpretation, I believe this infers 2 or
more.
Is this correct? Anyone know for sure?
fficial" as you refered to it.:)
>
>
> thanx
> umer
> [EMAIL PROTECTED]
>
>
> From: "ItsMe" <[EMAIL PROTECTED]>
> Newsgroups: groupstudy.cisco
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, February 04, 2001 8:17 AM
> Subject: Re:
True, you can take any test you want , but have to complete all prequisites,
to be "official".
""umerkhan"" <[EMAIL PROTECTED]> wrote in message
004e01c08dfc$e84cdbc0$a90a80cb@pentium686">news:004e01c08dfc$e84cdbc0$a90a80cb@pentium686...
> Hi,
> can anyone tell me is it necessary to pass the ccnp
Correct. You need 14 subnets, a block of 16. Therefore your third octet will
be 176-191.
"Hunt Lee" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Can anyone please explain to me how to derive the answer of this
> question?
>
> A company has been assigned a su
ou, who's six months
> behind you on the same career path, won't get the price of honey for his
> tea.
>
> Again, these are just my $.02
>
>
> --- Dennis
>
> -Original Message-
> From: ItsMe
> To: [EMAIL PROTECTED]
> Sent: 1/18/01 6:39 PM
> Subje
Are you sure you can configure 2 Tacacs+ servers. I thought
1 Tacacs+, and/or 1 Radius and/or local?
"Eric Gunn" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> If more than 1 tacacs server is defined in a config what would happen if
>
> The user dosen't authen
Convincing the VP isn't the hard part, its after you pass explaining to the
VP
that a $20K/year raise is warranted. Which in turn he says your are nuts,
so you decide to leave... until he breaks out the agreement that says in
fine print that you have agreed to pay back all training funds it you
le
If your using an major ISP for your point-to-point you are probably
already on an ATM backbone.
""Nabil Fares"" <[EMAIL PROTECTED]> wrote in message
001201c0819b$d1c0c780$[EMAIL PROTECTED]">news:001201c0819b$d1c0c780$[EMAIL PROTECTED]...
> Greetings all,
>
> Would like to get your thoughts on the
A 56/64k 4 wire will only work with the same interface. Its not T1 timing
signal compatable.
A Fract/T1 is usually provisioned at 128K and above but is configurable at
64K with one timeslot.
Its much more expensive/month so unless you know the potential for needed
bandwith increases are a given, i
Go get 'em, Jim! Best of luck!
"Jim Healis" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Well, in just about 12 hours I take the CCIE written exam for the second
> time. The first time was just to get a handle on what I should expect
> (though I still held h
Cool, should of known, money to be made..IOS got to upgrade!
Thanks
"Nick Brooks" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> 525 and 535 carry the R and UR licensing scheme as well.
>
> ItsMe wrote:
>
> > On
"backup" also works very nicely in this senario also, with the dialer
interfaces.
""whitaker"" <[EMAIL PROTECTED]> wrote in message
939a8i$cnt$[EMAIL PROTECTED]">news:939a8i$cnt$[EMAIL PROTECTED]...
> So here's the scenario...Numerous routers in a central site connected to
> other remote sites vi
Only the PIX 515 has R and UR.
""A.C"" <[EMAIL PROTECTED]> wrote in message
9384i4$f0a$[EMAIL PROTECTED]">news:9384i4$f0a$[EMAIL PROTECTED]...
> Hi, Does anyone know a command on Pix Firewall 520 that shows what kind
of
> license it has (R -UR license)?
>
> Thank you
>
>
> __
All,
We just had a second T1 installed on our 3600. Our first supplies about 20
spokes, sub-if, with various CIR's all running EIGRP with bandwidth
statements. The second was provisioned via a different cloud path for
redundancy. We want to "automatically" backup the primary spokes with the
secon
PIX 520's don't have a R or UR version they all support failover.
""Florin Mechetiuc"" <[EMAIL PROTECTED]> wrote in message
92svsr$482$[EMAIL PROTECTED]">news:92svsr$482$[EMAIL PROTECTED]...
> I have couple of 520 firewalls ordered a while back but I don't know if is
a
> way to check
> if they ar
#terminal length 0
A value of zero prevents the router from pausing between screens of output.
""Sylwester S. Biernacki"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
> I'm looking for this little thing for several days and wonder if it's
> possible to
Biggest advantage is atm has minimal delay/latency. So if applications
(usually streaming type)
are typically used, atm will big benefit. atm also has much higher top end
bandwidth.
The disadvantages are price and complexity.
""D'souza Agnelo"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECT
FALSE!! At best the maximum range of full and half will equal.
""Li Song"" <[EMAIL PROTECTED]> wrote in message
9278a3$4a6$[EMAIL PROTECTED]">news:9278a3$4a6$[EMAIL PROTECTED]...
> "full-duplex can be used over longer distance than
> half-duplex" ??
> what 's your opinion ??
>
>
> ___
B or C. Need both to work. You can use a dialer-group for A and various
commands for D.
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
.net...
> I'm preparing for the BCRAN exam that I plan on taking
> at the end of the month. I've run across a question in
> Cisco's COLT that has an
I think you mean 224.0.0.5 and 224.0.0.6 which are the LSA multicast's used
in OSPF,
A good rule to remember is the 224.0.0.XXX subnet is basically used for all
router/ routing
information. It typically has a TTL of 1 meaning it will get to the first
router and not passed on.
"Dyland Desmarais" <
Also for accounting, Radius gives you many more options, and Radius costs
nothing if you run Win2k, its part of th OS.
""David Nie"" <[EMAIL PROTECTED]> wrote in message
91v4j7$ni7$[EMAIL PROTECTED]">news:91v4j7$ni7$[EMAIL PROTECTED]...
> Hi, all
>
> Could you please tell me the difference of tac
I would say a paper and pencil is your best bet.
""a"" <[EMAIL PROTECTED]> wrote in message 91vekq$8au$[EMAIL PROTECTED]">news:91vekq$8au$[EMAIL PROTECTED]...
> Are there any good resources for drawing network diagrams quickly in a
> systematic fashion? Aaron Dixon mentioned he tried to perfect th
All of these questions are based on NBMA design, which is different
depending on the routing protocol used.
I believe they can all be answered when you look at NBMA/routing protocol.
""pierreg "" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have spent many
First #1 If tacas+ is first it will go to the server for authentication. If
the server goes down it will use local. That's probably what you want. The
local allows you to login to fix a router problem if the server is down.
And #2 It looks like you are telling it to use tacacs+ for authentication
So you got a 95 or something like that, since it was easy?
""Hubert Pun"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I just past it this afternoon. not a hard test at all. the
> certification zone is much harder.
>
> How come I still can not receive any g
I recently did a similar look at ports on our NT servers, and thru research,
the 1024+ portsspecifically, it seems the developers pretty much just pick a
number. I work at an ASP with a lot of custom built web apps, and especially
if they stay in house or client/server (not public) they are seen a
Allow them in via conduit, and NAT 0 them. Or you can static route them to
theirselves, which takes priority over NAT/PAT.
""fsd afd"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi, Everyone:
>
> I have a client who uses 192.216.xxx.xxx/24 ip address, re
224.0.0.1 is also not multicast past the next hop router. They have ttl of
1. The big difference is a router knows this is multicast info for them. A
host doesn't look at it at all like it does a broadcast to see if its
looking for them.
"Jean-Michel Roberts" <[EMAIL PROTECTED]> wrote in message
[
ALL routing protocols route routed protocols. Unlike the rest EIGRP supports
the 3 most common desktop routed protocols, tcp/ip, ipx/spx and appletalk.
That's probably what you mean.
""Anthony"" <[EMAIL PROTECTED]> wrote in message
91frem$spm$[EMAIL PROTECTED]">news:91frem$spm$[EMAIL PROTECTED].
Channel-group is how you specify the 24 64K channels/ T1
""James Haynes"" <[EMAIL PROTECTED]> wrote in message
918osp$l1i$[EMAIL PROTECTED]">news:918osp$l1i$[EMAIL PROTECTED]...
> Does anyone know the difference between these two settings. I'm looking at
a
> Router that has T1 controllers on it s
The big network statement tends to lead me to believe you will wat an ACS
also.
http://www.cisco.com/warp/public/cc/pd/sqsw/sq/
""Avran"" <[EMAIL PROTECTED]> wrote in message
918hdl$s5v$[EMAIL PROTECTED]">news:918hdl$s5v$[EMAIL PROTECTED]...
> I am configuring tacacs for a big network.
Take the PIX out and put in into a vlan on a spare switch, it will save you
a lot of time.
""Nabil Fares"" <[EMAIL PROTECTED]> wrote in message
000401c06464$c2c6a780$[EMAIL PROTECTED]">news:000401c06464$c2c6a780$[EMAIL PROTECTED]...
> Greetings all,
>
> I would like to know what are the commands/
Always follow the current syllabus. This is the rule of thumb and in this
case, also based on experience.
""Ragavendran K Rao (CTS)"" <[EMAIL PROTECTED]> wrote in message
15BC1866E5CFD111900E00A0C9A6F35E03FA2309@CTSINCSISXUC">news:15BC1866E5CFD111900E00A0C9A6F35E03FA2309@CTSINCSISXUC...
> is ther
Hmmm, the way I read your request - a router as a tftp server, to my
knowledge you, can't.
You need another box for the server itself?
""Pierre-Alex"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi Group,
>
> How do you setup a router as a TFTP server?
>
>
The 4 is the logging level. Port config on both sides should be looked at
for the cause. (Auto,speed,etc)
Port security? Look at the MAC's. Hope that helps.
""Kim Fisk"" <[EMAIL PROTECTED]> wrote in message
90rgj7$6hk$[EMAIL PROTECTED]">news:90rgj7$6hk$[EMAIL PROTECTED]...
> The log on our 2924 s
62 matches
Mail list logo