RE: PIX and Router Setup Question [7:74141]

uy linksys or netgear... ;-) Make a plan for ids/syslog and time sync, use it and update it! Make a plan for intrusions/reactions, use it and update it! See SAFE website. http://www.cisco.com/en/US/netsol/ns110/ns170/ns171/ns128/networking_solutio ns_package.html Martijn -Oorspronkelijk bericht

RE: PIX and Router Setup Question [7:74141]

You'd be better off just using NAT on the PIX, it's what it was made for. Then just secure the 1721 as a perimeter router. NAT'ing twice could cause problems. -Original Message- From: Michael Barnhart [mailto:[EMAIL PROTECTED] Sent: 19 August 2003 04:06 To: [EMAIL PROTECTED] Subject: PIX

RE: Back to Back Routers [7:73897]

I think you may find the interface on the 1601 can only handle 2mbp/s. -Original Message- From: Zsombor Papp [mailto:[EMAIL PROTECTED] Sent: 12 August 2003 02:41 To: [EMAIL PROTECTED] Subject: RE: Back to Back Routers [7:73897] What kind of fiber connection is coming in on the e0 of the

RE: Strange VPN problem [7:73641]

Get the latest version of CRWS (Cisco Router Web Setup) then yo can use Xauth with a nice web front end. The IOS based version is in my opinion - unusable & not for end users. Joel. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 07 August 2003 15:31 To: [EMAI

RE: PIX OS 4.2 to 6.3 [7:73354]

Most of the config should go over, take it to a 5.x version first. There were some changes in the way the PIX uses the file etc. Make sure you make a note of the conduits etc (if there are any). Most of the commands if not all are backward compatible - they just throw in a few new ones. Joel.

RE: VPN logging ACS server [7:73297]

Sounds like you need to turn on accounting to get the start/stop records. -Original Message- From: Jim Devane [mailto:[EMAIL PROTECTED] Sent: 31 July 2003 18:42 To: [EMAIL PROTECTED] Subject: VPN logging ACS server [7:73297] Hello all, I have 3.6 Clients connecting to a PIX 515 and usin

RE: CCIE Lab experience! [7:73263]

ALL lab books will help - I've been working in Networking for nearly ten years, with Cisco products for 6-7 years - mainly in the field. I only attempted the lab to get extra time to do it & used 1 LAB Study Guide (Hutnik/Satterlee) & some old sample labs. They ask you to do so much with a small

RE: CCIE Lab experience! [7:73263]

I'd take the lab the experience will help you a lot - less pressure for the next 'real' attempt. But then, I wasn't paying. -Original Message- From: Juan Blanco [mailto:[EMAIL PROTECTED] Sent: 31 July 2003 18:35 To: 'Joel Satterley'; [EMAIL PR

RE: VPN Ports [7:73290]

Don't forget UDP port 500 for ISAKMP! -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: 31 July 2003 18:32 To: [EMAIL PROTECTED] Subject: RE: VPN Ports [7:73290] Steven Aiello wrote: > > Ok, > >I haven't gotten much of a bit on my access list question.

RE: CCIE Lab experience! [7:73263]

I took the lab recently (before my time ran out) & there is a full day of config to do. Lots of everything & some nice little surprises. A couple of the guys on the same day were caught out by the wording & the way the questions were structured. You have to be able to understand it fully before

RE: NM-1HSSI w/kentrox DataSMART T3/E3 [7:73129]

Check the linespeed - from memory the kentrox is pretty limited to what data rate you can specify. If the other end (ISP end) is Cisco, you can ask them to change it to match yours. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: 29 July 2003 15:30 To: [EMAIL PROT

RE: CCIE Lab !!! [7:71919]

You need to know EVERYTHING. I took & failed last week. RIPv2, OSPF, EIGRP, IS-IS, BGP - all redistributing into each other.. -Original Message- From: alaerte Vidali [mailto:[EMAIL PROTECTED] Sent: 04 July 2003 22:38 To: [EMAIL PROTECTED] Subject: RE: CCIE Lab !!! [7:71919] For

RE: OSI routing in CCIE R&S exam? [7:71960]

IPX is no longer in the LAB. -Original Message- From: wj chou [mailto:[EMAIL PROTECTED] Sent: 06 July 2003 23:26 To: [EMAIL PROTECTED] Subject: OSI routing in CCIE R&S exam? [7:71960] Hi, I am preparing for the R & S written exam and wondering do we have to master in everything mention

Serial (X.21) X-over cables [7:35212]

Anyone know the Cisco part number (or pin-outs) for the Cab-x.21MT crossover equivalent ? I need to use some back to back serial connections without using a kilostream simulator. Any help would be gratefully rec'd. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=352

Re: Syslog Server [7:34818]

Try 3Com's syslog/TFTP/FTP daemon.. ""NKP"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi , > I wanted to ask if there is any Syslog server available for WIN NT or 2K > platform , is there any freeware available . > Let me know. > thanks in advance > > -- > > N

Re: IPSec tunnels [7:34742]

Make sure you're running keepalive'sdead-peer-detection should keep it in order. ""Patrick Donlon"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi All > > I'm looking for some information on how to verify the configuration of a PIX > with an IPsec tunnel to a VPN concen

Re: 3DES [7:34756]

Here, here, as long as you re-key every so often, who's going to bother ?? ""Daniel Cotts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > My opinion is that nobody is going to try to intercept and decrypt your > traffic unless you deal in very large amounts of money. DES will

PDA/Movian VPN & 3030 Concentrator?? [7:34615]

Has anyone setup a PDA client to talk to a 3000 Concentrator through a firewall ?? I'm having a few issues & it may be related to the Firewall & traffic types allowed thru. Anyone know if I should be using anything other than the standard ? - IKE (udp 500) & IPSEC (protocols 50 & 51)? Thanks.

Re: NAT ,Frame & Subinterfaces [7:33424]

What are you pinging at the spoke ? If it's the router then it could be the same issue, are you running NAT at both ends ?? Depending on traffic load, do a 'debug ip packet' that'll show you. ""Richard Botham"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Joely, > Thanks

Re: NAT ,Frame & Subinterfaces [7:33424]

Remember, ping will only work when the source interface is beyond the ip nat inside interface..the router always chooses the nearest interface to the dest. Try using extended ping - you can choose an interface or address then. ""Richard Botham"" wrote in message [EMAIL PROTECTED]">news:[EM

Cisco Secure ACS Server [7:33415]

Anyone know what (if any) limitations there are on the amount of replication servers you can have/configure are with ACS v2.6 and above ? Joel. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33415&t=33415 -- FAQ, list archives,

Lab Kit.... [7:33412]

Can anyone advise on the base set of equipment for running test labs as a prep for the CCIE lab ? I'm thinking - 4 x eth + tok routers (3 with at least one serial + 1 with three or more) 2 x Cat switches (2900 + 4000) 1 x Token ring switch. 3 x PC's Anything else (apart from modems + ISDN, got

Probelms with 6509 + MSFC freezing [7:33413]

Anyone experienced this, all routing stops, only to be brought back to life by resetting the switch... ? MSFC IOS is on 12.0(7)XE. Catalyst Sup on 5.4(4). ?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33413&t=33413 -- FAQ

Re: Anyone done W2K VPN to Cisco 3000 ?? [7:32923]

Sorry, already been there, I need to use it without a CA just pre-shared keys. The MS docs are useless. Everything is the world according to Micro-bloody-soft! -- Joel Satterley Senior Network Engineer Sirocom Ltd. ""NetEng"" wrote in message [EMAIL PROTECTED]&qu

Issue with VPN 3015 behind a FW-1 [7:29759]

Hi, does anyone know what rule should allow ESP back thru a FW-1 firewall from a VPN concentrator ? I have it coming INBOUND ok, but the replies get dropped on the FW internal rule. Very odd. ?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29759&t=29759 -