OSPF through a PIX firewall is not supported. There are two ways to
configure routing through a PIX.
1) Configure a GRE tunnel between the two routers.
2) Configure BGP between the two routers.
The two choices have different implications depending on your specific
network.
Thanks Doug
-Origi
I would like the opinion of the group as to what they are suggesting to
customers or doing on there own network. I am of the opinion that as long as
the network (Intranet) has been correctly protected, firewalls/ACL on the
perimeter and that the internal network device IP's are not accessible from
This has been an entertaining thread, but the way I see it is this. Maybe
the high/low CCIE would work with the headhunters and that is a different
story, but we have interviewed/employed a number of IT guys over the past
couple of months, CCIE's included and to be honest I do not look to the CCIE
Has anyone seen this error on an LS1010 ASP IOS version 11.2(10)WA3(4)
Dec 9 19:22:18 _5500C_SWITCH 38: Dec 9 19:13:36: %SCHED-3-THRASHING:
Process thrashing on watched queue 'lec_flush_inputQ' (count 6).
Dec 9 19:22:18 _5500C_SWITCH 39: -Process= "LANE Client", ipl= 6, pid=
56
Dec 9 1
Configure the aaa, but use local login. You do need the aaa configuration
for SSH to work.
Doug
-Original Message-
From: Richard Campbell [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 28, 2003 12:07 AM
To: [EMAIL PROTECTED]
Subject: must I have aaa server to configure SSH on PIX? [7:6
This will work, we have many routers configured with the serial link (going
to ISP) as ip unnumbered ethernet 0/0. The only additional command you will
need is "crypto map rtp local-address FastEthernet0/0"
Doug
-Original Message-
From: Firesox [mailto:[EMAIL PROTECTED]]
Sent: Thursday,
. Unless
you are using secondary addresses and not subinterfaces.
Doug
-Original Message-
From: Ciaron Gogarty [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 17, 2002 11:18 AM
To: Robertson, Douglas; [EMAIL PROTECTED]
Subject: RE: PIX Design Considerations [7:48979]
Hi Richard,
The simple
I am not sure I would class a PIX as a router in the true sense of the word,
yes it does route traffic from interface to interface but would I use it as
a router, NO, it only supports ONE routing protocol RIP, that does not
constitute a good router in my eyes.
Now to the question, just reading t
In most cases the PIX does not support VPN's over PAT you need a static NAT
to establish a VPN tunnel.
Protocol 50 (Encapsulating Security Payload [ESP]) handles the
encrypted/encapsulated packets of IPSec. PAT devices
don't work with ESP since they have been programmed to work only with
Transmiss
On the DCE cable side ( use show controller serial X to determine DTE or DCE
cable ) you will need the following command:
in interface configuration test#(config-if)clock rate ( use help to
find the different clock rates )
Doug
-Original Message-
From: mark [mailto:[EMAIL PROTECTED]]
Se
You could use a feature called storm control, I have not actually used this
to control Unicast utilization ( mostly use this feature for Broadcast
control) however the principle would be the same for multicast and Unicast
traffic.
Storm control is enabled, the switch monitors packets passing from
Try this link http://www.iana.org/assignments/ethernet-numbers
Doug
-Original Message-
From: Ruen-Chze Loh [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 19, 2002 4:56 AM
To: [EMAIL PROTECTED]
Subject: Where to find "Protocol Type Code" in Cisco CD ? [7:38763]
> Hi,
>
> I tried sea
You can join the Security Forum at www.securityie.com
Doug
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 11, 2002 10:49 AM
To: [EMAIL PROTECTED]
Subject: RE: CCIE security [7:36860]
anybody working on CCIE Sec ? Let me know.
-Origin
Review the following document on CCO,
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/c5krn/sw_rns/78_
6583.htm#xtocid3 the document indicates the upgrade path for Catalyst 5000
switches, it also has a table that shows which versions of CAT OS is
supported by each module. Depending on
ns.
>
>-Original Message-
>From: MADMAN [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, January 15, 2002 4:49 PM
>To: [EMAIL PROTECTED]
>Subject: Re: EIGRP neighbor limitations [7:32058]
>
>
>I don't know about a hard limit but me thinks you'll hit the practi
an acedemic question???
Dave
"Robertson, Douglas" wrote:
>
> Does anyone know of limitation in the amount of EIGRP neighbors on a
router.
> If there is, is this a limitation per physical interface or a limitation
> per router. I found a document on CCO a couple of months ago th
Does anyone know of limitation in the amount of EIGRP neighbors on a router.
If there is, is this a limitation per physical interface or a limitation
per router. I found a document on CCO a couple of months ago that mentioned
these limits but I have now searched and searched but cannot find that
The best way to troubleshoot the problem would be to enable debugging on the
Tacacs server, The following commands assume you have a Unix Tacacs server
and you will need root access.
The first file you need to edit is the $BASEDIR/config/CSU.cfg file. You
will need to change the following lines
Cisco have two CBT's in the Learning Store that you can purchase, I think
they cost around $550-00 for the two. I am just starting to review them now
so I can not say how good they are, but I got the recommendations from this
list some time ago.
Log on to Cisco CCO then go to certifications, then
Remember the AGS has jumper settings on the appliqui to determine if the
interface is DCE or DTE, have you checked that they are set correctly for
your configuration.
Check out
http://www.cisco.com/univercd/cc/td/doc/product/core/cisagspl/agscfig/34084.
htm#xtocid2857013 for serial port communic
I am not so sure that this " flame " was appropriate, it was a simple
question, if you do not think this subject is for the Cisco groupstudy list
why not just move on to the next mail and forget it. Anyway I didn't see you
flaming the Juniper questions, what do they have to do with the Cisco
Group
21 matches
Mail list logo