Where is the best place to install a VPN box - vpn inside interface behind
the pix, vpn outside interface behind the pix, vpn outside to internet, vpn
inside to lan, etc. What should be the best practice and if someone can
point out a link where I can see some configuration I would appreciate
What is the recommended router if I wanted to run bgp on my dual internet
connection. I currently have a 2651 and will be upgrading it to 128MB but
am not sure if that's enough to run bgp considering the size of the bgp
routing table. Thank you.
___
Does anyone have a sample config of their ACL on their Internet router that
allows certain traffic to go out and certain ones to come in. I'd like a
sample of a live config to see how people are doing it. Thanks.
_
Get your FREE d
What is the difference between an IOS that is IP and IP Plus?
_
Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=12833&t=12833
-
I have a question regarding BRI state. The following is a capture of my
"show isdn status":
ISDN BRI4/0 interface
dsl 24, interface ISDN Switchtype = basic-ni
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 88, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Can we have two DLCI having the same number on the same router but point to
different destinations on different interfaces?
_
Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupst
What does it mean when that L2 status is in state=init instead of
state=established as in the following message.
Layer 2 Status:
TEI = 82, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
TEI = 84, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
TEI 82, ces = 1, state = 5(
If I have several Cisco 2600 routers, is it possible to create a home lab
that runs ATM (for practicing) if I buy the ATM modules. If yes, what
modules should I buy.
Thanks.
_
Get your FREE download of MSN Explorer at http://explo
Got a question re: subnet usage. I'm using /30 to subnet 10.100.1.x so that
I only have two addresses per subnet. The question is, there will be
approximately subnets and two hosts per subnet if I subnet it this way.
Now, does it make sense to scatter these subnets everywhere (Site 1, Site 2
Can anyone tell me what are the best racks to use to rack my Cisco gear.
Where can I go on the web to find them. Thanks.
_
Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupstu
Anyone know if there's a forum such as IRC, ICQ where we engineers can have
techy talks. Thanks.
_
Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&
My environment is currently running Cabletron equipment that has trunking
set to 802.1q. I'm putting in a new Catalyst 6500 switch and will be tieing
that into the Cabletron network. My question is, since I'm not going to
trunk between the two but just to have a cross connect to communicate
Should I use hdlc or ppp encapsulation on a point to point connection
between two wan sites. The connection is used to access data. And also
what is the benefit and disadvantages of using one over the other. Thanks.
_
Get your FR
How do I configure a US Robotics modem to work on an AUX port on a router.
What do I have to configure on the AUX port and what do I have to configure
on the modem.I want to connect the US Robotics modem to the AUX port for
dialin. Thanks.
I need some advice on NAT design. Here's the scenario.
This is my current scenario. I have my site at RTRA and a LAN there. At
RTRA, all the vendor connections come in through it as shown by Vendor_1 and
Vendor_2. Eventually, there will be Vendor_3, Vendor_4, etc.
I need some advice on NAT design. Here's the scenario.
This is my current scenario. I have my site at RTRA and a LAN there. At
RTRA, all the vendor connections come in through it as shown by Vendor_1 and
Vendor_2. Eventually, there will be Vendor_3, Vendor_4, etc.
I need some advice on NAT design. Here's the scenario.
This is my current scenario. I have my site at RTRA and a LAN there. At
RTRA, all the vendor connections come in through it as shown by Vendor_1 and
Vendor_2. Eventually, there will be Vendor_3, Vendor_4, etc.
On a Catalyst 3524XL, how do I enable SPAN (switch port analyzer) so I can
have one port mirror traffic on another port so I can sniff it. Thanks.
_
Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Poste
I have a pix that protects my internal network from vendors. So the
internal lan interface is Inside and the interface to the vendor is Outside.
There's a full conduit allowing anything from the vendor's network
(Outside) into our Inside network. I'm sniffing the wire on the Inside now
for
Anyone know of a ftp software that does encryption. Normal ftp does not
encrypt the data. I'm trying to find one that does encryption. Even if we
pay for it, that will be ok too. Thanks.
_
Get your FREE download of MSN Explorer
If I wanted to increase the TTL on a Cisco router, how can I do that?
Thanks.
_
Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1700&t=1700
--
Can Cisco ACS be used for Internet access authentication? If it can, is it
recommended since I'm using Cisco ACS for my router authentication and VPN
authentication.
Also, what software do you recommend for logging web access on a Cisco PIX.
I've used WebTrend in the pass but wanted to get so
Anyone know the pinout to a cable that use to connect two fractional T1
CSU/DSU back to back for testing. Thanks.
_
Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupstudy.com/
I want to allow this one network to be able to to telnet into my router, but
when then telnet into it I only want to give them access to the "show
interface" command and nothing else. However when I telnet into it from my
network I want to be able to access everything.
What I've done is set t
I have a flat network of 172.20.1.0 172.20.5.0 with a subnet of 255.255.0.0
thus it is flat. I'm running eigrp with no summary. If I add a network of
172.21.10.0 with a subnet of 255.255.255.0 and run it in eigrp and no
summary, would that cause any problems. Thanks.
_
There are two routers: Rtr-A and Rtr-B. HSRP is running between these
two groups with RTR-A set with a priority of 100 and RTR-B set with a
priority of 150. Currently, RTR-A is the active router. However RTR-B
shows that it's in a state of INIT. When I do a "show int fa0/0", it
shows that the
I have a network that is running EIGRP to provide for redundancy, for some
reason, for this one remote site, it is taking the long route to get to
there. For instance, we have the following:
RTR-A
/\
/ \
RTR-B---RTR-C
The host we're trying to get to is o
What is the best book to use for studying the CCIE written exam?. I've seen
several: Lammle, Caslow and Giles but am not sure which is the best. Any
suggestions would be greatly appreciated.
Thanks.
_
Get your FREE download of MS
Can anyone give some advice as to what is the best book to use for the CCIE
written. Thanks.
_
Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63
Our existing network consists of a flat network at 172.16.0.0 with a mask of
255.255.0.0 and 172.31.0.0 with a mask of 255.255.0.0. Since it is flat,
the networks are 172.16.2.0 - 172.16.12.0 mask 255.255.0.0. EIGRP is
running. Now, the question I have is, if I create new subnets to segment
on ethernet interfaces, should we set a keepalive value?
_
Get your FREE download of MSN Explorer at http://explorer.msn.com
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/
I have a PRI card on my cisco 7206 and have the following configuration
controller t1 3/0
clock source internal
channel-group 23 timeslots 1-24
interface serial3/0:23
ip address 196.168.1.1 255.255.255.0
this is suppose to be a point to point circuit.
Can anyone shed some light as to why the
Can someone give me some feedback on Cabletron hubs/switches. It is good,
bad, advantages, disadvantages and how it really compares to the Cisco
Catalyst line of switches. If you have cabletron switches would you upgrade
to Cisco Catalyst switches or would you remain with cabletron. Please
Can someone give me some feedback on Cabletron hubs/switches. It is good,
bad, advantages, disadvantages and how it really compares to the Cisco
Catalyst line of switches. If you have cabletron switches would you upgrade
to Cisco Catalyst switches or would you remain with cabletron. Please
I'm installing a new VPN box. Traditionally, where in the network does the
VPN box reside. Does it run parallel to the PIX firewall and be connected
to the inside the same way as the pix or should the VPN box be located in
the DMZ with a secure tunnel created between the VPN box and the PIX
I have CiscoWorks 2000 running. However after the discovery, it sees the
routers, switches, etc., but it only displays the ip address for both the ip
address field and the device name field. I'm trying to get it to display
the device name as well as the ip address. Any assistance would be
a
I have CiscoWorks 2000 running. However after the discovery, it sees the
routers, switches, etc., but it only displays the ip address for both the ip
address field and the device name field. I'm trying to get it to display
the device name as well as the ip address. Any assistance would be
a
Can somebody what syntax to use for the SNMP Settings for CiscoWorks 2000.
I'm trying to setup the ANI stuff and the snmp strings but the syntax that
it has is confusing. Can anybody give a sample they are using. Thanks.
I have CiscoSecure running and functioning. However, I'm having a little
trouble getting it to authenticate when I try to go into enable mode. When
I type "enable" to get into enable mode, it asks for a password, the only
password that works is the one set with the "enable password ..." on th
I have CiscoSecure running and functioning. However, I'm having a little
trouble getting it to authenticate when I try to go into enable mode. When
I type "enable" to get into enable mode, it asks for a password, the only
password that works is the one set with the "enable password ..." on th
In regards to a pix, I have the following question.
When I'm trying to restrict access from the inside to the dmz, how would I
do that and can you give some examples. For example, do I use an access
list or an outbound command and what are the differences between the two.
In addition, is ther
How do we go about calculating how long it takes to calculate something and
the speed at which it is transferring. For instance, if we have a T1
circuit (full 1.544MB) or a 128KB link, how long will it take to transfer a
230MB file and how fast does it transfer per second, minute, etc. I can'
I have a dilema with my ipx environment. The following is a diagram and a
description of it.
aaa --| | - iii
bbb --| S0S1 | - hhh
ccc --|RtrA --- fff --- RtrB ---| - ggg
ddd --| 1.1.1.1 1.1.1.2 |
I have a dilema with my ipx environment. The following is a diagram and a
description of it.
aaa --| | - iii
bbb --| S0S1 | - hhh
ccc --|RtrA --- fff --- RtrB ---| - ggg
ddd --| 1.1.1.1 1.1.1.2 |
I want to allow a particular server to do DNS queries such that when they
type www.cisco.com or something like that, it will go to the specify DNS
server and find the ip address. I have an access list allowing port 53 for
tcp and udp and it doesn't work. Can anyone help. Thanks.
I have a central site with two routers each with a PRI. I have numerous
remote sites with BRI dialing into the PRI as dial backup only.
I would like to set it up such that when the T1 link goes down at the remote
site the BRI ISDN initiates dialing to the PRI for backup. What I want to
do is
I have a central site with two routers each with a PRI. I have numerous
remote sites with BRI dialing into the PRI as dial backup only.
I would like to set it up such that when the T1 link goes down at the remote
site the BRI ISDN initiates dialing to the PRI for backup. What I want to
do is
Currently my PIX has two interfaces. I'm getting ready to add another
interface to my PIX to make it 3 interfaces to make a separate DMZ network.
My question is, when a user on the outside tries to access a server on on
the network on the inside (not dmz), is that doable. Also, I haven't bee
On a Cisco Catalyst 6500 and 4000 series switch, how can I stop system
messages from displaying onto the console. Thanks.
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about y
In regards to ipx routing, how and when do we determine if running ipx
routing is enough as compare to when to run ipx eigrp routing? My
environment is growing from about 100 sap listings to maybe 2000 sap
listings via a company merger.
My second question is via the following diagram
Site A
Can someone tell me how the CIT exam is like. How does it compare to the
other exams. I glanced over the CIT book and it looks like a lot of stuff
is understanding different "show ..." commands and "debug ..." commands.
Any hints or advice would be appreciated. Thanks.
_
If a token ring is running at a speed of 16, should the duplex be full or
half. If it's at half, what may be some problems as a result of it.
thanks.
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.c
I need some advice on the CIT exam. What book should I use to study for
this exam. Also, there's two exams available for the CIT: 640-440 and
640-506. If I read the book for 640-440, will it be enough to pass the
640-506 exam? Any guidance would be appreciated. Thanks.
I need some assistance with my PRI connection starting from the CSU/DSU.
How should I configure the CSU/DSU? Should it be the same (coniguration) as
a normal T1?? Do I need any special cables to connect from the CSU/DSU
(v.35) to the PRI (controller) port on the router. Any assistance from
Can anyone give me some tips as to how to study for the BCRAN (640-505 exam)
exam. I'm studying for it and am schedule for another week or so to take
the exam. Tips on what topics to study and what may be on the exam would be
helpfu. Thanks.
__
I'm trying to dial into a US Robotics 33.6 external modem connected to my
Cisco 2520 router. The modem has a db-25 connector on it which I've placed
a db-25 to RJ-45 convertor on it. From the RJ-45 I connected a Cisco rolled
cable (console cable) to it and connected the other end of the RJ-45
I have a Altiga (Cisco) VPN 3015 concentrator. Once I have a tunnel
established to the 3015 concentrator, can I run IPX (novell) through that or
can I only run IP. If I can run IPX, what/how would I need to configure to
get IPX to work. Thanks.
___
I have a Altiga 3015 VPN concentrator. All seems to be working except for
one thing. PPTP works fine with WINS, DNS, etc
and of course full connectivity via the tunnel. IPSec seems to be OK too
except that when I look at the
IPSec Viewer, it tells me that "Failed to set WINS info...". WINS d
How can I disconnect another user who is currently telnet into the router
that I'm in? When I do a "show users", it displays the telnet session and
the vty line.
_
Get Your Private, Free E-mail from MSN Hotmail at http://ww
I am using a Cisco PIX 520 with an inside interface and an outside
interface. I have
the following scenario:
Internal server has an address of 10.10.1.150, the external server has an ip
address
of 128.200.111.100. The external server is in the dmz zone. The internal
server has
been assigned
I am using a Cisco PIX 520 with an inside interface and an outside
interface. I have
the following scenario:
Internal server has an address of 10.10.1.150, the external server has an ip
address
of 128.200.111.100. The external server is in the dmz zone. The internal
server has
been assigned
How do I configre an access list such that it only allow users to ftp out,
but not any ftp in. Thanks.
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your
What is a good time server to use out there. I'm setting up NTP on my
routers, etc. and don't want to use the router as a NTP device where it will
serve as a server. I want it to go to a machine that will act as a server.
What software is good for that and hopefully it's free. Thanks
__
I have a PRI that is used to backup all my remote sites. The PRI is a full
T1. My question is, when I setup the CSU/DSU, how should I setup the
channels. Do I just assign all channels to the data port, do I have to
configure it any different from a normal T1? Thanks.
___
My network is as follows:
Ethernet Segment ---|PIX||RTR|--OUT TO INTERNET
INTERNAL DMZ EXTERNAL
I have a few servers out in the DMZ zone. How and what is the standard for
security configuration for the PIX and the RTR (router). Is the RTR s
My network is as follows:
Ethernet Segment ---|PIX||RTR|--OUT TO INTERNET
INTERNAL DMZ EXTERNAL
I have a few servers out in the DMZ zone. How and what is the standard for
security configuration for the PIX and the RTR (router). Is the RTR s
The port for Internet Relay Chat (IRC) is 194 for UDP and TCP. In fact,
after block TCP and UDP port 194, IRC traffic seems to be going through
still. However blocking that port does
block out much IRC traffic because IRC seems to be using random ports as
well such as 7000, 6000, etc.
Can any
I need assistance with hooking up a PRI. Telco has already brought in the
PRI line into a circuit in the room with a jack. I want the PRI to work
with my router. My router does have a PRI Multi-Channel card to handle
this. My question is, how do I connect the PRI line such that it will wor
On a Cisco PIX, if you have license for lets say 100 connections but end up
using 110 connections, what would happen. I'm not referring to the number
of users but rather the number of connections
Get Your Private, Free E-m
I want to create an access list such that a user can ping out and get a
response, but at the same time to be able to not have anyone to ping in. I
tried an access list denying icmp for IN on that interface, but that totally
stops the pings from going out or in. Any assistance on how I can get
I have two Catalyst 6500 with supervisor and MSFC. The MSFC is performing
the routing for the vlans. When sniffing it, I see a lot of broadcast (50%)
coming from the MAC of vlan interface on the MSFC. Both ip and ipx are
running on this. Is this normal? I have "no ip redirects" and "no ip
I have a couple of catalyst 6500 with supervisors that have msfc. These
msfc are performing the routing functions for the different vlans that I
have setup. HSRP is running between the msfc for each vlan. Each msfc have
a different ip address for each vlan. For instance, one msfc will have
I have a 4006 with two GBICs each trunked to a 6509. My 6509 has a MSFC to
perfom my routing. For whatever reason, when I do a ping on a client to the
vlan assigned to the 4006, it will ping and then time out for between 5 and
20 seconds and then will come back alive. I'm running spanning tr
I currently have one floor where my routers and servers are. These are
address as 10.100.1.x and 10.100.2.x addresses with a subnet of /16. I'm
adding two more floors. However, in adding two more floors can I address
these floors as for instance 10.100.11.x, 10.100.12.x, 10.100.13.x, and
10
I want to have one Vlan (for example vlan 100) and have both 10.100.5/24 and
10.100.6/24 on the same subnet so that I can use the same gateway. Is there
a way to accomplish this? Thanks.
Get Your Private, Free E-mail from
I'm at one location with two T1s to corporate. How can I configure these
two T1s to load balance each other, provide redundancy for each other etc.
For instance, if one T1 goes down, all traffic that normally goes through
that T1 would now be re-routed to the other T1 which is up. Also is th
I currently have one floor where my routers and servers are. These are
address as 10.100.1.x and 10.100.2.x addresses with a subnet of /16. I'm
adding two more floors. However, in adding two more floors can I address
these floors as for instance 10.100.11.x, 10.100.12.x, 10.100.13.x, and
10
If on one floor I use 10.150.0.0 255.255.0.0 and on the remaining 2 floors I
use 10.150.100.0 255.255.255.0 and 10..150.102.0 255.255.255.0, will this
work in terms of all three networks being able to communicate with each
other. Will there be any problems, etc. Can someone help me reason thi
I have a cisco router at a remote site and a bay router at the central site.
The dhcp server is at the central site where the bay router is. The cisco
router at the remote site has a help-address pointing to the dhcp server at
the central site. On the Bay router, a forwarding interface has
I currently have a nat entry as follows: "ip nat inside source static tcp
192.168.32.200 192.168.32.200 extendable". When I try to remove that entry
with the following command: "no ip nat inside source static tcp
192.168.32.200 192.168.32.200 extendable" it gives me the following message:
"
80 matches
Mail list logo
