this is the current nat setup I have on one of my PIXs:
global (outside) 1 xxx.xxx.223.235-64.172.223.236
global (outside) 1 xxx.xxx.223.237
nat (inside) 0 access-list 100
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
heres the translations:
PAT Global xxx.xxx.223.237(16882) Local 192.168.2.18(2193)
I think thats the maximum of asynchronous communication that they've put
into their documentation, I don't think there is an upper limit to the real
transfer rate. I suppose you could clock a asynchronous transmission way up
into the Mbps range and that interface would still suck it in. granted the
your example is fair. I haven't seen many real example of load balancing. in
the case you're describing you can simply change the metrics on one of the
routers 'secondary' link to the other router. this would prevent it from
passing anything it received from the one router back to itself. yes the w
my company does a lot of firewall consulting and I run into this question
all the time. frankly I don't have a great answer for it though.
packet filters (i.e. access-lists) are technically first generation
firewalls, so they do have a firewall in place already.
the sell really comes into play whe
null0 is used as an alternative to access-lists. it is a blackhole. so
anything routed to it gets dropped automatically. an access-list uses more
processor overhead than a null interface and thus if you have a certain part
of your network that you don't want to go anywhere, then use a null
interfac
well georgeW,
your questions seem a little hidden. what are you asking? why an ISP would
need a server? for dns is the first example that comes to mind.
btw, 4 more?
scott
""George"" wrote in message
news:[EMAIL PROTECTED]
> A computer is to be purchased for an Internet Service Provider (ISP)
thanks for the advice. seems like very good and concise info!
I have to laugh though, I started my ccnp over two years ago, passing three
of the four tests and then got caught up in work related projects (damn
work!) and put my certificatiosn on the back burner. the funny thing is, my
ccna was abo
considering hold-down times and split horison, why do you think that packets
would bounces in a loop under normal conditions? I think under normal
conditions if a route is considered valid enough to be included in a routing
table, its not going to be a loop.
I think EIGRP only looked for alternate
something tells me you never fully considered the merits of that website.
take another hard look at it and then questions its relevance to cisco. ;)
scott
""cebuano"" wrote in message
news:[EMAIL PROTECTED]
> Paul,
> How many more of these "off-topic" threads are you going to allow?
>
> -Ori
confirm to me that this connection is possible, the thing is
that
> I need some kind of instructions to do the connection. Do you know how to
> do this or can you point me to some url where I can find step-by-step
> instructions to configure this.
>
> Thanks a lot for your time and hel
I'm assuming your configuration is fine, but what do the controllers show
and are the interfaces showing any errors?
scott
""Tim Champion"" wrote in message
news:[EMAIL PROTECTED]
> Has anyone experienced, or heard of, the following problem:
>
> I recently bought a 2nd hand 2511 but only async i
you'll need a WIC with a async/syn serial port, I know they're available for
the 1700's, but I'm not sure if the same wic will work in a 1600. then you
can specify the interface as async and connect up the modem with a
db60-rs232 cable.
scott
""Diego Martmnez Boqui"" wrote in message
news:[EMAIL
I agree that you should know the generalities of the 700 series. I bought
one anyway off of ebay, it was only $20 for a 776M, so I wasn't out a whole
lot. the 800 is IOS so there isn't much to worry about in terms of commands.
scott
""fred barreras"" wrote in message
news:[EMAIL PROTECTED]
> All
if you mean like a 2511? an access server to allow you to telnet into all
your routers and not keep switching the console cables around?
well you could buy a 2511 (or 2512 for token ring) to do the job, it has 16
ports. the problem with this is that you'll pay a premium on ebay for it. an
alternat
I should warn you about my last response regarding the 'Digi portserver', I
had to make my own custom cables though, the regular cisco rollover doesn't
work. so if you're not used to crimping your own cables, I wouldn't go with
the portserver.
scott
""Kazan, Naim"" wrote in message
news:[EMAIL P
I've never had to implement a dns change, but supposedly yes it does change
the payload. there is only a few services where is does these payload
changes though. another big one used to be ping, NATing modifies the payload
of that also.
scott
""Charles D Hammonds"" wrote in message
news:[EMAIL P
I work with a lot of different vendors firewalls and IMO PAT is a security
feature (to a degree). like many other security features its not perfect by
itself, but when combined with other features its creates a full firewall.
technically PAT alone would be an aspect of stateful inspection/translat
I agree, they are a few aspects missing from PDM, such as the mentioned
VPN/cryptology, but I find that it helps when you need to configure a basic
firewall quickly. I find that I'll put the basic interface commands in CLI
and then I'll setup NAT through the PDM interface.
scott
""Steve Wilson""
you can accomplish many of the things you're looking for, the trick is to
have the correct IOS image. if your routers only has a basic IP image you
might not be able to do some of these functions.
the other thing to conssider is the amount of memory you have to implement
everything using verion 12,
is based on the ANSI T1.107 guidelines. The ITU-TS
> guidelines differ somewhat.
>
>
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> > MADMAN
> > Sent: Thursday, March 20, 2003 4:32 PM
> > To: [EMAIL P
nue? [confirm]
> %Error squeezing bootflash (File open for write)
>
> A reboot has been suggested. Any other ideas?
>
> Thanks,
> Tim
>
> -Original Message-
> From: Scott Roberts [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, March 19, 2003 3:16 PM
> To: [EM
why not?
my boss came to me this morning prior to the announcement and thought they
were going to say they were buying checkpoint!
scott
""Elijah Savage"" wrote in message
news:[EMAIL PROTECTED]
> Cisco buys Linksys.
>
>
http://www.quicken.com/investments/news/story/?story=NewsStory/BW/20030320
why do people refer to a DS3 as a DS3 and not a T3? is there something I'm
missing?
scott
""Nate"" wrote in message
news:[EMAIL PROTECTED]
> We've run a bandwidth test on our DS3 with nothing connected to it but a
> workstation (and obviously a router/pix). We went to testmyspeed.com as
> well
from the cisco IOS command reference:
delete:
"When you delete a file, the software simply marks the file as deleted, but
it does not erase the file. This feature allows you to later recover a
"deleted" file using the undelete command. You can delete and undelete a
file up to 15 times. To permanen
I can honestly say that I've never upgraded my IOS's by console cable. I
didn't even know that the 2500 supported that, I only thought that it was
the 3600 that supported transfer over the console cable? has anyone done a
console cable transfer with a 2500?
william, you can do your upgrade in one
yes definitly a knock, couldn't remember where I had heard a lot of this
before, but the link reminded me.
still parts of this were good, some though need some work. perhaps we could
all rewrite part of this to come up with a really good job description?
I'd change the part "at the same time, per
that command isn't necessary with back-to-back cabling. the interface's
controller can determine the cablings orientation and set the interface to
the correct type automatically.
what I don't see is the dce providing a clocking rate.
scott
""John Neiberger"" wrote in message
news:[EMAIL PROTECT
t last week and I found 2 Diag roms
instead
> of the needed boot roms.
>
> Thanks everyone.
>
> JM
>
> ""Scott Roberts"" wrote in message
> news:[EMAIL PROTECTED]
> > what I would check isopen up the case and see if there is a "credit
>
> In the end, the device either routes or bridges the frames it
> receives, but takes no action that can be distinctly described as layer
> three switching.
>
> Pete
>
to my basic understanding ALL routing has a switching component to it
already, whether we're talking about regular routers or L3 s
my guess is similair to guys, I think you might be getting some routing
issue with packets not going optimally between your two carriers.
obviously try tracing and better than that use the ip option for recording
routes. see how the packets are really negotiating the outside.
scott
""Lupi, Guy""
strange that it would create another translation instead of using the old
one?? I suppose its more an error in the client software thinking it still
has a valid server connection and tries to open a brand new one then.
the only thing that comes to my mind would be to expire your translations
faste
what do you mean by "bandwidth useage"?
if you talking about baseband, the entire bandwidth is used. broadband of
course would be calculated upon what spectrum range you're using.
scott
""Robert Perez"" wrote in message
news:[EMAIL PROTECTED]
> Anyone know how the conversion techniques for conv
what command are you using and what type of line are you trying to connect
to? (frame or t1?) what are the specifications of that line?
scott
""Monu Sekhon"" wrote in message
news:[EMAIL PROTECTED]
> Hi all
> I have T1 Csu/dsu card on 2691 platform
> Whenever I execute any service module command
I don't know why I started to think about this topic over the weekend, but I
got to thinking about network design using 10baseT ethernet.
I'm a network engineer and work closely with sales. everytime in the past
two years we've gone into a project, sales has always used upgrading to
100baseTX as a
wow, I've never worked on such a large order, but the RFPs I've designed out
have never been this much of a joke. it seems that the IT staff of this
company had no clue what they wanted or needed and decided to get some free
advice!
the only similair scenario I can mention is when a small private
took quite
a
> bit of research into FastEthernet NWAY/Autonegotiation to determine the
> problem.
>
> Just a forewarning. :-)
>
> >>> Scott Roberts 3/10/03 12:12:48 PM >>>
> if I understand what you're saying, I think its always been like that,
cisco
> has
if I understand what you're saying, I think its always been like that, cisco
hasn't changed it.
you're refering to the fact that the IOS switch don't let you change the
speed? I think thats strange also, the set based switch can allow you to
change speed, but after the IOS "upgrading" of switches
try putting more memory in, the max i think is 24, but default is like 12.
ios 12.0 requires 8MB, so you're only really working with 4MB.
scott
""Hyman, Craig"" wrote in message
news:[EMAIL PROTECTED]
> ALL-
>
> I am having a problem with Dynamic Natting using a 1601R router over Frame
> Relay.
you didn't show your interface configuration, do you have at least one not
shut down with the ip address 1.1.1.1 ?
scott
""McHugh Randy"" wrote in message
news:[EMAIL PROTECTED]
> I cant seem to access any of my routers from the term server . Here is the
> config and what errors i am getting
> !
I guess I'm the only one with the problem of that many then. I'll take your
words for it that it works OK, but I still keep thinking back to that one
study (don't recall its name), and can't help but think effiecency would go
by some noticeable degree. anybody can through switch and hubs around,
w
nice catch daniel, I've never used that before, will be mulling this one
over in my lab for the next week.
learn something new everyday,
scott
""Daniel Cotts"" wrote in message
news:[EMAIL PROTECTED]
> standby track (interface) might do the trick.
> http://www.cisco.com/warp/public/619/6.html
>
I agree completely. I think the whole "hybrid" was a marketing department
decision. I'm just glad to find out I wasn't the only one who thought this.
scott
""Peter van Oene"" wrote in message
news:[EMAIL PROTECTED]
> At 03:54 PM 3/7/2003 +, The Long and Winding Road wrote:
> >""Peter van Oen
never heard of that command...doesn't exist to my knowledge (at least on
12.0)
scott
""Shyam, Sharma S (CAP, GECIS)"" wrote in
message news:[EMAIL PROTECTED]
> Missed the command
>
> show ip eigrp timers
>
> rgds
>
> > --
> > From: Shyam, Sharma S (CAP, GECIS)
> > Reply To: Shyam, Sharm
in real life its hard for me to keep my mouth shut, so even if I intend to
be elusive in answers from now on, I'll probably just shoot my mouth off
here too and just give the answer.
I suppose some of us new-comers will keep you 'old farts' on your toes! ;)
(you know who you are!)
scott
""fred b
I guess my understaning is limited, so I'm interested in hearing the results
of this also.
I've seen the flags left off of various protocols before, but I assumed they
were simply being sloppy. I can't understand how any protocol could be
transmitted without any flag/preamble at all.
scott
""Pri
what I would check isopen up the case and see if there is a "credit
card"/PC card/pcmcia flash memory module inserted into the mainboard (you'll
see the slot, its obvious). also make sure there is standard memory inserted
in the regular memory slots.
lets us know what you find.
scott
""Jean-
it might be interesting to see what would happen if you put their priorities
up and rebooted the existing DR/BDRs, let them complete their adjacencies
and then put them back down to normal (or even 0). then see if the behavior
goes back to the previous.
after that I'd try a different IOS image and
next question is, who or why did they let the last admin near the
servers/routers after he was fired?
President Bigshot: "sorry bob, I'm going to have to let you go"
Bob: "no problem, I'll just go get my things"
next day
President Bigshot: "bob? you're still here? I thought I fired you
yes
considering that register.com provides DNS service also, I think its cheap.
for eample, Time Warner charges $4/months for DNS service!
scott
""Wes Stevens"" wrote in message
news:[EMAIL PROTECTED]
> Any advice on a cheap and good domain name register? I am
> tired of paying out the nose for regi
if you didn't need the the simulated telco switch d-channel, then your best
bet would be to use a PBX system. in other words, if you simple needed the
lines to be circuit switched like a isdn cloud would do without the actual
isdn protocols.
this is basically putting in an NT2, but bypassing any n
"what? you don't have all your passwords printed out in large type on a
sheet
of paper taped to the equipment rack? what kind of operation you running
there? :->"
damn I really did LOL at this!
sorry oscar I think you're screwed without some form of password, the snmp
idea is good, but the ques
yes cat3 can be used for 100base, but only wih 100baseT4 and chances are
that the cards in your workstations are only TX. so its safer to run 10base
over cat3 cabling.
scott
""Mike Momb"" wrote in message
news:[EMAIL PROTECTED]
> To all,
>
> I know this subject has been talked about on a worksta
esn't work When I use the
> CS11152 adapter on rollover it does work. What I'm trying to figure out is
> what do I have to do to a cat5 cable to make it work without the CSS11152
> adapter.
>
> ""Scott Roberts"" wrote in message
> news:[EMAIL PROTECTE
boy you don't give up do you!!
have you tried the http://www.ccbootcamp.com/index.asp
scott
""Mirza, Timur"" wrote in message
news:[EMAIL PROTECTED]
> a hands-on lab training course for the ccie lab exam...i want to prepare
> myself for my 6th attempt...i believe there was ecp course but i don'
if people never get a
straight answer, will they then stop asking questions? its nice to see an
open forum about cisco networking thats actually well populated, I'd like to
support it as much as I can.
scott
""Priscilla Oppenheimer"" wrote in message
news:[EMA
ducts_installation_
> guide_chapter09186a00800df9d6.html#xtocid3
>
> if you look at the table they RXD and DSR both going to to pin 3.
>
>
> ""Scott Roberts"" wrote in message
> news:[EMAIL PROTECTED]
> > the console port is identical to
basically yes, I think your statement is correct.
1) I haven't configured a PIX recently, but I don't recall it requiring an
access-list for static address translation, since the port is actually part
of the static (or conduit) command. Now I'm sure you'd want a ACL, but
simply for the same reason
the console port is identical to every other cisco router (eia-232, 9600
baud).
http://www.cisco.com/en/US/products/hw/accessor/ps107/products_tech_note0918
6a0080094ce6.shtml
scott
""Sam Sneed"" wrote in message
news:[EMAIL PROTECTED]
> Has anyone done this before? I have a few CSS but don't ha
"In my setup I saw that so long as I had the 200.0.0.4 address on the R4
loopback that the 200.0.0.0/24 refused to propagate. it did not show up in
the R4 table.
"
it has to be in your R4 routing table as a directly connected subnet. I
suppose what you mean is that it doesn't show up as either a os
shoulds like you're trying to answer a trick question on a test? I suppose
"The Long and Winding Road" wanted you to work for your answer, but I'll
come out and tell you.
ospf defaults the dead-interval/hold-time as a multiple of the hello time,
so if you change the hello time the dead interval ch
I've never heard efficiency as a reason to use PPP over HDLC. there are more
options with PPP, but otherwise both are based upon SDLC and therefore
nearly identical from a protocol perspective. I suppose HDLC are a couple
bytes smaller, but this would be negligable.
I'd say if your PPP is configur
I agree with richard the only way you're going to do this with a single ip
address is by setting up a vpn and then telneting as a second step.
scott
""Richard Deal"" wrote in message
news:[EMAIL PROTECTED]
> Juan,
>
> The PIX does not permit you to telnet into it from the "outside"
> interface--
I'm sure that the default usrobotics modemcap will work on your modem.
What exactly is not working on your connection? What process have you
gone through to connect it?
Modemcap entries can be viewed on the router by 'show modemcap' to
reveal the names of the modems supported by default scripts an
If the Livingston port is a eia-232/DTE then you're basically set to go.
Just use a roll-over cable. On the chance that the livingston port is a
DCE, use a straight-through cable (which might be the answer since it
was a female to begin with).
scott
-Original Message-
From: John Golovich
Show ip eigrp neighbor, will show the hold time. The hold time is
updated when a hello packet is received. The default hello time interval
is 5 seconds so you're neighbors will always be reporting a hold time
between 10-15 seconds.
scott
-Original Message-
From: Michael Williams [mailto:[
He still should be able to place it into flash irregardless of what
router its meant for.
I think the problem is a size issue. Every 12.0 ios requires 8MB of
flash and I suspect the one he's trying requires 16MB. He should use the
command "no partition" first to combine the flash partitions into o
(boot) is for "boot-helper" image. That means that the configuration
registers were set in a manner to either purposefully boot to boot
helper mode or to boot to it if you have an error loading up an image
from any other location.
The boot helper image is basically a trimmed down version of the r
67 matches
Mail list logo
