Why not purchase a 16MB ISA flash card and build your own pix firewall?
The pix flash (16MB) comes with un-restricted license (6 interface supported)
and cost only $500.00. The whole thing will cost less than $600.00.
$50.00 for a 350MHz CPU and motherboard, $30 for the chasis, $20 for 4 NICs
and
OK, I assume that you have an access-server (i.e. Cisco 2509, 2511, 2600
with
Async module) so that provide you with console access to other Cisco
equipment.
Sure, you can accomplish this with VPN. However, if you don't have VPN client
software on your laptop (or you do not have either DES (free) o
All,
I am about to implement EAL-TLS and IPSec for my wireless network.
Basically,
this wireless segment is physically separated from my internal network via
the
firewall. It means that the wireless segment will be hanging of my DMZ
network
(called wireless DMZ because the WAP will be in the
running IPsec over
EAP-TLS/LEAP. Are you bound by HIPAA? If not, just use EAP-TLS or LEAP
and the dynamic WEP keying (plus MIC, TKIP and broadcast key rotation)
are, by all the tests and hacks I've seen/read, very secure.
Good luck.
Paul Forbes
Network Engineer
Trimble
> -
TACACS+ is the way to go.
ciscoGo2002 wrote:Hello folks.
I would like to know if it is possible to define users
in CATOS switches, I have been looking for
information, but I didn't found anything. I know that
I can define a password to telnet and a password to
access enable mode. I would lik
If you are good with unix/linux, download the freeware source code from
cisco website and use it. It's free. I use freeRadius running on
linux which works great.
"[EMAIL PROTECTED]" wrote:Any sugestion for free Tacacs server ?
Thanks
Do you Yahoo!?
U2 on LAUNCH - Exclusive medley & videos fr
Most financial corportations that implement Wireless LAN (WAN) ususally do
this:
1) Implement EAP-TLS. This method is "open-standard" as opposed to LEAP
which is Cisco propriatery. Furthermore, LEAP is vulnerable to "man in the
middle
attack" while EAP-TLS is not. EAP-TLS supports mutual authen
paul,
When I talked about IPSec, I mean to say that AES is not currently supported
on
on Pix Firewalls on any VPN concentrator. After I established connection
via
EAP/TLS on the wireless network, I have to make another IPSec connection via
Cisco VPN client to make a secure connection to the intern
This is correct. IPSec will NOT through PAT. At the moment, Pix does NOT
support "NAT traversal (udp encapsulation)". Therefore, trying to connect
to a Pix behind a NAT device with vpn dialer will not work. VPN
concentrators,
on the other hand will work. Or better yet, throw away your Pix an
Here is how I get around ICQ, AOL, MSN and Yahoo IM blocking:
>From work, I Secure Shell (SSH) back to my Linux Firewall. On my work
desktop,
I am running X-server (X-Win32 or Xceed) and just tunnel the SSH encryption
from my Linux firewall back to the corporate desktop. I can fire up any X
ap
t;There is no way for you to stop me because
unless you cut off Internet
>access on my desktop completely.
Or until SSH port 22 is closed on the firewall
Bill Creighton CCNP
Senior System Engineer
Motorola
iDEN CNRC Packet Data
-Original Message-
From: mike greenberg [mailto:[EMAIL P
I am amazed at some of the responses that people posted here (not the person
who posted the original question).
1) If you are running DNS server on Microsoft Winblows, sorry I can't help
you,
2) If you running it on Unix/Linux platform, be sure to look at the
/etc/named.conf
configuration file.
Ok, the solution is very simple one. I know this will work because I
running my
RealPlayer Helix Universal Streaming Server version 9.0.1 on my Linux box
behind
a Pix firewall. The linux box has an RFC 1918 address (192.168.1.100)
sitting on
the DMZ network (192.168.1.254 is IP address of the DM
Ok, the solution is very simple one. I know this will work because I
running my
RealPlayer Helix Universal Streaming Server version 9.0.1 on my Linux box
behind
a Pix firewall. The linux box has an RFC 1918 address (192.168.1.100)
sitting on
the DMZ network (192.168.1.254 is IP address of the DM
PIX? I would like to see a config of
multiple servers behind a PIX - utilizing only "1" external IP address.
Tim
-----Original Message-
From: mike greenberg [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 18, 2002 9:52 PM
To: [EMAIL PROTECTED]
Subject: Re: How to make real pla
The answer is yes Your company may be running transparent proxying so
that
everything that you do and places that you visit will be "cache" at the
proxy server.
Where I work, we use "squid" to cache Internet traffic and maintain a log of
what
and where "internal" users visit... Internal users
With AAA authorization, you can do just about everything (with some
caveats).
You can even give a user privilege level 15 and he/she still can not go
into the
"configuration t" mode: Here is what you put on the router:
aaa authorization exec default group tacacs+ if-authenticated
aaa authorizati
Now I know why EDS stock is taking a beating
When you use TACACS+, you basically offload the authentication,
authorization and
accounting to the TACACS+ server (running on your Linux box). If you don't
want
people to connect to your routers via telnet, set the vty line on your
routers to
acce
First of all, the Pix515E is running on an Intel Celeron 433Mhz, not PII.
I have customers that have no problem migrating from CheckPoint NG (FP2) over
to Pix515 firewall (running version 6.2(2)). At the same time, I've seen
customers
having problems with the Pix firewalls that I have to migrate
Question 2: "write term"
"Sim, CT (Chee Tong)" wrote:I keep having the following log in my PIX. It
is very frequent. What is
that mean? It seems my PIX deny this connection, but actually I want to
allow it now and make it no longer log to the PIX log.
106011: Deny inbound (No xlate) udp src
on the 2MB flash, you can only run PIX OS up to 5.1(5) Anything higher
than
that requires 16MB Flash. Furthermore, I don't think you can run Pix OS on
an
actually Local Director itself... However, you can purchase an 440BX-SE2
($30.00)
and transfer all the hardware from the local director ont
any PC100 memory chip will work on Cisco 515E
"[EMAIL PROTECTED]" wrote:The default memory in the 515E is
32Mb, supposedly upgradable to 64Mb.
Looking in the "Hardware Installation Guide" it says "you cannot install a
64 Mb DIMM in the PIX 515 due to height restraints." But I've seen a couple
po
I am not 100% certain but I am pretty sure that the motherboard does not
support
256MB of RAM. You can go with 1 128MB chip or 2 64MB chip
[EMAIL PROTECTED] wrote:Would it max out at 128 (2 X 64MB) or
could you go with 256?-Original Message-
From: mike greenberg [mailto:[EMAIL PROTECTED
I can't help but jump into this discussion. Prior to joining the neworking
field, I've
zero experience and I wouldn't get where I am today if I didn't have the
CCNP cert
(back in Jan. 2000). As a biology major fresh out of college, I don't think
any
managers would be interested in a guy with
This is a simple solution. Do this:
static (inside,perimeter) 192.168.11.0 192.168.11.0 netmask 255.255.255.0
This will make the pix acts like a router with traffic from 192.168.11.0 to
communicate with 192.168.23.0; however, you have to make access-list to allow
network 192.168.23.0 to talk bac
25 matches
Mail list logo
