Hello all
Can I know what is the Cisco PIX and that of a Cisco
VPN 3000 in terms of performance?
As I am planning to implement VPN with either VPN
Concentrator or PIX,however I was told that if you
implement only VPN Concentrator instead of PIX ,then
you may get VPN connectivity but you
Stnadard answer: it depends.
Followed immediately by the standard question: what problem are you
trying to solve?
The VPN Concentrator does not firewall or filter; it is a specialized
tunnel termination device. You may (emphasis on may) need to use it
when you are terminating more than about
Scenario III is probably the most recommended. It is incorrect to say that
the VPN Concentrator does not have filtering capabilities. It generally
only allows traffic in its public interface necessary for VPN connections,
so it is not any more inherently insecure as a PIX. It does not have all
Hello all,
I am trying to terminate a vpn tunnel on a 3640 for clients (4.x). I
have done it on a pix with split-tunnel. Can the 3640 be setup to
perform split-tunnel?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=75134t=75134
Sure
You will need to be running IOS 12.2(8)T or above.
bk wrote in message
news:[EMAIL PROTECTED]
Hello all,
I am trying to terminate a vpn tunnel on a 3640 for clients (4.x). I
have done it on a pix with split-tunnel. Can the 3640 be setup to
perform split-tunnel?
**Please support
Hi James,
First and foremost please make sure that the inside ip address of the pix
and the VPN address pool are of different range since there is a BUG
associated , i would recommend you to use an entirely different range of
address pool.
What is the client version you are using? If you
Hi
You can check this link:
http://www.cisco.com/warp/public/707/overload_public.html
http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Internetworking:IPSecs=Implementation_and_Configuration#Samples_and_Tips
Just let me know if you have any queries.
Message Posted at:
Hi! John,
The isakmp and pre-share key is used only when you have the L2L tunnel
setup.
When you have a VPN tunnel between Client and PIX , the command below is
same as the isakmp and pre-shared key.
vpngroup VPNUSER password
Spli tunneling is used when you want the user
are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.
-Original Message-
From: Deepali S [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 02, 2003 3:14 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX VPN Client
I have a Pix 501 setup for VPN for a few users, now the outgoing SMTP
server for all their email (from Bell Sympatico) only allows relaying
when on the Bell domain. So everything works fine when people are in
the office but if they go home and use say Rogers to connect to the
internet, then VPN
Hi all,
Thanks in advance for reading this message. I am completely boggled on an
issue here that I have literally been trying to troubleshoot for some 12
hours now.
I'm trying to configure a PIX 515E for Cisco VPN Client connectivity.
Here are the relevant parts of my config:
:PIX Version 6.3
(with Company A's laptop) of another company,
Company B. This company has its own network, unrelated and not tied into
Company A's network in any way. How does the user access a vpn concentrator
located at Company A while working onsite at Company B without logging on to
their domain? The laptop has
I'm setting up a small VPN just for home use so me and a few friends can
log in remotely via a PIX 501 w/ 3DES over my cable connection.
Now I've got it working, but found a few strange things I had questions
about. I have each user setup with the VPNGROUP config lines. (I will
post config
I'm setting up a small VPN just for home use so me and a few friends can
log in remotely via a PIX 501 w/ 3DES over my cable connection.
Now I've got it working, but found a few strange things I had questions
about. I have each user setup with the VPNGROUP config lines. (I will
post config
it from your computer.
-Original Message-
From: Chandler Mike [mailto:[EMAIL PROTECTED]
Sent: Monday, August 25, 2003 8:06 PM
To: [EMAIL PROTECTED]
Subject: help with vpn scenario [7:74366]
Please help with the following scenario: A laptop user works for Company A
and possesses a Company
Hi Chandler,
To secure the laptop of company a while connected via VPN form company B my
suggestion is to run the Client Firewall feature the concentrator has, (this
is why I love this device so much). While you are connected via VPN, the
concentrator will inject a set of rules, (a firewall
John,
One question at the time:
1) I noticed that I never set an isakmp pre-share key
- Remember that for a VPN client connection, ISAKMP or Phase I is
established using aggressive mode in this case and due the remote
connection would come from any place on the Internet; a pre-share
so the VPN client will encrypt data destined to the 192.168.1.0/24 and PIX
will encrypt traffic from the local LAN to the pool only.
Lastly, if you need to communicate to the DMZ as well, you may add these
lines to the access-list for nonat and interesting traffic:
access-list nonat permit ip
James
Your missing the command vpdn enable outside from your config.
regards
derek
- Original Message -
From: James Willard
To:
Sent: Tuesday, August 26, 2003 12:17 AM
Subject: PIX VPN Client Configuration - At my wit's end! [7:74363]
Hi all,
Thanks in advance for reading
from the client is checked against this list. So must be more
specific in my experience.
Martijn
-Oorspronkelijk bericht-
Van: Derek Gaff [mailto:[EMAIL PROTECTED]
Verzonden: dinsdag 26 augustus 2003 9:57
Aan: [EMAIL PROTECTED]
Onderwerp: Re: PIX VPN Client Configuration - At my wit's end
Thank you both for the suggestions and info!
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74417t=74366
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and
Just received e-mail from Cisco that they would send me the INFOSEC letter
of recognition after I signed the Cisco Certification Agreement.
I am spending time on other interesting stuffs which is not Cisco and not
sure if I would sit for recert.
Kevin Wigle wrote in message
news:[EMAIL
hi guys,
will a vpn client that can run 3DES connect to a router running DES? if no is
it still possible to get the DES version? cant seem to find it on cisco
website.
regards,
Tunde
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74205t=74205
Yes, the 3DES client will negotiate DES with a DES only router or pix.
It comes down to crypto policy configuration, it can only negotiate what's
on offer from the VPN gateway.
Darren
On Tue, 19 Aug 2003, Tunde Kalejaiye wrote:
hi guys,
will a vpn client that can run 3DES connect
]
Subject: VPN Client [7:74205]
hi guys,
will a vpn client that can run 3DES connect to a router running DES? if no
is
it still possible to get the DES version? cant seem to find it on cisco
website.
regards,
Tunde
**Please support GroupStudy by purchasing from the GroupStudy Store:
http
Very true. The clients are the most vulnerable before the VPN session is
established. Without PSPF enabled clients can attack other clients on an
access point. Even with PSPF enabled an attacker could put up a rogue with
the same SSID and WEP key if used and try to attack/trojan the client
One more quick note on using VPN solutions. If your using a VPN solution
with a Cisco AP be sure to enable PSPF. Everyone misses that setting...
but it's important. :)
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74049t=73988
Hmm, PSPF definitely sounds interesting, but I'd recommend requiring the
integrated Cisco firewall in the VPN client, and not allowing split
tunneling.
Also, there is apparently a working group working on VPN multicast...
Fred Reimer - CCNA
Eclipsys Corporation, 200 Ashford Center North
, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.
-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 14, 2003 7:52 PM
To: [EMAIL PROTECTED]
Subject: wireless security and VPN software? [7:73988
.. not a stupid question at all.
The issues we ran into:
1. We put the wireless users on a completely untrusted segment
2. We needed to permit DHCP+DNS to clients pre-VPN connection
DHCP to get an IP, obviously
DNS because our VPN Profiles used
, disclose, distribute,
copy, print
or rely on this email, and should immediately delete it from
your computer.
-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 14, 2003 7:52 PM
To: [EMAIL PROTECTED]
Subject: wireless security and VPN
with the VPN 3000 Client so that the VPN is automatically
connected and the users don't even need to be aware that it is there.
Fred Reimer - CCNA
Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050
NOTICE; This email
I need assistance configuring VPN between a Cisco 2501 and a Cisco 827H.
Both routers have IOS that supports VPN. The 2501 is connected to the ISP
via a 768kb fractional T1 and the 827H has an ADSL connection to the same
ISP. If anyone could please send sample configurations for either router
: Wednesday, August 06, 2003 5:01 AM
To: [EMAIL PROTECTED]
Subject: RE: Largest CA Keylength on VPN 3000 [7:73409]
Is it a size or allocation issue?
CSCdv48299
If fewer than three spots remain in the CA certificate store of a VPN 3000
Concentrator, and an attempt is made to install a CA certificate
Router
2600 b Connecting WAN and Voice Interface Cards to a Network
Martijn
-Oorspronkelijk bericht-
Van: Ryan Finnesey [mailto:[EMAIL PROTECTED]
Verzonden: woensdag 13 augustus 2003 7:53
Aan: Jansen, M; [EMAIL PROTECTED]
Onderwerp: RE: VPN Best Hardware to use? [7:73793]
That is a ADSL
PROTECTED]
Sent: Monday, August 11, 2003 6:57 AM
To: [EMAIL PROTECTED]
Subject: RE: VPN Best Hardware to use? [7:73793]
Despite all hw issues, you really need to
- describe the business req's first
- translate to technical req's
(you are talking 2000+ sites)
And you will see that you'll need more than
:[EMAIL PROTECTED]
Verzonden: woensdag 13 augustus 2003 3:57
Aan: [EMAIL PROTECTED]
Onderwerp: RE: VPN Best Hardware to use? [7:73793]
You are right it is a service offering. Right now, we are using ISDN
dial-up and would like to move to a full time connection. We would not be
using the customerbs
]
Subject: VPN Conncetion from Windows Client to nt domain [7:73720]
Dear all
We have a cisco vpn concentrator 3000 series for vpn connection.
What we want to do is to establish a vpn conncetion from a windows
client(W2k or WinXP Pro) to the concentrator and then log on to our domain
and then get
a Firewall Specialist, VPN Specialist, and
IDS Specialist, but rather just one Security Specialist. So does that
mean that I can't use the VPN Specialist designation anymore and have
to wait until I pass all of the tests? What about that INFOSEC
designation, is that still valid?
I think you have
PROTECTED]
Verzonden: zondag 10 augustus 2003 4:36
Aan: [EMAIL PROTECTED]
Onderwerp: VPN Best Hardware to use? [7:73793]
I need to setup VPNs to about 2000 sites. Each site will have an IDSL line
installed that will be used to connect to monitor network devices and
servers. Some of the remote
, and should immediately delete it from your computer.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2003 10:51 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: VPN Best Hardware to use? [7:73793] LITTLE OT:
Fred, I
Sent: Mon 8/11/2003 10:02 AM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: VPN Best Hardware to use? [7:73793]
I would certainly hope that the remotes wouldn't use different platforms.
I
don't know the business model, but it sounds to me like it's some kind of
service
[mailto:[EMAIL PROTECTED]
Sent: Friday, August 08, 2003 1:00 AM
To: [EMAIL PROTECTED]
Subject: VPN problems' still exist [7:73704]
hi all,
thanks for all the assistance given using xauth
regarding easyvpn . I have solved the problem by
configuring SITE-TO-SITE VPN. but still the VPN peer
cannot
PROTECTED]
Subject: 2501 VPN [7:73977]
I need assistance configuring VPN between a Cisco 2501 and a Cisco 827H.
Both routers have IOS that supports VPN. The 2501 is connected to the ISP
via a 768kb fractional T1 and the 827H has an ADSL connection to the same
ISP. If anyone could please send
.
If you get the CCSP you'll also have the credits to be a Firewall Spec, IDS
Spec and a VPN Spec. It would make for a crowded business card.
The specs are good for 2 years, the CCSP is good for 3 years. Which is also
weird as you used the specs to get CCSP but they expire first.
I'm sure
-Oorspronkelijk bericht-
Van: Reimer, Fred [mailto:[EMAIL PROTECTED]
Verzonden: donderdag 7 augustus 2003 15:33
Aan: [EMAIL PROTECTED]
Onderwerp: RE: Strange VPN problem [7:73641]
Does anyone read the manuals around here???
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123
platform depending on req's MAYBE also deployment costs, EOL
(800 806-820's-830's series spinning like crazy, 501 here to stay, vpn hw
client okay.)
Please stop because we're fishing, we need facts.
RYAN,
Please give us a list of req's.
When you design 10-20 sites you ask for a box.
When you
, maybe used to authenticate VPN
users only.
WHAT DID YOU PUT AT THE SCREEN IKE PROPOSALS? You need Preshareds keys
there!
8.
The following example shows the various policies used in the IKE policy
named CiscoVPNClient-3DES-MD.
In this policy, Preshared Keys(XAUTH) for Authentication Mode is being
; [EMAIL PROTECTED]
Cc:
Subject: RE: VPN Best Hardware to use? [7:73793]
You mean? newest:
DSL WAN Interface Cards
WIC-1ADSL-I-DG 1-port ADSLoISDN WAN Interface Card
cco partner login:
http
-to-LAN
The Backup LAN-to-LAN feature lets you establish redundancy for your
LAN-to-LAN connection. Unlike VRRP, which provides a failover for the VPN
Concentrator, Backup LAN-to-LAN provides a failover for the connection
itself. Although VRRP and Backup LAN-to-LAN are both ways of establishing
At 4:57 PM + 8/11/03, Truman, Michelle, RTSLS wrote:
Advantis is actually now called AGNS for ATT Global Network (Was the
IBM Global Network after it was Advantis).
I still cherish memories of teaching a class to Advantis when it was
still an IBM-Sears joint venture. It was a private ICRC,
For a large campus network that has a need for wireless access in conference
rooms, cafeterias, etc., would it be overkill to require wireless clients to
use VPN IPSec software to access the campus network? This is for a customer
who is paranoid about security and understands the tradeoff of ease
Hi Ryan,
For head-end 3030/3060 would be a better choice. PIX for example doesn't
provide connectivity between remote sites in hub-and-spoke topology.
On remote side 831 might be a best pick especially if you want to provide
some backup mechanism for VPN tunnel.
Regards,
Andrey.
Message Posted
Groan. I'll bet they could really make the chIPs fly.
-Original Message-
From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]
They finally identified the superior router brand.
Craftsman.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73895t=73793
PROTECTED]
Sent: Saturday, August 09, 2003 10:36 PM
To: [EMAIL PROTECTED]
Subject: VPN Best Hardware to use? [7:73793]
I need to setup VPNs to about 2000 sites. Each site will have an IDSL line
installed that will be used to connect to monitor network devices and
servers. Some of the remote
PLease take every point I make seriously. Please also read the release notes
that belong to the vpn client. I believe you when you say you can do
everything.
Have you tried starting outlook (if you use exchange) or doing a rpc-ping,
when doing net use do you get a logon screen. I have had RPC
to put the wireless users in their own network
and implement security where the wireless and wired networks join. If
they are concerned with the traffic going back and forth over the
wireless network, what about encrypting all of their traffic by default?
If they use a VPN solution, it does nothing
Priscilla Oppenheimer wrote:
For a large campus network that has a need for wireless access in
conference
rooms, cafeterias, etc., would it be overkill to require wireless clients
to
use VPN IPSec software to access the campus network? This is for a customer
who is paranoid about security
hi all,
thanks for all the assistance given using xauth
regarding easyvpn . I have solved the problem by
configuring SITE-TO-SITE VPN. but still the VPN peer
cannot be established. I am actually doing a
site-to-site VPN from one 806 router to a cisco
concentrator 3005. attatched
]
Onderwerp: Strange VPN problem [7:73641]
hi all,
I am trying to setup a easy VPN solution for a cisco
837 to a cisco VPN concentrator 3005 using network
extension mode but I keep getting this error msg Aug
7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth
Request, Please enter the following
What type of applications do they need to support?
What devices and OS's do they need to support?
-Watch out for PDAs. Most PDAs have limited support for VPN clients.
What type of users are they? (Techie or basic AOL users?)
These are the main questions in my opinion. VPNs aren't so bad
and services
route has the server a route to the concentrator AND to the VPN
client subnet
ping client from server, IP AND name
route has the client route to server, host file?
ping ip AND name from client
Tip: always use radius
their specialist program, so
that now apparently there isn't a Firewall Specialist, VPN Specialist, and
IDS Specialist, but rather just one Security Specialist. So does that mean
that I can't use the VPN Specialist designation anymore and have to wait
until I pass all of the tests? What about
: Reimer, Fred [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2003 6:52 PM
To: [EMAIL PROTECTED]
Subject: RE: VPN Best Hardware to use? [7:73793] LITTLE OT: [7:73793]
Wow, I guess I'm dating myself a little there if that many changes have
happened. I don't believe there were that many options
PROTECTED]
Sent: Saturday, August 09, 2003 10:36 PM
To: [EMAIL PROTECTED]
Subject: VPN Best Hardware to use? [7:73793]
I need to setup VPNs to about 2000 sites. Each site will have an IDSL line
installed that will be used to connect to monitor network devices and
servers. Some of the remote
Advantis is actually now called AGNS for ATT Global Network (Was the
IBM Global Network after it was Advantis). You can get VPN's on just
about any remote client you like, from Cisco to Nortel to Checkpoint to
ATT proprietary Netgate boxes which are derived from Linux OS. You also
can run the VPN
: Monday, August 11, 2003 12:57 PM
To: Reimer, Fred; [EMAIL PROTECTED]
Subject: RE: VPN Best Hardware to use? [7:73793] LITTLE OT: [7:73883]
Advantis is actually now called AGNS for ATT Global Network (Was the
IBM Global Network after it was Advantis). You can get VPN's on just
about any remote client you
-Oorspronkelijk bericht-
Van: suaveguru [mailto:[EMAIL PROTECTED]
Verzonden: donderdag 7 augustus 2003 7:08
Aan: [EMAIL PROTECTED]
Onderwerp: Strange VPN problem [7:73641]
hi all,
I am trying to setup a easy VPN solution for a cisco
837 to a cisco VPN concentrator 3005
delete
it from your computer.
-Original Message-
From: suaveguru [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 07, 2003 1:08 AM
To: [EMAIL PROTECTED]
Subject: Strange VPN problem [7:73641]
hi all,
I am trying to setup a easy VPN solution for a cisco
837 to a cisco VPN
PROTECTED]
Sent: Saturday, August 09, 2003 10:36 PM
To: [EMAIL PROTECTED]
Subject: VPN Best Hardware to use? [7:73793]
I need to setup VPNs to about 2000 sites. Each site will have an IDSL line
installed that will be used to connect to monitor network devices and
servers. Some of the remote
I need to setup VPNs to about 2000 sites. Each site will have an IDSL line
installed that will be used to connect to monitor network devices and
servers. Some of the remote networks will be using the same network block.
I am looking to know what the best hardware to use on each end is. On my
To: [EMAIL PROTECTED]
Subject: RE: Strange VPN problem [7:73641]
XAUTH is in my perception for authentication of users, (local) escpecially
radius or tacacs.
So what we do at the hub site for a static IKE peer is disable XAUTH, so
that a spoke router does not get an auth prompt, or the hub does not wait
Dear all
We have a cisco vpn concentrator 3000 series for vpn connection.
What we want to do is to establish a vpn conncetion from a windows
client(W2k or WinXP Pro) to the concentrator and then log on to our domain
and then get the shares connected to the pc.
I created a vpn connection
-
From: Kai Bovermann [mailto:[EMAIL PROTECTED]
Sent: 08 August 2003 13:05
To: [EMAIL PROTECTED]
Subject: VPN Conncetion from Windows Client to nt domain [7:73720]
Dear all
We have a cisco vpn concentrator 3000 series for vpn connection.
What we want to do is to establish a vpn conncetion from
hi all,
I am trying to setup a easy VPN solution for a cisco
837 to a cisco VPN concentrator 3005 using network
extension mode but I keep getting this error msg Aug
7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth
Request, Please enter the following command:
Aug 7 13:08:16.571: EZVPN: crypto
that a spoke router does not get an auth prompt, or
the hub does not wait
for it.
So I think the HUb is waiting for an answer, maybe
used to authenticate VPN
users only.
WHAT DID YOU PUT AT THE SCREEN IKE PROPOSALS? You
need Preshareds keys
there!
8.
The following example shows
PROTECTED]
Subject: Strange VPN problem [7:73641]
hi all,
I am trying to setup a easy VPN solution for a cisco
837 to a cisco VPN concentrator 3005 using network
extension mode but I keep getting this error msg Aug
7 13:08:16.571: EZVPN(mendelvpn): Pending XAuth
Request, Please enter the following
Is it a size or allocation issue?
CSCdv48299
If fewer than three spots remain in the CA certificate store of a VPN 3000
Concentrator, and an attempt is made to install a CA certificate with
associated RAs, then the RA or RAs are installed (filling the store) and the
root certificate
Let's see if anyone here can answer faster than Cisco TAC.
What is the largest CA root key length supported by the Cisco VPN
Concentrator 3000 series hardware? I have a 4096 bit key and it won't
accept the root key because it can't validate it.
Fred Reimer - CCNA
Eclipsys Corporation
Sounds like you need to turn on accounting to get the start/stop records.
-Original Message-
From: Jim Devane [mailto:[EMAIL PROTECTED]
Sent: 31 July 2003 18:42
To: [EMAIL PROTECTED]
Subject: VPN logging ACS server [7:73297]
Hello all,
I have 3.6 Clients connecting to a PIX 515
Hi all,
my set up is a vpn client connection to a cisco ios router. i can connect
using an old version of the vpn client (3.6.4a) but i cannot connect using
the newer versions (4.0.1 4.0.2)i actually get to the stage of putting
in my username and password but nothing happens after
Message-
From: Tunde Kalejaiye [mailto:[EMAIL PROTECTED]
Sent: Friday, August 01, 2003 12:24 PM
To: [EMAIL PROTECTED]
Subject: VPN Client cannot connect [7:73350]
Hi all,
my set up is a vpn client connection to a cisco ios router. i can connect
using an old version of the vpn client (3.6.4a
| 12.40.100.131 (Needs VPN port passed through)
\
\
\
|Firewall 2| 12.40.100.132 (NO VPN ACCESS)
All users need the above services.
Thanks for all your help,
Steven - CCNA
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i
I am using a vpn client version 4.0.1, i connect to internet using an adsl
modem and i dial my network using the client. the problem is after i put in
my
logon details into the logon screen..the connection times outwithout ever
connecting. i have pasted the router config, the debug cry isa output
Steven Aiello wrote:
Ok,
I haven't gotten much of a bit on my access list question.
But no
worries I have a book and I'm going to try it my self. However
can any
on give me a list run down of the ports needed for a VPN?
I didn't see your first message so I don't know what you're
Don't forget UDP port 500 for ISAKMP!
-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
Sent: 31 July 2003 18:32
To: [EMAIL PROTECTED]
Subject: RE: VPN Ports [7:73290]
Steven Aiello wrote:
Ok,
I haven't gotten much of a bit on my access list question
was made by making
an entry in the Passed Authentications
But it does not record when the VPN is torn down.
Any solutions, suggestions, comments on how to capture the teardown so I can
make a reporting of how long the user was connected?
I sthere and ACS fix, a PIX fix..someother fix ( using an ISA
One thing that gets missed in the L2VPN versus L3VPN issue, with
provider-provisioned LANs, is the people aspect both for the provider
and customer.
If you provision a L2VPN, it's a familiar interface to the customer.
It's also much more familiar to telco/TDM technicians. I've seen
market
John Neiberger wrote:
I've been researching different types of service provider VPNs in general
and Qwest's PRN, in particular. From what I can gather their PRN is a
2764-based VPN offering using IPSec tunneling. I've run into two fairly
obvious caveats already and I'm wondering what other
At 9:54 PM + 7/29/03, Chuck Whose Road is Ever Shorter wrote:
BTW, I think it was dre who suggested I read the RFCs, which I've started
to
do, and suggested I check out the www.lightreading.com website. That site
is
great! I did do a search on Kompella vs. Kompella. I feel that
I've been researching different types of service provider VPNs in general
and Qwest's PRN, in particular. From what I can gather their PRN is a
2764-based VPN offering using IPSec tunneling. I've run into two fairly
obvious caveats already and I'm wondering what other caveats might await
John Neiberger wrote in message
news:[EMAIL PROTECTED]
I've been researching different types of service provider VPNs in general
and Qwest's PRN, in particular. From what I can gather their PRN is a
2764-based VPN offering using IPSec tunneling. I've run into two fairly
obvious caveats
Hi.. I have a PIX 515 connected to internet, the bandwidth is 512K.
Besides this PIX 515 also has PIX-PIX VPN to two of our branches. I found
that when I transfer a big file via the PIX-PIX VPN, the bandwidth
utilisation will never reach the maximum. But when I download big file from
PIX 515E
Performance Summary
Cleartext throughput: 188 Mbps
Concurrent connections: 130,000
168-bit 3DES IPsec VPN throughput: Up to 140 Mbps with VAC+ or 63 Mbps with
VAC
128-bit AES IPsec VPN throughput: Up to 135 Mbps with VAC+
256-bit AES IPsec VPN throughput: Up to 140 Mbps with VAC
PROTECTED]
Onderwerp: what's the bandwidth for this PIX-PIX VPN? [7:73088]
Hi.. I have a PIX 515 connected to internet, the bandwidth is 512K.
Besides this PIX 515 also has PIX-PIX VPN to two of our branches. I found
that when I transfer a big file via the PIX-PIX VPN, the bandwidth
I was wondering what ports I would need to have open for a Microsoft VPN
connection on my router. If I have done my home work correctly I think
IPSec port: 50
L2TP port : 1701
PPTP port : 1723
Are these all TCP, UDP???
I don't really have a full understanding of how the protocal and port
I was wondering what ports I would need to have open for a Microsoft VPN
connection on my router. If I have done my home work correctly I think
IPSec port: 50
L2TP port : 1701
PPTP port : 1723
Are these all TCP, UDP???
I don't really have a full understanding of how the protocal and port
: Microsoft VPN through a router [7:72824]
I was wondering what ports I would need to have open for a Microsoft VPN
connection on my router. If I have done my home work correctly I think
IPSec port: 50
L2TP port : 1701
PPTP port : 1723
Are these all TCP, UDP???
I don't really have a full
Steve,
You need to open GRE to from any source to your VPN server and then
depending on whether you're using PPTP or L2TP make sure you have either
tcp/1723 or tcp/1701 open.
My ACL looks like this for PPTP access...
access-list 101 permit tcp any host eq 1723
access-list 101 permit gre any
Steven Aiello wrote:
I was wondering what ports I would need to have open for a
Microsoft VPN
connection on my router. If I have done my home work
correctly I think
IPSec port: 50
This is protocol number (as in protocol above IP). You will also need 51 I
think.
L2TP port : 1701
UDP
1 - 100 of 1685 matches
Mail list logo