Search results

  1. F

    HAProxy SNI SSL Question...

    if one client works, but another doesn't, I would assume the issue is the non-working client.
  2. F

    Is using S/MIME encryption and MD5 an acceptable alternative to SFTP xfer?

    md5 isn't encryption, it is a hash, and hashes generally can't be reversed.
  3. F

    Load balancing, F5, Cisco. other options

    F5 is pretty much the top name in load balancing. My company has several sets of BigIP LTM units, doing load balancing for a fairly large ($500m/yr) ecomm company. They are VERY stable, and fairly easy to use/setup.
  4. F

    Cisco 2611XM/2621XM or 3725 for CCNA/CCNP?

    Like this?
  5. F

    Need 100 gb/sec firewall... suggestions?

    Also, perhaps you should investigate being able to scale outwards... a design of 10 firewalls that each do 10Gb/sec is much easier to scale than 1 that does 100.
  6. F

    Which SFP+ transceiver are you using with Intel 10GbE cards?

    We've been using the Cisco twinax cables for nearly all of our 10G; works great.
  7. F

    BGP questions

    in BGP, active is bad; it means it is actively trying to establish a connection, but can't. Generally speaking, eBGP (external BGP) requires the other side to be one-hop away, as a security mechanism; this could definitely cause you problems (unless the BGP config for the peer specifies it is...
  8. F

    high packet loss despite good signals

    On your PC, start three cmd prompts, and in each, ping a different target (your default gateway on your LAN, your 2nd hop, your 3rd hop) and see where the latency/loss is coming from. If you have zero loss to your gateway, and zero loss to your 2nd hop, but loss to the 3rd hop, you know the...
  9. F

    GNS3 problems

    For what it is worth, I have GNS3 0.7.4 running perfectly on a Win7 Ultimate 64-bit, with zero problems. I usually have between 4 to 8 routers running at a time. I believe it is straight out of the box install, no modifications needed. I only use c3640-ik9s-mz.123-26.bin for all my routers.
  10. F

    Cisco ASA

    TCP/443 is for the AnyConnect (SSL-based) VPN; the more traditional VPN is IPSec-based, which doesn't use TCP/443. I would think it would work, assuming whatever device is in front of the ASA isn't munging the packets.
  11. F

    LAN party network setup

    The way DHCP works is the client boots up and sends a packet to (the broadcast address) asking for any DHCP servers to give it an IP. The DHCP server then replies to the client's MAC address (they don't have a valid address yet), so they have to be in the same subnet (usually)...
  12. F

    Jumbo frames trash NIC

    I know this is trivial, but have you made sure you're running the latest NIC drivers on both NICs? This sounds very much like a bug in something.
  13. F

    iperf test on cat5e Gb network, 177Mbits/sec...Why?

    iperf doesn't use your hdd; mostly network with a little bit of CPU. what's the latency between devices? You can try increasing your TCP window size; when I do iperf test I usually bump it up to 64k or so (iperf -w 64k) C:\>iperf -w 65k -c
  14. F

    Cisco Router - Max TCP Sessions?

    I don't know if this is even possible; a traditional router doesn't keep track of sessions, as it isn't stateful.
  15. F

    Can't install Cisco AnyConnect

    what version of AnyConnect? How are you installing it (via a push from a website, or directly from an exe)
  16. F

    Who here hosts a web server on a cable connection?(dynamic IP)

    I think you need a business account; they charge like $10-15 per month per static IP.
  17. F

    Router/Firewall suggestions (commercial)

    if you need high availability, the 5505 won't cut it (you'd need a 5510 to do A/S). It appears you don't configure the devices yourself, so make sure whatever you buy you can hire someone to do it; Cisco people are easier to find than Juniper geeks.
  18. F

    Cisco router disable SSH?

    Disabling ssh and using telnet instead is a really, really bad idea; I would fire you in a heartbeat if you worked for me and did that.
  19. F

    LAN over coaxle experiences "10BASE2 (also known as cheapernet, thin Ethernet, thinnet, and thinwire) is a variant of Ethernet that uses thin coaxial cable (RG-58A/U or similar, as opposed to the thicker RG-8 cable used in 10BASE5 networks), terminated with BNC connectors. During the...
  20. F

    Multiple switch from one C4500

    The Cat 4500 is a beast, it can do just about whatever you want; it is overkill for the CCNA. With the correct hardware, it can route between subnets just fine; the problem you will have is you are trying to learn routing with only one router (its like learning Spanish with no one to talk...
  21. F

    New Building - Cat6 or Cat6A

    What sort of desktops do you have that need more than 1Gb? What switch will you be using? I can't find any high density edge switches that do 10Gb; I'm not about to deploy a Nexus in my edge wiring closet.
  22. F

    New Building - Cat6 or Cat6A

    It depends. Personally, I wouldn't do it, but in my environment, my users don't push over 100Mb, much less 1Gb; I see us moving out of our existing building long before anybody needs 10Gb to their desktop.
  23. F

    Certain subnets not connecting to Exchange!

    Agreed, have your firewall guys modify the cryptomaps and nat exemptions for the new subnets.
  24. F

    Need L3 Managed Switch

    What about a Cisco 3550? Those are kinda older but will do basic L3 functionality.
  25. F

    Cisco POE Q's

    You may be able to turn on LLDP, which a non-Cisco phone may also support (LLDP = non-propritary version of CDP); if not, you can also statically assign power to a port (like 'power inline consumption 3300')
  26. F

    Quick IPSEC Question

    yes (unless you do something goofy and hide the DR network behind a NAT statement). On each end you'll need to add the DR site to your NAT exemption, and also modify your crypto map to allow access to the DR network via the existing tunnel. Or create tunnels between each end-site and the DR...
  27. F

    Cisco - DMZ

    "they want to firewall it and port forward as you would normally but they want to stop that VLAN accessing the other VLANs but allow the other VLANs to access" = textbook definition of a DMZ
  28. F

    Cisco - DMZ

    Usually, you want your DMZ to terminate its Layer3 interface at the firewall, especially if you have a nice stateful firewall like an ASA. I'd have the DMZ hanging off an DMZ interface on the firewall, and all of your other VLANs on a different interface; you may not even need the 1941 router...
  29. F

    A friend just sent me this cisco question

    trunks don't show in 'show vlan', and if its cisco phone, it makes a trunk to do the voice vlan.
  30. F

    ASA guru's, logging archive for ASA?

    kiwi cattools is free for 20 devices; see for details.
  31. F

    ASA guru's, logging archive for ASA?

    RANCID for the win!
  32. F

    Cisco tunnel/routing question

    access-list 90 permit ip any crypto map outside_map 20 ipsec-isakmp access-list 85 permit ip crypto map outside_map 30 match address 85 here is your problem. outside_map 20 has a higher number than 30, so it gets...
  33. F

    Google spied my email! Stop using google!

    I don't mind seeing CCNP Bootcamps ads, or ads for Load Balancers; at least its something I'm interested in, as opposed to My Little Pony or something random.
  34. F

    10TB Local Web Server with more than 20 users

    Routers usually only have a small handful of ports; what you need is a switch, and it sounds like a 48-port one. Do you need 10/100, or gig, or 10G? When dealing with large storage, usually a SAN or NAS is used; this way multiple servers can point to the same data (with a NAS) or you can have...
  35. F

    AT&T is $#@!

    6-8 ms of jitter is absolutely nothing to worry about.
  36. F

    DIR-655 slow transfer speeds

    11MB/sec is about what you'd expect from 100megabit ethernet; make sure all links are really up at 1 Gig.
  37. F

    IPv4 Association question

    IPSEC is an addon to IPv4, but required for IPv6, so IPSEC would be the closest answer I think.
  38. F

    ASA ASDM Certificate Error when trying to connect.

    "This error usually occurs in firefox. The error (Error code: sec_error_reused_issuer_and_serial) occurs because the page that we try to view can not be shown as the authenticity of the received data could not be verified. If we receive such error and are trying to access something that has a...
  39. F

    ASA ASDM Certificate Error when trying to connect.

    its a bug in Firefox; you have to manually delete the old cert from your cert store. Google for the error for more info.
  40. F

    Cisco ASA open port range to network segment

    I take it using SFTP (FTP over SSH, which plays nicely with firewalls) isn't an option?