I have a vpn set up in a client server config between two locations on pix devices, mainly because there are remote vpn user's that vpn in to the main pix as well. I've now been instructed to set up a standard lan to lan vpn between the two sites, with the explanation that the main site...
yo fewl gotta small wireless project going in, and since interntet is so sketchy out in the boondox of desert heaven there was a desicion made to pruchase dsl and cable internet with the idea of wan fail over. woo hoo! two internets! The original idea was to have something like a watchgaurd...
Hey guys,
i got two routers, and want to test a point to point t1 here in house. never done the in house test before, but for some reason i seem to remember it being possible, and that i just make a flip over cable. anyone know the details of this procedure? google isn't helping me :<...
allright SWEET
veedubs ftw
final and working is this
interface FastEthernet0/1.5
description Production
encapsulation dot1Q 6
ip address 192.168.50.1 255.255.255.0
ip access-group 101 in
ip access-group 101 out
access-list 101 deny tcp host 192.168.50.22 any eq www...
i dont know, do i?
all i want is to allow full access to everything (like it is right now) and block one host from the web. that's it. in 2 or 3 weeks when i do some real reading i'll set up soem acl's worht a darn to compliment our firewall, right now i just have a request to deny http...
well mabei dont have it figured out. in my tet it seemed to work, i could do everything but surf, i just applied it to the pc i wanted it on, and he can do nothing. no access to files shares or anything, however he can ping his subnet. what am i missing? code is as follows
interface...
well that didn;t work either, i ran your lines boscoh only to deny all traffic what so ever to the specific address i put it on, except on its subnet (i could communicate with hosts on its subnet, but not wiht hosts on other vlans, or the intenet on any protocol). so im thinking the last line...
that's funny, i apply to rules to see my entier subnet get blocked, and jsut come back from the server room removing that rule and see your post boscoh. good times.
round 2 FITE.
thanks for hte reply,
as it sits i dont have any access lists at all, so i assume i want this to be an extended one? (100 or greater?) and then apply it to the vlan that that specific ip is on?
hey guys,
Im getting ready to put up a full ACL here at our company, and am looking at doing this over the next coupla weeks, however, i just had a manager request i deny all web access to a computer that his subordinates are taking advantage of. as far as i know this will be the only PC in...
the point to point is already decided upon, it'll be 487 a month for one connection, and 485 for the second (both from a qwest var, the run;s would be strictly qwest, so no need for public ip) the current t1 is 399 a month. there is no reliable cable/dsl solution at either remote location...
hey guys,
i was recently approached by some friends that want to set up a point to point t1 from theyr central office to two remote offices, (both abotu 200 miles away.) they were quote 10k for the setup from some it company around town, and asked if that was legit. they said they;d have to...
i found this
but i don't have the "ip dns server" command. my router is a 2621xm runnung 12.3(5a). guess i'll have to upgrade my ios before i can do that. sucks.
xphil3:
no DHCP, i know i know call me a doofus, its a management nightmare etc etc. the way we audit here at work is via computer name, from the computer name i can get the ip, room, computer model, and dept that computer is in, so we go static. so far its worked great, you just gotta...
ok, good news all around, i mentioned i tested both of our setups in the routersim last night, today i set up both of our labs in the real world with acutal routers and it worked, so jsut 20 minutes ago i turned on rip v2 on the windows 2003 box and blamo, a minute later i was able to ping...
hey guys, thansk so much again for all these repplies,
sorry i didnt get on here yesterday, i just moved to utah and my transmission froze, so i had to buy adn install a block heater yesterday.
xphil3:
i set up both of our setups in boson router sim and had no problem pinging outside. I'm bakc...
i tftp'd your files onto my swithc and router to no avail, however when i come in tomorrow i'll set up a router at the other end instead of a firewall. i have a few 2500's laying to where i can perfectly mimic your setup. only thing i cant mimic is your isl, i dont have any 1900 switched and...
sorry i only got hte boson sim, this setup is on an actal touer and switch. i reloaded each after lunhc and started from scratch, but it really doesnt seem to matter. even bfore i put any vlans in the mix the router can ping inside and out, and the switch can ping any interface on the router...
*sigh* i dont know what's up. i added vlan 1 2 3 1002-1005 and it didint work for a good 10 minutes. now all the sudden it jsut starts working, but in the same boat i was before.
i can ping all sub interfaces from the switch, and the external interface (10.1.60.22) of the router, just not...
i dont know what the deal is. now from the switch i can ping only itself (10.15.5.10 which is vlan1) i can't ping the subinterface of vlan1 (10.15.5.1) however from a host on vlan3 i can ping every subinterface, and the external interface of the router (10.1.60.22), just not beyond it...
added it to port 12, and now i can ping no sub interfaces, nor the external interface on the router from the swtich. config is below
Current configuration : 981 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service...
aight i added that command to no avail, my config for the port im testing looks like this
interface FastEthernet0/3
switchport access vlan 3
switchport trunk allowed vlan 3
switchport mode access
can still hit the outside interface of the router, but not the inside interface of...
hey thanks for the reply, the answer to the "can you ping the sub interfaces from the switch" is yes. i can ping every sub interface from the switch, and from any host on the switch, and i can ping the out side interface of the router from the switch and any host on the switch. i can ping any...
xphil
thanks for your reply, i cant find that "switchport trunk access <vlan>" is a command, maybe its the wrong syntax? im thinking im lacking the "switchport trunk native vlan <number>" command, im getting ready to try that.
from the switch no, from the router yes, the farthest i make it...
10.1.60.1 is the interface of my firewall, 10.1.60.22 is the outside interface of the router. if you try to make the gateway 10.1.60.22 it gives an error saying that ip address is the router. if i plug a computer up right to my firewall with the address 10.1.60.22 and a gateway of 10.1.60.1 it...
hey guys, for giggles i wanted to set up a vlan just cuz i was bored. everything in this vlan works, expect the internet. the hosts on vlan 2 and can talk to 3 and so on, but they can't get to the internet. the router's internet facing interface is 10.1.60.22 (fast Ethernet 0/0), and it can...
the problem now is my external ips are assinged to my eth 0/0. ser 0/0.1 and eth 0/0 are essentually bonded together, so i can;t assign the external ip to the ser 0/0 to NAT between two networks, as you cant have 2 interfaces like that on the same network (i.e ser 0/0 as 10.1.1.93 and eth 0/0...
monkey wrench int he system,
i go to log onto the router that needs the new config, and the ser 0/0 has IETF fram relay encalsulation on it, with no ip, and our first public (10.1.1.193) assinged to eth 0/0. naturally if i try to assining 10.1.1.200 to a sub interface of ser 0/0, i get an...
Hey guys,
I need to set up static nat on my cisco 2600 so that public IP's point to a specific internal IP. this is my topology i have 10.1.1.93-210 as my public ips, and 172.1.1.1 as my internal network. i want 10.1.1.200 to forward to 172.124.1.4. my serial int is 10.1.1.93 with...
it doense mean it was you, you know how many laptops are stolen lately with personal information on them? The one with millions of veterans info, the one wiht 200k+ florididians info, the list goes on. and those are the ones we just hear about. the best crackers you'll never here about...
So, im working on and off on this, the idea being that anyone that plugs into our network wont be able to surf, instead they'll be asked for credentials, once authenticated they'd then be able to surf, and use our netowrk accordingly. I looked around at RADIUS and TACACS+, also looked at some...
On a PC, you would go to your network interface's properties. Click on the "configure" button next to your network interface's description. Then set the "link speed & duplex" on the "advanced" tab to Auto. Here is a screenshot:
taken from this page which i then read all 3 parts, not a bad...
first things first, if you suspect teh firewall, simply elimiante it. get on the otherside and do bandwidth tests and watch your ping times, do the same analysis from inside the firewall and compare notes. use the speakyeasy speed test tools, set up several ftp tests, ping and trace rt tests...
i smell a duplex mismatch here, you'll be able to ping fine but only have 10-40 percent of your bandwith. im willing to bet that thing defaulted to 10meg half duplex, or 100 meg half duplex and the auttonegotiation failed to match the half duplex of the in question NIC, causeing TCP to...