Search results

if one client works, but another doesn't, I would assume the issue is the non-working client.

md5 isn't encryption, it is a hash, and hashes generally can't be reversed.

F5 is pretty much the top name in load balancing. My company has several sets of BigIP LTM units, doing load balancing for a fairly large ($500m/yr) ecomm company. They are VERY stable, and fairly easy to use/setup.

Like this? http://www.networkworld.com/community/blog/cisco-usb-console-ports

Also, perhaps you should investigate being able to scale outwards... a design of 10 firewalls that each do 10Gb/sec is much easier to scale than 1 that does 100.

We've been using the Cisco twinax cables for nearly all of our 10G; works great.

in BGP, active is bad; it means it is actively trying to establish a connection, but can't. Generally speaking, eBGP (external BGP) requires the other side to be one-hop away, as a security mechanism; this could definitely cause you problems (unless the BGP config for the peer specifies it is...

On your PC, start three cmd prompts, and in each, ping a different target (your default gateway on your LAN, your 2nd hop, your 3rd hop) and see where the latency/loss is coming from. If you have zero loss to your gateway, and zero loss to your 2nd hop, but loss to the 3rd hop, you know the...

For what it is worth, I have GNS3 0.7.4 running perfectly on a Win7 Ultimate 64-bit, with zero problems. I usually have between 4 to 8 routers running at a time. I believe it is straight out of the box install, no modifications needed. I only use c3640-ik9s-mz.123-26.bin for all my routers.

TCP/443 is for the AnyConnect (SSL-based) VPN; the more traditional VPN is IPSec-based, which doesn't use TCP/443. I would think it would work, assuming whatever device is in front of the ASA isn't munging the packets.

The way DHCP works is the client boots up and sends a packet to 255.255.255.255 (the broadcast address) asking for any DHCP servers to give it an IP. The DHCP server then replies to the client's MAC address (they don't have a valid address yet), so they have to be in the same subnet (usually)...

I know this is trivial, but have you made sure you're running the latest NIC drivers on both NICs? This sounds very much like a bug in something.

iperf doesn't use your hdd; mostly network with a little bit of CPU. what's the latency between devices? You can try increasing your TCP window size; when I do iperf test I usually bump it up to 64k or so (iperf -w 64k) C:\>iperf -w 65k -c 192.168.220.87...

I don't know if this is even possible; a traditional router doesn't keep track of sessions, as it isn't stateful.

what version of AnyConnect? How are you installing it (via a push from a website, or directly from an exe)

I think you need a business account; they charge like $10-15 per month per static IP.

if you need high availability, the 5505 won't cut it (you'd need a 5510 to do A/S). It appears you don't configure the devices yourself, so make sure whatever you buy you can hire someone to do it; Cisco people are easier to find than Juniper geeks.

Disabling ssh and using telnet instead is a really, really bad idea; I would fire you in a heartbeat if you worked for me and did that.

http://en.wikipedia.org/wiki/10base2 "10BASE2 (also known as cheapernet, thin Ethernet, thinnet, and thinwire) is a variant of Ethernet that uses thin coaxial cable (RG-58A/U or similar, as opposed to the thicker RG-8 cable used in 10BASE5 networks), terminated with BNC connectors. During the...

The Cat 4500 is a beast, it can do just about whatever you want; it is overkill for the CCNA. With the correct hardware, it can route between subnets just fine; the problem you will have is you are trying to learn routing with only one router (its like learning Spanish with no one to talk...

What sort of desktops do you have that need more than 1Gb? What switch will you be using? I can't find any high density edge switches that do 10Gb; I'm not about to deploy a Nexus in my edge wiring closet.

It depends. Personally, I wouldn't do it, but in my environment, my users don't push over 100Mb, much less 1Gb; I see us moving out of our existing building long before anybody needs 10Gb to their desktop.

Agreed, have your firewall guys modify the cryptomaps and nat exemptions for the new subnets.

What about a Cisco 3550? Those are kinda older but will do basic L3 functionality.

You may be able to turn on LLDP, which a non-Cisco phone may also support (LLDP = non-propritary version of CDP); if not, you can also statically assign power to a port (like 'power inline consumption 3300')

yes (unless you do something goofy and hide the DR network behind a NAT statement). On each end you'll need to add the DR site to your NAT exemption, and also modify your crypto map to allow access to the DR network via the existing tunnel. Or create tunnels between each end-site and the DR...

"they want to firewall it and port forward as you would normally but they want to stop that VLAN accessing the other VLANs but allow the other VLANs to access" = textbook definition of a DMZ

Usually, you want your DMZ to terminate its Layer3 interface at the firewall, especially if you have a nice stateful firewall like an ASA. I'd have the DMZ hanging off an DMZ interface on the firewall, and all of your other VLANs on a different interface; you may not even need the 1941 router...

trunks don't show in 'show vlan', and if its cisco phone, it makes a trunk to do the voice vlan.

kiwi cattools is free for 20 devices; see http://www.kiwisyslog.com/kiwi-cattools-overview/ for details.

RANCID for the win!

access-list 90 permit ip 10.10.1.0 255.255.255.0 any crypto map outside_map 20 ipsec-isakmp access-list 85 permit ip 10.10.1.0 255.255.255.0 192.168.0.0 255.255.0.0 crypto map outside_map 30 match address 85 here is your problem. outside_map 20 has a higher number than 30, so it gets...

I don't mind seeing CCNP Bootcamps ads, or ads for Load Balancers; at least its something I'm interested in, as opposed to My Little Pony or something random.

Routers usually only have a small handful of ports; what you need is a switch, and it sounds like a 48-port one. Do you need 10/100, or gig, or 10G? When dealing with large storage, usually a SAN or NAS is used; this way multiple servers can point to the same data (with a NAS) or you can have...

6-8 ms of jitter is absolutely nothing to worry about.

11MB/sec is about what you'd expect from 100megabit ethernet; make sure all links are really up at 1 Gig.

IPSEC is an addon to IPv4, but required for IPv6, so IPSEC would be the closest answer I think.

"This error usually occurs in firefox. The error (Error code: sec_error_reused_issuer_and_serial) occurs because the page that we try to view can not be shown as the authenticity of the received data could not be verified. If we receive such error and are trying to access something that has a...

its a bug in Firefox; you have to manually delete the old cert from your cert store. Google for the error for more info.

I take it using SFTP (FTP over SSH, which plays nicely with firewalls) isn't an option?