F5 is pretty much the top name in load balancing. My company has several sets of BigIP LTM units, doing load balancing for a fairly large ($500m/yr) ecomm company. They are VERY stable, and fairly easy to use/setup.
Also, perhaps you should investigate being able to scale outwards... a design of 10 firewalls that each do 10Gb/sec is much easier to scale than 1 that does 100.
in BGP, active is bad; it means it is actively trying to establish a connection, but can't.
Generally speaking, eBGP (external BGP) requires the other side to be one-hop away, as a security mechanism; this could definitely cause you problems (unless the BGP config for the peer specifies it is...
On your PC, start three cmd prompts, and in each, ping a different target (your default gateway on your LAN, your 2nd hop, your 3rd hop) and see where the latency/loss is coming from.
If you have zero loss to your gateway, and zero loss to your 2nd hop, but loss to the 3rd hop, you know the...
For what it is worth, I have GNS3 0.7.4 running perfectly on a Win7 Ultimate 64-bit, with zero problems. I usually have between 4 to 8 routers running at a time.
I believe it is straight out of the box install, no modifications needed. I only use c3640-ik9s-mz.123-26.bin for all my routers.
TCP/443 is for the AnyConnect (SSL-based) VPN; the more traditional VPN is IPSec-based, which doesn't use TCP/443.
I would think it would work, assuming whatever device is in front of the ASA isn't munging the packets.
The way DHCP works is the client boots up and sends a packet to 255.255.255.255 (the broadcast address) asking for any DHCP servers to give it an IP. The DHCP server then replies to the client's MAC address (they don't have a valid address yet), so they have to be in the same subnet (usually)...
iperf doesn't use your hdd; mostly network with a little bit of CPU.
what's the latency between devices? You can try increasing your TCP window size; when I do iperf test I usually bump it up to 64k or so (iperf -w 64k)
C:\>iperf -w 65k -c 192.168.220.87...
if you need high availability, the 5505 won't cut it (you'd need a 5510 to do A/S).
It appears you don't configure the devices yourself, so make sure whatever you buy you can hire someone to do it; Cisco people are easier to find than Juniper geeks.
http://en.wikipedia.org/wiki/10base2
"10BASE2 (also known as cheapernet, thin Ethernet, thinnet, and thinwire) is a variant of Ethernet that uses thin coaxial cable (RG-58A/U or similar, as opposed to the thicker RG-8 cable used in 10BASE5 networks), terminated with BNC connectors. During the...
The Cat 4500 is a beast, it can do just about whatever you want; it is overkill for the CCNA. With the correct hardware, it can route between subnets just fine; the problem you will have is you are trying to learn routing with only one router (its like learning Spanish with no one to talk...
What sort of desktops do you have that need more than 1Gb?
What switch will you be using? I can't find any high density edge switches that do 10Gb; I'm not about to deploy a Nexus in my edge wiring closet.
It depends. Personally, I wouldn't do it, but in my environment, my users don't push over 100Mb, much less 1Gb; I see us moving out of our existing building long before anybody needs 10Gb to their desktop.
You may be able to turn on LLDP, which a non-Cisco phone may also support (LLDP = non-propritary version of CDP); if not, you can also statically assign power to a port (like 'power inline consumption 3300')
yes (unless you do something goofy and hide the DR network behind a NAT statement). On each end you'll need to add the DR site to your NAT exemption, and also modify your crypto map to allow access to the DR network via the existing tunnel.
Or create tunnels between each end-site and the DR...
"they want to firewall it and port forward as you would normally but they want to stop that VLAN accessing the other VLANs but allow the other VLANs to access" = textbook definition of a DMZ
Usually, you want your DMZ to terminate its Layer3 interface at the firewall, especially if you have a nice stateful firewall like an ASA. I'd have the DMZ hanging off an DMZ interface on the firewall, and all of your other VLANs on a different interface; you may not even need the 1941 router...
access-list 90 permit ip 10.10.1.0 255.255.255.0 any
crypto map outside_map 20 ipsec-isakmp
access-list 85 permit ip 10.10.1.0 255.255.255.0 192.168.0.0 255.255.0.0
crypto map outside_map 30 match address 85
here is your problem.
outside_map 20 has a higher number than 30, so it gets...
I don't mind seeing CCNP Bootcamps ads, or ads for Load Balancers; at least its something I'm interested in, as opposed to My Little Pony or something random.
Routers usually only have a small handful of ports; what you need is a switch, and it sounds like a 48-port one. Do you need 10/100, or gig, or 10G?
When dealing with large storage, usually a SAN or NAS is used; this way multiple servers can point to the same data (with a NAS) or you can have...
"This error usually occurs in firefox. The error (Error code: sec_error_reused_issuer_and_serial) occurs because the page that we try to view can not be shown as the authenticity of the received data could not be verified.
If we receive such error and are trying to access something that has a...