Search Results

Search found 1134 results on 46 pages for 'cisco'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 27/46 | < Previous Page | 23 24 25 26 27 28 29 30 31 32 33 34  | Next Page >

  • Timout dead connections to Digi PortServer TS16

    - by MT
    We are using Digi portservers for console management of our routers. Basically users telnet to the Digis on ports 2001-2016 (corresponding to the physical serial port they want to connect to). Does anyone know if there is a way to cause the digi to close/release a user's connection after an period of idle time and if possible, where that time can be specified?

    Read the article

  • Monitoring ASA packet loss via SNMP

    - by dunxd
    I want to monitor packet loss on my ASA 5505 VPN endpoints using SNMP. This is so I can graph the rates in Cacti and/or get alerts in Nagios. However, I am not sure what SNMP values I should use to measure packet loss. In the ASA I can run sh interface Internet stats to show traffic statistics for the interface connected to the Internet. This shows 1 minute and 5 minute drop rates. Are these measures an indicator of packet loss? Are there SNMP values I can access that correspond to those values? Should I be looking at different values? Is the ASA even able to measure packet loss?

    Read the article

  • HTTP traffic through PIX VPN from outside site

    - by fwrawx
    I have a remote site with a website that only allows access from the outside IP assigned to our local PIX. I have users connecting to the local networking using a VPN that need to be able to view this remote site. I don't think this works because the packets want to come in and go out over the same (ext) interface. So I'm looking for a way to make this work using the PIX or setting up a service on a server on the local network to act as a middle-man for the HTTP requests. The remote site doesn't support setting up a VPN to our PIX. The remote website is dishing out pages over a non-standard port. Can I use squid or something similar to proxy just one site?

    Read the article

  • problems with ASA 8.4 Nat Rules for a Web Server

    - by Marko
    Having problems with the NAT RULES and Access Rules changes on my ASA5505. Want to straight replace a 5505 with a newer 5505 and unfortunately this means dealing with old version 7.2 and the newer 8.4 configurations. my old NAT RULE: static (inside,outside) WebOutside WebInside netmask 255.255.255.255 and an Access Rule of: access-list outside_access_in extended permit tcp any host WebOutside eq www these dont work in 8.4 I understand there are some changed but I can find little information that makes any sense on how to configure these. Any pointers welcomed.

    Read the article

  • pinx 501 with print server - 10 licenses

    - by ra170
    I have pix 501 with only 10 licenses. I'm already approaching this limit, running 2 computers at home, 2 laptops, PS3, iphones, 2 web cams..not everthing is on all the time, but it's possible as I'm looking into adding a print server, so that I can print from anywhere in the house. So my question is, will the print server count as a connection towards the license? I think it will need default gateway, which in this case will be my pix 501. I've seen somewhere on some othee board saying, don't set default gateway in the print server to pix 501, but then how would that work? is there a work around? I don't need to print from VPN or from outside, just inside..

    Read the article

  • BGP Router reccomendations for simple redundancy [closed]

    - by Jona
    We have two sites that each have an internet connection and have a dedicated dark fibre between them. Each site has it's own IP space and we have an AS number. We're looking to be resilient to failure of the internet connection to either site and so need to buy a pair of approriate routers. Requirements are: Able to run 2 bgp sessions (one with the ISP, one with the other site router) Option to take a full table from the upstream ISPs would be nice. Able to provide HA gateways on the LAN side (e.g. 192.168.0.254 will automatically migrate if it's host router lost power) A dedicated device rather than a server running Linux / BSD Not crazy expensive. Any help / advice much appreciated.

    Read the article

  • ASA 5505 8.4 open ports for subnet

    - by fwrawx
    I have an ASA 5505 running 8.4 with its outside interface plugged into our internal network. I want to open up access to hosts on one of the vlans behind that ASA to hosts on our internal network. I was just starting to grasp NAT on our older PIX but the ASA 8.4 has me confused now. Given a clean ASA with an outside vlan of 10.0.0.1/24 and test vlan of 10.0.1.1/24 what's the basic configuration needed to allow any hosts on the outside network to have access to any of the hosts on the test network?

    Read the article

  • Switch flooding when bonding interfaces in Linux

    - by John Philips
    +--------+ | Host A | +----+---+ | eth0 (AA:AA:AA:AA:AA:AA) | | +----+-----+ | Switch 1 | (layer2/3) +----+-----+ | +----+-----+ | Switch 2 | +----+-----+ | +----------+----------+ +-------------------------+ Switch 3 +-------------------------+ | +----+-----------+----+ | | | | | | | | | | eth0 (B0:B0:B0:B0:B0:B0) | | eth4 (B4:B4:B4:B4:B4:B4) | | +----+-----------+----+ | | | Host B | | | +----+-----------+----+ | | eth1 (B1:B1:B1:B1:B1:B1) | | eth5 (B5:B5:B5:B5:B5:B5) | | | | | | | | | +------------------------------+ +------------------------------+ Topology overview Host A has a single NIC. Host B has four NICs which are bonded using the balance-alb mode. Both hosts run RHEL 6.0, and both are on the same IPv4 subnet. Traffic analysis Host A is sending data to Host B using some SQL database application. Traffic from Host A to Host B: The source int/MAC is eth0/AA:AA:AA:AA:AA:AA, the destination int/MAC is eth5/B5:B5:B5:B5:B5:B5. Traffic from Host B to Host A: The source int/MAC is eth0/B0:B0:B0:B0:B0:B0, the destination int/MAC is eth0/AA:AA:AA:AA:AA:AA. Once the TCP connection has been established, Host B sends no further frames out eth5. The MAC address of eth5 expires from the bridge tables of both Switch 1 & Switch 2. Switch 1 continues to receive frames from Host A which are destined for B5:B5:B5:B5:B5:B5. Because Switch 1 and Switch 2 no longer have bridge table entries for B5:B5:B5:B5:B5:B5, they flood the frames out all ports on the same VLAN (except for the one it came in on, of course). Reproduce If you ping Host B from a workstation which is connected to either Switch 1 or 2, B5:B5:B5:B5:B5:B5 re-enters the bridge tables and the flooding stops. After five minutes (the default bridge table timeout), flooding resumes. Question It is clear that on Host B, frames arrive on eth5 and exit out eth0. This seems ok as that's what the Linux bonding algorithm is designed to do - balance incoming and outgoing traffic. But since the switch stops receiving frames with the source MAC of eth5, it gets timed out of the bridge table, resulting in flooding. Is this normal? Why aren't any more frames originating from eth5? Is it because there is simply no other traffic going on (the only connection is a single large data transfer from Host A)? I've researched this for a long time and haven't found an answer. Documentation states that no switch changes are necessary when using mode 6 of the Linux interface bonding (balance-alb). Is this behavior occurring because Host B doesn't send any further packets out of eth5, whereas in normal circumstances it's expected that it would? One solution is to setup a cron job which pings Host B to keep the bridge table entries from timing out, but that seems like a dirty hack.

    Read the article

  • IP NAT pool range

    - by hfranco
    When is it necessary to setup a pool of more than one address? So if I have this ip pool range: ip nat pool demo 72.32.11.65 72.32.11.66 netmask 255.255.255.252 What's the difference if I just have one address? ip nat pool demo 72.32.11.65 72.32.11.65 netmask 255.255.255.252

    Read the article

  • Are all SFP+ tranceivers usable for FEX between Nexus 5000 and Nexus 2000?

    - by Alain O'Dea
    I am looking at building a network with Nexus 5000 parent switches and Nexus 2000 fabric extenders. The mystery at the moment is what kind of SFP+ tranceivers are required for cross-connecting racks. Right now I am considering FET-10G, but I am not sure that 100m is long enough given the separation between racks is potentially very large since it is a rented rack environment. Are all SFP+ tranceivers usable for FEX between Nexus 5000 and Nexus 2000? Specifically, can SFP-10G-SR transceivers be used for longer distance FEX?

    Read the article

  • Finding spoofed IP address on network

    - by Jared
    I have a few IP spoof dropped messages coming out of my Sonicwall firewall, we'll call them Source A and Source B. Both of these sources have the same mac address indicating they're coming from the layer 3 switch behind my firewall. Source A has an ip within a valid subnet on my network and it shows up in the ARP table of my layer 3 switch. I was able to trace the exact location and fix the issue. Source B's ip however, is not within valid subnet on my network and it's not showing up in my layer 3 switches arp table. Any idea how I can trace the location of this device within my network? Thanks in advance.

    Read the article

  • Taking stock of an existing ASA Firewall

    - by Nate
    Imagine you are given an existing network using an ASA firewall. The network works, but you aren't sure of anything else. The firewall may be completely improperly configured, with "outside" actually being inside and "inside" actually being outside, for all you know. My question is this: what are the commands to take stock of an existing ASA firewall setup? With only CLI access, how do I figure out: What interfaces are available The names of the interfaces The security levels attached to the interfaces The access-lists attached to the interfaces, including rules and directions I know how to set these things (interface, nameif, security-level, and access-list/access-group), but I don't know how to figure them out given an existing system. On a related note, is there anything else that I should worry about checking to make sure that the network isn't wide open? Thanks!

    Read the article

  • got VPN l2l connect between a site & HQ but not traffice using ASA5505 on both ends

    - by vinlata
    Hi, Could anyone see what did I do wrong here? this is one configuration of site1 to HQ on ASA5505, I can get connected but seems like no traffic going (allowed) between them, could it be a NAT issue? any helps would much be appreciated Thanks interface Vlan1 nameif inside security-level 100 ip address 172.30.205.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address pppoe setroute ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 shutdown ! interface Ethernet0/3 shutdown ! interface Ethernet0/4 shutdown ! interface Ethernet0/5 shutdown ! interface Ethernet0/6 shutdown ! interface Ethernet0/7 shutdown ! passwd .dIuXDIYzD6RSHz7 encrypted ftp mode passive dns server-group DefaultDNS domain-name errg.net object-group network HQ network-object 172.22.0.0 255.255.0.0 network-object 172.22.0.0 255.255.128.0 network-object 172.22.0.0 255.255.255.128 network-object 172.22.1.0 255.255.255.128 network-object 172.22.1.0 255.255.255.0 access-list inside_access_in extended permit ip any any access-list outside_access_in extended permit icmp any any echo-reply access-list outside_20_cryptomap extended permit ip 172.30.205.0 255.255.255.0 o bject-group HQ access-list inside_nat0_outbound extended permit ip 172.30.205.0 255.255.255.0 o bject-group HQ access-list policy-nat extended permit ip 172.30.205.0 255.255.255.0 172.22.0.0 255.255.0.0 pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 nat-control global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) 172.30.205.0 access-list policy-nat access-group inside_access_in in interface inside access-group outside_access_in in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute username errgadmin password Os98gTdF8BZ0X2Px encrypted privilege 15 http server enable http 64.42.2.224 255.255.255.240 outside http 172.22.0.0 255.255.0.0 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto map outside_map 190 match address outside_20_cryptomap crypto map outside_map 190 set pfs crypto map outside_map 190 set peer 66.7.249.109 crypto map outside_map 190 set transform-set ESP-3DES-SHA crypto map outside_map 190 set phase1-mode aggressive crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 30 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 65535 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp nat-traversal 190 crypto isakmp ipsec-over-tcp port 10000 tunnel-group 66.7.249.109 type ipsec-l2l tunnel-group 66.7.249.109 ipsec-attributes pre-shared-key * telnet timeout 5 ssh 172.30.205.0 255.255.255.0 inside ssh 172.22.0.0 255.255.0.0 outside ssh 64.42.2.224 255.255.255.240 outside ssh 172.25.0.0 255.255.128.0 outside ssh timeout 5 console timeout 0 management-access inside vpdn group PPPoEx request dialout pppoe vpdn group PPPoEx localname [email protected] vpdn group PPPoEx ppp authentication pap vpdn username [email protected] password ********* dhcpd address 172.30.205.100-172.30.205.131 inside dhcpd dns 172.22.0.133 68.94.156.1 interface inside dhcpd wins 172.22.0.133 interface inside dhcpd domain errg.net interface inside dhcpd enable inside ! ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! end

    Read the article

  • ASA Slow IPSec Performance

    - by Brent
    I have a IPSec link between two sites over ASA 5520s running 8.4(3) and I am getting extremly poor performance when traffic passes over the VPN. CPU on the device is 13%, Memory at 408 MB, and active VPN sessions 2 so the load on the device is particularly low. Screenshot of wireshark file transfer between the two hosts over the VPN: The large amount of Header checksum failures is alarming, but I am not sure what to check now. I perf is showing around 4-5 Mbit/sec with differing TCP window sizes. Show Run on the ASA http://pastebin.com/uKM4Jh76 Show cry accelerator stats http://pastebin.com/xQahnqK3

    Read the article

  • Using PVLANs with normal VLANs in a trunked environment

    - by user974896
    Assume a trunked environment with two switches, S1 and S2. The swtiches are connected with a trunk port designed to pass VLAN 26. What would happen if VLAN 26 on S2 is configured as a private-vlan with the default gateway and DHCP server and default gateway as promisc ports. What if S1's VLAN 26 is configured as a standard VLAN. Would the hosts on S1 be able to communicate with the promisc ports on S2? Would they be able to communicate with the hosts on S2? To further complicate things what if the DHCP server were to reside on S1 and I wanted S2 to have private VLANS with promisc ports as the gateway and DHCP server while still leaving S1 in a standard vlan configuration.

    Read the article

  • Can I replace a router and DHCP server without disrupting traffic?

    - by SRobertJames
    I have a device which acts as a router and DHCP server. I'm replacing it, and would like to minimize down time. If I unplug it, and plug in a different device with the same IP, will all the PCs with DHCP leases keep on working? (I have DHCP Conflict detect on, so it shouldn't reassign a DHCP address already used). What if I want to change the IP (new subnet) - is there anyway to tell all the clients (Windows PCs) to release their DHCP leases and request new ones in a minute? If before unplugging the old device, I have it release all DHCP leases, will the Windows PCs automatically ask for new DHCP addresses?

    Read the article

  • How can I setup a Firewall without NAT?

    - by SRobertJames
    We have 16 IP addresses from our ISP, and are setting up a SonicWall Firewall. I'd like to have the SonicWall do NAT for the LAN, but act as a firewall only (no NAT) for the servers which are using some of the 16 addresses. How do I set this up? If I set the WAN's subnet to include the 16 IPs, the SonicWall won't route the traffic to the LAN interface. Should I set the WAN subnet to only include the ones we are dedicating for NAT, and then keep the others on the LAN? Related point: How can I set multiple IP addresses for a SonicWall LAN interface?

    Read the article

  • Spanning-Tree and redundant links

    - by Franko
    I have 2 switches which have redundancy between them, meaning fa0/1 on SW1 is connected to fa0/1 on SW2, and fa0/2 on SW1 is connected to fa0/2 on SW2. Both of the switches have the same BID, however the MAC address of SW1 is numerically lower, hence making it the root bridge. Now my question is, on SW2, what determines which of fa0/1 and fa0/2 becomes the RP (Root Port) and the other on blocking state?

    Read the article

  • LOCAL and RADIUS authentication on ASA

    - by ghp
    Have configured local authentication which was working fine.And today I wanted to implement RADIUS too .. but after I have done, Im unable to login to my firewall user-identity default-domain LOCAL aaa authentication ssh console LOCAL and RADIUS aaa-server RADIUS protocol radius aaa-server RADIUS (inside) host xyzabc Key zzzzzz aaa authentication ssh console RADIUS aaa authentication enable console RADIUS aaa authentication http console RADIUS Can someone help me login to my firewall

    Read the article

  • Assist me access my firewall using ASDM

    - by ghp
    Have configured my asa 5520 with all the interfaces inside -- 10.11.12.1 outside - 70.71.72.4 Have not connected the management interface ..left it as is. Im remotely accessing this firewall from a different location by SSH, but would like to use the asdm to access it remotely. I have configured the HTTP SERVER enable and assigned http 10.11.12.254 255.255.255.255 inside Please can someone let me know the config which can help me access this firewall using ASDM.

    Read the article

  • Planning office network [closed]

    - by gakhov
    I'm planning to setup my office network from scratch and want to ask professional opinions or tips. My office is connected to Internet with Cable connection (100Mb/s). The devices i would like to connect are VoIP Phone (RJ-11), TV (WiFi/LAN), 3 laptops (WiFi), a few smartphones (WiFi), iPad (WiFi), Kindle (WiFi) and, probably, MediaServer (WiFi/LAN). As you can see, the most load will be on WiFi connections (probably, even if TV supports WiFi it's better to connect it by LAN?). So, i need help to choose the best routers combination (or even one?) to support stable connections for all these devices and minimize the total number of routers/adapters. Any thoughts? Thank you!

    Read the article

  • Encryption over gigabit carrier ethernet

    - by Roy
    I would like to encrypt traffic between two data centres. Communication between the sites is provided as a standard provider bridge (s-vlan/802.1ad), so that our local vlan tags (c-vlan/802.1q) are preserved on the trunk. The communication traverse several layer 2 hops in the provider network. Border switches on both sides are Catalyst 3750-X with the MACSec service module, but I assume MACSec is out of the question, as I don't see any way to ensure L2 equality between the switches over a trunk, although it may be possible over a provider bridge. MPLS (using EoMPLS) would certainly allow this option, but is not available in this case. Either way, equipment can always be replaced to accommodate technology and topology choices. How do I go about finding viable technology options that can provide layer 2 point-to-point encryption over ethernet carrier networks?

    Read the article

  • NAT : understanding about interconnection

    - by PITCHY
    English version below J'ai 2 routeurs A et B relié en série avec les ip respectives ( 10.0.0.1/30 10.0.0.2/30) sur le routeur A j'ai activé la fonction NAT avec un pool (200.0.0.1 - 200.0.0.15/28). Lorsque je sors je prends donc un ip du pool par exemple 200.0.0.10. Comment ça fonctionne sachant que ma nouvelle ip (200.0.0.10) ne se trouve pas sur le meme réseau que mon interface de destination (10.0.0.2)? English: I have 2 routers A and B, interconnected with a serial connection, with the ip's 10.0.0.1/30 for A and 10.0.0.2/30 for B. On router A NAT was activated with the pool 200.0.0.1 - 200.0.0.15/28. When connection to this router, I get an ip from the pool, for example 200.0.0.10. Knowing my new ip is 200.0.0.10, which is not on the same network as my destination interface (10.0.0.2), how can this work?

    Read the article

  • Outbound Traffic Logging on ASA 5520 possible?

    - by j2k4j
    Taking a look at the ASDM (6.4) for my ASA 5520, I get a nice summary of the traffic status, with items like "interface traffic usage", and "connections per second". This works well, but only shows the data for the last 5-6 minutes or so. Recently, I've been asked whether it's possible to pull up this same type of traffic data for a particular time in the past. (Such as: Find the traffic usage for a 3 minute period from date xx:xx:xx @ time xx:xx:xx) I've noticed that my ASA 5520 is logging the warning, errors, etc that it is processing. But traffic data is not logged (yet) according to my search through the ASA. Is logging the traffic data amounts (as wondered above) actually a possibility? Is there any way to find out the past data for traffic and such values? Thanks!

    Read the article

  • Can iranians do CCNA?

    - by Mark
    I know that Iranians can not do Sun's Java certification, how about CCNA? I've heard there is no examination centers in Iran, but can I do it outside Iran?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 23 24 25 26 27 28 29 30 31 32 33 34  | Next Page >