Recent content by thethmon

Chris, The top one will only match if the destination port is www, while the bottom will only match if the source port is www. Todd Hethmon thethmon@hethmon.com

What are you're routing protocols involved? This sounds like convergence delay. Todd Hethmon thethmon@hethmon.com

Only thing else I can suggest is to check for errors or drops on the interfaces in the router. Good luck. Todd Hethmon thethmon@hethmon.com

The times in the past that we have experienced this type of slowness has always come down to one of two things: Auto-negotiation or duplex issues. I would check to insure that you set the port speed and duplex of the servers and switch ports they are connected to. This has always resolved these...

It sounds like you have 3 independent T-1's going into the same router and not bonded T-1's. Can you post your configuration for the serial interfaces and the routing protocol section from the router? Todd Hethmon thethmon@hethmon.com

kidd, The following ACL should block any incoming or outgoing port 25 and 465. access-list 101 deny tcp any any eq 25 access-list 101 deny tcp any any eq 465 access-list 101 permit ip any any You would need to apply this to your WAN interfaces similar to this: interface Serial 0/0 ip...

The only way I know that will work is to break your subnets up into separate VLANs. As long as the subnets are all on the same VLAN, you will have to keep doing secondary addresses. Todd Hethmon thethmon@hethmon.com

We have looked for a similar functionality in the past; however, unfortunately we have never found a way to do this. We have requested increased functionality from Cisco, but to date, they have not committed to increasing the flexibility with the roles and responsibilities. If you find...

From the Cisco error decoder (http://www.cisco.com/cgi-bin/Support/Errordecoder): 1. %PIX-6-106015: Deny TCP (no connection) from IP_addr/port to IP_addr/port flags flags on interface int_name. This message is logged when the PIX Firewall discards a TCP packet that has no associated connection...

Take a look at this page on CCO: http://www.cisco.com/en/US/customer/tech/tk801/tk133/technologies_configuration_example09186a0080094cd6.shtml Pay particular attention to the 'interesting traffic' ACL. This is where you will determine what will make the call initiate. Todd Hethmon...

Mark, If you can find the MAC addresses of the IP's, you can go to http://coffer.com/mac_find/ and enter the first six numbers of the MAC and it will tell you the manufacturer of that network card. This might be useful. Todd Hethmon thethmon@hethmon.com

If I remember correctly, you should be able to use RIPv2. I believe that version does classless routing. Todd Hethmon thethmon@hethmon.com

I think simply creating another loopback interface would solve the problem. I run as many as 3 loopback interfaces (loopback0, loopback1, loopback2) on some of my routers. Todd Hethmon thethmon@hethmon.com

James, Without telnet access, you only option remotely is to make configuration changes using SNMP. You will need a Read-Write SNMP string for the router. Failing that, you will need physical access to the box to break into it. Todd Hethmon thethmon@hethmon.com

I would check to insure that you do not have any "No message xxxxx' commands in the config that filters those messages from being logged. Todd Hethmon thethmon@hethmon.com