Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gmmastros on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Search results for query: *

  1. chicocouk

    How do i setup a 3500XL to support teamed nics?

    Ok, thanks for the info. Without meaning to flog a dead horse ;) does that mean there is no way to configure this to provide any kind of switch redundancy? If one switch goes down i'm basically going to lose all the servers hanging off that switch? Thanks again for the help.
  2. chicocouk

    How do i setup a 3500XL to support teamed nics?

    In the same subnet? In what sense? They're uplinked through gig ethernet through a core switch, they're not directly cabled to each other in any way. So what's the recommended way to connect teamed nics on servers then? Both nics go into the same switch and etherchannel? That gives you a...
  3. chicocouk

    How do i setup a 3500XL to support teamed nics?

    Ok, it's been forever since I did any switch configuration. But we have two 3548XL switches, running IOS 12.0(5). We have a load of new servers, with two nics in each, and those nics are teamed to share an ip address. Currently one nic from each server is plugged into one switch, and the other...
  4. chicocouk

    Crypto debugs not showing in SSH session

    Is there a known bug or similar when using ssh to a PIX running 7.1, and trying to run crypto debugs? I run debug crypto isakmp and debug crypto ipsec on this box, and basically get no output back, when I'd expect to see loads. I then turned on debugging of all the suboptions of ipsec and...
  5. chicocouk

    How to locate what switch port a specific machine is connected to?

    Cheers, but those are IOS commands. This is on a Catalyst core switch. I've remembered it now anyway, show cam dynamic [VLAN] gets me what I need. Thanks for the thoughts though. CCSP, CCNA, CCSA, MCSE, Cisco Firewall specialist, VPN specialist, IDS specialist
  6. chicocouk

    How to locate what switch port a specific machine is connected to?

    Ok, this should be easy, but it's been a long long time since I tried, and I can't seem to figure it out ... I have a Cat core switch, with switching modules in it, and a routing module. I need to find out which physical port a specific ip address is connected to (eg, i know a server is at...
  7. chicocouk

    PDM - Max Interface ?

    Yes, you can add a dmz of sorts using VLANS. http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1113411 CCSP, CCNA, CCSA, MCSE, Cisco Firewall specialist, VPN specialist, IDS specialist
  8. chicocouk

    Allowing Tracer through PIX

    Sorry, i meant icmp time-exceeded, not unreachables. Although you may also want to allow unreachables depending on your network design past the pix. CCSP, CCNA, CCSA, MCSE, Cisco Firewall specialist, VPN specialist, IDS specialist
  9. chicocouk

    Allowing Tracer through PIX

    I'm not sure where you're getting port 512 from. But this will be o/s specific, depending what you're using to initiate the tracert (eg, windows uses only icmp, linux uses icmp and udp packets, as do different flavours of unix, but using different UDP ports) The following link is a little...
  10. chicocouk

    Site to site VPN Config

    The 501 has to initiate the connection, and you use a feature called Easy VPN, configuring the 506 as an Easy VPN server, and the 501 as an Easy VPN client. Documentation on how to do this is available here...
  11. chicocouk

    VPN traffic from VPN client

    It is not possible on PIX o/s version 6 or earlier, if both vpn tunnels terminate on the same interface (which is usually the outside interface) because the PIX will not redirect traffic back out the same interface it arrived on. It is possible on version 7. CCSP, CCNA, CCSA, MCSE, Cisco...
  12. chicocouk

    PIX506 version 6.x - ACL with object-groups

    Sounds about right :) CCSP, CCNA, CCSA, MCSE, Cisco Firewall specialist, VPN specialist, IDS specialist
  13. chicocouk

    QoS on a PIX 506e

    As an aside, you can get version 7 running on a 506, although it's not a supported configuration. There's still rumours that cisco will release an officially supported version that runs on the 506 at some point. Just in case anyone wants to lab up version 7 for testing purposes, it can be done...
  14. chicocouk

    Restricting Cisco VPN Clients and PPTP Clients on PIX

    Your IpSec and PPTP clients should NOT be assigned an ip address from your local LAN range when they connect. So if you use 192.168.1.0/24 as your local range, use something else for your IpSec vpn client pool, eg 192.168.20.0/24, and another range again for your PPTP clients, eg...
  15. chicocouk

    PIX506 version 6.x - ACL with object-groups

    I'm nowhere near a pix at the moment to check, but from memory I don't think you can "permit ip" for port based object groups. I suspect you need to create one object-group for your tcp ports, and a seperate one for your udp ports, and then use two access-list entries. Eg, access-list 200...
  16. chicocouk

    TCP connection won't stay open through PIX

    I would suggest to the vendor who wrote the web app to move their product to a different port number. There will be considerably more people using VoIP than this webservice, and they're only going to run into problems with various firewall vendors enforcing protocol checking on this port. Fixup...
  17. chicocouk

    PIX 520 UR license

    Post the output of the show version command. If it has a line saying "This pix has a Restricted (R) licence" then, well, it's self-explanatory. CCSP, CCNA, CCSA, MCSE, Cisco Firewall specialist, VPN specialist, IDS specialist
  18. chicocouk

    How-To Reset PIX 501 to Factory Config?

    write erase reload CCSP, CCNA, CCSA, MCSE, Cisco Firewall specialist, VPN specialist, IDS specialist
  19. chicocouk

    Can I authenticate VPN clients using Active Directory username/passwd?

    Yes it's possible. The following docco should get you up and running. You need to install Internet Authentication Service, which comes on the windows cd, to act as a RADIUS server between your firewall and Active Directory. Pretty straightforward, and works well...
  20. chicocouk

    VPN inconsistancy

    It's necessary if you're using PAT-ed addresses. It is not necessary behind static NAT. CCSP, CCNA, CCSA, MCSE, Cisco Firewall specialist, VPN specialist, IDS specialist

Part and Inventory Search

Back
Top