Search results for query: *

In the group configuration can you see a list of allowed NAS? I think that on the windows version (2.6) that I used to use you were able to restrict the groups to a list of valid NAS (Network Access Servers). Each router needs to be configured as a NAS for CiscoSecure to authenticate logins, so...

Rather than use the 1721 as the DHCP server, you should consider using a helper address on the 1721 and use the Windows 2000 server for all sites - makes management of DHCP MUCH easier! Configue a helper address on the remote offices like this: int fa0/0 ip helper-address x.x.x.x...

The problem is that the IOS version that you have installed does not recognise the card that you have installed (unless those messages are coming from the boot loader). To verify that the card is supported you can check the hardware-software compatibility matrix. I think you need a CCO login...

The dialer-list command defines the "interesting" traffic for the dialer interface. To prevent it dialing you should do: no dialer-list 1 This will not prevent it from receiving calls. HTH, Michael.

Try this: ip nat inside source static tcp 192.9.207.1 6989 1.1.1.1 6989 This document is fairly straightforward (as far as Cisco docs go): http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml HTH, Michael.

How about a star then ;)

Just wanted to make sure you knew about the potential of being hacked when putting the real IP Address on a board like this ;) You never know who might be watching... Some versions of the IOS support 15 concurrent VTY (telnet) connections. If your config currently has line vty 0 4 then it is...

You are better off using access-class on the vty line: access-list 10 permit host x.x.x.x access-list 10 permit host y.y.y.y access-list 10 permit 192.168.10.0 0.0.0.255 line vty 0 15 access-class 10 in This will allow only hosts x.x.x.x and y.y.y.y plus the local network (192.168.10.0/24) to...

The problem is that the access-list is processed before the NAT rules so you need to use the external addresses in your acl. You also need to allow your 2 routers to communicate using GRE. I would recommend changing the nat pool slightly to make the rules easier: ip nat pool rem-natpool-0...

BGP is not a trivial thing to set up, but there are a couple of things to consider when planning: * always use route-maps to filter route updates in and out of your AS - don't allow 192.168.x.x, 10.x.x.x, etc in or out and only allow specific networks out (or you might find yourself a transit...

It probably doesn't matter which interface is used for the WAN connection, but I would probably use the 10 Mb. If you think about it though, the router will only be processing packets that are traversing from the inside to the outside (or vice versa) so the bottleneck will be the 10 Mb no...

You could do that, but it shouldn't be necessary with the CBAC (Context Based Access Control) features of the firewall feature set. Basically, CBAC adds entries to the top of your access-list to permit replies to conversations that were initiated from inside the router (or any interface that has...

I usually put the deny 80 in because of the number of viruses that scan the internet looking for vulnerable IIS servers. If you leave that out it will still be blocked by the last line (deny any any log) but it will be sent to the log as well. What is in the log (show log) when the access-list...

You need to configure your firewall feature set first. A simple configuration would be: ip inspect name InternetIN http ip inspect name InternetIN smtp ip inspect name InternetIN tcp ip inspect name InternetIN udp ip inspect name InternetOUT http ip inspect name InternetOUT...

If it is just a leased line then all you need to do is configure an IP Address on each interface and configure routing (using static routes or with a dynamic protocol such as EIGRP). Cheers, Michael.

You are correct, you need a 100 Mb interface to do trunking. The command you need to use on the subinterface is encapsulation dot1q x - where x is the vLAN number. Also, I am not sure that the 1900 series switches do trunking - you should check this. Cheers, Michael.

You don't actually need to use NAT on the Cisco in this configuration. You can use the addresses as they are and just add a static route on the Cisco: ip route x.x.x.x 255.255.255.y 10.0.0.2 The source address of your packets will be fixed by the Nokia. The 10 subnet just becomes a transit...

I assume that the /24 is configured on your external interface (E0) and you want to use it on your internal interface (E1)? The best thing to do in this case is a 1 to 1 NAT, this way you will be able to use all of the addresses. HTH, Michael.

You should be able to put the users into groups and restrict the list of allowed NAS for each group. This works on the Windows version, I have never used the linux version HTH, Michael.

Are the 2 Serial interfaces your external interfaces? Do you only have 1 internal interface?