access-list 100 permit ip 192.168.100.0 0.0.0.255 any
this is matching for pretty much all traffic..
put it after the denys
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
on the cisco side, what is the interface status? up/up?
actually just do a sh int status
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
what is the ip address you get on fa0/0 ?
also once you have all the info posted we can go next .. :D
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
howdy,
your ISP wouldn't care what you are doing past their router..
so here we go do this and post results:
conf t
no ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
router rip
no auto-sum
end
sh ip route
sh ip int bri
you should have an ip address on fa0/0 that is on DHCP ..
if you are...
not unless he moves the gateway down to the switch .. what i understood that the servers are hitting a FW as their first hop .... but who knows..
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
is it a cisco switch ?
if yes YOU COULD maybe put them in private vlan mode and mess around with the promiscuous mode on the firewall ports,
then maybe put a mac address access-list on the firewall ports to block some servers from going to one....
**above is a horrible idea..
We must go...
with re-transmits and ipsec I'd start with playing around and lowering the mtu .. on the tunnel ..
also crypto maps are soooo 1990s.. move to encrypted tunnels .. makes life easier..
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
so what exactly are you having issues with then ?
you mentioned the BW issues u got sorted out.
and does ssh work ?
sounds like u have internet access already as well ?
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
post config of :
your SSH configuration - and did you generate a key (i know this is a stupid question .. but...god knows how many times i've had to get my guys back to the remote office to do this.. )
post config of at least one of your L3 ports.
post configuration of your QoS ..
if you are...
where are you PC's connected to ?
why do you have the same subnets provisioned on both routers?
it doesn't look like you are running any kind of FHRP for redundancy .. so ...?
diagram ?
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
that might cause an issue..
10.62.0.254 is part of both 10.62.0.0/23 and 10.62.0.0/16
really depends on the configuration .. i mean end of the day routers will route.. but post config .. cause this one is a bit more iffy ..
We must go always forward, not backward
always up, not down and...
yes as i mentioned the closest bit match is always the path that is taken..
so if you have two routes - say static - :
ip route 10.1.1.0 255.255.255.248 192.168.1.1
ip route 10.1.0.0 255.255.0.0 192.192.192.1
then a packet destined for 10.1.1.2 will be routed to 192.168.1.1
a packet destined...
hah.. what is your problem exactly ?
my issues were two fold :
first i had to define a HOST entry on the router for the VRF i was using my certificate trust point to work for.
second: I stopped using LDAP and forced it to download through HTTP for CRL.
now that said: what is your device...
a router will always go for the closest match as far as routing is concerned.. if you are setting up dynamic routing through OSPF then everything should be kosher.. packets destined for your /29 network will match that route, anything else will match existing /16 route..
We must go always...
the router has very small space or very large space depending on what is configured and the router itself .. default i think is around 512 bytes for logging. past that it overwrites itself..
so it might be there, it might not..
Shitty about your ISP, shitty about you getting hacked..
get...
if its on the device already you maybe screwed..
show logging should show you what is still on the device itself.
if it is on a syslog then you can start sniffing through there .. if you have time /date it might be more helpful .
what was the attack ? how did they get in ? do you guys not...
well you will need a static nat if there are any devices building connections to your router from the internet.
you will need udp 4500&500 open for IPSec Tunnels.
you will need some sort of NAT outbound if your router is the only one initiating connections.
We must go always forward, not...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.