Search results for query: *

We have a WAN with about 15 locations, soon to expand to 30. There's an old Metro Ethernet cloud connecting 11 of them, with routers running EIGRP with each other. We want to replace that with two VPLS/Metro Ethernet clouds. This means each location needs two WAN interfaces--kind of tough since...

Thanks to all for your comments. I guess you can tell I read MS-DOS documentation as little as I possibly can. It still irks me that in a GUI that's 20 years old, if I want to compare two files I still have to pop to a shell (or download an add-on utility). Of course I'm not sure my pet Linux...

Turns out when you tell Windows 7 something like: foo this* that* the first * and the second * have different meanings. The first * means "any character(s)"; the second means "the string that matched the previous regex." Two questions: [ol 1] Is there a way around this stupidity (other than...

I want to build a small Linux server on one of our ESXi hosts, primarily to run a RADIUS server. Simple enough, but our VMware plant is mostly ESXi 5.0, and the first distro I tried--Debian 8--doesn't run on it. The most recent version of Debian that runs on ESXi 5.0 is version 6, which is hard...

iggsterman, These log entries come from one of our firewalls. They look like HTTP return traffic because that's what they're supposed to look like. Odds are against them fooling the firewall: most of the time, the destination IPaddress:port combination will not correspond to one actually in use...

Don't know how common this is, but my guess is pretty darn common: A sysadmin reported an intrusion on a fairly well-protected server--it has a private IP address, and no static NAT, so theoretically it would be very difficult for anyone to access it from outside our network. But there was a...

Brianinms, thanks for the reply. Cisco Tech Support concurs. An interesting difference between the Cisco ASA and its IOS routers: the ASA had no trouble with this, the router.... As to your bigger question, the answer may be that we're passing through an MPLS cloud and the provider is willing to...

For historical reasons, we have to NAT just one of our networks on its way to a colo. Our network is 10.0.0.0/9, the colo's is 10.240.0.0/22, and most of our networks can go through untranslated--but another customer is using 10.1.0.0/22, so we have to translate that one: our 10.1.x.y <=>...

Thanks for your help. The actual cause seems to have been that the owner of the website was behind in his payments to his hosting company or perhaps his webmaster. I got an email from him the other day saying the bills had been paid and the site ought to work now--which it did. It occurs to me...

When I try to connect to http://www.pace-med-apps.com/, or any page under that domain name, I get a "Forbidden" (403) error. I thought the site administrator had just forgotten to set the permissions right, but then I found that at least one of our users accesses the site with no problem. So far...

Interesting. Thanks, I think you're putting me on the right track. You mean the one under Configuration>Firewall>Service Policy rules? There's not much in there, but I do see a couple of timeouts that could cause failures under high loads, especially if a download process was shifting from...

This is a strange problem that seems peculiar to our ASA5510: When we try to download ISO images from https://www.microsoft.com/Licensing/servicecenter, we either get nothing or we get a download that fails halfway through. If we use the Java-based Download Manager, we never even connect; if we...

My boss said, "Don't worry about it, we're going to renumber them anyway." Which is nice, because it was starting to look nasty. For the curious, here's how it was going to look, approximately (addresses have been mangled to protect the innocent): NetA (inside)...............NAT...

I'm trying to link two networks that grew separately. One is addressed 10.[1-9].x.x, the other 10.[0,1,4].x.x. There's overlap in two networks (10.1.0.0 and 10.4.0.0). I haven't done much with NATting, and here it seems like it has to be quasi-symmetrical: e.g., if a host on NetA's 10.1.0.0 is...

How many interfaces has your provider given you? If they're giving one interface per IP network, it's pretty straightforward. If both IP networks are riding in one interface, that's OK, because you can put two IP addresses on one interface.

This turned out to be a a memory leak bug that WG knows about but doesn't know when it'll get fixed. WG Support told me to do two things: downgrade the OS from 11.6.1 to 11.4.2 (vintage July 2011--and this was after the first-tier support told me to upgrade it to 11.6.1!) and re-do the VPN...

This is one of the strangest things I've ever seen. We have a WatchGuard XTM505 firewall providing VPN access through IPSEC tunnels to XTM2x firewalls at about a dozen remote sites. At one site, the XTM22 firewall comes up fine, then stops providing VPN services after 20-40 minutes. Everything...

The answer is simple for the 1/100 pattern: the WG has a DDOS policy that gets triggered by flood pings. It deliberately drops every 101th ping from a given source. That doesn't explain to 20- to 30-second stalls we saw when BGP was running through (not on) the WG.

We tried to run BGP through our WG, with our provider's peer on the external side and our peer on the Trusted port. The BGP session came right up, but traffic did not flow smoothly; there would be a 20- to 30-second stall, then it would flow, then another stall, etc. This was visible with ping...

If I understand you right, you're trying to make a "V" with one device in the middle passing traffic between VPN tunnels connected to the other two, like this: Box1 <==> Box2 <==> Box3 I'm struggling with something similar myself and haven't succeeded yet, but I can tell you three things WG...