Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Search results for query: *

  1. kythri

    need some help to properly set up, segregate and secure a network with an ASA 5505

    An easy setup would just be to manipulate the security levels of the VLANs/interfaces. For example, highest security to lowest: Set VLAN1 as 100 Set VLAN2 as 75 Set VLAN3 as 50 Set VLAN4 as 25 Default rules on the ASA should allow traffic from a higher security interface to any lower security...
  2. kythri

    Cisco ASA inside to DMZ issue over public IP

    So your LAN-connected clients using public DNS are trying to hit your public IP address instead of the DMZ IP address like your private-DNS-using clients do? Build a NAT rule to fix this: nat (inside,dmz) source dynamic any interface destination static [PUBLIC_IP_OR_OBJECT] [DMZ_IP_OR_OBJECT]
  3. kythri

    Restrict access to SSL VPN by IP (ASA 5540 - 8.4(7))

    I'd like to restrict access to the SSL Web VPN by IP. TAC has told me to apply an ACL to the control-plane, but reading up on that, it looks like that would restrict access to any "to-the-box" traffic, including management, site-to-site VPN, etc. I only want to restrict to the SSL Web VPN. Is...
  4. kythri

    Cisco 4404/WiSM (1st generation) - Guest Wireless Help

    We're getting overloaded on our guest wireless network - too many connections are swamping the SMC modem/router that Comcast provided. While it's not a permanent fix, I'm thinking that some kind of splash screen (like the Cisco WLC WebAuth screen) might help - specifically, acting as a sort of...
  5. kythri

    ASA - NAT rule order via CLI?

    We're running 8.3(2). I think we've found it - there's a way to number the NAT rule: nat (interface,interface) ### source etc. That ### is where the rule will be placed. Solved my issue! Thanks!
  6. kythri

    ASA - NAT rule order via CLI?

    How do I alter the order of static NAT rules via the CLI? I'm adding several static NATs to my ASA, and they automatically appear at the end of the NAT entries. In order to move them to where I need/want them, I currently am forced to use the GUI and either cut/paste or use the "Move Up/Move...
  7. kythri

    Global DHCP Server Changes?

    Awesome, thanks! I'll give that a look too!
  8. kythri

    Global DHCP Server Changes?

    Nevermind, I refreshed, and this appears to have worked.
  9. kythri

    Global DHCP Server Changes?

    OK, so, poking around, I did find the "Server Options", and made changes there, but it did not propagate to all created scopes. When we created these, we did not manually configure the DNS servers, we utilized what was in "Server Options". Is there a way to push this change to all scopes?
  10. kythri

    Global DHCP Server Changes?

    I've not mentioned ISP DNS at all. We're running our own DNS servers, and are migrating to new ones, so I need to update the scopes accordingly. Unfortunately, I'm not finding an easy place to do this - the scopes options are automatically set when the scope is created, not manually...
  11. kythri

    Global DHCP Server Changes?

    Will changing options on the server propagate to all scopes underneath it? Or is there a way to scriptomatically do this?
  12. kythri

    Global DHCP Server Changes?

    We're looking at changing DNS IPs in our organization, and need to bulk-update a bunch of scopes for the new changes. Any easy way to do this on a Windows 2003 DHCP Server, without touching each individual scope?
  13. kythri

    Aironet 1400 Bridge - Issues with managing the bridges when trunked.

    We purchased a pair of these bridges to uplink a nearby building. After consulting with our Cisco rep, this model was decided on due to it's ability to trunk multiple VLANs across the connection, a desire/requirement that we had. I've configured the bridges, have them up and connected, but...
  14. kythri

    Urgent help needed - one-to-one NAT help on a Cisco 6509?

    Would the interfaces in question be the VLAN interface for both subnets? In this particular case, 10.21.0.0/16 is int vlan21 and 10.90.47.0/24 is int vlan947. The specific hosts aren't directly connected to the 6509, they're a couple switches away.
  15. kythri

    Urgent help needed - one-to-one NAT help on a Cisco 6509?

    We recently re-IP'd several servers. Falling back to the old IP is not an option at this point. A lot of clients did not respond to the automated push/update to change them over from IP to DNS, and as such, are still trying to access the old IP directly. While another team is attempting to...
  16. kythri

    Explain HP Printer Model Numbers

    >> Some older/obscure ones: Cse, Cxi (or just x, i). I believe that these would traditionally be DeskJet models. C represents "Color", and the se, xi, x or i represents either the software bundle or the reseller. For example, Staples used to sell the DeskJet 722Cse, whereas OfficeMax or...
  17. kythri

    Able to block RAS at DHCP server?

    They're not domain machines.
  18. kythri

    Able to block RAS at DHCP server?

    That seems to be a MAC filter - the RAS addresses don't have a MAC, their "unique ID" is "RAS". Further, I can't install anything on the DHCP server at this time. I was hoping for some internal functionality that allows this - it's completely ridiculous that one entity could setup RAS services...
  19. kythri

    Cannot access share when DC not available

    If your file server in office B is promoted to a DC/GC, isn't that going to wonk things up severely due to disabling write-caching?
  20. kythri

    Able to block RAS at DHCP server?

    We've got a few vendor-supplied machines that we can't eliminate, and we can't get them to disable RAS on these boxes. As such, we're dealing with these systems grabbing addresses in our DHCP scopes. Is there a way to block this at the DHCP server, or perhaps another level, that doesn't...

Part and Inventory Search

Back
Top