Search results for query: *

I'm not certain I fully understand what you are asking. I assume your network is setup like: FW -> Internal Network ISP -> 3750 -> DMZ Network Correct? You stated that you wanted to "take some routes out of the switch to free up some public IP addresses". What routes are you...

In ping test I am able to ping interface of ISP facing my router." Where are you pinging from? What is the source of the ICMP packets? We need a bit more information to be able to properly assist.

Is your pix the default gateway for the devices you are trying to ping when connected to the VPN?

You said "I am unable to ping my wan ip (172.35.7.246) from remote end." Can you clarify this statement? What is the remote end? Where are you initating your ping? More detail would be helpful.

I am very curious about this as well. Great question, I hope someone here has experience with this.

ACLs with a view clause should be what you need in BIND. You can create a view to offer up a different file for the zone requested, and you can assign people to the view with the ACLs.

It's an interesting question, mine is why exactly do you need to use Public IPs?

Need a little more information on the location of the load balancer, the IP addresses on the VPN appliance, default gateways, etc. With information about the location of the devices, IPs, and gateways we could probably give you a fairly accurate answer.

Simplest thing is to just try plugging it into a different switch port. That port is not seeing electrical signal at all from the remote side, it's showing down/down. There's not a whole lot that can be done if it's not even seeing signal.

You need to NAT. 145.42.88.1 will not know how to reach the 10.1.1.x subnet or any of the other subnets you create off that switch. You do not need to remove the IP address from VLAN 1 or turn that into a routed port, but it is a good idea. Using VLAN 1 is generally something that's avoided...

Why exactly do you want to NAT and PAT the same address? Maybe if we understood what you are trying to accomplish with this we could help more, but when you have a static NAT the firewall is going to use it.

We'd need to see the configs all the switches, at least for the ports on each switch where they connect to each other.

You would assign the address they give you with the /29 to one port on your cisco router, call it the ISP side. Then you would assign your /28 block to your other port on your cisco router, call it office side or whatever. On the /29 side they are telling you the IP to assign, on the /28 side...

Check the default gateway on the host 192.168.10.14 that you can't ping when on a different subnet. If you can ping it locally but can't ping it from another subnet it may not have a gateway configured.

Honestly for something like that and someone so green I would maybe recommend a firewall with a good GUI. I love Fortinets personally.

A broadcast on the lan will hit all ports on the lan, as that frame travels through the switched network the switches will add the MAC to their cam tables associating it with the port that they recieved the broadcast from. CAM and ARP are different.

No worries about the previous response, I guess it's more of a difference in opinion when it comes to security. I know there are differing schools of thought out there and I know for certain that no solution is complete or unbreakable or unexploitable. I've just always been of a mind to place...

No network is inherently superior or more secure, however it is the IT person's job to maintain firewalls and patch levels to protect his/her network. How can they accomplish this if they are allowing computers to connect to their network that they do not control? Furthermore, why would you...

So they recieve a 192.168.129.x address, is that the address assigned to them by anyconnect or is that the address assigned to the machine itself to allow it to connect to the ASA? It would be helpful to know: The network of the remote office The network of the VPN pool The network of the main...

You just need to change the default gateway, vlan 1 is not "competing" with vlan 4. Just change the default gateway and you'll be fine, it doesn't matter if vlan 1 is up/up in SVI or not.