Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Search results for query: *

  • Users: NetRx
  • Order by date
  1. NetRx

    connection refused in telnet! need help.:(

    The enable secret command still won't get passed a 'connection refused' message. Although you will need one configured to get into the router ultimately. Are you trying to connect from an IP address in this range: 10.10.10.1 - 10.10.10.6? The commands below restrict telnet access to the IPs...
  2. NetRx

    Office to Office VPN Tunnel

    One more thing I wanted to add: When you do the 'no access-list 101 permit ip 10.31.0.0 0.0.255.255 any' command, it will remove the entire 101 access list. You can get around that by using the command 'ip access-list extended <ACL name or number>'. That will allow you to remove specific line...
  3. NetRx

    Office to Office VPN Tunnel

    I'm assuming you don't go through a proxy for web access: All traffic from 10.31.0.0/16 through tunnel ----------------- access-list 100 permit ip 10.31.0.0 0.0.255.255 any no access-list 101 permit ip 10.31.0.0 0.0.255.255 any access-list 101 deny ip 10.31.0.0 0.0.255.255 any You can also...
  4. NetRx

    single outside address to multiple local addresses

    Well, you aren't going to have much luck if they all use the same ports. Have you thought about setting up a remote access VPN through the ASA? You would VPN to the ASA from those 2-3 hosts then you could use the private IP addresses to connect through dameware or whatever else. Rich Network...
  5. NetRx

    xp command line ftp

    It should have this too: class-map inspection_default match default-inspection-traffic
  6. NetRx

    xp command line ftp

    I think IE is setup to use passive FTP mode by default, so that's probably why it is working there. The FTP command in the script likely uses active FTP mode and would be blocked by the firewall if inspection is disabled, as rico was alluding to. By default the ASA should be inspecting FTP...
  7. NetRx

    550 No connections allowed from your IP

    I would say you could rule the ASA out at this point. You can also try simple telnet/FTP tests from inside the network and outside to isolate: From inside host (not going through ASA) ----------------- telnet <private IP address> 21 From outside host (going through ASA) -----------------...
  8. NetRx

    550 No connections allowed from your IP

    Your config looks fine. Maybe there is an IP block for that address on FileZilla server? See below: http://forum.filezilla-project.org/viewtopic.php?f=6&t=3625
  9. NetRx

    550 No connections allowed from your IP

    Enter the following and post the results: ASA#show run 'Scrubbed config' means remove any public IP address information. For example, if you have a public IP of 172.1.1.1 on an interface, change it to 172.1.x.x. Also 'star' out any passwords/keys, i.e. change 'key myPubKey' to 'key *****'.
  10. NetRx

    550 No connections allowed from your IP

    Can you post a scrubbed config from the ASA? That log file usually means that the initial SYN packet was not received by the FTP server.
  11. NetRx

    C3560 Freakout on access-list!

    Hey jlm, You have to explicitly permit the RDP traffic first before it hits your NEQ statements. The example I'm posting below will work. Remember that if you want to allow any additional ports, you will need to place them above NEQ or add them to NEQ: ip access-list extended whiskey permit...
  12. NetRx

    Cisco 877 High CPU

    Good to hear. I would also recommend removing the 'ip flow ingress' on the ATM interfaces if you do not use NetFlow. That will eat up process cycles, too. Rich Network Engineer - CCNA
  13. NetRx

    cisco 2620 how do I save configuration

    Router#copy running-config startup-config OR Router#write mem Router#show startup-config Rich Network Engineer - CCNA
  14. NetRx

    C3560 Freakout on access-list!

    ip access-list extended whiskey permit tcp host <your external IP address> 172.16.11.0 0.0.0.255 eq 3389 permit tcp host <your internal IP address> 172.16.11.0 0.0.0.255 eq 3389 deny tcp any 172.16.11.0 0.0.0.255 neq smtp www 443 ftp deny udp any 172.16.11.0 0.0.0.255 neq ntp deny icmp any...
  15. NetRx

    No connection between Site to Site VPN 5505/5510

    Can you post output of the following, keep the debugs running: -Enable console/buffered logging on both ASAs and generate interesting traffic logging enable logging timestamp logging buffer-size 40960 logging buffered debugging -Attempt a ping to each outside interface...
  16. NetRx

    C3560 Freakout on access-list!

    One more thing I wanted to mention: Permit statements, as opposed to deny with neq, are much better for growth down the road. Let's suppose that you want to add a new SQL server and open up port 1521 access between two subnets. With the 'deny neq' lines, you will need to remove the NEQ ACE...
  17. NetRx

    C3560 Freakout on access-list!

    Using the ASA would be a nice option fyi. You could set all your hosts to use that as the default gateway and still define VLANs/subinterfaces on it. Not sure if you have already thought about doing that or if it isn't feasible. Back to your ACLs though. Unless I'm missing something, all you...
  18. NetRx

    Cisco 1711 Throughput

    ISPKing is on the money. One of my favorite Cisco docs for router performance is located here: http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf Rich Network Engineer - CCNA
  19. NetRx

    Cisco 877 High CPU

    Hey Abidu, Your packets are likely being 'process switched' instead of switched through fast switching or CEF. You definitely need to enable CEF with the following command: ip cef If that doesn't work or help to alleviate, post output from the following: show proc cpu sorted show cef not...
  20. NetRx

    massive amounts of discards and tx queue not available errors

    That's not always possible in a production environment. Plus the 4000 switch might have multiple 48 port blades. Wizo: Is the tx queue on the interfaces saturated? For example, 'show interface' shows 255/255 on txload. Check out running a SPAN session if the traffic is being transmitted across...

Part and Inventory Search

Back
Top