Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
-
connection refused in telnet! need help.:(
The enable secret command still won't get passed a 'connection refused' message. Although you will need one configured to get into the router ultimately. Are you trying to connect from an IP address in this range: 10.10.10.1 - 10.10.10.6? The commands below restrict telnet access to the IPs... -
Office to Office VPN Tunnel
One more thing I wanted to add: When you do the 'no access-list 101 permit ip 10.31.0.0 0.0.255.255 any' command, it will remove the entire 101 access list. You can get around that by using the command 'ip access-list extended <ACL name or number>'. That will allow you to remove specific line... -
Office to Office VPN Tunnel
I'm assuming you don't go through a proxy for web access: All traffic from 10.31.0.0/16 through tunnel ----------------- access-list 100 permit ip 10.31.0.0 0.0.255.255 any no access-list 101 permit ip 10.31.0.0 0.0.255.255 any access-list 101 deny ip 10.31.0.0 0.0.255.255 any You can also... -
single outside address to multiple local addresses
Well, you aren't going to have much luck if they all use the same ports. Have you thought about setting up a remote access VPN through the ASA? You would VPN to the ASA from those 2-3 hosts then you could use the private IP addresses to connect through dameware or whatever else. Rich Network...- NetRx
- Post #2
- Forum: Security, hacker detection & forensics
-
xp command line ftp
It should have this too: class-map inspection_default match default-inspection-traffic- NetRx
- Post #5
- Forum: Security, hacker detection & forensics
-
xp command line ftp
I think IE is setup to use passive FTP mode by default, so that's probably why it is working there. The FTP command in the script likely uses active FTP mode and would be blocked by the firewall if inspection is disabled, as rico was alluding to. By default the ASA should be inspecting FTP...- NetRx
- Post #4
- Forum: Security, hacker detection & forensics
-
550 No connections allowed from your IP
I would say you could rule the ASA out at this point. You can also try simple telnet/FTP tests from inside the network and outside to isolate: From inside host (not going through ASA) ----------------- telnet <private IP address> 21 From outside host (going through ASA) -----------------...- NetRx
- Post #10
- Forum: Security, hacker detection & forensics
-
550 No connections allowed from your IP
Your config looks fine. Maybe there is an IP block for that address on FileZilla server? See below: http://forum.filezilla-project.org/viewtopic.php?f=6&t=3625- NetRx
- Post #6
- Forum: Security, hacker detection & forensics
-
550 No connections allowed from your IP
Enter the following and post the results: ASA#show run 'Scrubbed config' means remove any public IP address information. For example, if you have a public IP of 172.1.1.1 on an interface, change it to 172.1.x.x. Also 'star' out any passwords/keys, i.e. change 'key myPubKey' to 'key *****'.- NetRx
- Post #4
- Forum: Security, hacker detection & forensics
-
550 No connections allowed from your IP
Can you post a scrubbed config from the ASA? That log file usually means that the initial SYN packet was not received by the FTP server.- NetRx
- Post #2
- Forum: Security, hacker detection & forensics
-
C3560 Freakout on access-list!
Hey jlm, You have to explicitly permit the RDP traffic first before it hits your NEQ statements. The example I'm posting below will work. Remember that if you want to allow any additional ports, you will need to place them above NEQ or add them to NEQ: ip access-list extended whiskey permit... -
Cisco 877 High CPU
Good to hear. I would also recommend removing the 'ip flow ingress' on the ATM interfaces if you do not use NetFlow. That will eat up process cycles, too. Rich Network Engineer - CCNA -
cisco 2620 how do I save configuration
Router#copy running-config startup-config OR Router#write mem Router#show startup-config Rich Network Engineer - CCNA -
C3560 Freakout on access-list!
ip access-list extended whiskey permit tcp host <your external IP address> 172.16.11.0 0.0.0.255 eq 3389 permit tcp host <your internal IP address> 172.16.11.0 0.0.0.255 eq 3389 deny tcp any 172.16.11.0 0.0.0.255 neq smtp www 443 ftp deny udp any 172.16.11.0 0.0.0.255 neq ntp deny icmp any... -
No connection between Site to Site VPN 5505/5510
Can you post output of the following, keep the debugs running: -Enable console/buffered logging on both ASAs and generate interesting traffic logging enable logging timestamp logging buffer-size 40960 logging buffered debugging -Attempt a ping to each outside interface...- NetRx
- Post #10
- Forum: Security, hacker detection & forensics
-
C3560 Freakout on access-list!
One more thing I wanted to mention: Permit statements, as opposed to deny with neq, are much better for growth down the road. Let's suppose that you want to add a new SQL server and open up port 1521 access between two subnets. With the 'deny neq' lines, you will need to remove the NEQ ACE... -
C3560 Freakout on access-list!
Using the ASA would be a nice option fyi. You could set all your hosts to use that as the default gateway and still define VLANs/subinterfaces on it. Not sure if you have already thought about doing that or if it isn't feasible. Back to your ACLs though. Unless I'm missing something, all you... -
Cisco 1711 Throughput
ISPKing is on the money. One of my favorite Cisco docs for router performance is located here: http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf Rich Network Engineer - CCNA -
Cisco 877 High CPU
Hey Abidu, Your packets are likely being 'process switched' instead of switched through fast switching or CEF. You definitely need to enable CEF with the following command: ip cef If that doesn't work or help to alleviate, post output from the following: show proc cpu sorted show cef not... -
massive amounts of discards and tx queue not available errors
That's not always possible in a production environment. Plus the 4000 switch might have multiple 48 port blades. Wizo: Is the tx queue on the interfaces saturated? For example, 'show interface' shows 255/255 on txload. Check out running a SPAN session if the traffic is being transmitted across...
