Search results for query: *

There is a VERY small delay between the two forwards but basicaly its a first come first served thing. I would suggest that you alternate the two on the VLANs to give the two servers best chance but the least loaded will reply the quickest and assuming they are the same server spec then this...

What is the router? Assuming it supports 802.1q then you configure the switch port as a dot1q trunk and configure the router port the same placing the two addresses on the sub interfaces created. Hope this makes sense. interface FastEthernet0 no ip address speed auto ! interface...

try the feature navigator tool http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

255.255.3.0 seems like a strange mask to use actually not a valid one did you mean 255.255.224.0 (you are using the first three bits of the third octet?). In light of the fact you have private addressing I would sujest unless you have a good reason not to I would use a 16 bit mask (255.255.0.0)...

You may aslo want to block the UDP port as well as the TCP one depending upon your reasons for blocking the port.

"ip access-group 121 in" this command on the ethernet interface will block traffic going into the ethernet interface. From your description this is not exactly what you want and this then should be turned in the opposite direction to look at the traffic going out of the ethernet. I...

Don't mean to sound flipant but give it back to cisco for a replacement. Even if it started working again now I for one would not want it back on my LAN.

you need to create VLANs for each network you require, assign the IP address to the VLAN and then place the port in the VLAN. The following assumes a single VLAN per interface and therefore no trunking protocol is required. interface vlan 100 ip address 192.168.100.1 255.255.255.0 no shut...

sorry mate but NO I have never had to set the certificate yet just to get pdm

The switch should allow you to set 'both' on each port, which order did you enter the monitor commands in? You could try monitoring the VLAN which would give you the same result, all be it a little less focused. This is something you need to be VERY careful reading too much into when you get...

The RSA key is not required for PDM. Your PIX has to have the encryption license but all the later UK ones have and you did have to put the PDM image onto the box but again this has been done for you on the later devices. After that you need to enable the http server and define which ip...

when Cisco bring out an newer version of IOS it often has new or modified commands and therefore if any of these commands have been used in the old config they may have strange or unexpected results, hence the warning. If you copy the run to start then this should overwrite the config details...

Hope this makes sence. http server enable !the following line sets the IP address/subnet and the inside which will be allowed to access the pdm pdm location 192.168.1.2 255.255.255.255 inside !This enables the buffering is stats for the pdm pdm history enable

There does not appear to be any global/static statments in the PIX config to go with the nat statement. Are they missing or just not posted to the message board? As the PIX is not a router it MUST nat to pass traffic from one interface to another, yes I know about nat 0 however this special nat...

You can't diable this only move the SMTP ispection onto a different port, i.e. not 25 and one which you are not using. fixup protocol smtp 3456 no fixup protocol smtp 25

Can't remember, being honest, partly because I block everything in all directions as the first thing to do then put the holes through. So I would expressly permit the host from the dmz to the outside and block everything else. Hope that makes sense.

I don't think the problem is with your ACL's as such but with the route-map, next hop address, and default route. When the interface is down the next hop address is on a network which the router has no route too. At this point I am not exactly sure of the behaviour of the device. However...

Don't think you can do this, sorry. The PIX only supports DHCP on its own inside interface and then only for the network the interface is in, this also suggests the support for a separate default gateway is not there at the moment.

the source address is the real source address of the originating station within the DMZ, the destination address is the address of the inside host. The ACL is then applied on the DMZ interface in the inbound direction. access-list out_in permit tcp host 10.0.0.1 host 20.0.0.1 eq ftp...

I used the logging function on the access point, in this case it was a FW, to help pin point the badies which still had the Nachi virus on the inside LAN. This may not be an ideal solution as the routers are already under pressure, however check the CPU again and it may provide a method to mop...