Search results for query: *

Speaking of dust problems on a PIX. About a year ago our PIX 520 was making some noises that sounded to me like a fan dying. The PIX was sealed, so I didn't want to just slice the warranty sticker, so I contacted Cisco, and they wanted like $1k to cross ship us a replacement, or around $750...

I believe he's on the same LAN. The problem is that STP is putting the ports on the 2924 in blocking mode when the PC's first power up, and given that they probably power up very fast, the port doesn't go into forwarding mode when the DHCP request tries to go out, and thus the problem. Two...

Be more specific. A broadcast is local to a subnet. The DMZ would be another subnet, and therefore wouldn't be part of the broadcast. The reason I say be more specific is the only exception I can think of would be for a directed broadcast. The default for new router IOS is 'no ip...

I can't speak in absolutes for all Cisco platforms, but my 1605R & 804 both use ntp's standard udp/123 port. I run a very tight config (IOS Firewall and an ACL that blocks everything except what I allow or the IOS Firewall opens up on the way out), and I know the NTP wouldn't work until I added...

Post your config and we might be able to help more (remove passwords, SPIDs, etc.).

Try removing ppp multilink and only dial out with one channel (remove the second SPID)and see if you get 56 or 64kb as you should. If so, I'm guessing the channels aren't bonding properly, and it's doing some sort of round-robining out both devices and half the packets are getting dropped/being...

Nuke the ACLs on the console port and see if it doesn't just magically get fixed (you said you still have telnet access, right?). If you don't have the ACL defined, I'm guessing it's doing an implicit deny any. I can't see why you'd even want an ACL on a console port. I can understand on a...

First, 192.168.0.0 will route on a LAN the same as any other non-class D/E or loopback address. It may not route through your ISP across the internet, but that's only because the ISP is chosing to drop those packets (as the RFC's say those certain private address ranges shouldn't be routed)...

Bandwidth has no actual effect on the bandwidth. It's used by routing protocols to determine metrics, etc. The main lines needed is the clockrate and the following line on the DCE side: dce terminal-timing enable

I assume the IBM is remote, therefore the need for ISDN. Get a router than can support token ring interfaces (some 2500s) and connect an external ISDN unit off of a serial interface. If you want to spend a bit more cash, get a 2600 and add a token ring interface and ISDN BRI WIC.

I don't see any idle-timeout configured. The syntax is: dialer idle-timeout 240 (4 minutes, as it is specified in seconds)

A minor correction: the biggest difference between the 1600 and 1700 line is the CPU performance. Also, the 1720 comes with no interfaces beyond the single ethernet, which the 160x comes with two interfaces (my preference is the 1605R with a T1 WIC as it comes with two ethernet ports and one...

You'll need a WINS server at the central location or use LMHOSTS which are stored: Win9x: c:\windows\lmhosts NT/W2k: c:\winnt\system32\drivers\etc\lmhosts You'll need a domain master at the remote location pointing at a WINS server if you want Browsing to work. Even a Win95 box can act as...

Cisco TAC and UniverCD: http://cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt3/scfirewl.htm#8179

I know this is an old post, but I'd feel a lot safer if all of my boxes were inside the firewall to some degree. If you're really paranoid about someone hacking the Webaccess box, put it on a DMZ leg, but don't put it out in the open as it still has to talk with the GW server, which means it...

The last post is simply not true. I connect to my own website and a number of customer's bank sites using HTTPS with no problems. Furthermore, the PIX supports SSH for secure remote management. For end users who need a secure FTP format, they should use and SCP...

Very minimal info from Real.com: http://service.real.com/firewall/adminrs.html Supposedly supported with the 'fixup rtsp' or 'fixup protocol tfsp' command, but neither command exist on my PIX running 5.1(2)...

See my reply to "PIX and Outlook Web Access" regarding problems like this. Hosts files should be enough, and make sure they are pointing to and resolving to the internal addresss. My preferred method (as mentioned in the above post) is to have an internal dns server which points the...

Do you have a NAT pool configured for you users to go out as? Do you have configured which internal subnets can use this external NAT pool? Here are some samples: Assigning the NAT pool: global (outside) 1 207.1.1.1-207.1.1.253 netmask 255.255.255.0 global (outside) 1 207.1.1.254 netmask...

See my reply to "PIX and Outlook Web Access" regarding NAT and local routing on same subnets. Questions to check out: Can you access inside servers with their inside ip addresses? What does your DNS record point to, public or internal address (I would guess internal, as it was for...