Recent content by shihlin

Thanks for promptly reply. We will have around 400 - 500 Cisco Cat 3500 / 3700 Switchs. Another reason why I would like to partition of vtp domain is becuase some of network had nothing to do with core network, the only purpose is access Internet. I know pruning and remove vlan from trunk can...

Hi, everyone. Just wondering does anyone implemented multiple vtp domains? We are in process of upgrading our switchs to Cisco which will involve large number for switchs. As result, I would like to see if multiple VTP domain will help me on minimize the traffic of vlans database propagation...

Sorry the link does not work. This is updated link: Main: http://deccax.dreamhosters.com/logs/main.txt Remote: http://deccax.dreamhosters.com/logs/remote.txt

Thank you for promptly reply. The remote site is using dedicated leased line. I upload the show run to a website. I tried to keep it as original as possible but I have to delete sensitive command lines. The aaa is remote site, and xxx is main site. Main...

Hi all, thanks for reading this thread. I have question regards to site to site vpn using 2 pix. Currently I have a remote site with PIX 5153 version 7.0 (ASDM) installed, and is vpn to main site PIX 520 version 6.3.4. The remote site is able to initiate the vpn tunnel fine if the traffic is...

Thanks for the information. Jynxx, just wonder are you using HSRP for 2621, and 1710? Also should VPN tunnel will remain up even in the backup sitution? Thanks again, SL

Thanks for promptly reply. Yes, I was thinking about ISDN but I think VPN is cheaper and faster solution compare to ISDN (Bri). Any suggestion on configurations or reference I can find it? Is flooding static route or HSRP will work? Many thanks, SL

Hi I just want to know if anyone done a failover from Point-to-Point T1 to vpn before. I wonder if I have a Cisco router with VPN accelerate card or Cisco 2800 router install can I setup the router to failover to VPN link (site to site) when the router’s Point-to-Point link goes down. Any...

Hi, I have a question regards to NAT clients. I setup a Dynamic port translation for inside clients to access Internet. In the inside network, I have setup a system for sniffing the network and nothing else. However, from my IDS I seem someone is trying to connect to use ICMP hard error to...

Thanks for promptly reply. But my problem is user login name / password is authenticating against TACAS. Pix had no ideal of login information. Well PIX authenticate both the TACACS, and its own local database? Thanks for the reply… SL

Hey I have question about adding ACL to VPN clients. Currently I have Cisco PIX 515E (ASDM5.0) setup with VPN server. It authenticates users by accessing the TACACS server from inside network. However, I don’t know where to add the ACL for that user after it login. For example I would like...

Thanks, i figure it out. it was nat and route in 515e giving me the problem. regards, SL

In un-secure network: I able to ping 520’s inside interface from the workstation (192.168.254.40): 838: ICMP echo request (len 32 id 3 seq 37121) 10.100.10.40 > 10.1.1.1 839: ICMP echo reply (len 32 id 3 seq 37121) 10.1.1.1 > 10.100.10.40 Ping yahoo.com 216.109.112.135 Request timed out Show...

Thanks for promptly reply. The un-secure systems are NAT to secure address. These secure address are working fine if connect to secure network. * Un-secure 192.168.254.x <-- DHCP assign from 515e * 515e static NAT per workstation. example: 192.168.254.40 <--> 10.10.10.40 * 520 dynamic...

Hi everyone, I trying to setup test lab that is consist an edge firewall, and our main firewall. This is a setup: Un-secure network (192.168.254.x) <---> Cisco 515e (edge firewall) <---> Secure (main network - 10.x.x.x) <---> Cisco 520 (main) <---> Internet (Public IP) On Cisco 515e I also...