Debasis Chowdhury

Members
  • Content count

    27
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Debasis Chowdhury

  • Rank
    Newbie
  • Birthday 02/29/80

Contact Methods

  • MSN
    topu_ctc@hotmail.com
  • Yahoo
    topu_ctc@yahoo.com

Profile Information

  • Gender
    Male
  • Location
    Bhubaneswar
  1. Cisco's one of the cool feature is NBAR (Network Based Application Recognition). We can easily block any site using NBAR now-a-days. Suppose we want to block youtube and facebook these two sites. We can use the following commands to accomplish this: class-map match-any BLOCKED_SITES match protocol http host "*youtube.com*" match protocol http host "*facebook.com*" ! policy-map DROP_WEB class BLOCKED_SITES drop ! interface FastEthernet0/0 description Connected to the LAN service-policy input DROP_WEB Now suppose we want to block files having extensions .exe and .bin: class-map match-any BLOCKED_URLS match protocol http url "*.exe|*.bin" ! policy-map DROP_WEB class BLOCKED_URLS drop ! interface FastEthernet0/0 description Connected to the LAN service-policy input DROP_WEB OALAN#show running-config interface fa0/1 Building configuration... Current configuration : 221 bytes ! interface FastEthernet0/1 description OA-LAN ip address 10.10.10.1 255.255.255.240 ip nbar protocol-discovery ip nat inside load-interval 30 duplex auto speed auto service-policy input DROP_WEB end OALAN# After configuring the above, still user is able to open the blocked sites. Need support to close the issue. My Question: How can I block website using Cisco router. Thanks in advance
  2. Cisco's one of the cool feature is NBAR (Network Based Application Recognition). We can easily block any site using NBAR now-a-days. Suppose we want to block youtube and facebook these two sites. We can use the following commands to accomplish this: class-map match-any BLOCKED_SITES match protocol http host "*youtube.com*" match protocol http host "*facebook.com*" ! policy-map DROP_WEB class BLOCKED_SITES drop ! interface FastEthernet0/0 description Connected to the LAN service-policy input DROP_WEB Now suppose we want to block files having extensions .exe and .bin: class-map match-any BLOCKED_URLS match protocol http url "*.exe|*.bin" ! policy-map DROP_WEB class BLOCKED_URLS drop ! interface FastEthernet0/0 description Connected to the LAN service-policy input DROP_WEB OALAN#show running-config interface fa0/1 Building configuration... Current configuration : 221 bytes ! interface FastEthernet0/1 description OA-LAN ip address 10.10.10.1 255.255.255.240 ip nbar protocol-discovery ip nat inside load-interval 30 duplex auto speed auto service-policy input DROP_WEB end OALAN# After configuring the above, still user is able to open the blocked sites. Need support to close the issue. My Question: How can I block website using Cisco router. Thanks in advance
  3. Cisco's one of the cool feature is NBAR (Network Based Application Recognition). Where we can easily block any site using NBAR now-a-days. Suppose we want to block youtube.com and facebook.com these two sites. We can use the following commands to accomplish this: class-map match-any BLOCKED_SITES match protocol http host "*youtube.com*" match protocol http host "*facebook.com*" ! policy-map DROP_WEB class BLOCKED_SITES drop ! interface FastEthernet0/0 description Connected to the LAN service-policy input DROP_WEB Now suppose we want to block files having extensions .exe and .bin: class-map match-any BLOCKED_URLS match protocol http url "*.exe|*.bin" ! policy-map DROP_WEB class BLOCKED_URLS drop ! interface FastEthernet0/0 description Connected to the LAN service-policy input DROP_WEB OALAN#show running-config interface fa0/1 Building configuration... Current configuration : 221 bytes ! interface FastEthernet0/1 description OA-LAN ip address x.x.x y.y.y.y ip nbar protocol-discovery ip nat inside load-interval 30 duplex auto speed auto service-policy input DROP_WEB end OALAN# But after configuring all the above parameters, still the user is able to access the blocked sites. Need support. My query: How to block required websites in cisco router. Thanks in advance
  4. but how to do the same how will I forward the port internally ?
  5. can u advise how to do the same in a PC running ICS.
  6. I have a small home network with 2 computers running windows XP. The first Machine is WinXP Pro with 2 nic cards. One card is direct into the broadband modem and onto the web. The second card goes into a switch. I have configured the ICS setup so that I can access the web from my second my pc. From my second PC running Windows XP and connecting to the interent through ICS on the first machine. I am wanting to run an ftp server on my 2nd PC that can be accessed from the interent. The problem is that as it is an internal machine & have the internal IP 192.168.0.2 which I cannot access from internet. Is there a way that I can access the ftp server (or can I make web ftp server) from the Internet (through the 1st machine e.g. port forwarding or routing etc.???) The way I think of it is (internal) (external) usrnm:psswd @ 192.168.0.2 @ 80.194.x.x Thanks in advance for your time.
  7. can any one help me plz.
  8. I was used GNS3 and used two router as IPSec tunnels. But unable to bring the IPSec tunnel up. Am sharing the router configuration details below. Router0- Cisco 3725 () Router1- Cisco 3725 Configurations Details Below. ROUTER-0 ROUTER-0#sh run Building configuration... Current configuration : 1177 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ROUTER-0 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip subnet-zero ip cef ! ! ! ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto isakmp policy 1 authentication pre-share crypto isakmp key champions address 10.1.1.2 ! ! crypto ipsec transform-set 3DESHMAC esp-3des esp-sha-hmac ! crypto map TOPU local-address Loopback0 crypto map TOPU 1 ipsec-isakmp set peer 10.1.1.2 set transform-set 3DESHMAC match address ROUTER0 ! ! ! ! interface Loopback0 description IPSec Interface ip address 192.168.1.1 255.255.255.0 crypto map TOPU ! interface FastEthernet0/0 description X-Connect To Router-1 Fa0/0 ip address 10.1.1.1 255.255.255.0 speed 100 full-duplex crypto map TOPU ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip classless ! ip http server no ip http secure-server ! ip access-list extended ROUTER0 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 ! ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 password cisco login ! end ROUTER-0# ROUTER-1 ROUTER-1#sh run Building configuration... Current configuration : 1177 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ROUTER-1 ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip subnet-zero ip cef ! ! ! ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto isakmp policy 1 authentication pre-share crypto isakmp key champions address 10.1.1.1 ! ! crypto ipsec transform-set 3DESHMAC esp-3des esp-sha-hmac ! crypto map UPOT local-address Loopback0 crypto map UPOT 1 ipsec-isakmp set peer 10.1.1.1 set transform-set 3DESHMAC match address ROUTER1 ! ! ! ! interface Loopback0 description IPSec interface ip address 192.168.2.1 255.255.255.0 crypto map UPOT ! interface FastEthernet0/0 description X-Connect To Router-0 Fa0/0 ip address 10.1.1.2 255.255.255.0 speed 100 full-duplex crypto map UPOT ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip classless ! ip http server no ip http secure-server ! ip access-list extended ROUTER1 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 ! ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 password cisco login ! end ROUTER-1# Some IPSec Details Below ROUTER-0#ping 192.168.2.1 sou 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: Packet sent with a source address of 192.168.1.1 ..... Success rate is 0 percent (0/5) ROUTER-0#show crypto isakmp sa dst src state conn-id slot ROUTER-0#show crypto map Crypto Map: "TOPU" idb: Loopback0 local address: 192.168.1.1 Crypto Map "TOPU" 1 ipsec-isakmp Peer = 10.1.1.2 Extended IP access list ROUTER0 access-list ROUTER0 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 Current peer: 10.1.1.2 Security association lifetime: 4608000 kilobytes/3600 seconds PFS (Y/N): N Transform sets={ 3DESHMAC, } Interfaces using crypto map TOPU: Loopback0 FastEthernet0/0 ROUTER-0#show crypto isakmp key Keyring Hostname/Address Preshared Key default 10.1.1.2 champions ROUTER-0# Please suggest where the configuration error. Thankx in advance
  9. In the Cisco IOS on a Catalyst Switch, there’s an Interface Mode command called shape round-robin queue bandwidth. More specifically, the command is srr-queue bandwidth. This command has been around since IOS 12.2(25). For these examples, I’m using a Cisco Catalyst 2960 switch. Entering the command appended with a question mark will display the command options. Here’s an example: Switch(config)# interface FastEthernet 0/1 Switch(config-if)# srr-queue bandwidth ? limit Configure bandwidth-limit for this interface shape Configure shaping on transmit queues share Configure shared bandwidthAs you can see, the command options are limit, shape, and share. While we’ll focus on the limit option this time, keep in mind that you can also use the srr-queue bandwidth command to shape and share bandwidth. For example, let’s say you have a 100-Mb Ethernet port on a Catalyst switch. You’re selling the bandwidth on the port, and a customer has bought 10 Mb of bandwidth. Obviously, you want to limit the outbound bandwidth on the port to 10 Mb instead of the full 100 Mb. To do so, go to Interface Configuration Mode on the switch port, and apply the srr-queue bandwidth limit command. Here’s an example: Switch(config)# interface FastEthernet 0/1 Switch(config-if)# srr-queue bandwidth limit 90 The 90 sets the outbound bandwidth limit on the port to 90 percent of the port speed. Since this is a 100-Mb port, this should limit the outbound traffic from the port to 10 Mb
  10. Hi All; Please give me the details of Round-Robin Routing Technique. Kindly describe how it works and what actually done using this technique? Its uses and example.... Regards....
  11. Hey man!.... plz explain clearly. What u want to do ?
  12. can any one share the reverse static NAT router configurations plz
  13. can you share the reverse static NAT router configurations plz.
  14. Good day folks! I have a "how to" question. I have a standard Cisco router with several interfaces. Namely 1) WAN connection 2) NAT'd private pool 3) Public routable pool. I would like to configure a publicly accessable IP that routes to this router to pass traffic via "Reverse NAT" to a private IP inside the NAT'd pool. How can this be accomplished? Can any one share the router configurations. Public IP will be: 12.28.199.103 pointing to.... Private IP will be: 10.1.1.100 Current setup uses the standard NAT commands "ip nat inside","ip nat outside","ip nat pool" and "ip nat inside ... overload" (single IP is used for NAT translation). Thanks in advance!
  15. The below command will advertise only the single IP i.e; 192.168.5.1 router-id 192.168.5.1 network 192.168.5.1 0.0.0.0 area 0 This scenario is used in case of loopback IP. Since the loopback interface will be act as router id in OSPF. And if you want to advertise a subnet then the next command can be used. network 192.168.5.0 0.0.0.255 area 0 in the above command the whole subnet 192.168.5.0 - 192.168.5.255 will be advertise.