Cromac

Members
  • Content count

    204
  • Joined

  • Last visited

  • Days Won

    2

Cromac last won the day on January 11 2013

Cromac had the most liked content!

Community Reputation

2 Neutral

About Cromac

  • Rank
    Advanced Member
  • Birthday 04/03/80

Contact Methods

  • Website URL
    http://

Profile Information

  • Gender
    Male
  • Location
    Czech Republic
  1. I would probably say that DMZ and INSIDE interfaces are on different VLANs on C3750 unless the previous admin did somtthing wrong .
  2. Hi, what is the source of that MAC flaps in the log? L2 loop? Cromac
  3. Hi, I am not sure if the rule about same security levels on interface apply to the VPN traffic as well. But for testing purposes try to enable "same-security-traffic inter-interface". Cromac
  4. Hi, "sh int" can do this job. You can see there "Last input/output". On C4500 you can use "sh int link". Cromac
  5. Hi, I would go for: ip access-list extended localLAN deny host 192.168.100.5 any eq 80 permit 192.168.100.0 0.0.0.255 any eq 80 class-map match-any URLs match protocol http url "*.yyy.com" match protocol http url "*.xxx.com" class-map match-all URLs_localLAN match access-group localLAN match class-map URLs policy-map URLs_localLAN class URLs_localLAN drop I did not test it so I am not 100% sure that this will work for you. Cheers Cromac
  6. Hello, logging list do that job. http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1754683 Cromac
  7. I would go for "multihoming with default routes and partial Internet routes from all providers". Cromac
  8. Well year of two ago I had same problem but I was unable to find appropriate tool. I did it manually that I had one asa in the office, dowloaded the runing configs from the PIXes uploded one-by-one to the ASA then and looked if config is OK or not. In case you have some "new" version of PIXOS it means 6.3 or later commads are almost the same.
  9. Hi, I would say that this is correct. Cromac
  10. Hi, I would say that this is not a correct answer. ACL is not correct. What about deny routing update on BGP peering between R2-R4 or R4-R6? Cheers Cromac
  11. Hi, nope, no points are needed ;o). I had few minutes of free time and I was intrested in this so I labbed it. Have a great day! Cromac
  12. Hi, this can shed some light into this http://www.wr-mem.com/?p=93 . In the attachment is config of PIX I labed in GNS an it is working as expected. Cromac pix.txt
  13. This will never work because you are configuring name-to-IP translation on the router and then doing telnet from your PC. You have to change hosts file on your PC (c:\windows\system32\drivers\etc\). Cromac
  14. Hi, you do not have route back to R4 from R6. Cromac
  15. Hi, could you please attach the drawing of your topology. I am not really sure how this is connected. But if there are some L2 loops then not all the VLANS will be in forwarding state on all ports. Cheers Cromac