Cisco Security :: PIX 515E - How Many Entries Can NAT Table Have
Oct 29, 2012how big the NAT tabel for a PIX515E is? how many entries can it have?
View 10 Replies
ADVERTISEMENT
Cisco WAN :: Routing Table Entries Support On 1921 / K9?
Nov 27, 2012Is there a Table which the list the route table entries on Cisco ISR Router especially ISR 1921 Router.
View 3 Replies View RelatedCisco WAN :: Cat3560X - EIGRP Entries Missing In Routing Table
Sep 19, 2012I have got two L3 switches, Cat3550 and Cat3560X. Cat3550 is present at head office and Cat3560X at the branch office. Both connected by 10MB LES link and have VLAN74.
[code]...
Cisco WAN :: 2612 And 2610 Maximum Number Of Nat Translation Table Entries
Jan 7, 2013what is the size of nat table for cisco router 2612 and 2610 and what is the maximum number of nat translation table entries
View 1 Replies View RelatedCisco Security :: PIX 515E Logging For Audit
Oct 17, 2011We have a PIX 515E running ver 6.3 and we want to implemente some sort of logging to keep track of who/when logs in to the PIX and if they make any config changes or to the file system. All of this is for forensic purposes in the future. I have already looked at some PIX docs but I don´t seem to find what I am lokking for.
View 1 Replies View RelatedCisco Security :: Tunnel Mismatch Between A PIX 515E Version 7.2(2) - 3800 12.3(11r)?
Mar 11, 2007I have a tunnel between a PIX 515E version 7.2(2)and a Cisco 3800 version 12.3(11r). There is a mismatch somewere in the configs but I cannot find it. I have included the configs and the syslog errors.
View 5 Replies View RelatedCisco Routers :: Srp547w Restarts When Edit Security In Wireless Table?
Feb 13, 2013I have recently purchases a Cisco srp547w for my organisation. It is working fine with one SSID enabled. I have configured everything with no problems using the Web interface. However, whenever I click the Edit button, in the Security column, in the Wireless Table under Basic Wireless Settings I get a pop up message which says :"Some values have been changed. The router must restart the wireless module to take effect.Please wait several seconds" I have tried this using 3 different browsers and get the same behaviour in each browser.
View 1 Replies View RelatedLinksys Wired Router :: BEFVP41 / DHCP - Set Static Table IPs For Security Camera DVR?
Jun 22, 2011I have enabled DHCP but want to set static table IP's for my security camera DVR and one computer, the others can remain dynamic. I know in other routers I can attach a LAN IP to a mac address to keep it static but I can't see where I can do that with this router.
View 4 Replies View RelatedCisco Firewall :: Import PIX 515E 6.3(5) Config Into New PIX 515E 8.0?
Aug 22, 2011I need to redo the configuration on the new one?
View 11 Replies View RelatedCisco WAN :: WS-SUP720-3B - 2 Full BGP Table - Maximum Routing Table?
Jan 16, 2013In datasheet of WS-SUP720-3B - link- was said that are only supported around 256K routes (fib?rib?).With this value I can't get 2 full bgp - that is around 850K ..
The supervisor is that control this or just memory ? I said this because I have a 7204-npe-g1 whith 2 fullrouting and 1G of and he are ok..
Cisco Firewall :: 15.2 / How To Interpret IOS Log Entries
Oct 12, 2011how to read some of these log entries I see on the IOS 15.2 router I'm working with. I'm fairly new to this stuff. My understanding is that the first socket (123.123.123.123:port#) is the originating one, and the 2nd socket is the receiving or destination. This makes sense when I see an entry like:
01043: *Nov 21 2012 10:28:34.323 PCTime: %FW-6-DROP_PKT: Dropping tcp session xx.xx.241.163:39557 192.168.xx.xx:80 due to RST inside current window with ip ident 0
The internal IP is our email server inside the LAN, the first IP is some IP in a foreign country, so someobody visited our web interface for the email server, obviously trying to breach or recon the interface but whatever. Then I see an (unrelated) entry like this elsewhere in the logs:
001095: *Nov 21 2012 25:56:03.531 PCTime: %FW-6-DROP_PKT: Dropping tcp session xx.xx.178.210:25 192.168.xx.xx:47343 on zone-pair inside-outside class INSIDE-OUTSIDE due to Stray Segment with ip ident 0
What this latter entry tells me is that the Internet host sent data FROM port 25 to what I am guessing is the open port our internal email server must have originated some other communication from. However we do not accept incoming port 25 mail from anywhere but a designated IP so this "send" is not supposed ot occur. So first off, am I reading that correctly? Is the first IP the sending system, and the second IP the receiver? there are no other entries in the logs between these two hosts, so either the logs have truncated with oldest entries removed (log buffer is set to 51200), or that outside host is sending, hoping to get our mail server to respond? BTW, the outside host WHOIS's to Microsoft's IP range, Block 1.
Cisco WAN :: ASR1002 Dynamic NAT Entries Are Not Released
May 31, 2012we are using an ASR 1002 for dynamic NAT (with route maps). I do have a Problem with the usage of the NAT pool it self.The total NAT Translations for the pool are:
#sh ip nat stat
[Id: 1] route-map natted-host-01 pool nat-pool-01 refcount 136
pool nat-pool-01: netmask 255.255.254.0
start XX.XX.202.0 end XX.XX.203.255
type generic, total addresses 512, allocated 88 (17%), missee 0
If i now look into the NAT translation Table i do get less entries:
#sh ip nat translations filter map-id dynamic 1 total Total number of translations: 43
Only a deeper look into the QFP gives here the right values:
# sh platform hardware qfp active feature nat data The ouput count matches the values I get if i isue a sh ip nat stat
My question is how is it handled internally.
We do have a problem too, with raising usage of the pool over the time.Once allocated Pool entries are not released after a period of time. And no NAT translation occur for that used IP NAT pool Addresses.
The timer on the device are set:
ip nat translation timeout 300
ip nat translation tcp-timeout 900
ip nat translation pptp-timeout 900
ip nat translation udp-timeout 120
ip nat translation routemap-entry-timeout 900
ip nat translation max-entries 750000
Gathering Host File Entries?
Sep 9, 2012I work in a service desk in +100 company and lately i got a task to gather all the host file entries that are on our network's PC's.We operate on windows XP 32&64bit, W7 64bit. Is there any tool that i could use to scan all host files within our network. I tried google of course but maybe i type my search phrases in a bad way to find something useful to my needs.
View 4 Replies View RelatedCisco Switching/Routing :: ME3400 Limited CDP Entries
Apr 4, 2013I have the ME3400 deployed in an the following design. 8 100Meg ports connects to Cisco 2955s, and the 1Gig port uplinks to a Cisco 3560. My CDP neighbour table only shows an entries for the uplink Gig port. If I look at the CDP stats in the show cdp Interfaces Fastethernet 0/1,, I see CDP packets being sent every 60, but nothing returning.
View 4 Replies View RelatedCisco Firewall :: Cannot View Permit Entries In The Log On ASA 5520
Apr 6, 2011I can not seem to view my "permit" entries in the log on my ASA 5520. I set up logging-lists, changed the level to 3 on the logging statement, and simply can't find it anywhere.
Partial config:
logging enabled
logging timestamp
logging JC-L3 level errors
logging monitor JC-L3
logging buffered JC-L3
logging trap notifications
[code]....
Cisco Switching/Routing :: 5500 ARP Entries And Support For VMs?
Jul 15, 2012How many VMs can a pair of 5548s support? Remember, for each VM, I will have an ARP entry in the 5500 ARP Table (assume 5500 is the L3 default gateway).
View 3 Replies View RelatedCisco Firewall :: How Many Route Entries Can ASA5520 (8.2.1-k8) Support
Sep 24, 2011how many route entries can ASA5520 (8.2.1-k8) support?
View 2 Replies View RelatedAccess Denied Entries In D-Link DIR-628 Log File?
Aug 9, 2011I have enabled Network filtering on MAC address on my D-Link 628 router.
I've noticed entries in the log file - "Access Denied to LAN System with MAC address ______________" for 2 different MAC addresses. I do not recognize these MAC addresses. The entry that immediately follows these messages - "Above message repeated 466 times and 124 times. The entries for these 2 MAC addresses has been occurring multiple times with different repeat numbers over the past few days.
Is this an indication that someone nearby my router is attempting to hack into my wireless router or do I have a configuration issue?
D-Link DIR-655 :: Time Entries In Log Details Are Wrong?
Mar 14, 2011The version of my DIR-655 is 1.32NA. Entries in the column of Time for LOG DETAILS are incorrect. How can I correct them?
View 3 Replies View RelatedD-Link DIR-615 :: Parental Control - Number Of Entries
Mar 4, 2011For our children, we use the parental control feature of the DIR-615 (RevD, FW4.11b15), which works excellently. I use the whitelist feature, so only trusted web sites can be accessed. Unfortunately the DIR-615 only has 10 entries in that list and I will soon need more. So I wonder if there is another D-Link router that offers a bigger list with maybe 50 or even 100 entries?
View 4 Replies View RelatedD-Link DIR-655 :: Rev A4 - Firmware 1.35NA - Securespot Log Entries?
Jan 22, 2011I have a DIR-655 rev A4 with firmware 1.35NA.I read [URL] 5 which stated that the SECURESPOT feature was removed as of firmware 1.35NA but since upgrading the router to 1.35NA I find the following two log entries mentioning securespot being initiated:
[INFO] Sat Jan 22 21:01:21 2011 Initiating securespot services.
[INFO] Sat Jan 22 21:01:21 2011 Allocating securespot services.
I will mention, before upgrading to 1.35NA I was running the stock 1.21 firmware that shipped with this router. Prior to updating to 1.35NA I had taken a backup of the router settings and after the firmware update was applied I restored this settings backup. Could that be the reason this log entry is showing up? It makes me think securespot is not really removed as is claimed in the release notes for this firmware.Can anyone else with a DIR-655 A4 w/firmware 1.35NA confirm the above two log entries mentioning securespot appear in the log (assuming ALL log settings are turned on) when your router is rebooted?
Belkin Routers :: F7D4302 Cannot Manually Set DNS Entries?
Oct 21, 2012Belkin F7D4302 will not connect to ISP if I try to manually set DNS entry. Once I attempt this I have to reset the router back to factory defaults before the router will connect with ISP
View 4 Replies View RelatedCisco :: Configure Multiple Next-hop Entries And Have It Perform Load Balancing?
May 2, 2012Can you configure multiple next-hop entries and have it perform load balancing?
Example
route-map test
match ip address test
set ip next-hop 1.1.1.1
set ip next-hop 2.2.2.2
Cisco Switching/Routing :: Stale ARP Entries On 6500 Running IOS?
Sep 11, 2007On occasion I will have to clear the ARP cache on a 6500 when a customer swapeeds out a firewall or firewall NIC. The ARP cache will show the MAC of the previous device and will not update until either the ARP table refreshes dynamically (currenty at default time) or it is cleared manually.
Sometimes I need to clear it manually and sometimes is is refreshed dynamically when the new device comes up. Inconsistant issue....
Under what circimstances will an ARP entry NOT be refreshed when a firewall or firewall NIC is swapped out.
Cisco VPN :: ACE-4710s To Setup Sticky Entries On Server Response Only
Aug 22, 2012I've been using my pair of ACE-4710s for quite some time and have usually stuck to the Class C Subnet sticky settings, as that's what we migrated from in Windows NLB. In one instance of load balancing I'm trying to create an L4 inspection policy that looks for a certain payload (much like a http header) and would like to persist on this. The problem is that the client portion of the conversation starts with a 'SessionID' of 0, and the server responds with a unique 'SessionID'. If I setup the sticky policy with 'Enable Sticky For Response', I get entries populated in the sticky database, but they all go to the same server as there is a sticky session setup for the SessionID = 0. Is there a way to setup sticky entries on server response only? Currently using ACE DM v4(1.0).
View 10 Replies View RelatedCisco Firewall :: 6552 Static Entries With Same Ip Address But Different Ports
Sep 15, 2011Our proxy/anti-smap/IPS box called PROXY is behind our Cisco ASA firewall. The PROXY is set in transparent mode.The PROXY internal ip is 1.1.1.1 (internal ip)We have the MX record for mail.domain.com with public ip 9.2.7.5 (public ip as we entered with ISP public DNS)What happens now is that the emails that come through get "caught" by the PROXY and then we setup a thing whereby the emails are then forwarded from PROXY to our mail.domain.com server. Also, we made a static entry in PROXY whereby we can https to our email server for the outlook web access from outside of work therefore allowing for users to see the outlook web access web page.On the Cisco firewall, we put the static entry that 9.2.7.5 is mapped to 1.1.1.1 thus the mail server public ip is mapped to the PROXY.
Now, the box has this thing whereby it sends an email to all staff once a day telling them how many mails are legit, how many rejected and how many are spam - the spam emails are listed within the email and staff can at a click of a release button next to each spam email release a particular email from the PROXY box and make it to into their inbox. This works fine from the inside network, but I have issues from the outside due to the DNS and other things.I also put in the PROXY that any network can release spam and that our staff vlan can release emails. Also, on the inside of the firewall we did an access list that computers from staff vlan can access 1.1.1.1 on port 6552 (Which is the release spam port).Hence, we can release emails from internal network through the Microsoft Outlook.
On the outside network, we cannot release emails when using outlook web access.The host name for the PROXY release spam is proxy.domain.com so what we did also today is ask "ISP" to make an A record entry for another public ip which is 9.2.7.6 for proxy.domain.com.We meanwhile made an entry on the access list that comptuers from outside can access 9.2.7.6 on port 6552 (which is the release port).Now the only question is in regards to the static entries:
1. do we (and can we?) static map 9.2.7.6 to 1.1.1.1 through a port 3840 on the Cisco ASA (although we have already mapped 1.1.1.1 to 9.2.7.5 - I have a doubt here as this might mean we might not get emails? Or would we have to do the static again for this one specifcying the 9.2.7.5 as an smtp entry and the 9.2.7.6 as a release button?
2. have I made a mistake in general and should I have just told the ISP to make a CNAME entry for proxy.domain.com with the public ip 9.2.7.5 (which is the public ip for MX record?)?
Cisco Switching/Routing :: 6509 - Maximum ARP Entries On Sup720?
Jan 13, 2008Just a very quick one. Is there any physical limitation to how many ARP entries a 6509 and sup720 can have?
View 4 Replies View RelatedCisco Routers :: RV082 Port Forwarding Limited To 30 Entries?
Nov 15, 2012we use RV082 as main gateway and need to open/forward around 50 ports to inside. But during setting of the rules I got an error message "The max of Port Range Forwarding is 30 entries. You can't add any more.".
In the online help is explicitely said "4. Click the Add to List button, and configure as many entries as you would like."
How can we setup more than 30 port forwarding rules ?
Cisco WAN :: Number Of MAC Entries Of Catalyst 3560X / 3750X Platform
Apr 10, 2012Any info regarding the number of MAC Entries of Catalyst 3560X/3750X Platform? I can find that number in 3560, 3750 ds but not in 3560x ds.
View 2 Replies View RelatedCisco Application :: No Sticky Database Entries Seen With End-To-End SSL And Cookie With ACE30s
Sep 10, 2012We've got ACE30s (active/standby) running A5(1.2), and a context that's front-ending one of our major applications, doing SSL termination on the client side and SSL initiation on the back side:
parameter-map type ssl FrontEndSSL-Param
rehandshake enabled
parameter-map type ssl BackendSSL-param
authentication-failure ignore
[Code]...
Cisco VPN :: 7200 / Limitation With Number Of Entries In Split Tunnel ACL
Feb 4, 2013We have 2 Hubs (Cisco 7200 - 2 for redudancy). Every customer have a Spoke (Cisco 881). The Spokes are 24/24 connected to the 2 hubs (2 dmvpn tunnels) to give us the access to our equipments of monitoring and for support. Every Spoke have a NAT table with a specific NAT range for every Spoke. Like this we can reach every devices with a unique IP inside the VPN.For example:
- Spoke_001 have a NAT IP range of 10.80.0.0 255.255.254.0
- Spoke_002 have a NAT IP range of 10.80.2.0 255.255.254.0
...
To connect to the hubs with our laptops, we are using the Cisco VPN client. We have different profiles created in the hubs:
- Admin profile with an ACL that allow the connectivity to every Spoke
- Integrator profiles: that allow the connectivity of one integrator to some defined Spokes.
So the integrator profile looks like this in the hub
crypto isakmp client configuration group [NAME]
key [PASSWORD]
domain [DOMAIN]
pool [NAME]
acl [NAME_VPN_Split]
[code]....
The problem is that if we can't summarize an ACL in less than 50 lines, we will have to create a second profile and to know wich one to use for wich network...
Version:
ROM: System Bootstrap, Version 12.3(4r)T3, RELEASE SOFTWARE (fc1)
BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.3(15), RELEASE SOFTWARE (fc3)
System image file is "disk2:c7200-advsecurityk9-mz.151-4.M2.bin"
Cisco Switching/Routing :: Clarification On ARP 1700 Received More Than 30 Entries
Apr 15, 2013As a matter of fact i am new to this field .I have cisco 1700 series router which has ea0 and FE 0 port
E0 connected to LAN and FA0 for ISP ,both are configured wit publisc ip.and ststic route to ISP. (E0 connected to switch and fa0 connected to ISP MUX)
When i issued sho arp command i have received more than 30 entries of MAC and IP address . I am wondering how i received this much mac in arp table.
D-Link DIR-601 :: Log Flooded With UDHCPD Received A SIGUSR1 Entries
Nov 30, 2011I just replaced my older D-Link with a DIR-601. I decided to try the email feature, so I set the option to "On Log Full". Within an hour I had 5 emails. I noticed that they were mostly entries reading "DIR-601 local0.debug udhcpd[18594]: UDHCPD Received a SIGUSR1". The "Debug Information" option isn't checked.
View 1 Replies View Related
