Comments for Networks Training http://www.networkstraining.com IP Networks Training and Tutorials Thu, 02 Sep 2010 06:01:09 +0000 hourly 1 http://wordpress.org/?v=3.0.1 Comment on How to Configure a Cisco ASA 5510 Firewall – Basic Configuration Tutorial by Blog Admin http://www.networkstraining.com/how-to-configure-a-cisco-asa-5510-firewall-basic-configuration-tutorial/comment-page-1/#comment-636 Blog Admin Thu, 02 Sep 2010 06:01:09 +0000 http://www.networkstraining.com/?p=463#comment-636 To allow communication between any two ASA interfaces (security zones) you need two things: 1) proper NAT 2)proper access lists. So, yes if you have the proper nat in place between DMZ and inside (provided that nat-control is enabled) then you just need to apply the correct access list on the DMZ interface to allow web server to communicate with the internal SQL server. To allow communication between any two ASA interfaces (security zones) you need two things: 1) proper NAT 2)proper access lists.

So, yes if you have the proper nat in place between DMZ and inside (provided that nat-control is enabled) then you just need to apply the correct access list on the DMZ interface to allow web server to communicate with the internal SQL server.

]]> Comment on How to Configure a Cisco ASA 5510 Firewall – Basic Configuration Tutorial by andrew http://www.networkstraining.com/how-to-configure-a-cisco-asa-5510-firewall-basic-configuration-tutorial/comment-page-1/#comment-633 andrew Wed, 01 Sep 2010 13:12:31 +0000 http://www.networkstraining.com/?p=463#comment-633 Blog Admin, Thanks. Regarding the access lists, well i have exchange server on the internal network as well and I am also planning to add an MS SQL 2008 internally. On the DMZ, I was thinking of putting up a web/ftp server. How do I treat this in access list as well? Excuse my ignorance, i am novice to Cisco. Thanks Blog Admin,

Thanks. Regarding the access lists, well i have exchange server on the internal network as well and I am also planning to add an MS SQL 2008 internally. On the DMZ, I was thinking of putting up a web/ftp server. How do I treat this in access list as well? Excuse my ignorance, i am novice to Cisco.

Thanks

]]> Comment on Blocking peer-to-peer using Cisco IOS NBAR by Aakil http://www.networkstraining.com/blocking-peer-to-peer-using-cisco-ios-nbar/comment-page-1/#comment-625 Aakil Tue, 31 Aug 2010 08:36:54 +0000 http://www.networkstraining.com/?p=206#comment-625 I found this article very accurate and useful too for those student and security professional who are implementing application layer security services on a Layer 3 device. With NBAR the PDLM feature is very useful. Kind Regards, Aakil I found this article very accurate and useful too for those student and security professional who are implementing application layer security services on a Layer 3 device.

With NBAR the PDLM feature is very useful.

Kind Regards,
Aakil

]]> Comment on Cisco Router-on-a-stick with Switch by Blog Admin http://www.networkstraining.com/cisco-router-on-a-stick-with-switch/comment-page-1/#comment-597 Blog Admin Wed, 25 Aug 2010 04:58:03 +0000 http://www.networkstraining.com/?p=77#comment-597 Yeap, Warren is right. I haven't played much with 2960 switches but seems they support only 802.1q as Vlan protocol, so you just need to specify "<strong>switchport mode trunk</strong>" only in your configuration. Yeap, Warren is right. I haven’t played much with 2960 switches but seems they support only 802.1q as Vlan protocol, so you just need to specify “switchport mode trunk” only in your configuration.

]]> Comment on Cisco Router-on-a-stick with Switch by Warren Sullivan http://www.networkstraining.com/cisco-router-on-a-stick-with-switch/comment-page-1/#comment-596 Warren Sullivan Wed, 25 Aug 2010 03:30:26 +0000 http://www.networkstraining.com/?p=77#comment-596 Jack, You only have to enter the command: (config-if)# switchport trunk encapsulation dot1q if your switch supports 203.1q AND ISL (ISL is an old school cisco proprietry protocol) If the option isnt there, it only supports 203.1q so there is no need to specify 203.1q, just skip the line....as in: # conf t (config)# vlan database (config-vlan)# vlan 10 name RED (config-vlan)# vlan 20 name GREEN (config-vlan)# exit (config)# interface FastEthernet1/0/1 (config-if)# description trunk-to-router-on-a-stick (config-if)# switchport mode trunk (config-if)# exit (config)# interface FastEthernet1/0/2 (config-if)# description connection-to-RED-VLAN (config-if)# switchport mode access (config-if)# switchport access vlan 10 (config-if)# exit (config)# interface FastEthernet1/0/3 (config-if)# description connection-to-GREEN-VLAN (config-if)# switchport mode access (config-if)# switchport access vlan 20 (config-if)# exit (config)# exit # copy run start Jack,
You only have to enter the command:
(config-if)# switchport trunk encapsulation dot1q
if your switch supports 203.1q AND ISL (ISL is an old school cisco proprietry protocol)
If the option isnt there, it only supports 203.1q so there is no need to specify 203.1q, just skip the line….as in:
# conf t
(config)# vlan database
(config-vlan)# vlan 10 name RED
(config-vlan)# vlan 20 name GREEN
(config-vlan)# exit
(config)# interface FastEthernet1/0/1
(config-if)# description trunk-to-router-on-a-stick
(config-if)# switchport mode trunk
(config-if)# exit
(config)# interface FastEthernet1/0/2
(config-if)# description connection-to-RED-VLAN
(config-if)# switchport mode access
(config-if)# switchport access vlan 10
(config-if)# exit
(config)# interface FastEthernet1/0/3
(config-if)# description connection-to-GREEN-VLAN
(config-if)# switchport mode access
(config-if)# switchport access vlan 20
(config-if)# exit
(config)# exit
# copy run start

]]> Comment on How to Configure Static Routing on Cisco Routers by Blog Admin http://www.networkstraining.com/how-to-configure-static-routing-on-cisco-routers/comment-page-1/#comment-562 Blog Admin Wed, 18 Aug 2010 11:21:21 +0000 http://www.networkstraining.com/?p=838#comment-562 You mean R2 right? Yes, on R2 you can either use a dedicated network interface for connecting to R3 and R4 or also use a single physical ethernet interface and configure two subinterfaces on it for connecting to R3 and R4. You mean R2 right? Yes, on R2 you can either use a dedicated network interface for connecting to R3 and R4 or also use a single physical ethernet interface and configure two subinterfaces on it for connecting to R3 and R4.

]]> Comment on How to Configure Static Routing on Cisco Routers by Azim Norazmi | ITechPrince http://www.networkstraining.com/how-to-configure-static-routing-on-cisco-routers/comment-page-1/#comment-561 Azim Norazmi | ITechPrince Wed, 18 Aug 2010 11:05:55 +0000 http://www.networkstraining.com/?p=838#comment-561 Nice tutorial, Should we make subinterface in R1 for network 2 and 3? Nice tutorial,

Should we make subinterface in R1 for network 2 and 3?

]]> Comment on How to Configure a Cisco ASA 5510 Firewall – Basic Configuration Tutorial by Blog Admin http://www.networkstraining.com/how-to-configure-a-cisco-asa-5510-firewall-basic-configuration-tutorial/comment-page-1/#comment-560 Blog Admin Wed, 18 Aug 2010 10:28:23 +0000 http://www.networkstraining.com/?p=463#comment-560 Andrew, If you have a dedicated DHCP server in your network, then you must not activate DHCP service on the ASA appliance. If you have an ISA server, you can connect the ISA server in the internal network (or preferably on a DMZ) and force all internal users to use the ISA as proxy for their HTTP traffic. You can configure an access-list which allows only the ISA server to access the internet for ports 80/443. Regarding the global IPs, you don't need to configure sub-interfaces to assign them. With sub-interfaces you just create separate network security zones. If the global IPs are routed towards your outside interface, you can create static NAT commands and redirect those IP addresses to internal hosts for example. Andrew,

If you have a dedicated DHCP server in your network, then you must not activate DHCP service on the ASA appliance. If you have an ISA server, you can connect the ISA server in the internal network (or preferably on a DMZ) and force all internal users to use the ISA as proxy for their HTTP traffic. You can configure an access-list which allows only the ISA server to access the internet for ports 80/443.

Regarding the global IPs, you don’t need to configure sub-interfaces to assign them. With sub-interfaces you just create separate network security zones. If the global IPs are routed towards your outside interface, you can create static NAT commands and redirect those IP addresses to internal hosts for example.

]]> Comment on How to Configure a Cisco ASA 5510 Firewall – Basic Configuration Tutorial by andrew http://www.networkstraining.com/how-to-configure-a-cisco-asa-5510-firewall-basic-configuration-tutorial/comment-page-1/#comment-558 andrew Wed, 18 Aug 2010 05:00:42 +0000 http://www.networkstraining.com/?p=463#comment-558 Thanks for this. As for the Step 6, I have an internal DNS to resolve internal addresses and DHCP assigning addresses internally. Do I still need to have ASA 5510 run DHCP? I also currently have ISA server 2006 on which I had a stub copy of DNS and forwards queries to external DNSs. I would like to continue using ISA server with ASA 5510, the latter will be at the perimeter. How can I accommodate both? Also, I have several global IPs and I do not know how to define sub-interfaces to assign several global IPs to a single physical interface. Please help! Thanks for this. As for the Step 6, I have an internal DNS to resolve internal addresses and DHCP assigning addresses internally. Do I still need to have ASA 5510 run DHCP? I also currently have ISA server 2006 on which I had a stub copy of DNS and forwards queries to external DNSs. I would like to continue using ISA server with ASA 5510, the latter will be at the perimeter. How can I accommodate both? Also, I have several global IPs and I do not know how to define sub-interfaces to assign several global IPs to a single physical interface. Please help!

]]> Comment on CWNA Certification-Certified Wireless Network Administrator by CWNA Certification-Certified Wireless Network Administrator | AvaLAN Wireless Systems, Inc. http://www.networkstraining.com/cwna-certification-certified-wireless-network-administrator/comment-page-1/#comment-534 CWNA Certification-Certified Wireless Network Administrator | AvaLAN Wireless Systems, Inc. Wed, 11 Aug 2010 10:47:44 +0000 http://www.networkstraining.com/?p=634#comment-534 [...] a CWNA Certification is a smart move for networking professionals who want to differentiate themselves from the crowd. A [...] [...] a CWNA Certification is a smart move for networking professionals who want to differentiate themselves from the crowd. A [...]

]]>