Configuring and implemting firewall on a solaris router/gateway

Similar Messages

• How to configure one dsl connection and one public ip in cisco router and map to one interface for using exchange server

  how to configure one dsl connection and one public ip in cisco router and map to one interface for using exchange server

  Hi ,
   Have you got any additional public IP Address from your service provider , If yes on router you can have static route for those additional IP Address pointing to your ASA  outside interface . 
  Accordingly you can configure NAT 
  HTH
  Sandy . 

• How to do nating in isa570 and is routing to be enabled for that . I have static ip configured and pining at my office and i want to acess rdp from my home

  How to do nating in isa570 and is routing to be enabled for that . I have static ip configured and pining at my office and i want to acess rdp from my home

  HHow did you export? Did you use H.264? Hour and a half is going to be a big file. For your customers sake you might consider breaking it down into segments.

• Audit Vault and DB Firewall Design

  I have and application (JAVA Based) connected to the database 11g using JDBC,
  I am going to implement Audit Vault and DB firewall R12 for three reasons:
  1. monitoring the traffic
  2. blocking un wanted SQL statements.
  3. blocking un wanted IPs/Users
  Our two Physcial servers that will be used for Audit Vault and DB Firewalls contain two NIC each.
  My Questions:
  1.  How to put these two servers in our network to be able to mointor as well block traffic, we don't need to change anything to our exisiting network configuration.
  2.  How to DB Firewall will block unwanted incomming traffic from the JAVA application to our database.
  please any usefull documents, links, ideas, network design
  I tried official Oracle Document, it is useless

  hi,
  1. if you plan to block sql using the firewall you will need 3 NICs in the firewall appliance since apart from the management interface you will need to setup a bridge (with 2 NICs) to physically route the traffic through the firewall, this also requires you to patch the appliance properly inside your datacenter between the protected database and the client or middle tier servers, so you can't do  this w/o changing anything in your nw configuration.
  2. you will need to compile a whitelist based on what your trusted applications are doing normally, this is an iterative process, then the firewall will be able to block sql not in the whitelist (replace it with something like select 1 from dual), since the only physical network path from the java clients to  the secured target db goes via the bridge
  Comment: so if you have a chance: pull one NIC out of the AV server (it only needs 1) and plug it into the firewall appliance.
  greetings,
  Harm ten Napel

• TS2972 i have done all 7 steps recommended by the troubleshooting articles and only when i restart my router does my library show on apple tv2 but only for about 5 minutes, this was never a problem before the updates of itunes and apple tv2,

  i have done all 7 steps recommended by the troubleshooting articles and only when i restart my router does my library show on apple tv2 but only for about 5 minutes, this was never a problem before the updates of itunes and apple tv2, i have spent insane amounts of money on the apple store buying movies and tv shows that i cannot watch anymore, and no there is no firewall on my laptop nor my router, so no port configuration is needed
  i have read many articles for this problem but there is no solution, some say restart the router, others say uncheck the option to sync iphone over wi-fi, others suggest not hitting the "done" button after setting up homeshare on itunes, NONE of them work. My itunes library disappears from ym apple tv 2 after 5 minutes or so

  Did not work. I've selected iMessage to ON and left it. After a few hours I recieved a message "activation unsuccessful. Turn on iMessage to try again". This has been going on for the past 3 days.

• Interworking between WCCP and IOS firewall on ISR and ASR routers?

  I ran into a problem last year when running WAAS WCCP and IOS firewall IP inspection on the same 3945 router. They couldn't function at the same time. Cisco indicated that router IOS firewall and WCCP were compatible only when IOS zone-based policy configuration was used. Back then I was using IOS 15.1(1)T1 on the 3945 router and WAAS was version 4.2.3.
  I now have some sites with 2921, 3945, and ASR1002 routers that need to be both IOS firewall and WCCP for WAAS. Now with newer IOS releases, does the IOS firewall estill have to be zone-based policy configuration? Because classic classic IOS firewall is easier to configure for WAAS, just "ip inspection waas enable" command, I'd prefer the easier configuration.
  What about ASR1002 router IOS firewall with WCCP? I have never implemented that before. I was trying to find some deployment examples or configuration guides from Cisco, but was not able to.
  Thanks for any help.
  Gary

  I'm assuming you placed service group 61 and 62 on the router LAN, WAN inbound directions. Did you apply inspection to LAN to WAN direction or WAN to LAN direction?
  Did you also used WCCP and IOS firewall on ASR routers?
  Thanks a lot

• I want a new and more powerful (non-Apple) wireless router but I still want to use my existing Time Capsule to continue with my Time Machine backups and I still need the Time Capsule's Network Attached Storage (NAS) features and capabilities

  THE SHORTER STORY
  My goal is to successfully use my existing Time Capsule (TC) with a new and more powerful wireless router. I need a new and more powerful wireless router in order to reach a distant Denon a/v receiver that is physically located in a master bedroom some 50 feet away from my modem. I need to provide this Denon a/v receiver with an Internet connection so that it can obtain its firmware updates and I need to connect this Denon a/v receiver to my network in order to use its AirPlay feature. I believe l still need the TC's Network Attached Storage (NAS) features because I am not sure if the new wireless router will provide me with the NAS like features / capabilities I need to share files between my two Apple laptops with OS X 10.8.2. And I know that I absolutely need my TC's seamless integration with Apple's Time Machine (TM) application in order to continue to make effortless backups of my two Apple laptops. To my knowledge nothing works with TM like Apple's TC. I also need the hard disk storage space built into the TC.
  I cannot use a long wired Ethernet cable connection in this apartment and I cannot use power-line adapters. I have read that wireless range extenders and repeaters are difficult to successfully set-up and that they will reduce data speeds, especially so when incorrectly set-up. I cannot relocate my modem and/or primary base station wireless router.
  In short, I want to use my TC with my new and more powerful wireless router. I need to stop using the TC to connect to the modem. However, I still need the TC for seamless TM backups. I also need to use the TC's built in hard drive for storage. And I may still need the TC's NAS capabilities to share files wirelessly between laptops because I am assuming the new wireless router will not provide NAS capabilities for OS X 10.8.2 (products like this/non-Apple products rarely seem to work with OS X 10.8.2/Macs to provide NAS features and capabilities). Finally, I want to continue to use my Apple laptop and AirPlay to wirelessly access and play my iTunes music collection stored on the TC's hard drive. I also want to continue to use my Apple laptop, AirPlay and Apple TV to wirelessly watch movies and TV shows stored on the additional external hard drive connected to the TC via USB. Can someone please advise on how to set-up my new Asus wireless router with my existing TC in such a way to accomplish all of this?
  What is the best configuration or set-up to accomplish my above goals?
  Thank you in advance for your assistance!!!
  THE FULL STORY
  I live in an apartment building where my existing Time Capsule (TC) is located in my living room and serves many purposes. Specially, my TC is at least all of the following:
  (1) Wi-Fi router connected to Comcast Internet service via Motorola SB6121 cable modem - currently the TC is the Wi-Fi base station that connects to the modem and has the gateway address to the Internet. The TC now provides the DHCP service for the Wi-Fi network.
  (2) Wireless router providing Internet and Wi-Fi network access to several Wi-Fi clients - two Apple laptop computers, an iPod touch, an iPad and an iPhone all connect wirelessly to the Internet via the TC.
  (3) Wired Ethernet router providing Internet and Wi-Fi network access to three different devices - a Panasonic TV, LG Blu-Ray player and an Apple TV each use one of the three LAN ports on the back of the TC to gain access to the Internet.
  (4) Primary base station in my attempt to extend my wireless network to a distant (located far away) Denon a/v receiver requiring a wired Ethernet connection - In addition to the TC, which is my primary base station, I am also using a second extended Wi-Fi base station (a Netgear branded product) to wirelessly extend my WiFi network to a Denon receiver located in the master bedroom and requiring a wired Ethernet connection. I cannot use a wired Ethernet connection to continuously travel from the living room to the master bedroom. The distance is too great as I cannot effectively hide the Ethernet cable in this apartment.
  (5) Time Machine (TM) backup facilitator - I use my TC to wirelessly back-up two Apple laptops using Apple's Time Machine (TM) application. However, I ran out of storage space on my TC and therefore added external storage to it. Specifically, I added an external hard drive to my TC via the USB port on the back of the TC. I now use this added external hard drive connected to the TC via USB as the destination storage drive for my TM back-ups. I have partitioned the added external hard drive, and each of the several partitions all have enough storage space (e.g., each of the two partitions used by TM are sized at three times the hard drive space of each laptop, etc.). Everything works flawlessly.
  (6) Network Attached Storage (NAS) - In addition to using the TC's Network Attached Storage (NAS) capabilities to wirelessly back-up two Apple laptops via TM, I also store other additional files on both (A) the hard drive built into the TC and (B) the additional external hard drive connected to the TC via USB (there are additional separate partitions on this drive for these other additional and non-TM backup files).
  I use the TC's NAS feature with my Apple laptop and AirPlay to wirelessly access and play my iTunes music collection stored on the TC's hard drive. I also use my Apple laptop, AirPlay and Apple TV to wirelessly watch movies and TV shows stored on the additional external hard drive connected to the TC via USB. Again, everything works wirelessly and flawlessly. (Note: the Apple TV is connected to the network via Ethernet and a LAN port on the back of the TC).
  The issue I am having is when I try to listen to music via Apple's AirPlay in the master bedroom. This master bedroom is located at a distance of two rooms away from the TC's current location in the living room, which is a distance of about 50 feet. This apartment has a long rectangular floor plan where each room is connected to the next in a straight line. In order to use AirPlay in the master bedroom I am using a second extended Wi-Fi base station (a Netgear branded product) to wirelessly extend my WiFi network to a Denon receiver located in the master bedroom and requiring a wired Ethernet connection. This additional base station connects wirelessly to the WiFi network provided by my TC and then gives my Denon receiver the wired Ethernet connection it needs to use AirPlay. I have tried moving my iTunes music directly onto my laptop's hard drive, and then I used AirPlay on this same laptop to connect to the Denon receiver. I always get a successful connection and the song plays, but the problem is that the connection inevitably drops.
  I live in an apartment building and all of the many wireless routers in this building create a great deal of WiFi interference on both the 2.4 GHz and 5GHz bands. I have tried connecting the Netgear product to each the 2.4 and 5 GHz bands, but neither band can successfully maintain a wireless connection between the TC and the Netgear product. I also attempted to maintain a wireless connection to an iPod touch using the 2.4 GHz band and AirPlay on this iPod touch to play music on the Denon receiver. Again, I was able to establish a connection and successfully play music, but after a few minutes the connection dropped and the music stopped playing. I therefore have concluded that I have a poor wireless connection in the master bedroom. I can establish a connection, but it is intermittent with frequent drops. I have verified this with both laptops by working in the master bedroom for an entire day on both laptops. The Internet connection in this master bedroom proved to drop out frequently - about once an hour with the laptops. The wireless connection and the frequency of its dropout are far worse with the iPod touch and an iPhone.
  I cannot relocate the TC. Also, this is an apartment and I therefore cannot extend the range of my network with Ethernet cable (I cannot drill through walls/ceilings, etc.). It is an old building with antiquated wiring and power-line adapters are not likely to function properly, nor can I spare the direct power outlet required with a power-line adapter. I simply need every outlet I can get and cannot afford to block any direct outlet.
  My solution is to use a more powerful wireless router. I found the ASUS RT-AC66U Dual-Band Wireless-AC1750 Gigabit Router which will likely provide a better connection to my wireless Internet in the master bedroom than the TC. The 802.11ac band of this Asus wireless router is totally useless to me, but based on what I have read I believe this router will provide a stronger connection at greater distances then my TC. And I will be ready for 802.11ac when it becomes more widely available.
  However, I still need to maintain the TC's ability to work seamlessly with TM to backup my two laptops. Also, I doubt the new Asus router will provide OS X 10.8.2 with NAS like features and capabilities. Therefore, I still would like to use the TC's NAS capabilities to share files on my network wirelessly assuming the Asus wireless router fails to provide this feature. I need a new and more powerful wireless router, but I need to maintain the TC's NAS features and seamless integration with TM. Finally, I want to continue to use my Apple laptop and AirPlay to wirelessly access and play my iTunes music collection stored on the TC's hard drive. I also want to continue to use my Apple laptop, AirPlay and Apple TV to wirelessly watch movies and TV shows stored on the additional external hard drive connected to the TC via USB. Can someone advise on how to set-up my existing TC with this new Asus wireless router in such a way to accomplish all of this?
  Modem
  Motorola SB6121 SURFboard DOCSIS 3.0 Cable Modem
  Existing Wireless Router and Primary Wi-Fi Base Station - Apple Time Capsule
  Apple Time Capsule MC343LL/A 1TB Sim DualBand (purchased June 2010, likely the Winter 2009 Model)
  Desired New Wireless Router and Primary Wi-Fi Base Station - Non-Apple Asus
  ASUS RT-AC66U Dual-Band Wireless-AC1750 Gigabit Router
  Extended Wi-Fi Base Station - Provides an Ethernet Connection to a Denon A/V Receiver Two Rooms Away from the Modem
  Netgear Universal Dual Band Wireless Internet Adapter for TV & Blu-Ray (WNCE3001)
  Addition External Hard Drive Attached to the Existing Apple Time Capsule via USB
  WD My Book Studio 4TB Mac External Hard Drive Storage USB 3.0
  Existing Laptops on the Wireless Network Requiring Time Machine Backups
  MacBook Air (11-inch, Mid 2012) OS X 10.8.2
  MacBook Pro (13-inch Mid 2010) OS X 10.8.2
  Other Existing Apple Products (Clients) on the Wireless Network
  iPod Touch (second generation) is model A1288.
  iPad (1st generation)
  Apple TV (3rd generation) - Quantity two (2)

  Thanks Bob Timmons.
  In regards to a Plan B, I hear ya brother. I am already on what feels like Plan Z. Getting WiFi to a far off room in an apartment building crowded with WiFi routers is a major pain.
  I am basing my thoughts on the potential of a new and more powerful router reaching the far off master bedroom based on positive reviews on cnet.com, pcmag.com and pcworld.com. All 3 of these web sites have reviewed the Asus RT-AC66U 802.11AC wireless router as well as its virtual twin cousin 802.11n router. What impressed me is that all 3 sites rated this router #1 overall in terms of both range and speed (in both the 802.11n and 802.11AC flavors). They tested the router in real world scenarios where the router needed to compete with a lot of other wireless routers. One of the sites even buried this Asus router in a media room with thick walls and inside a media cabinet. This Asus router should be able to serve my 2.4 GHz band wireless clients (iPod Touch and iPhone 4) with a 2.4GHz Wireless-N band offering some 50 feet of dependable range and a 60 Mbps throughput at that range. I am hoping that works, but it's borderline for my master bedroom. My 5 GHz wireless clients (laptops) will enjoy a 5GHz Wireless-N band offering 150 feet of range and a 200 Mbps throughput at that range. I have no idea what most of that stuff means, but I did also read that Asus could reach 300 feet and I got really excited. My mileage may vary of course and I'm sure I'm making some mistakes in my interpretation of their data. However, my Winter 2009 Time Capsule was rated by cnet.com to deliver real world performance of less than that, and 802.11AC may or may not be useful to me someday. But when this Asus arrives and provides anything other than an excellent and consistent wireless signal without drops in the master bedroom it's going right back!
  Your solution sounds great, but I have some questions. I'm using OS X 10.8.2 and Airport Utility (version 6.1 610.31) and on its third tab labeled "Wireless" the top option enables you to set "Network Mode" to either:
  Create a wireless network
  Extend a wireless network
  Off
  Given your advice to "Turn off the wireless on the TC," should I set Network Mode to Off? Sorry, I'm clueless in regards to how to turn off the wireless on the TC any other way. Can you provide specific steps on how to turn off the wireless on the TC? If what I wrote is correct then what should the rest of this Wireless tab look like, or perhaps it is irrelevant when wireless is off?
  Next, what do you mean by "Configure the TC in Bridge Mode?" Under Airports Utility's fourth tab labeled "Network" the top option "Router Mode" allows for either:
  DHCP and Nat
  DHCP Only
  Off (Bridge Mode)
  Is your advice to Configure the TC in Bridge Mode as simple as setting Router Mode to Off (Bridge Mode)? If yes, then what should the rest of this "Network" tab look like? Anything else involved in configuring the TC in Bridge Mode or is it really as simple as setting the Router Mode to "Off (Bridge Mode)"?
  How about the other tabs in Airport Utility, can they all stay as is assuming I use the same network name and password for the new Asus wireless router? Or do I need to make any other changes to the TC via Airport Utility?
  Finally, in regards to your Plan B suggestion. I agree. But do you have a Plan B for me? I would greatly appreciate any alternative you could provide. Specifically, if you needed a TC's Internet connection to reach a far off corner of your home how would you do it? In the master bedroom I need both a wired Ethernet connection for the Denon a/v receiver and wireless Internet connection for the iPhone and iPod Touch.
  Power-Line Adapters - High Cost, Blocks at Least One Wall Outlet and Does Not Solve the Wireless Need
  I actually like exactly one power-line adapter, which is the D-Link DHP-540 PowerLine AV 500 4-Port Gigabit Switch. This D-Link power-line adapter plugs into your wall outlet with a normal sized plug (regular standard power cord much like any other electronic device) instead of all of the other recommended power-line adapters that not only use at least one wall outlet but also often block the second outlet. You cannot use a power strip with a power-line adapter which is very impractical for me. And everything about my home is strange and upside down. The wiring here is a disaster and I don't have faith in its ability to carry Internet access from the living room to the master bedroom. And this D-Link power-line adapter costs $90 each and I need at least two to make the connection to the Denon A/V receiver. So, $180 on this solution and I still don't have a dependable drop free wireless connection in the master bedroom. The Denon might get its Ethernet Internet connection from the power-line adapter, but if I want to use an iPhone 4 or iPod Touch to stream AirPlay music to the Denon wirelessly (Pandora/iTunes, etc.) from the master bedroom the wireless connection will not be stable in there and I've already spent $190 on just the two power-line adapters needed.
  Extenders / Repeaters / Wirelessly Extending the Wireless Network
  I have also read great things about the Amped Wireless High Power Wireless-N 600mW Gigabit Dual Band Range Extender (Repeater) SR20000G and the My Net Wi-Fi Range Extender. The former is very powerful and the latter is easier to install. Both cost about $150 ish so similar to a new Asus router. However, everything I read about Range Extenders points to them not being very effective for a far off corner of your house wherein it's apparently hard to place the range extender in the sweet spot where it both gets a strong enough signal to actually effectively extend the wireless signal and otherwise does not reduce network throughput speeds to unacceptable speeds.
  Creating a Roaming Network By Hard Wiring with Ethernet Cable - Wife Would Say, "**** No!"
  Even Apple seems to warn against wirelessly extending your network (see: http://support.apple.com/kb/HT4145#) and otherwise strongly recommends a roaming network where Ethernet cable is used to connect two wireless base stations. However, I am in an apartment where stringing together two wireless base stations with Ethernet cable would have an extremely low wife acceptance factor (WAF). I cannot (both contractually and from a skill prospective) hide Ethernet wire in the walls or ceiling. And having visible Ethernet cable running from room-to-room would be unacceptable, especially to the wife.
  So what is left? Do you have a Plan B for me? Thanks in advance for your help!

• Adding new Computer to my Home Network and I have a WRT54GS .V5 Router

  I have a existing home network connecting a HP laptop and a Dell desktop and all is well. Now however I bought a new Lenovo laptop with the Vista OS with SP1 and I would like to connect it to my home existing home network. I know this might be a rather simple question BUT I am not great with networks and I set up my home network years ago and I draw a blank on how I did it. There is one CD I found that I marked with the words Remote Linksys Install on it and there is one file on it named NetSetClient. Not sure why I kept it and I do not remember what it does but might help in getting my solution.
  Please help the network novice

  As your linksys router is configured and its working on 2 other computers perfectly fine, so you dont have to run the CD again on your new computer. Is your new computer is a Wireless computer, So on your New computer, in the system tray, Right click on Two computer Icon and select "Connect to a Network".. selecte your Wireless network... type in your security key and click on Connect. After this try going online.
  If you new computer is a Wired computer, Just plug in the cable from your New computer to the Router and you will be able to go Online.

• What is the username and password for the airport extreme router

  I just switched from a wired router to an airport extreme and im trying to access the router information by typing in my router into the search bar of safari, when I used my old router the username and password was admin, admin. but this isnt the case with the airport extreme, does anyone know what the username and password combination is for airport extreme?

  Unlike routers from most other manufacturers, Apple's Airport devices cannot be configured using a web browser pointed to the IP address of the Base Station. Any manual configuration of the Airport Base Station must be done using the Airport Admin Utility provided by Apple.
  FYI, when using the Airport Admin Utility the default password for the Airport Base Station is the word "public".

• Ask the Expert:Concepts, Configuration and Troubleshooting Layer 2 MPLS VPN – Any Transport over MPLS (AToM)

  With Vignesh R. P.
  Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions about  concept, configuration and troubleshooting Layer 2 MPLS VPN - Any Transport over MPLS (AToM) with Vignesh R. P.
  Cisco Any Transport over MPLS (AToM) is a solution for transporting Layer 2 packets over an MPLS backbone. It enables Service Providers to supply connectivity between customer sites with existing data link layer (Layer 2) networks via a single, integrated, packet-based network infrastructure: a Cisco MPLS network. Instead of using separate networks with network management environments, service providers can deliver Layer 2 connections over an MPLS backbone. AToM provides a common framework to encapsulate and transport supported Layer 2 traffic types over an MPLS network core.
  Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
  Remember to use the rating system to let Vignesh know if you have received an adequate response. 
  Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the  Service Provider sub-community discussion forum shortly after the event. This event lasts through through September 21, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Tenaro,
  AToM stands for Any Transport over MPLS and it is Cisco's terminology used for Layer 2 MPLS VPN or Virtual Private Wire Service. It is basically a Layer 2 Point-to-Point Service. AToM basically supports various Layer 2 protocols like Ethernet, HDLC, PPP, ATM and Frame Relay.
  The customer routers interconnect with the service provider routers at Layer 2. AToM eliminates the need for the legacy network from the service provider carrying these kinds of traffic and integrates this service into the MPLS network that already transports the MPLS VPN traffic.
  AToM is an open standards-based architecture that uses the label switching architecture of MPLS and can be integrated into any network that is running MPLS. The advantage to the customer is that they do not need to change anything. Their routers that are connecting to the service provider routers can still use the same Layer 2 encapsulation type as before and do not need to run an IP routing protocol to the provider edge routers as in the MPLS VPN solution.
  The service provider does not need to change anything on the provider (P) routers in the core of the MPLS network. The intelligence to support AToM sits entirely on the PE routers. The core label switching routers (LSRs) only switch labeled packets, whereas the edge LSRs impose and dispose of labels on the Layer 2 frames.
  Whereas pseudowire is a connection between the PE routers and emulates a wire that is carrying Layer 2 frames. Pseudowires use tunneling. The Layer 2 frames are encapsulated into a labeled (MPLS) packet. The result is that the specific Layer 2 service—its operation and characteristics—is emulated across a Packet Switched Network.
  Another technology that more or less achieves the result of AToM is L2TPV3. In the case of L2TPV3 Layer 2 frames are encapsulated into an IP packet instead of a labelled MPLS packet.
  Hope the above explanation helps you. Kindly revert incase of further clarification required.
  Thanks & Regards,
  Vignesh R P

• Ask the Expert: Global Site Selector Configuration and Troubleshooting

  Welcome to this Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about configuring and troubleshooting the Global Site Selector (GSS) with expert Swati Chopra.
  GSS devices represent the next generation of application switches and global server load balancing (GSLB) appliances. Working together with the Cisco ACE Module and Cisco ACE 4710 appliance, these devices form an application-fluent networking solution that improves availability, acceleration, and security for data center applications.
  The primary role of Cisco GSS is to implement the business continuance and disaster recovery policies of a business by optimizing and securing the Domain Name System (DNS) infrastructure of the data center. It does this by integrating with the DNS infrastructure and responding to the client DNS requests, thereby directing the client to the site that is best able to serve its needs.
  Swati Chopra is a CCNA, CCNP, and VCP certified customer support engineer for content switching, covering technologies such as Cisco Application Control Engine, Cisco Wide Area Application Services, Global Site Selector, Cisco Content Services Switches, and Digital Media Suite. She has been with Cisco for more than three years and has worked with most of the high-end customers on content-related complex cases. She completed her master’s degree in finance, was heading an online education project in collaboration with e-Sylvan, and later moved to technical services because of her love for technology. She is actively involved with diverse Cisco initiatives such as Connected Women, WISE, and Cisco Career Connections and recently hosted a “Birds of Feather” table at Cisco’s Women of Impact conference.
  Remember to use the rating system to let Swati know if you have received an adequate response. 
  Because of the volume expected during this event, Swati might not be able to answer every question. Remember that you can continue the conversation in the Data Center community under subcommunity Application Networking shortly after the event. This event lasts through April 25, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hi Sarah,
  The load balancing mechanism for GSS requests is done via different methods. We can use these methods to define how the load is shared for different balance clauses within the same rule. The 6 methods we use are:
  –round-robin—The GSS cycles through the list of answers that are available as requests are received. Each resource within an answer group is tried in turn. The GSS cycles through the list of answers, selecting the next answer in line for each request. This is the default.
  eg: if we have 2 answers in answer group then GSS will provide them alternatively.
  –least-loaded—The GSS selects an answer based on the load reported by each VIP in the answer group. The answer reporting the lightest load is chosen to respond to the request.The least-loaded option is available only for VIP-type answer groups that use a KAL-AP or Scripted keepalive, as they provide the GSS with detailed information on the SLB load and availability.
  eg: if one answer has higher load than the other, than first answer will not be provided until its load goes down the other answers
  –ordered—The GSS selects an answer from the list based on precedence; answers with a lower order number are tried first, while answers further down the list are tried only if preceding answers are unavailable to respond to the request.
  for eg: answer with ordered number 1 will be provided first till it becomes unavailable. Once it is unavailable then answer with ordered list number 2 will be provided
  –weighted-round-robin—The GSS cycles through the list of answers that are available as the requests are received, but sends requests to favored answers in a ratio determined by the weight value assigned to that resource.
  eg: if one answer has more weight(80%) than the other answer(20%), then it will be used 8 times out of 10.
  –hashed— When the GSS uses the hashed balance method, elements of the client's DNS proxy IP address and the requesting client's domain are extracted to create a unique value, referred to as a hash value. The unique hash value is attached to and used to identify a VIP that is chosen to serve the DNS query.
  The use of hash values makes it possible to "stick" traffic from a particular requesting client to a specific VIP, ensuring that future requests from that client are routed to the same VIP. This type of continuity can be used to facilitate features, such as online shopping baskets, in which client-specific data is expected to persist even when client connectivity to a site is terminated or interrupted.
  The GSS supports the following two hashed balance methods. You can apply one or both hashed balance methods to the specified answer group.
  • By Source Address—The GSS selects the answer based on a hash value created from the source address of the request.
  • By Domain Name—The GSS selects the answer based on a hash value created from the requested domain name.
  for eg: a user using same source ip will get the same answer from GSS if we do source address hashing.
  -DNS Race (Boomerang) Method-The GSS supports the DNS race (boomerang) method of proximity routing, which is a type of DNS resolution initiated by the GSS to load balance 2 to 20 sites.
  The boomerang method is based on the concept that instantaneous proximity can be determined if a CRA within each data center sends an A-record (IP address) at the exact same time to the client's D-proxy. The DNS race method of DNS resolution gives all CRAs (Cisco content engines or content services switches) a chance at resolving a client request and allows for proximity to be determined without probing the client's D-proxy. The first A-record received by the D-proxy is, by default, considered to be the most proximate.
  Use case is mainly with CRA's.
  Hope this helps. Please feel free to revert if you have follow-up questions.
  Thanks,
  Swati

• Security Router: Best and cheap recommendation for a home router (security bundled)

  Security Router: Best and cheap recommendation for a home router (security bundled), to practice commands and all CCSP configurations.
  Wireless needed, 802.11N preferred
  Looking for the all in an appliance solution, and maybe compatible with future Unified Communications acquisition like a UC500 maybe...
  Please, please, please...

  At the moment checking these two options:
  SR520W-FE-K9
  CISCO881W-GN-A-K9
  Fast Ethernet

• C6250 on Win XP will not configure and install

  I installed  HP Photosmart Full Feature Software and Drivers ver 10.0.1.
  Doing a network install, the application sees the printer as a network device.
  However, as it tries to configure and install, I get an ERROR, all it shows me is a large red "X" between the printer and the router, not other information.
  I am running Win XP 32 bit on an HP (Compaq) 6910p Notebook.
  I downloaded the  HP Home Network Diagnostic Utility and I was able to send a command to the printer to print a diagnositc page (from my notebook, wireless)
  I have uninstalled and reinstalled 2 times.  I tried downloading this patch :   Critical Update to Correct a PC to Printer Communication Issue  but it faied.  I tried downloading this update:  Critical Update to Enhance Reliability of Network and USB Connectivity and Improve System Responsive...  but it told me I had no SW that required this update.
  Any ideas ?

  It sounds like you are unable to scan and that is why you need to install the printer.  One problem I've seen is that a mutlifunction adapter for your product can be in the device manager prior to installation and that causes the device to fail to install.  To open the device manager, go to the control panel and then click device manager (or hold the windows key and press the pause key, then click device manager).  Once device manager is open, click the view menu and then click the "Show hidden devices" item.  You should now see an item in the list in the main window for Multifunction adapters.  Look for an entry under Multifunction adapters of "Photosmart C6250".  If you find this entry, right-click on it and select "Uninstall" from the drop down menu.  Now try to install the printer by inserting you CD and selecting "Add a device".  The install should now succeed.  If you didn't find an entry for your printer under multifunction adapters then your problem is elsewhere.
  Mike
  Say "Thanks" by clicking the Kudos Star in the post that helped you.
  I am an HP employee.

• Dynamic Routing Gateway and ASA

  Greetings,
  We have a requirement to configure a multisite gateway and have run into an issue. According to http://msdn.microsoft.com/en-us/library/azure/dn133793.aspx, dynamic routing gateways are not supported on the ASA platform. Does this simply mean that MS does
  not support this configuration or that this configuration is not possible? I cannot negotiate an ikev2 proposal with a dynamic gateway so I fear that it isn't possible.
  Has anyone here made this work?
  Thanks in advance.

  Hello
  In the link you provided, the combination of ASA with dynamic routing says it is not compatible (it does not say not supported).
  From that I understand that it will not work.
  We have tried a few Juniper combinations in the past with static and dynamic routing that were not on the list you mention - only to find out that they indeed did not work.
  My recommendation is to stick to the supported setup.

• How to enable routing between HWIC-4ESW and Onboard FE on cisco 1841 router..?

  Hello All,
  I have a cisco 1841 router, recently i have purchased HWIC-4ESW slot for my router. The module is working fine i could able to see additional FE ports(fe0/0/0,fe0/0/1...).Now problem comes in routing i.e. these HWIC-4ESW ports and Onboard FEs are not communicating.If any bode knows the solution kindly let me know the configuration details..
  Thanks,Sazz

  Hi,
  Look at the configs below.
  How can I use IP Routing so communication is possible across all subnets?
  Router>en
  Router#config t
  Router(config)#int fa0/0
  Router(config-if)#description ***INTERNET***
  Router(config-if)#ip address xxx.xxx.xxx.xxx 255.255.255.252
  Router(config-if)#no shut
  Router(config-if)#ip nat outside
  Router(config-if)#exit
  !On-board interface
  Router(config)#int fa0/1
  Router(config-if)#description ***LAN***
  Router(config-if)#ip address 10.0.xxx.xxx 255.255.255.0
  Router(config-if)#no shut
  Router(config-if)#ip nat inside
  Router(config-if)#exit
  Router#vlan database
  % Warning: It is recommended to configure VLAN from config mode,
    as VLAN database mode is being deprecated. Please consult user
    documentation for configuring VTP/VLAN in config mode.
  Router(vlan)#vlan 10
  VLAN 10 modified:
  Router(vlan)#vlan 20
  VLAN 20 added:
      Name: VLAN0020
  Router(vlan)#exit
  APPLY completed.
  Exiting....
  Router#config t
  Router(config)#int vlan 10
  Router(config-if)#ip address 172.16.xxx.xxx 255.255.255.0
  Router(config-if)#ip nat inside
  Router(config-if)#no shut
  Router(config-if)#exit
  Router(config)#int vlan 20
  Router(config-if)#ip address 192.168.xxx.xxx 255.255.255.0
  Router(config-if)#ip nat inside
  Router(config-if)#no shut
  Router(config-if)#exit
  !HwIC-4ESW interface
  Router(config)#int fa0/0/0
  Router(config-if)#switchport mode access
  Router(config-if)#switchport access vlan 10
  Router(config-if)#exit
  !HWIC-4ESW Interface
  Router(config)#int fa0/0/1
  Router(config-if)#switchport mode access
  Router(config-if)#switchport access vlan 20
  Router(config-if)#exit
  Router(config)#exit
  Router#copy run start
  Destination filename [startup-config]?
  Building configuration...
  [OK]
  Router#config t
  Router(config)#ip name-server xxx.xxx.xxx.xxx
  Router(config)#ip name-server xxx.xxx.xxx.xxx
  Router(config)#exit
  Regards,