Traffic to Site?
I am trying to get more traffic to my site.
I understand there is a lot of material on the Internet but I
was just
wondering if anyone here had any luck with anything specific.
Thanks for your help.
Just plonk relevant content where you want, as long as it is
there the bot's
will grab it.
Cheers
Pablo
An Eye of Menorca
www.dellimages.com
"Lee" <[email protected]> wrote in message
news:evgpuv$7sq$[email protected]..
> Thanks for the link and ideas. Would you think it would
help to put
> "backbone text" down further on the page? I'm think a
paragraph of
> information below everything that would include a
description of the
> company and the products.
>
> I'm not so sure I want to revamp the page so that it
uses CSS to format
> the page but I think the other ideas apply.
>
> Pablo wrote:
>> Not being wicked but the content on the homepage is
poor, it's like a
>> link farm :)
>>
>> I would get some content onto the homepage, have a
look here:
>>
>>
http://sitening.com/seo-tools/seo-analyzer/my-analyzer/report/lynx/index.php?id=132275
>>
>> There is no backbone text for spiders to gobble,
just links.
>>
Similar Messages
-
Unable to pass traffic between sites
I've read through dozens of posts and so far have had no luck getting any of the suggestions to work - combined with many of these posts being multiple years old...so I'm going to try posting something current and see if I get anywhere.
Scenario:
Site A - Cisco ASA 5510 running 8.4(4)1 with two interface connections to a Cisco ME 6500 (which I do not manage), one for internet and one for a MPLS connection.
Site B – connecting to an unknown switch which is connected to the MPLS network.
Site C – Cisco ASA 5505 running 7.2(3) with one connection to an unknown switch (which I do not manage) for internet access.
Site A to Site B traffic flows between the two without issue.
Site A to Site C is a site-to-site VPN connection. Traffic flows between the two without issue.
The main issue I’m having is that Site B cannot talk to Site C and vice versa. Also my client VPN connections to Site A cannot get to Site B or Site C.
My first question is; is this even possible? (I sure expected it to be). And if so, what the heck am I doing wrong???
I’ve included a config from Site A which is where I’m guessing the problem is. Any insight is appreciated."I'm not following what you mean by that."
Your Site "A" and "B" connected through MPLS cloud and they are not connected through vpn-connection, right? I assume that your site "B" cannot communicate to site "C", therefore you must permit site-B's subnet traffic transit between site "A" and site "C" i.e. Site-B should have access to "C", right ?
"I may be misunderstanding, but isn't that what this is: "route MPLS 10.17.0.0 255.255.0.0 10.17.250.2 1"."
Great 10.17.0.0/16 route meant for site "B", that is fine, you wouldn't need an additional one.
"You completely lost me there :)"
I presume that your Site "B" and "C" does not have direct MPLS connection, therefore Site "A" becomes a transit path for site "B" and "C". You allow site-B's transit through the vpn-tunnel between site "A" and "C". Your site "C" assumes that subnet belong to site "B" is directly connected at site "A" but in reality it connects via a MPLS cloud and one last thing is that a route needed at site-B to push site-C's traffic to Site "A", a static route would do that.
As you would permit site-B's traffic to pass through vpn-tunnel site "A" and "C", in other words your "A" become a hub for traffic flowing between site "B" and "C".
"Should the route be applied to the inside or the outside interface?"
Outside. Your tunnel terminated on the outside interface, right? If so then it must point to outside's default-gateway address.
object network SiteB-network
subnet 10.17.2.0 255.255.255.0
this would allow you to access site-c subnet when you are remote-in to Site-A.
nat (outside,outside) source static VPN-pool VPN-pool destination static SiteC-network SiteC-network
this is to allow Site-B to access site-C subnet via the tunnel between site A and C.
nat (MPLS,outside) source static SiteB-network SiteB-network destination static SiteC-network SiteC-network
object network inside-network
subnet 192.168.1.0 255.255.255.0
nat (inside,outside) source static inside-network inside-network destination static SiteC-network SiteC-network
access-list outside_cryptomap extended permit ip object inside-network object SiteC-network
this is allow Site-B to access site-C subnet via the tunnel between site A and C.
access-list outside_cryptomap extended permit ip object SiteB-network object SiteC-network
Thanks
Rizwan Rafeek -
ConfigMgr 2012 - Expected compression ratio for upstream traffic - Secondary site to Primary
What compression ratio should we expect for upstream traffic (I guess mostly specific to inventory) from a ConfigMgr 2012 secondary site to a primary? We are debating between secondary site and DP for some sites with slow network links.
We are concerned about SQL replication even working with a secondary site on some of the slower link sites (e.g. 512K)
Thank you.It doesn't, I just wanted to get the full picture since you mentioned you were debating between secondary sites vs. dp's. In my personal experience I've seen customers who want to do a Primary and Secondary when they only have a few hundred PC's and
2 locations (which often is overkill depending on bandwidth and other factors). Just wanted to make sure I had all info first.
I'll try to find some exact numbers for you, I don't have any handy unfortunately. In the meantime, here's this page in case you haven't seen it yet. It is pretty handy and has some links to other, potentially useful pages.
http://technet.microsoft.com/en-us/library/gg712701.aspx
I can tell you from past experience the delta's that SCCM 2012 does for inventory are pretty low impact, but again, I don't have any exact numbers or ranges. I do apologize I don't have exactly what you're needing handy. I'll reply back if I
can dig them up. -
Inter site email Traffic when site tunnel drops
I have 3 sites, let me call Site1 , site2 and site3. where Site 1 is holding the primary mx record for receiving the
emails from external world.
Problem is when tunnel breaks between site1 and site3 all emails to be delivered to site3 are stuck in site1 itself,Expected
to use alternate way that's is from site1 to site2 and from site2 to site3 where the tunnels are up in running and delivery the emails.You could try setting cost for routing emails
http://technet.microsoft.com/en-us/library/cc794882(v=ws.10).aspx
http://technet.microsoft.com/en-in/library/cc757117(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/bb123696%28v=exchg.150%29.aspx -
How to use OraSession for a high-traffic IIS/ASP site
Guys,
I am running into scalability issues with our production web server. The ASP requests queued keeps growing to crash the IIS eventually atleast once a day. We don't have any custom COM components and we believe database is not the bottleneck.
We are using one OraSession object in the Application scope as follows:
<OBJECT RUNAT="Server" SCOPE="Application" ID="OraSession" PROGID="OracleInProcServer.XOraSession"></OBJECT>
Sub Application_OnStart
OraSession.CreateDatabasePool 1, 120, 600, "TEST", "scott/tiger", 0
End Sub
We are calling OraSession.GetDatabaseFromPool(9000) whenever we need a database connection. I believe this object since it runs on single thread is unable to handle too much load.
What's the best way of using OraSession/OraServer/OraDatabase objects for a high-traffic web site? The documentation doesn't have enough information. One interesting statement was that "Calling openDatabase method and attaching multiple user sessions(OraDatabase) after an OraServer object is created is useful with IIS like n-tier distributed environments" What does this mean?
I appreciate any help.
Thanks
KrishnaHi iLac,
I'm not sure what you meant by reverse engineering the browser's interactions with the site, but anything you can do within a browser you can feasibly do through scripts without resorting to a GUI. I'll mention a few tools that will help you out and briefly describe how you can use them to achieve what you want, although a bit more of a specific question may help. Anywhoo...
First up I'd recommend Firebug for Firefox. A great tool that will let you visually inspect different elements of a rendered page in your browser to see the source code underneath. It also allows you to edit the page so you can test form input. (For example changing a Post to Get request to see the syntax.
Next is "Live HTML Headers" which is also an addon for Firefox. Setting it to record and then clicking on a link will log all interaction between your browser and the website (eg. cookies, browser/system info, redirects etc.). You can really see what is going on behind the scenes.
Finally you are going to want to use cURL which is a command line tool in the Terminal. Here is a like to a tutorial which will cover what you need [[http://curl.haxx.se/docs/httpscripting.html]] Basically cURL can interact with websites and download the source code for you (you will have to spoof cookies, and all other session info which could be a little difficult depending on the site, if you have to log in etc.).
And that is about it. Using those three resources you can get anything off the web you can get with a browser. You just need to write an applescript to run the right cURL commands and extract the info from the HTML.
If you have any other questions or need clarification or more help feel free to ask. Perhaps with a bit more detail on what exactly you are trying to achieve. My experience comes from auto updating homemade sports pools.
Good Luck. -
Cisco ASA 5505 Cannot ping local traffic and local hosts cannot get out
I have, what I believe to be, a simple issue - I must be missing something.
Site to Site VPN with Cisco ASA's. VPN is up, and remote hosts can ping the inside int of ASA (10.51.253.209).
There is a PC (10.51.253.210) plugged into e0/1.
I know the PC is configured correctly with Windows firewall tuned off.
The PC cannot get to the ouside world, and the ASA cannot ping 10.51.253.210.
I have seen this before, and I deleted VLAN 1, recreated it, and I could ping the local host without issue.
Basically, the VPN is up and running but PC 10.51.253.210 cannot get out.
Any ideas? Sanitized Config is below. Thanks !
ASA Version 7.2(4)
hostname *****
domain-name *****
enable password N7FecZuSHJlVZC2P encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif Inside
security-level 100
ip address 10.51.253.209 255.255.255.248
interface Vlan2
nameif Outside
security-level 0
ip address ***** 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
ftp mode passive
dns server-group DefaultDNS
domain-name *****
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 10.1.7.0 255.255.255.0
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.1.10.250
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.200
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.9
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.14
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.15
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.16
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 10.1.9.0 255.255.255.0
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 10.10.9.0 255.255.255.0
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 ***** 255.255.255.240
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 10.1.7.0 255.255.255.0
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.1.10.250
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.200
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.9
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.14
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.15
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.16
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 10.1.9.0 255.255.255.0
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 10.10.9.0 255.255.255.0
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 ***** 255.255.255.240
pager lines 24
mtu Outside 1500
mtu Inside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
no asdm history enable
arp timeout 14400
global (Outside) 1 interface
nat (Inside) 0 access-list No_NAT
route Outside 0.0.0.0 0.0.0.0 ***** 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication enable console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
http server enable
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set DPS_Set esp-3des esp-md5-hmac
crypto map DPS_Map 10 match address Outside_VPN
crypto map DPS_Map 10 set peer *****
crypto map DPS_Map 10 set transform-set *****
crypto map DPS_Map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 28800
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Outside
ssh timeout 60
console timeout 0
management-access Inside
username test password P4ttSyrm33SV8TYp encrypted
tunnel-group ***** type ipsec-l2l
tunnel-group ***** ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
Cryptochecksum:8d0adca63eab6c6c738cc4ab432f609d
: end
1500Hi Martin,
Which way you are trying. Sending traffic via site to site is not working or traffic which you generate to outside world is not working?
But you say ASA connected interface to PC itself is not pinging that is strange. But try setting up the specific rules for the outgoing connection and check. Instead of not having any ACL.
If it is outside world the you may need to check on the NAT rules which is not correct.
If it is site to site then you may need to check few other things.
Please do rate for the helpful posts.
By
Karthik -
ASA 5505 Site-to-Site VPN to remote dmz access
I don't have a ton of experience with ASA firewalls, but I've searched everywhere and I can't seem to find a solution to this.
I have 2 sites connected by a Site-to-Site VPN with ASAs (5540 on Site 1, 5505 on Site 2). I'm using ASDM.
Lets call:
Site 1 LAN: 192.168.1.0
Site 2 LAN: 192.168.2.0
Site 2 DMZ: 172.16.2.0
Traffic from Site 1 to Site 2 is perfect moving across the LANs. My workstation (192.168.1.10) can ping anything in site 2s LAN (192.168.2.0/24).
Recently, I added a UniFi WAP device to Site 2 DMZ. Since I want to be able to manage this DMZ WAP from the LAN with a management server, I created a network object in Site 2s ASA. I called this object DMZ_WAP. IP address 172.16.2.2. I checked the box for "Add Automatic Address Translation Rules" and configured Type to "Static" and Translated Addr to "192.168.2.8." Source interface DMZ to Any destination interface. This of course created 2 "Network Object" NAT rules.
I then created a DMZ incoming rule that says Source: DMZ_WAP, Destination: net_site1_lan (this object was of course created for the site to site vpn), allow all IP traffic. I created an Outside incoming rule that says net_site1_lan can access DMZ_WAP.
Awesome, I can now ping 192.168.2.8 from anywhere within Site 2. The problem is... I can't ping 192.168.2.8 from my workstation in site 1 (192.168.1.10). If I run Packet Tracer (interface dmz, packet type TCP, source 172.16.2.2 port "echo", destination 192.168.1.10 port "echo") everything turns up green checkmark, the packet is allowed. So why do I have no contact?
I apologize, as I realize ASDM isnt what most of you probably use. But anyone have any ideas? Been researching this for about 4 hours now, perhaps I'm barking up the wrong tree.
Thanks,
GarrickHere's my sanitized config. Any help would be greatly appreciated. Again, the point is simply to make the object SITE2_DMZ_WAP that is off of the "dmz" interface talk with SITE1 over the site to site VPN. I can't let any other traffic through except this one IP. I currently have it NATd.
ASA Version 8.4(1)
no names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.21.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address -OMITTED- 255.255.255.248
interface Vlan3
no forward interface Vlan1
nameif dmz
security-level 50
ip address 172.16.21.1 255.255.255.0
interface Ethernet0/0
description Outside WAN1 port
switchport access vlan 2
interface Ethernet0/1
description Inside LAN port
interface Ethernet0/2
description Inside LAN port
interface Ethernet0/3
description Outside DMZ port
switchport access vlan 3
interface Ethernet0/4
description Outside DMZ port
switchport access vlan 3
interface Ethernet0/5
description Outside DMZ port
switchport access vlan 3
interface Ethernet0/6
description Outside DMZ port
switchport access vlan 3
interface Ethernet0/7
description Outside DMZ port
switchport access vlan 3
boot system disk0:/asa841-k8.bin
ftp mode passive
clock timezone
clock summer-time PDT recurring
dns server-group DefaultDNS
domain-name -OMITTED-
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network net_SITE1_lan
subnet 192.168.1.0 255.255.255.0
object network net_SITE2_lan
subnet 192.168.21.0 255.255.255.0
object network net_SITE1_dmz
subnet 172.16.1.0 255.255.255.0
object network net_SITE2_dmz
subnet 172.16.21.0 255.255.255.0
object network SITE2_DMZ_WAP
host 172.16.21.2
object network 192.168.21.8
host 192.168.21.8
description FOR SITE2 WAP
access-list inside_access_in extended permit ip object net_SITE2_lan any
access-list inside_access_in extended deny tcp any any eq smtp
access-list outside_cryptomap extended permit ip object net_SITE2_lan object net_SITE1_lan
pager lines 24
logging enable
logging buffer-size 16384
logging buffered notifications
logging asdm notifications
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
flow-export destination inside 192.168.1.35 2055
flow-export template timeout-rate 1
flow-export delay flow-create 15
mtu inside 1500
mtu outside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-643.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static net_SITE2_lan net_SITE2_lan destination static net_SITE1_lan net_SITE1_lan
object network obj_any
nat (inside,outside) dynamic interface
object network SITE2_DMZ_WAP
nat (dmz,any) static 192.168.21.8
nat (inside,outside) after-auto source dynamic any interface
nat (dmz,outside) after-auto source dynamic any interface
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 162.227.34.22 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication telnet console LOCAL
aaa authentication serial console LOCAL
aaa authorization exec LOCAL
http server enable
http server idle-timeout 60
http 192.168.0.0 255.255.0.0 inside
http 0.0.0.0 0.0.0.0 outside
snmp-server host inside 192.168.1.35 community ***** version 2c
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto map CMAP_OUTSIDE 1 match address outside_cryptomap
crypto map CMAP_OUTSIDE 1 set peer -PEER OMITTED-
crypto map CMAP_OUTSIDE 1 set ikev1 transform-set ESP-AES-128-SHA
crypto map CMAP_OUTSIDE 1 set reverse-route
crypto map CMAP_OUTSIDE interface outside
crypto ikev1 enable outside
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.0.0 255.255.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 60
ssh version 2
console timeout 60
management-access inside
dhcpd dns 8.8.8.8 8.8.4.4
dhcpd dns 192.168.2.2 192.168.1.6 interface inside
dhcpd lease 34000 interface inside
dhcpd domain -DOMAIN OMITTED- interface inside
dhcpd update dns both interface inside
dhcpd address 172.16.21.100-172.16.21.200 dmz
dhcpd dns 8.8.8.8 8.8.4.4 interface dmz
dhcpd lease 34000 interface dmz
dhcpd enable dmz
priority-queue outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server -NTP SERVERS OMITTED-
ntp server -NTP SERVERS OMITTED-
webvpn
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1
username -OMITTED- password -OMITTED- encrypted privilege 15
tunnel-group -IP OMITTED- type ipsec-l2l
tunnel-group -IP OMITTED- general-attributes
default-group-policy GroupPolicy1
tunnel-group -IP OMITTED- ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 10 retry 5
class-map netflow-export-class
match any
class-map inspection_default
match default-inspection-traffic
class-map QoS_RDP
match access-list QoS_RDP_Server_Branch
class-map QoS_EA
match port tcp eq 2000
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns
inspect ftp
inspect http
inspect icmp
inspect icmp error
inspect ils
inspect ip-options
inspect ipsec-pass-thru
inspect pptp
inspect rsh
inspect rtsp
inspect sip
inspect snmp
inspect xdmcp
class netflow-export-class
flow-export event-type all destination 192.168.1.35
class QoS_RDP
priority
class QoS_EA
priority
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Logoff -
Load Balance guest Internet access via two different DMZ zones at two sites
Hi Sir,
My customer has the following unified wireless guest access requirement:
- There are 2 internet links and dmz zones at two different locations, Site A and Site B
- Data centre is at Site A
- WiSM is proposed to be installed at the Cat 6500 in Site A
- Lightweight AP are distributed across Site A, Site B and other branches
- Only one anchor WLC is proposed at Site A, DMZ zone to provide guest internet access
My customer would like to load balance the guest via the two internet link at Site A and Site B but with the same SSID across all locations. Can it be done since only one anchor at Site A? How about puttting another anchor WLC at Site B, DMZ zone? But how can i establish two EoIP tunnel to two different anchor WLC from a single WiSM?
Thanks for your help
DelonYou can... but you can't control where the traffic will flow. The wlc will determine which DMZ wlc it will use. The wlc will load balance, but traffic in site A might go to site B. I currently have deployed that senerio in multiple client installations....
-
Spikes on network during software distribution or site Migration eventhough throttling enabled
Hello,
Maybe I am missing something here, but why am I getting Large Network traffic during site migration from sccm 2007 to 2012 and software distribution to Dps even when I have enabled Bandwidth throttling for the site/dps. Networking is trying to throttle
back the bandwidth, but said it is dynamic. Anyway to make this port a specific port?
Thanks,
MarkAre you referring to the RPC traffic? If so, it uses the default dynamic RPC port range. That range can be shortened but that's an adjustment on operating system level and not in ConfigMgr.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
Can anyone help on this below configuration
Platinum (According to real time class)
Voice RTP
Gold (40% of remaining)
Voice signalling
Citrix
Video conferencing
Silver (20% of remaining)
Notes
Internet browsing
Bronze (10% of remaining)
SNMP
TFTP
Best effort
OtherEd,
That is right. QOS and bandwidth profile functionality is for outbound traffic and traffic over VPN, and using QOS you should be able to limit bandwidth for outbound traffic and traffic over Site-to-Site VPN.
Thanks,
Nitin -
Redundant link between two core sites with MPLS
Hi,
we have 50+ sites connected via MPLS. (see diagram)
Out core sites are SITE A (primary) & SITE B (secondary). These core sites are connected via a ptp link.
Both sites connect to the MPLS cloud via their own routers and all sites can reach SITE A & SITE B.
Now, if I pull the cable on SITE A's MPLS router, nothing can reach SITE A as expected.
Is it possible to get all of the MPLS sites to reach SITE A via SITE B's MPLS router and PtP link (and vice versa if SITE B's MPLS router went down)
Basically, redundancy if one of the MPLS routers went down at one of the core sites?Hi,
yes, it's clearer now.
So what I'd think about would be running OSPF between the MPLS router and L3 switch on each site.
You would redistribute BGP prefixes to OSPF then.
And also configure a default route on the L3 switch pointing to the other L3 switch over the ptp line.
Plus keep the static routes for the other core site prefixes pointing to the other L3 switch over the ptp line.
That way:
1) Under normal conditions the L3 switch in site A will use a static route over ptp line (better AD than OSFP) to reach site B and vice versa.
2) In a case of MPLS router A failure:
The outging traffic from Site A would be routed via the ptp line to the L3 switch in site B (due to the default route). The L3 switch in site B will know the routes to the remote MPLS sites (received via OSPF from MPLS router B).
The incoming traffic will be received on the MPLS router B (due to prefixes for site A advertised from B with worse BGP attributes - but no prefixes advertised to MPLS from A). The MPLS router in Site B will use its static routes to forward the traffic to the L3 switch in site B. And the L3 switch will use its static routes for site A prefixes to forward the traffic over the ptp line.
Analogic routing will be applied in a case of MPLS router failure in site B.
3) In a case of the ptp line going Down:
The static routes should disapper from the routing tables on both L3 switches.
But they should still get the routes to the other core site received from OSPF (redistributed from BGP).
4) So the only problematic case might be the ptp line failing but the L3 switch interface remaining Up.
You might need to get either some tracking (not sure if available on L3 switches) or dynamic routing involved to overcome this.
Either running OSPF between the L3 switches or even runnig EIGRP to route the site A and B prefixes only possibly?
But I'm not sure if this wouldn't bring too much complexity to the design?
Best regards,
Milan -
Trustsec Mac Encryption Between Sites
Hi,
See attached - might make question more clear
we have a layer 2 connection between sites using a local provider for the link. On the remote side is a 3750-X and on the Main Campus side is a 2960. The link is connected via a VLAN. The VLAN interface exists on the Main Campus 5548, core switch
From What I understand, Trustsec cannot be configured on a logical interface but, if we were to configure the logical interfaces as a physical interfaces could we encrypt traffic between the 5548 and the 3750-X?
Even though it would also have to traverse through the 2960 as well?
And traverse the Layer 2 WAN link?
Any other suggestions for accomplishing this?
Thank you, PatNo, it is not supported on the 2960 series. Also, if you want to encrypt traffic between sites, a better solution is to use IPsec tunnel, but you need a firewall or a router in each location.
It doesn't have to be anything expensive if you don't need a lot of bandwidth.
I use these and they work really well.
have a look:
http://www.amazon.com/Juniper-SSG-5-SB-Security-Services-Gateway/dp/B000IZDN88
HTH -
Multiple WAN site redundancy design review (dark fiber, p2p, DMVPN)
I'm re-designing a couple of wan sites. I'm using EIGRP over both some leased dark fiber and p2p provider connections. The attached (pdf) physical topology says it all, I'm thinking of using ip sla to track and inject routes over prefered connections, but really just looking for feed back if someone is interested in taking a look.
I've bought 2 2951's with es3g-16-p modules so I can build svi's and do hsrp between the paths, building redundancy between the 3 available paths back to our enterprise core (1Gbps, 40Mbps, 50Mbps).
multiple vlans at both sites...
e.g.: (wan site1 (vlan 10-15), want site2 (vlan 16-20))
Thoughts and thanks?hi there
not sure why you need to use DMVPN if it all internal same internal network unless you need to have all the traffic between sites to be encrypted
anyway in general i would say of use the direct link to reach the directly connected networks per site
example using site one 100M link to reach DC and WAN
and use site2 50M local link to reach WAN as primary path and use the site1-site2 fibre to reach DC as primary path for site2 this could archive a good load sharing and reduce the load on the link between site1 and site2
IP SLA in a topology like your for sure can very helpful to improve failover time and make the routing more topology aware
hope this helps -
Hub disconnects when I access certain sites
My infinity home hub has started outing (green flashing light) when I access certain websites with webstreaming content. What does that mean? What can I do about it?
Someone else reported that on a Hong Kong traffic cam site. The only soulution I could see was to replace the Homehub with something else.
If you found this post helpful, please click on the star on the left
If not, I'll try again -
OT - Viewing third party's website traffic info?
I suppose this is really OT.
Obviously if we have our own site we can monitor very
specific details of users, however does any way exist to see
general information (eg traffic volume / site hits, etc) on third
party sites which we have no control over or involvement with?
Thanks for your help
and best wishes over the festive seasonThis is a multi-part message in MIME format.
--------------080706000302070400070702
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Taxed Mind wrote:
> Thanks Kim, this looks like just the thing, as does
SpamTrap, when I eventually get ro?nd to looking at it more in
depth, I think I will have good use for it.
would attached work? Its called a rountuit.
Phillip M. Jones, CET |LIFE MEMBER: VPEA ETA-I, NESDA, ISCET,
Sterling
616 Liberty Street |Who's Who. PHONE:276-632-5045,
FAX:276-632-0868
Martinsville Va 24112 |[email protected], ICQ11269732, AIM
pjonescet
If it's "fixed", don't "break it"!
mailto:[email protected]
<
http://www.kimbanet.com/~pjones/default.htm>
<
http://www.kimbanet.com/~pjones/90th_Birthday/index.htm>
<
http://www.kimbanet.com/~pjones/Fulcher/default.html>
<
http://www.kimbanet.com/~pjones/Harris/default.htm>
<
http://www.kimbanet.com/~pjones/Jones/default.htm>
<
http://www.vpea.org>
--------------080706000302070400070702
Content-Type: image/gif;
name="Rountuit.gif"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
filename="Rountuit.gif"
R0lGODlhUABQAMQAAIVTAICAQM3NgAAAQMDAwP//////////////////////////////////
/////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ACH5BAEAAAQALAAAAABQAFAAAAX/4COOZGmeaKqubOuiQSzP82vfLq3vNe7fvKAw8Cumhsig
cflIOpVM4HPKi7aoWKj1lO3utiavmAYWjc9kK3oti7LfRCMcXpzPf3Y6Ln+38e0vf3k5gn0r
hYOHiIYwi4BHjowlkYlhlJJml48kmpsjnZI0AqOkpaYCMac8qqmmraewqGmZMrJJAwG2Mbg6
ugG8vri+QrxtnzPDQcI0xcjMqc/JPM1xtNBOyzPU1zLA0U/Ux87Yuc+95sHl5Gk7A+4Dwe/u
6t076fS7u+/x8jrW9ubG1TunjVs+UQGrNBFyT+BBhAXx/SI4EMqQhrUSZoyI0eBEIf8oPtxY
0eHHjhK3/7FjqDElQI4tUa4MglLmvZotZ66KmfMmz4gWWQIlOZLoyZ8ldQAICTGpS5FHh3pU
KWPpQppIi0qM6lRmVaYmt/ka224qVKoxrF7sKapUO29Sn/KwevWl061DiuGM+1WcXa2tsOnN
+nEH3bpngwAYRWyeUbE503LCynfG4reQ43oNcBgxM3lotYF2jPldadI0OnsGJUY1azaqV7+m
Elv27Ce1bd8eklv3bsWKfjvpDVa44SvGeRNKDnw589R+nkOXIp0znurEVUjPHlw4dxbGvyOf
DUB8INbmqV9Kv4dS+TKQCr2H333OfPrjYbPHj6b8fvyTTeHffwCmMOCBBxao4ASCKIQAADs=
--------------080706000302070400070702--
Maybe you are looking for
-
Trouble using a pattern match in the GO URL when the value starts with %
Hi guys, We are trying to use a Go URL as follows: [http://hostname.com:9704/analytics/saw.dll?Go&Path=/users/administrator/Test/TestReport&Action=Navigate&col1=TestReport.SUBJECT&op1=like&val1="%25D8D8%25"|http://hostname.com:9704/analytics/saw.dll?
-
Inactive Customer Report - need help!
I need to create a report to show inactive customers based on their invoice and order history. It needs to show a list of customers that: 1. havent got an invoice on thier account between a certain set of dates 2. have no open orderr We use queries a
-
What is the cheapest route for replacing an iphone?
Super glue dripped onto my iPhone running in around my home button. It works half the time, when it don't it just keeps bringing up Siri. I just got my phone bill lowered with the new rates so I really do not want to be making payments on a new phone
-
Get the path of the running java program
Hi, Is it possible to get the path of the main java class that I am running. For example if I am running myProgram.class can I get the path of that class from itself. Best regards, Chamal.
-
X-fi2 firmware will not install
my windows xp sp3 machine will not recognize my x-fi2 properly. when i try to install the firmware it tells me the unit is not connected, but it is and it shows up under my computer. It also will not open thru windows explorer and is only accessible