Firstly, we encountered a problem after we enter the static nat address, we cannot ping from Remote site to DMZ using the public ip address that we assigned. After much research and discussion with our supervisor, we managed to get the thing done after entering the following command !
global (outside) 1 interface
-The firewalls global outside address, used for outgoing nat communications
nat (DMZ) 1 0.0.0.0 0.0.0.0
- The number 1 is the local NAT ID (between 0 and 2 billion). - The 0 0 is the internal IP address and subnet mask to be translated 0 stands for all
access-list outside_in extended permit ip any host 200.10.10.77
-access list is to tell PIX that if outside network device want to use Public Address to ping. PIX will know the destination to route the ping.
static (DMZ,outside) 200.10.10.77 192.168.0.82 netmask 255.255.255.255
- Published address space, psudeo addresses of the servers, used to punch through the; fireall. Note however that this does no grant global access to these addresses, but; merely sets the connection between the ip addresses up.
Friday, January 16, 2009
OSPF - default-information originate
Yesterday, we encountered a problem that RR router cannot route to BR gateway which is the internet access. Then we tried alot of thing and eventually came up with the solution by Mr Wagio that we must key in the following command in order to work !
The OSPF router does not, by default, generate a default route into the
OSPF domain. In order for OSPF to generate a default route, you must use
the default-information originate command to enable default route
origination on this router. A default route will only be generated if a
default route has been manually configured.
It actually route the information from BR 200.10.10.65 to let BR know that RR network want to go out and use the internet access. In order to do so, they have to route through BR.
The OSPF router does not, by default, generate a default route into theOSPF domain. In order for OSPF to generate a default route, you must use
the default-information originate command to enable default route
origination on this router. A default route will only be generated if a
default route has been manually configured.
After entering the command, when u do a show ip route in RR. It will show the following result:
It actually route the information from BR 200.10.10.65 to let BR know that RR network want to go out and use the internet access. In order to do so, they have to route through BR.Problem with BR and RR routers
Yesterday morning, when i tried to ping from RR to BR but it cannot work. So i tried to troubleshoot and when i do a show ip route, the network addresss for the connection between RR and BR serial interface is not shown.
By right, for both BR and RR there must be a 200.10.10.64 network when show ip route. However, this thing is AUTOMATICALLY solved when i came back from lunch.
Thursday, January 15, 2009
Cisco PIX, syslog configuration
Commands
logging on
logging standby
logging timestamp
logging trap notifications
logging facility 19
logging host inside 192.168.0.82
logging standby
logging timestamp
logging trap notifications
logging facility 19
logging host inside 192.168.0.82
Cisco Local Director
Tuesday, January 13, 2009
Re: Configuring Syslog-ng
Great that you have configured the syslog client in the router side.
For syslog-ng server, you need to follow this instruction to get the syslog-ng server ready to receive the logs from the routers/switches.
The configuration file for syslog-ng is /etc/syslog-ng.conf
Uncomment the following line :
source net { udp(); };
Uncomment the following line :
log { source(src); source(net); filter(f_messages); destination(messages); };
To start syslog-ng issue the command /etc/init.d/sysklogd restart :
# /etc/init.d/sysklogd restart
Refer to this URL for the detail.
Simplest way to configure it is here
For syslog-ng server, you need to follow this instruction to get the syslog-ng server ready to receive the logs from the routers/switches.
The configuration file for syslog-ng is /etc/syslog-ng.conf
Uncomment the following line :
source net { udp(); };
Uncomment the following line :
log { source(src); source(net); filter(f_messages); destination(messages); };
To start syslog-ng issue the command /etc/init.d/sysklogd restart :
# /etc/init.d/sysklogd restart
Refer to this URL for the detail.
Simplest way to configure it is here
Configuring Syslog
We have tried to configure Syslog on the switch to test out Syslog-ng however we encountered the following error when we keyed in the command
Configuring the router to send buffered logging of its events to the memory.
(However Rebooting the router will lose all events stored in the buffered log.)
The command is as follow
Router(config)# logging buffered 16384
Configuring the router to send buffered logging of its events to the memory.
(However Rebooting the router will lose all events stored in the buffered log.)
The command is as follow
Router(config)# logging buffered 16384
We point the logging address to the debian static IP however, it doesnt seem to be able to work.
Subscribe to:
Posts (Atom)