List Info

Thread: UDP packet drop what shoud i do?
UDP packet drop what shoud i do?
user name
 2007-01-24 02:04:26 

  


  

    




  



    

            
UDP packets filter out through service provider how

would i enable the udp packets. i am sending udp

packets on my remote office but the packet doesnt go

to my remote office as i mentioned in the first line

but if i create VPN then it goes but i dont want to do

that i just send my UDP packets through my leased line

and that packet thorugh internet service provider what

i do ?please tell me 

--- sandy herbs < sandyhrbs%40yahoo.com">sandyhrbsyahoo.com> wrote:



> Do I have to use a crossover cable - I thought like

>; devices use crossovers?  Should I have them set on

> auto of full duplex?

> 

> thanks!

> sandy

&gt; 

> "Andrew Isdale (ZA)" < Andrew.Isdale%40za.didata.com">Andrew.Isdaleza.didata.com>

> wrote:                                          

>   At a glance your NAT statements look ok – If the

> 2811 is saying “line protocol down” I would presume

> it’s a cable problem or duplex mismatch. If you have

>; checked the duplex make sure you are using a

> crossover cable.

&gt;    

>    

>       

> ---------------------------------

>   

>   From:  PIX_Firewall%40yahoogroups.com">PIX_Firewallyahoogroups.com

> [mailto: PIX_Firewall%40yahoogroups.com">PIX_Firewallyahoogroups.com] On Behalf Of

> sandy herbs

&gt;  Sent: Wednesday, January 17, 2007 8:01 PM

>  To:  PIX_Firewall%40yahoogroups.com">PIX_Firewallyahoogroups.com

>  Subject: RE: [PIX_Firewall] cisco 2811 to 506e NOT

> WORKING

>   

>    

>         do I need the NAT statement on the inside

&gt; interface?

>  

>  thank you,

>;  sandy

&gt;  

>  "Andrew Isdale (ZA)" < Andrew.Isdale%40za.didata.com">Andrew.Isdaleza.didata.com>

> wrote:

&gt;           Sounds to me like it could be a duplex

&gt; mismatch. 

>   

>      

>   

>     Try “interface ethernet0 100full” on the PIX

>   

>      

>   

>     Safe.

&gt;   

>      

>   

>      

>   

>       

> ---------------------------------

>   

>     From:  PIX_Firewall%40yahoogroups.com">PIX_Firewallyahoogroups.com

> [mailto: PIX_Firewall%40yahoogroups.com">PIX_Firewallyahoogroups.com] On Behalf Of

> sandyhrbs

>  Sent: Friday, January 12, 2007 11:47 PM

>  To:  PIX_Firewall%40yahoogroups.com">PIX_Firewallyahoogroups.com

>  Subject: [PIX_Firewall] cisco 2811 to 506e NOT

> WORKING

>   

>   

>      

>   

>           I am upgrading an IVAD (data & phone)

&gt; connection to a pure T-1 

>  connection introducing a Cisco 2811 Router. I am

> reusing my 506e

>;  Cisco firewall. When turning up the circuit, my

> router worked fine

>;  and my ISP could see the serial interface, but

> could not see my pix

>  "line protocol down". If I plugged my laptop

&gt; directly to the router

&gt;  bypassing the pix...there was no probs. I did not

> make any changes on

>  my pix. Is the 506e compatible w/a 2811 router? Do

> I need to make a

>  change on my pix config? What else could be the

> problem? I have

>;  included a copy of my config on the pix below.

&gt; THANKS!!!

>  

>  PIX Version 6.3(3)

&gt;  interface ethernet0 auto

>;  interface ethernet1 100full

>  nameif ethernet0 outside security0

>  nameif ethernet1 inside security100

>  enable password JAogGoP.yZT107Kz encrypted

>  passwd kQ89ZvMlcgQ.0l/4 encrypted

>  hostname pixfirewall

>  domain-name m3-group.com

>  fixup protocol dns maximum-length 512

>  fixup protocol ftp 21

>  fixup protocol h323 h225 1720

>;  fixup protocol h323 ras 1718-1719

>  fixup protocol http 80

>  fixup protocol rsh 514

>  fixup protocol rtsp 554

>  fixup protocol sip 5060

>;  fixup protocol sip udp 5060

>;  fixup protocol skinny 2000

>;  no fixup protocol smtp 25

>  fixup protocol sqlnet 1521

>;  fixup protocol tftp 69

>  names

&gt;  name 192.168.100.50 kitchen

>  access-list inside_outbound_nat0_acl permit ip

> 10.0.0.0 255.0.0.0

>  192.168.100.0

>  255.255.255.224

&gt;  access-list outside_cryptomap_dyn_20 permit ip

> 10.0.0.0 255.0.0.0

>  192.168.100.0

>  255.255.255.224

&gt;  access-list inbound permit tcp any host 10.0.0.1 eq

> ssh

>  access-list acl_inside permit tcp any any

>  access-list acl_inside permit udp any any

>  access-list acl_inside permit icmp any any

>  access-list 101 permit tcp any host 66.243.86.214

> eq smtp

>;  access-list 101 permit tcp any host 66.243.86.215

> eq www

>  access-list 101 permit tcp any host 66.243.86.214

> eq www

>  access-list 101 permit tcp any host 66.243.86.215

> eq ftp

>  access-list 101 permit tcp any host 66.243.86.210

> eq www

>  access-list 101 permit tcp any host 66.243.86.216

> eq ftp

>  access-list 101 permit tcp any host 66.243.86.212

> eq www

>  access-list 101 permit tcp any host 66.243.86.218

> eq www

>  access-list 101 permit tcp any host 66.243.86.217

> eq www

>  pager lines 24

>  logging console debugging

>  icmp permit 10.0.0.0 255.0.0.0 echo-reply outside

>  mtu outside 1500

>;  mtu inside 1500

>;  ip address outside 66.243.86.213 255.255.255.240

&gt;  ip address inside 10.0.0.1 255.0.0.0

>  ip audit info action alarm

&gt;  ip audit attack action alarm

&gt;  ip local pool m3vpnpool

> 192.168.100.10-192.168.100.30

>  pdm location 10.0.0.8 255.255.255.255 inside

&gt;  pdm location 10.0.0.7 255.255.255.255 inside

&gt;  pdm history enable

&gt;  arp timeout 14400

&gt;  global (outside) 1 interface

>  nat (inside) 0 access-list inside_outbound_nat0_acl

>  nat (inside) 1 0.0.0.0 0.0.0.0 0 0

>  static (inside,outside) 66.243.86.215 10.0.0.19

> netmask

>  255.255.255.255 0 0

>  static (inside,outside) 66.243.86.214 10.0.0.25

> netmask

>  255.255.255.255 0 0

>  static (inside,outside) 66.243.86.216 10.0.0.7


> netmask 255.255.255.255 0 0

>  static (inside,outside) 66.243.86.210 10.0.0.5


> netmask 255.255.255.255 0 0

>  static (inside,outside) 66.243.86.212 10.0.0.9


> netmask 255.255.255.255 0 0

>  static (inside,outside) 66.243.86.218 10.0.0.11

> netmask

>  255.255.255.255 0 0

>  static (inside,outside) 66.243.86.217 10.0.0.10

> netmask

>  255.255.255.255 0 0

>  static (inside,outside) 66.243.86.211 kitchen

> netmask 255.255.255.255 0 0

>  access-group 101 in interface outside

>  access-group acl_inside in interface inside

&gt;  route outside 0.0.0.0 0.0.0.0 66.243.86.209 2

>  timeout xlate 3:00:00

>  timeout conn 1:00:00 half-closed 0:10:00 udp

> 0:02:00 rpc 0:10:00 h225

>;  1:00:00

>  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00

> sip_media 0:02:00

>  timeout uauth 0:05:00 absolute


>  aaa-server TACACS+ protocol tacacs+

>  aaa-server RADIUS protocol radius

&gt;  aaa-server LOCAL protocol local

&gt;  aaa-server m3aaa protocol radius

&gt;  aaa-server m3aaa (inside) host 10.0.0.7 12626123


> timeout 5

>  http server enable

&gt;  http 10.0.0.8 255.255.255.255 inside

&gt;  no snmp-server location


>  no snmp-server contact

>  snmp-server community public

&gt;  no snmp-server enable traps

&gt;  floodguard enable

&gt;  sysopt connection permit-ipsec

> 

=== message truncated ===



__________________________________________________________

Want to start your own business?

Learn how on Yahoo! Small Business.

http://smallbusiness.yahoo.com/r-index




    
  

    
    __._,_.___
    
     
    
    
  
.


  

__,_._,___



  

  
  
   
     
    






 [1]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )