We are in the process of replacing our 3Com Access builder (dial-in) system with a Cisco PIX 515e.
Currently, we have a 350+ node IP based WAN with fixed IP addresses. It works well. But, our addressing scheme does not currently utilize IANA reserved addresses. We have numerous offices linked by dedicated line. We are running NT4.0 servers and also and have several distinct, domains with no trusted Domains. A future plan is to consolidate Domains prior to migrating to Windows2000.
We have no immediate plans to allow direct Internet access from our WAN, although it is certainly a future likelihood that we will modify our topology to permit direct workstation access. However, this is several years away.
Several questions come to mind and we have been getting different answers from different "experts."
Does it make sense to convert our internal IP addressing to one of the private address blocks; (i.e... 10.xxx.xxx.xxx) or go with NAT? What are the concerns and issues associated with each? Is security a problem or advantage when using NAT?
Are we required to go forward with changing our internal IP addressing our internal WAN with a private address scheme if we are to use the Cisco PIX firewall?
The problem I have is that some people be accessing the PIX via the Internet. Let's say the host dials in. He has a private IP address of 10.xxx.xxx.xxx and the server he is trying to access within our internal intranet has an address of 130.xxx.xxx.xxx. How will the host be able to find the server? The individual who is setting the system up claims that the Server and all of our interior LANs must utilize private addresses for the Internet based VPN hosts to locate the Servers and peripherals within the interior LAN. Thus, we need to redo the IP addresses throughout our entire operation. If this is not the case, I'll need to explain why and how we can get around the need to redo the addresses.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...