Re: [nsp] Requesting comments on 7401 pricing
From: Robert E. Seastrom (rs@seastrom.com)
Date: Tue Jul 10 2001 - 12:51:22 EDT
George Robbins <grr@shandakor.tharsis.com> writes:
> Still waiting to see a new generation PA-card based w/distributed
> processing (ala VIP) series materialize.
... so you can have dCEF consistency problems on the 7200 series as
well as on the 7500? ;-)
---rob
From hank@att.net.il�õÅ;d
Received: from someone claiming to be
biff.att.net.il (biff.att.net.il [192.115.72.164])
by puck.n�õÅ;r.
for <cisco-nsp@puck.nether.net>; Wed, 11 Jul 2001 00:34:58 -0400
(envelope�õÅ;m
Received-Date: Wed, 11 Jul 2001 00:34:58 -0400
Received: from docking.att.net.il (hank.tl
by biff.att.net.il (Postfix) with ESMTP
id E9C4110C3; Wed, 11 Jul 200
Message-Id: <4.3.2.7.�õÅ;01
X-Sender: hank@max.att.net.il
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: We�õÅ;1
To: Simon Leinen <simon@limmat.switch.ch>, Xavier Mertens <xavier@bru-noc.net>
From: Hank NussbachÑëÅ;ha
Cc: <cisco-nsp@puck.nether.net>
In-Reply-To: <�õÅ;xh
References: <Pine.LNX.4.30.0107101026400.2723-100000@diabolo.powered-by.euronet.be>
<Pine.LNX.�õÅ;.0
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; fo�õÅ;=f
At 13:26 10/07/01 +0200, Simon Leinen wrote:
>Xavier,
>
> > I've some Netflow data collected and saved in binary fo�õÅ;.
> � looking for a small tool (command line) to extract info from these
> > data files. Any idea? (or at least to dump�õÅ; f
The one to look at would be:
http://ehnt.sourceforge.net/
-Hank
>have a look at Mark Fullmer's "OSU flowÑëÅ;ls
>
> http://www.switch.ch/tf-tan\15õÅ;om
>
>Hope this helps,
>--
>Simon.
From gert@greenie.mu�õÅ;
Received: from someone claiming to be
greenie.muc.de (root@greenie.muc.de [193.149.48.161])
by�õÅ;k.
for <cisco-nsp@puck.nether.net>; Wed, 11 Jul 2001 03:47:34 -0400
(en�õÅ;pe
Received-Date: Wed, 11 Jul 2001 03:47:34 -0400
Received: by greenie.muc.de
via sendmail with s�õÅ;
for cisco-nsp@puck.nether.net; Wed, 11 Jul 2001 09:48:05 +0200 (MEST)
(Smail-3.2 199�õÅ;l-
Message-ID: <20010711094804.A14679@greenie.muc.de>
Date: Wed, 11 Jul 2001 09:48:04 +0200
From: Gert Do�õÅ;g
To: Luan Nguyen <lmnguyen@UU.NET>, cisco-nsp@puck.nether.net
Subject: Re: [nsp] IPSEC tunneling and �õÅ;ic
REferences: <20010710130540.D20673@greenie.muc.de> <5.1.0.14.2.20010710174127.00a652d8@neserve0.corp.us.uu.net>
Mime�õÅ;si
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <5.1.0.14.2.20010710174127.00a652d8�õÅ;er
X-mgetty-docs: http://alpha.greenie.net/mge\15õÅ;
(I
the other readers will be interested to hear t�õÅ;it
On Tue, Jul 10, 2001 at 05:45:55PM -0400, Luan Nguyen wrote:
> Hey there buddy,
>
> Check this link�õÅ;.
> I tried. It works.
This is what Kevin Graham suggested, albeit in a �õÅ;wh
way (normal traffic is NOT policy-routed, only the no-nat special case
is).
It's an intersting trick in�õÅ; -
an interface that's neither "inside" nor "outside" (so no NAT), and
have them come b�õÅ;fr
is also OK...
I will try this and report back.... ok, setup as follows:
�õÅ;er
ip address 192.168.255.1 255.255.255.0
! note: no ip nat inside/outside here!
interface FastEthernet0/0
�õÅ;r
ip policy route-map policy-NONAT
ip nat inside
route-map policy-NONAT permit 10
match ip address 129
set i�õÅ;xt
access-list 129 permit ip host 192.168.0.10 10.0.0.0 0.255.255.255
access-list 129 permit �õÅ;os
so what happens is:
- the packets from 192.168.0.10/.11 to the other side of the �õÅ;C
Are bounced from Fa0/0 (ip nat inside) to Lo1 (no ip nat) -> no NAT
- because it's a loopback, they come back from�õÅ; (
now default-routed to Fa0/1 (ip nat outside) -> no NAT again
- VPN works.
I have to admit that I s�õÅ; d
router config for less experienced people difficult - most of my
colleagues have�õÅ;er
it's better than the alternatives.
thank you very much!
gert
--
US�õÅ; i //www.muc.de/~gert/
Gert�õÅ;rifax: +49-89-35655025 gert.doer
This archive was generated by hypermail 2b29
: Sun Aug 04 2002 - 04:12:44 EDT