got a "firewall" for the club, anyone know CISCO 2600? |
|
Porsche, and the Porsche crest are registered trademarks of Dr. Ing. h.c. F. Porsche AG.
This site is not affiliated with Porsche in any way. Its only purpose is to provide an online forum for car enthusiasts. All other trademarks are property of their respective owners. |
|
got a "firewall" for the club, anyone know CISCO 2600? |
SirAndy |
Apr 19 2006, 04:01 PM
Post
#1
|
Resident German Group: Admin Posts: 41,640 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
i got a CISCO 2600 Router/Firewall/VPN/etc. for *FREE* ...
anyone here know how to set up this thing? i'm sure i could figure it out myself, but if we have someone here who has worked with that box before, that would save me a whole bunch of headaches ... (IMG:style_emoticons/default/beerchug.gif) Andy CISCO 2600 Documentation |
r_towle |
Apr 19 2006, 04:03 PM
Post
#2
|
Custom Member Group: Members Posts: 24,574 Joined: 9-January 03 From: Taxachusetts Member No.: 124 Region Association: North East States |
i got a CISCO 2600 Router/Firewall/VPN/etc. for *FREE* ... anyone here know how to set up this thing? i'm sure i could figure it out myself, but if we have someone here who has worked with that box before, that would save me a whole bunch of headaches ... (IMG:style_emoticons/default/beerchug.gif) Andy CISCO 2600 Documentation dude, I Pm'd you the guys name... Rich |
Brad Roberts |
Apr 19 2006, 04:08 PM
Post
#3
|
914 Freak! Group: Members Posts: 19,148 Joined: 23-December 02 Member No.: 8 Region Association: None |
Last time I checked.. the 2600 was a ROUTER not a firewall. You can build a access control list.. but I dont think that will help.
B << Cisco certified back in the day.. havent logged into one for over 3 years at this point. Andy, I was sent a PM with a software solution. Let me get it to you for review. Come to think of it.... I used 2600's for years. They worked good for point to point T1's and for business' with 2-3 thousand users hitting IIS websites. We always combined it with a Cisco PIX firewall. B |
SirAndy |
Apr 19 2006, 04:12 PM
Post
#4
|
Resident German Group: Admin Posts: 41,640 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
i know it's a router, but the docs say it has VPN and Firewall build in ...
is that not true? (IMG:style_emoticons/default/confused24.gif) Andy |
914werke |
Apr 19 2006, 04:14 PM
Post
#5
|
"I got blisters on me fingers" Group: Members Posts: 10,066 Joined: 22-March 03 From: USofA Member No.: 453 Region Association: Pacific Northwest |
Last time I checked.. the 2600 was a ROUTER not a firewall. You can build a access control list.. but I dont think that will help. B << Cisco certified back in the day.. havent logged into one for over 3 years at this point. Andy, I was sent a PM with a software solution. Let me get it to you for review. Come to think of it.... I used 2600's for years. They worked good for point to point T1's and for business' with 2-3 thousand users hitting IIS websites. We always combined it with a Cisco PIX firewall. B Brad you beat me to the punch. Ive got a gross of the things I need to off due to upgrades necessary for VOIP telephony. (IMG:style_emoticons/default/chair.gif) |
lapuwali |
Apr 19 2006, 04:15 PM
Post
#6
|
Not another one! Group: Benefactors Posts: 4,526 Joined: 1-March 04 From: San Mateo, CA Member No.: 1,743 |
Any router is just a computer with dedicated hardware to help with networking. A firewall is just software. New software + old router = firewall/vpn/router. The 2600 series is pretty venerable, but I doubt our bandwidth usage is enough to justify anything more.
No, I have no idea how to set up the firewall stuff... |
SirAndy |
Apr 19 2006, 04:17 PM
Post
#7
|
Resident German Group: Admin Posts: 41,640 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
The 2600 series is pretty venerable i guess that's why it was free ... (IMG:style_emoticons/default/cool_shades.gif) Andy |
Brad Roberts |
Apr 19 2006, 04:23 PM
Post
#8
|
914 Freak! Group: Members Posts: 19,148 Joined: 23-December 02 Member No.: 8 Region Association: None |
They work VERY well!! Thanks to whomever "gave it to us"
Andy, Cisco sells "Feature packs" that unlock different configs in the router. They ship it locked down with only what you pay for..then send you different "keys" to unlock the different features without selling you a whole new solution. Hang on..I'll call B |
Brad Roberts |
Apr 19 2006, 04:34 PM
Post
#9
|
914 Freak! Group: Members Posts: 19,148 Joined: 23-December 02 Member No.: 8 Region Association: None |
OK. I have two "high end" feature packs that I never pulled the plastic off of until now. I'm reading through them to see exactly what options they were purchased with.
Andy, I cant find the PM that had a awesome suggestion for a software based firewall. It was a AZ guy out of the Flagstaff area.. I ALWAYS forget his name.. he has a son into the 914's also "Mike" B |
NoEcm |
Apr 19 2006, 04:38 PM
Post
#10
|
Member Group: Members Posts: 95 Joined: 20-June 05 From: Seattle, WA Member No.: 4,309 |
These are all the feature sets available for the 2600 series routers:
ENTERPRISE BASIC ENTERPRISE PLUS ENTERPRISE PLUS IPSEC 3DES ENTERPRISE PLUS IPSEC 56 ENTERPRISE PLUS/H323 MCM ENTERPRISE/FW/IDS PLUS IPSEC 3DES ENTERPRISE/FW/IDS PLUS IPSEC 56 ENTERPRISE/SNASW PLUS ENTERPRISE/SNASW PLUS IPSEC 3DES ENTERPRISE/SNASW PLUS IPSEC 56 IP IP PLUS IP PLUS BASIC W/O HD ANALOG/AIM ATM/VOICE IP PLUS BASIC W/O SWITCHING IP PLUS IPSEC 3DES IP PLUS IPSEC 56 IP/FW/IDS IP/FW/IDS PLUS IPSEC 3DES IP/FW/IDS PLUS IPSEC 3DES BASIC IP/FW/IDS PLUS IPSEC 56 IP/H323 IP/H323 PLUS BASIC IP/IPX/APPLETALK IP/IPX/AT/DEC IP/IPX/AT/DEC PLUS IP/IPX/AT/DEC/FW/IDS PLUS IP/IPX/AT/FW/IDS PLUS BASIC REMOTE ACCESS SERVER TELCO FEATURE SET The minimum feature set that you'll be looking for is IP/FW/IDS |
SirAndy |
Apr 19 2006, 04:43 PM
Post
#11
|
Resident German Group: Admin Posts: 41,640 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
alright, it's got 2 x "T1 DSU/CSU" ports, 2 x "10/100 Ethernet Ports", 1 x "Console Port", 1 x "AUX Port" ...
version number is "2621" ... any easy way to find out what features it has loaded ??? (IMG:style_emoticons/default/wink.gif) Andy |
fiid |
Apr 19 2006, 04:44 PM
Post
#12
|
Turbo Megasquirted Subaru Member Group: Members Posts: 2,827 Joined: 7-April 03 From: San Francisco, CA Member No.: 530 Region Association: Northern California |
Aight: This is a braindump. Using a 2600 as a firewall might do it. There are some features like reflexive acls and layer 7 filtering stuff that can provide a lot of protection. It might also be advisable to download a vulnerability scanning tool like nessus and make sure it doesn't dig anything up. (it will - you need to patch and fix until it doesn't) I have a much better idea how to lock down a linux machine than windows - personally I'd probably put a linux proxying filter in front of a windows machine rather than exposing windows directly to the net. I'd also add a hardware device probably. On my home network I use a Fortinet device which not only does firewalling but also incorporates intrusion detection and prevention, and vpn. We have some corporate contacts at fortinet, so I'm asking around to see if I can scavange up a box for the site. I'll let you know if I come up with anything. Main thing is to make sure all unnecesary services are not accessible to the net. I just scanned the server and there is way too much open... I'm not going to talk anymore here because I'm just giving information away to the bad guys as well as the admins. |
fiid |
Apr 19 2006, 04:48 PM
Post
#13
|
Turbo Megasquirted Subaru Member Group: Members Posts: 2,827 Joined: 7-April 03 From: San Francisco, CA Member No.: 530 Region Association: Northern California |
Hook the 2600 up to a serial port (via the console line) and use hyperterminal to talk to it (9600/8/n/1)
then do show version. you could hook it up to the network and telnet into it and get the same results. You can bring it over here if you like (maybe wait til 5) and we could look at it. |
Brad Roberts |
Apr 19 2006, 04:49 PM
Post
#14
|
914 Freak! Group: Members Posts: 19,148 Joined: 23-December 02 Member No.: 8 Region Association: None |
QUOTE alright, it's got 2 x "T1 DSU/CSU" ports, 2 x "10/100 Ethernet Ports", 1 x "Console Port", 1 x "AUX Port" ... version number is "2621" ... any easy way to find out what features it has loaded ??? Do the ports have the "cards" in them, or does it have blank covers over the 4 available "slots"? I know the console port and the Aux port *should* be RS232 B |
SirAndy |
Apr 19 2006, 04:49 PM
Post
#15
|
Resident German Group: Admin Posts: 41,640 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
You can bring it over here if you like (maybe wait til 5) and we could look at it. that sounds like a plan. 5ish would work. PM me your address and cell# ... i'll buy the pizza! (IMG:style_emoticons/default/chowtime.gif) Andy |
Brad Roberts |
Apr 19 2006, 04:50 PM
Post
#16
|
914 Freak! Group: Members Posts: 19,148 Joined: 23-December 02 Member No.: 8 Region Association: None |
Run it over to Fiid (IMG:style_emoticons/default/biggrin.gif)
He probably has the correct cable you need also. B |
SirAndy |
Apr 19 2006, 04:50 PM
Post
#17
|
Resident German Group: Admin Posts: 41,640 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
Do the ports have the "cards" in them, or does it have blank covers over the 4 available "slots"? I know the console port and the Aux port *should* be RS232 two blank, two filled with said cards ... (IMG:style_emoticons/default/smile.gif) Andy |
Brad Roberts |
Apr 19 2006, 04:53 PM
Post
#18
|
914 Freak! Group: Members Posts: 19,148 Joined: 23-December 02 Member No.: 8 Region Association: None |
I cant tell from your post what it has in it.
Typically they would have one T-1 card and one Ethernet card. The cards are probably cheap right now, but they were not at one point in time. Just curious. B |
SirAndy |
Apr 19 2006, 04:56 PM
Post
#19
|
Resident German Group: Admin Posts: 41,640 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
|
r_towle |
Apr 19 2006, 04:59 PM
Post
#20
|
Custom Member Group: Members Posts: 24,574 Joined: 9-January 03 From: Taxachusetts Member No.: 124 Region Association: North East States |
that will make it easier to isolate traffic. two ehternet ports...
Two t1 ports is for redundancy. |
Lo-Fi Version | Time is now: 17th May 2024 - 04:12 PM |
All rights reserved 914World.com © since 2002 |
914World.com is the fastest growing online 914 community! We have it all, classifieds, events, forums, vendors, parts, autocross, racing, technical articles, events calendar, newsletter, restoration, gallery, archives, history and more for your Porsche 914 ... |