Re: IPSec Manual and SPI question [7:57448]
I have red that page many times and search for manual keying also. . But that didn't answer my question. Anyway I got an answer from cisco group saying that Basically yes. Each line in your ACL actually builds a separate tunnel, with unique SPI's. If you use manual keys, you can only provide one set of SPI's, and therefore, the router/firewall can only build one tunnel, hence only one line in your ACL. With IKE, it dynamically creates unique SPI's per tunnel/ACL line, and therefore you're not limited. Best regards, Cisco Breaker Brunner Joseph wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think your confusing SPI with a CBAC technology. AN spi is a uni-directional IPSEC peer transform set hash (agreement on what your using with your IPSEC PEER). An SPI is made in each direction to each peer. The Access-list permits flag traffic (matched by the router) as permitted for IPSEC. The access-list being referenced in the Crypto map will make sure the permits get applied ipsec and sent to the peer. I think reading this simple page will clear any misconceptions or questions you may have about IPSEC/MANUAL (NO IKE). http://www.cisco.com/warp/public/707/manual.shtml And by the way, IKE is really a CONVENIENCE protocol, which was made popular by adding autonegotiation for IPSEC PHASE 1 and added some great security features like key management and secure key exchange (SKEME/OAKLEY). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57688t=57448 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passing Score ? [7:57687]
Hello, May I learn the current passing score of CIT and Swicthing exams ? Thanks, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57687t=57687 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Pix questions [7:57686]
1)I got traffic flowing from outside to dmz.I got a mail server sitting on the dmz. access-list acl_outside permit tcp any host mail eq smtp Do I need to the following?or just the access-list will do? static (dmz,outside) mail mail netmask 255.255.255.255 0 2)Can inside access DMZ without nat commands?.Meaning can pix act as a router? __ Outgrown your current e-mail service? Get 25MB Storage, POP3 Access, Advanced Spam protection with LYCOS MAIL PLUS. http://login.mail.lycos.com/brandPage.shtml?pageId=plusref=lmtplus Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57686t=57686 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problem Solved: Cisco 3005 VPN concentrator issues. [7:57495]
Hi all, Problem solved - It was an arp issue !! such a simple thing :) The customer had a rogue mac address on their layer 3 switch that was causing the intermittent connectivity. Thanks all for your help !! Elijah Savage III wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have 2 concentrators setup in load balancing function and we had the same issue but ours was not resolved by split tunneling. We had to flash both concentrators and this problem went away , there was a bug on bug track which cisco informed me off at the time I was working on this. Before enabling split tunneling I would I would flash my concentrators first if there is no need for split tunneling. -Original Message- From: John Brandis [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 3:50 PM To: [EMAIL PROTECTED] Subject: RE: Cisco 3005 VPN concentrator issues. [7:57495] I had the similar type of problem, remote users (broadband) would lose connectivity and get the remote peer not respondin, your ipsec session has been termintated error. The problem that I had, was with the broadband ISP, in this case Telstra. Telstra use a bpa hart beat packet, just so Telstra knows that the dsl customer is still there. Should telstra not get this packet, they drop the dsl connection, thus terminating your vpn session. Also, you may want to check your session time-out variable. I resolved my error by splitting the networks, as previously I had tunnel everything. john -Original Message- From: Umar Ahmed [mailto:[EMAIL PROTECTED]] Sent: Friday, 15 November 2002 8:00 PM To: [EMAIL PROTECTED] Subject: Cisco 3005 VPN concentrator issues. [7:57495] Hi all, Ive got a customer who has a 3005 concentrator connected to our network. He has setup a vpn connection which he accesses from home over the public internet. The problem he and the other 200 users are having is that they are loosing connectivity to the box intermittently throughtout the day. When he has loss of service, I can ping the vpn box directly connected to my network, whats even more strange, is that I can ping other customer hosts on the same subnet . Any ideas ?? Regards, Umar. ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and Branch in Sydney is moving premises. From Monday 25th November our Head Office and NSW Branch will be located at: Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57689t=57495 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
GRE connection problems (Please Help!!!) [7:57690]
Hi all, I am have some GRE troubles and am look for some advice. I have a 1721 DSL route IOS 12.2 ADSL over bridged Ethernet and an 827-V4 ADSL over bridged Ethernet. Both routers run NAT. The problem is I can not get any connectivity over a GRE tunnel between the two routers the tunnel just does not seem to come up. I have checked both the configs thrice over and it seems ok to me, If any once can shed some light on this I would really appreciate it. I have attack the router configs. Thanks Olaf. [demime removed a uuencoded section named 1721 which was 52 lines] [demime removed a uuencoded section named 827-v4 which was 46 lines] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57690t=57690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BCRAN tomorrow - Hints? [7:57691]
Hello, My BCRAN test is just a few hours away. Any hints would really be welcome, because I doubt whether my preparation is adequate! Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57691t=57691 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passing Score ? [7:57687]
Hi, For CIT No of Quest -58 Time to answer -105 min Passing score -776 For Switching No of Quest -57 Time to answer -105 min Passing score -776 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 2:12 PM To: [EMAIL PROTECTED] Subject: Passing Score ? [7:57687] Hello, May I learn the current passing score of CIT and Swicthing exams ? Thanks, **Disclaimer Information contained in this E-MAIL being proprietary to Wipro Limited is 'privileged' and 'confidential' and intended for use only by the individual or entity to which it is addressed. You are notified that any use, copying or dissemination of the information contained in the E-MAIL in any manner whatsoever is strictly prohibited. *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57693t=57687 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat 6 upgrade [7:57551]
what I meant was from the IOS from routing blade/rp/msfc (was probably trying to save on typing!!) when running in hybrid mode, the 6k can't see the flash. But when upgrading from the hybrid to native it can't see the flash until the IOS images are loaded, so when the SP changes console ownership to the RP and enters rommon mode that's where I got stuck. MADMAN wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have a 6500 in both hybrid and native modes since we have customers doing both. I am not sure what you mean when you say you can't see the RP in the cat running OS. The RP and SP convention are particular to native mode. When running catOS the RP is the MSFC and you session/switch console to it and frmm there look at it's flash. In native there is no clear delineation between the two, it's one big router. Patrick Donlon wrote: I eventually worked it out. It seems that you can't see a flash card on a RP on a 6000. I'd done a lot of testing with a loaned 6500 for upgrading from Cat OS Hybrid IOS and back again, just in case. On the 65 you can see the flash and so boot from it in rommon, which is great because I can leave my old images on the bootflash. On the 6000 though, no go, so I had to clear out my bootflash and hope that I didn't have to revert back and use all x modem etc. Strange thing was though that I have 4 identical 6Ks, 2 with Cat OS and the other 2 with native IOS, the Cat OS 6ks couldn't see the flash card in the RP but could with the SP, the IOS ones could see it no prob's. I have a 6500 in both hybrid and native modes since we have customers doing both. I am not sure what you mean when you say you can't see the RP in the cat running OS. The RP and SP convention are particular to native mode. When running catOS the RP is the MSFC and you session/switch console to it and frmm there look at it's flash. In native there is no clear delineation between the two, it's one big router. I couldn't find anything on the CCO about this, maybe it's not possible on the 65 to see the flash from the RP - I don't have one to test, but my documentation was (at least I thought it was before Sat') pretty comprehensive on the upgrade process. I know there are issues with the naming in the SP and RP and adding sup- to the device name. From you email it looks like you can, have you tried this running hybrid or only native? Again what do you mean from the RP? Here is what you can do from the router in native mode. The dir bootflash looks at the RP bootflash, sup-bootflash and sup-slot0 are the sup cards bootflash and PCMCIA card respectively. Slot0: is identical to the sup-slot0:. Some of the others must be future stuff as the don't work Native6506#dir ? /all List all files /recursive List files recursively all-filesystems List files on all filesystems bootflash: Directory or file name const_nvram: Directory or file name flash: Directory or file name null:Directory or file name nvram: Directory or file name slavebootflash: Directory or file name slaveconst_nvram:Directory or file name slavenvram: Directory or file name slavercsf: Directory or file name slaveslot0: Directory or file name slavesup-bootflash: Directory or file name slot0: Directory or file name sup-bootflash: Directory or file name sup-image: Directory or file name sup-microcode: Directory or file name sup-slot0: Directory or file name system: Directory or file name Native6506#dir sup-image: %Error opening sup-image:/ (No such device) Native6506#Native6506#dir sup-image: dave Cheers Pat MADMAN wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What are you typing? Native6506#dir bootflash: Directory of bootflash:/ 1 -rw- 7110024 Mar 29 2002 12:48:52 c6msfc2-js-mz.121-4.E1 2 -rw- 1611604 Mar 29 2002 12:49:42 c6msfc2-boot-mz.121-4.E1 3 -rw- 528259 Mar 28 2002 07:19:26 DRACO2_RM2.srec.121-4r.E shows the bootflash of the MSFC or RP in this case. a dir slot0: will show the contents of the PCMCIA card in the SUP module: Native6506#dir slot0: Directory of slot0:/ 1 -rw-14780268 Oct 14 2002 10:36:19 c6sup12-js-mz.121-13.E.bin Dave Patrick Donlon wrote: Hi I'm upgrading a CAT6 from OS to IOS but I can't see my flash card in the route processor. I have another switch on CatOS and I can't see the flash either, any tips??? Cheers Pat -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill
Very poor performance on Cat 6000 gigabit? [7:57695]
Here's something annoying that I came across yesterday... any clues as to what's going wrong would be very much appreciated. Scenario: HP NetServers with built-in 100M NICs, based on an Intel chipset. With the HP drivers, the performance is fine - as you'd expect from a 100M connection. With Intel drivers, nothing changes. Still fine. Add a 1G NIC, again HP badged but with an Intel chipset (Intel Pro/1000TX), and bind them together into a fault-tolerant set using the Intel drivers that were priovided by HP (they don't provide HP badged drivers for this card, though they are happy to sell it with an HP sticker on it for twice the cost of the Intel card). My intention of course is that the 1G adapter is the primary (and set so in the teamed adapter settings) and the 100M would only be used as a fallback if the 1G fails. That's where things go wrong. With both cards connected to the same switch (long-term intention of course is that the 100M card will connect to a standby switch) it insists on using the 100M card, even when the 1G is set as the preferred primary and the 100M is the preferred secondary. Both cards definitely work... if I unplug the connection to the 100M, the 1G takes over. With only the 100M connected, it works. Now, here's the very odd bit. You'd expect better performance from the 1G card. But no. Testing with file copies to or from another server that has been working fine with a 1G card for a year or so (attached via fiber to a GBIC on the supervisor card on the switch), I get several times times better performance with the 100M NIC than I do with the 1G (both UTP). I've tried different cables. All are BICC GigaPlus. The 100M connection goes through a patch panel, but I've run a 20M flylead direct from the server to the switch for the 1G connection. The switch is a Cisco Catalyst 6000 with the 100M connections going to 48-port 100M cards, and the 1G connections going to a 16-port 1G card. Software, firmware, etc versions pasted below. Seeing much worse performance from Gigabit adapters compared to 100M is something of a disappointment, to say the least. Any ideas? The hardware and versions: WS-C6006 Software, Version NmpSW: 7.2(2) Copyright (c) 1995-2002 by Cisco Systems NMP S/W compiled on Jun 3 2002, 18:30:10 System Bootstrap Version: 5.3(1) System Web Interface Version: Engine Version: 5.3.4 ADP Device: Cat6000 ADP Ver0 Hardware Version: 1.0 Model: WS-C6006 Serial #: XXX PS1 Module: WS-CAC-1300WSerial #: XXX PS2 Module: WS-CAC-1300WSerial #: XXX Mod Port Model Serial #Versions --- --- --- -- 1 2WS-X6K-SUP1A-2GEXXX Hw : 3.1 Fw : 5.3(1) Fw1: 5.1(1)CSX Sw : 7.2(2) Sw1: 7.2(2) WS-F6K-PFC XXX Hw : 1.0 3 8WS-X6408-GBIC XXX Hw : 2.1 Fw : 4.2(0.24)VAI78 Sw : 7.2(2) 4 48 WS-X6248-RJ-45 XXX Hw : 1.1 Fw : 4.2(0.24)VAI78 Sw : 7.2(2) 5 48 WS-X6248-RJ-45 XXX Hw : 1.4 Fw : 5.4(2) Sw : 7.2(2) 6 16 WS-X6316-GE-TX XXX Hw : 1.3 Fw : 5.4(2) Sw : 7.2(2) 15 1WS-F6K-MSFC XXX Hw : 1.3 Fw : 12.0(7)XE1, Sw : 12.0(7)XE1, [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57695t=57695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VTP modes Server/Client vs Transparent [7:57650]
Like most networking problems it depends. How large is your switch domain? Are you doing End to End VLANs or Local? How large is your STP domain now? Will it grow larger? Here a link I would start with http://www.cisco.com/warp/customer/473/21.html ( stater for VTP) then hit this one http://www.cisco.com/warp/public/cc/so/neso/lnso/cpso/gcnd_wp.htm (covers GigE Design) Design solutions are usually need and resource driven...as for standards they change(some daily). JMHO Newell Ryan D SrA 18 CS/SCBT wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Network is migrating from ATM to Gigabit Ethernet. Transparent mode was default VTP for all distribution layer switches. We had hubs for all access layer switches. With the new migration to Gigabit switches would be at all access layer buildings. Would it be beneficial to run transparent abroad or a server/client model. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57696t=57650 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: VTP modes Server/Client vs Transparent [7:57650]
Depending on the size of the network VTP is being deployed, you can divide the VTP domain into geograhical area or sites that would decrease the VTP traffic. From: Zim Date: 2002/11/19 Tue AM 07:01:02 EST To: [EMAIL PROTECTED] Subject: Re: VTP modes Server/Client vs Transparent [7:57650] Like most networking problems it depends. How large is your switch domain? Are you doing End to End VLANs or Local? How large is your STP domain now? Will it grow larger? Here a link I would start with http://www.cisco.com/warp/customer/473/21.html ( stater for VTP) then hit this one http://www.cisco.com/warp/public/cc/so/neso/lnso/cpso/gcnd_wp.htm (covers GigE Design) Design solutions are usually need and resource driven...as for standards they change(some daily). JMHO Newell Ryan D SrA 18 CS/SCBT wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Network is migrating from ATM to Gigabit Ethernet. Transparent mode was default VTP for all distribution layer switches. We had hubs for all access layer switches. With the new migration to Gigabit switches would be at all access layer buildings. Would it be beneficial to run transparent abroad or a server/client model. Thanks Greg Owens 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57697t=57650 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem Solved: Cisco 3005 VPN concentrator issues. [7:57698]
Do you mind or can you be a little more detail with this. Was it a duplicate mac address which never should happen but does from time to time (remember the old kingston flaw in the early 90's about 150,000 nic cards same mac). Or was it a duplicate ip address. I could see if it was a duplicate ip where someone has the same ip as the concentrator that would cause remote clients to be disconnected, but a duplicate MAC I have never seen a cisco device with a duplicate mac. Just curious to exactly what happened. -Original Message- From: Umar Ahmed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 4:10 AM To: [EMAIL PROTECTED] Subject: Problem Solved: Cisco 3005 VPN concentrator issues. [7:57495] Hi all, Problem solved - It was an arp issue !! such a simple thing :) The customer had a rogue mac address on their layer 3 switch that was causing the intermittent connectivity. Thanks all for your help !! Elijah Savage III wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have 2 concentrators setup in load balancing function and we had the same issue but ours was not resolved by split tunneling. We had to flash both concentrators and this problem went away , there was a bug on bug track which cisco informed me off at the time I was working on this. Before enabling split tunneling I would I would flash my concentrators first if there is no need for split tunneling. -Original Message- From: John Brandis [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 3:50 PM To: [EMAIL PROTECTED] Subject: RE: Cisco 3005 VPN concentrator issues. [7:57495] I had the similar type of problem, remote users (broadband) would lose connectivity and get the remote peer not respondin, your ipsec session has been termintated error. The problem that I had, was with the broadband ISP, in this case Telstra. Telstra use a bpa hart beat packet, just so Telstra knows that the dsl customer is still there. Should telstra not get this packet, they drop the dsl connection, thus terminating your vpn session. Also, you may want to check your session time-out variable. I resolved my error by splitting the networks, as previously I had tunnel everything. john -Original Message- From: Umar Ahmed [mailto:[EMAIL PROTECTED]] Sent: Friday, 15 November 2002 8:00 PM To: [EMAIL PROTECTED] Subject: Cisco 3005 VPN concentrator issues. [7:57495] Hi all, Ive got a customer who has a 3005 concentrator connected to our network. He has setup a vpn connection which he accesses from home over the public internet. The problem he and the other 200 users are having is that they are loosing connectivity to the box intermittently throughtout the day. When he has loss of service, I can ping the vpn box directly connected to my network, whats even more strange, is that I can ping other customer hosts on the same subnet . Any ideas ?? Regards, Umar. ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and Branch in Sydney is moving premises. From Monday 25th November our Head Office and NSW Branch will be located at: Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57698t=57698 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Deploying Cisco QoS for Enterprise Networks [7:57699]
I would like to buy the subject course book that someone has taken in a class. Please send an email to [EMAIL PROTECTED] Thank you in advance for your consideration. John Huston Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57699t=57699 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Very poor performance on Cat 6000 gigabit? [7:57695]
If you get this to work keep me/us informed as I am sure you will. Because I could never get this to work, I actually had to buy another 1gig nic and still the drivers did not work correctly actually eneded up just using fast etherchannel which is working great. -Original Message- From: Martin Reilly [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 6:45 AM To: [EMAIL PROTECTED] Subject: Very poor performance on Cat 6000 gigabit? [7:57695] Here's something annoying that I came across yesterday... any clues as to what's going wrong would be very much appreciated. Scenario: HP NetServers with built-in 100M NICs, based on an Intel chipset. With the HP drivers, the performance is fine - as you'd expect from a 100M connection. With Intel drivers, nothing changes. Still fine. Add a 1G NIC, again HP badged but with an Intel chipset (Intel Pro/1000TX), and bind them together into a fault-tolerant set using the Intel drivers that were priovided by HP (they don't provide HP badged drivers for this card, though they are happy to sell it with an HP sticker on it for twice the cost of the Intel card). My intention of course is that the 1G adapter is the primary (and set so in the teamed adapter settings) and the 100M would only be used as a fallback if the 1G fails. That's where things go wrong. With both cards connected to the same switch (long-term intention of course is that the 100M card will connect to a standby switch) it insists on using the 100M card, even when the 1G is set as the preferred primary and the 100M is the preferred secondary. Both cards definitely work... if I unplug the connection to the 100M, the 1G takes over. With only the 100M connected, it works. Now, here's the very odd bit. You'd expect better performance from the 1G card. But no. Testing with file copies to or from another server that has been working fine with a 1G card for a year or so (attached via fiber to a GBIC on the supervisor card on the switch), I get several times times better performance with the 100M NIC than I do with the 1G (both UTP). I've tried different cables. All are BICC GigaPlus. The 100M connection goes through a patch panel, but I've run a 20M flylead direct from the server to the switch for the 1G connection. The switch is a Cisco Catalyst 6000 with the 100M connections going to 48-port 100M cards, and the 1G connections going to a 16-port 1G card. Software, firmware, etc versions pasted below. Seeing much worse performance from Gigabit adapters compared to 100M is something of a disappointment, to say the least. Any ideas? The hardware and versions: WS-C6006 Software, Version NmpSW: 7.2(2) Copyright (c) 1995-2002 by Cisco Systems NMP S/W compiled on Jun 3 2002, 18:30:10 System Bootstrap Version: 5.3(1) System Web Interface Version: Engine Version: 5.3.4 ADP Device: Cat6000 ADP Ver0 Hardware Version: 1.0 Model: WS-C6006 Serial #: XXX PS1 Module: WS-CAC-1300WSerial #: XXX PS2 Module: WS-CAC-1300WSerial #: XXX Mod Port Model Serial #Versions --- --- --- -- 1 2WS-X6K-SUP1A-2GEXXX Hw : 3.1 Fw : 5.3(1) Fw1: 5.1(1)CSX Sw : 7.2(2) Sw1: 7.2(2) WS-F6K-PFC XXX Hw : 1.0 3 8WS-X6408-GBIC XXX Hw : 2.1 Fw : 4.2(0.24)VAI78 Sw : 7.2(2) 4 48 WS-X6248-RJ-45 XXX Hw : 1.1 Fw : 4.2(0.24)VAI78 Sw : 7.2(2) 5 48 WS-X6248-RJ-45 XXX Hw : 1.4 Fw : 5.4(2) Sw : 7.2(2) 6 16 WS-X6316-GE-TX XXX Hw : 1.3 Fw : 5.4(2) Sw : 7.2(2) 15 1WS-F6K-MSFC XXX Hw : 1.3 Fw : 12.0(7)XE1, Sw : 12.0(7)XE1, [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57700t=57695 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: WIC-1ENET [7:57596]
Thanks Dave! MADMAN wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I think it's only supported on the 1700 series routers. Try a HW/SW compatibility lookup. Dave Thomas N. wrote: Hi All - I am wondering if the 1-Ethernet WIC card (WIC-1ENET) works with the WAN slots on Cisco 2600 routers? Do I need certain version of IOS in order to have it worked on Cisco 2600 WAN slot? Thanks All! -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57701t=57596 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Anyone knows The ESCON Connector. [7:57702]
Hi, Anyone knows which pin is transmit and which is receive on the Big ESCON connector? I onlt find there are marked as A and B but I dont know which is Tx and which is Rx Anyone can help? :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57702t=57702 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
828 3des Performance [7:57703]
Hi I have a VPN 3005 Concentrator, that establishes an Ipsec 3des tunnel to a 828 router, the router has uppgraded memory and 3des sofware. the router is connectd to my via a 2mbits line, and workes fine, but when I establish the vpn tunnel the performance drops down to something line 256Kbits, and I can see one the router that the CPU load is about 50 - 80% Is this normal, i.e. can the 828 just not handle any more ipsec 3des traffic ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57703t=57703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: router telnet access.. [7:57574]
I cannot see the 172.24.1.0 0.0.0.255 in your ACL. It seems to be missing !! Stephano Mwendo wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hallo guys, I have applied the following access list 3 for the line vty 0 4 in order to limit telnet access to the router for internal PCs; (config)#access-list 3 permit 172.17.1.0 0.0.0.3 (config)#access-list 3 permit 172.19.1.0 0.0.0.255 (config)#access-list 3 permit 172.21.1.0 0.0.0.255 (config)#access-list 3 permit 172.23.1.0 0.0.0.255 (config)#access-list 3 permit 172.25.1.0 0.0.0.3 (config)#access-list 3 deny any (config)#line vty 0 4 (config-line)#access-class 3 in (config-line)#transport input telnet the problem is that I am still having networks at 172.24.1.0 telneting the router! Can someone help please, Thanks in advance. - Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57704t=57574 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 828 3des Performance [7:57703]
Arni, I believe the throughput of the 800 series is about 384Kbps when doing encryption, so you might want a bigger router. Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. Arni V. Skarphedinsson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi I have a VPN 3005 Concentrator, that establishes an Ipsec 3des tunnel to a 828 router, the router has uppgraded memory and 3des sofware. the router is connectd to my via a 2mbits line, and workes fine, but when I establish the vpn tunnel the performance drops down to something line 256Kbits, and I can see one the router that the CPU load is about 50 - 80% Is this normal, i.e. can the 828 just not handle any more ipsec 3des traffic ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57705t=57703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question for CCDP [7:57667]
Both CCDA and CID are requirements regardless of CCNP status. Jarett Vinh Le wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, Does anyone know if both CCDA CID #640-025 exams are required in order to get CCDP if you possess a CCNP? Or just CID #640-025 exam is all you need for CCDP? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57706t=57667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix questions [7:57686]
Ramesh, As to routing, the PIX will forward packets from one interface to another, but you have to do certain things to accomplish this: From higher security level to lower, you need nat and global commands; from lower to higher, you need static and access-list commands. Fro external people accessing the DMZ, you also need a static command, and I assume that you have applied the ACL to the PIX's outside interface. As to the inside interface accessing the DMZ, you'll need to set up a nat and global command set (or use nat 0 to disable NAT between the two networks). ramesh c wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... 1)I got traffic flowing from outside to dmz.I got a mail server sitting on the dmz. access-list acl_outside permit tcp any host mail eq smtp Do I need to the following?or just the access-list will do? static (dmz,outside) mail mail netmask 255.255.255.255 0 2)Can inside access DMZ without nat commands?.Meaning can pix act as a router? -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57707t=57686 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cat OS and switch IOS naming conventions. [7:57692]
Hi, Does anybody know of any document on CCO which provides details regarding the Naming conventions employed for CatOS and switch IOS's image filenames. (I have found docs for router IOSes but none for CatOS) Thanks in advance Simon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57692t=57692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 828 3des Performance [7:57703]
Thanx for the info, can you or anyone point me to a page at cisco.com that has info about the performance off these routers, I feel better if I can point the customer at some official cisco information about the performance of his router Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57708t=57703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NetIQ Chariot [7:57710]
I now this is somewhat off topic but, I am confident you can give me some valid input about this, My company is thinking about buying NetIQ´s Chariot software, any one here have any good or bad experince with that product, and Is it as helpfull as it seem for troubleshooting network problems. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57710t=57710 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSS11800 for content network specialist on ebay $6 [7:57709]
can anyone believe how cheap these are going for? It makes it pretty reasonable to get one for the content network specialist certification. http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2070179172 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2066928817 $665 was the end price for one of these! Can anyone shed some light as to why the market value of these is so low? Ryan Moffett - CCNP, CCDP Senior Network Architect Sterling Commerce 4600 Lakehurst Ct. Dublin, OH 43016 phone: (614) 791-6448 cell: (614) 260-1442 email: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57709t=57709 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX 501 [7:57684]
As far as a firewall goes, yes, that should be sufficient. You'll want a bunch of routers, a switch, and an isdn simulator as well though. thanks, -Brad Ellis CCIE#5796 (RS / Security) Network Learning Inc [EMAIL PROTECTED] www.optsys.net (Cisco hardware) Johan Bornman wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can somebody tell me if the PIX 501 is sufficient to prepare for the CCIE security lab exam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57685t=57684 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCSP [7:57713]
Anyone else hear about the new CCSP cert that Cisco is offering?! It's about time! Although I wish some of the other Professional level certs would count towards it in some way... I also like the three new Specialist level certs! Thank you, Joshua Green; MCSE, CCNA [EMAIL PROTECTED] CityScape Communications 2040 Timberbrooke Drive Springfield, IL 62702 (217) 793.6238 x18 (217) 793.6275 fax (217) 306.6201 cell Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57713t=57713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: Block MSN Messenger [7:57595]
Hi All, Very rightly said that these messengers use so many servers and so many ports that it's kind of impossible to block them all. But you can very easily do it, right on the OS level. I know about the Win2K that you can set up some system policies with which you can directly block these exes themselves. Hope it helps: Regards, Vikram Lidiya White wrote: Try to block the login servers: http://acronymsonline.com/im_ips.htm -- Lidiya White -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Josh Green Sent: Monday, November 18, 2002 10:16 AM To: [EMAIL PROTECTED] Subject: RE: Block MSN Messenger [7:57595] It is possible, however Messenger uses so many different ports on so many different servers that it's not worth your time. -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 8:36 AM To: [EMAIL PROTECTED] Subject: Re: Block MSN Messenger [7:57595] no. don't waste your time. Ahed Naimi wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... gt; Dear All; gt; gt; Is there any way to block MSN Messenger by using the access-list statements gt; on an IOS Cisco router. gt; gt; Thanks All. Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in Change the way you talk. Indiatimes presents Valufon, Your PC to Phone service with clear voice at rates far less than the normal ISD rates. Go to http://www.valufon.indiatimes.com. Choose your plan. BUY NOW. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57714t=57595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question for CCDP [7:57667]
What is the best book to buy for the CCDP test? Thanks. On Tue, 19 Nov 2002 15:54:42 GMT J.D. Chaiken wrote: Both CCDA and CID are requirements regardless of CCNP status. Jarett Vinh Le wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, Does anyone know if both CCDA CID #640-025 exams are required in order to get CCDP if you possess a CCNP? Or just CID #640-025 exam is all you need for CCDP? Thanks. to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57715t=57667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question for CCDP [7:57667]
What is the best book to buy for the CCDP test? Thanks. On Tue, 19 Nov 2002 15:54:42 GMT J.D. Chaiken wrote: Both CCDA and CID are requirements regardless of CCNP status. Jarett Vinh Le wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, Does anyone know if both CCDA CID #640-025 exams are required in order to get CCDP if you possess a CCNP? Or just CID #640-025 exam is all you need for CCDP? Thanks. to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57716t=57667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: Block MSN Messenger [7:57595]
Yes and I have done it all via the PIX Where you run into problems is when they use port 80. Rob Rob H Mears III, CCNP, MCSE, NNCDS, NNCSS, CNE, A+ LAN Engineer and Technical Mercenary Valor Telecom 469.420.2656 -Original Message- From: vikramjskeer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 10:46 AM To: [EMAIL PROTECTED] Subject: Re: RE: Block MSN Messenger [7:57595] Hi All, Very rightly said that these messengers use so many servers and so many ports that it's kind of impossible to block them all. But you can very easily do it, right on the OS level. I know about the Win2K that you can set up some system policies with which you can directly block these exes themselves. Hope it helps: Regards, Vikram Lidiya White wrote: Try to block the login servers: http://acronymsonline.com/im_ips.htm -- Lidiya White -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Josh Green Sent: Monday, November 18, 2002 10:16 AM To: [EMAIL PROTECTED] Subject: RE: Block MSN Messenger [7:57595] It is possible, however Messenger uses so many different ports on so many different servers that it's not worth your time. -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 8:36 AM To: [EMAIL PROTECTED] Subject: Re: Block MSN Messenger [7:57595] no. don't waste your time. Ahed Naimi wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... gt; Dear All; gt; gt; Is there any way to block MSN Messenger by using the access-list statements gt; on an IOS Cisco router. gt; gt; Thanks All. Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in Change the way you talk. Indiatimes presents Valufon, Your PC to Phone service with clear voice at rates far less than the normal ISD rates. Go to http://www.valufon.indiatimes.com. Choose your plan. BUY NOW. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57717t=57595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco and Nortel Connectivity [7:57719]
I have a few questions concerning Nortel and Cisco connectivity: Can I trunk multiple links between Cisco and Nortel(Passport 8000 or Bay450)? IF so how? Can Cisco support MLT or SMLT to Passport 8600? Can a Nortel support fast etherchannel? Will it support 802.3ab? Is there a difference between FEC and 802.3ab? Does anyone have any good links on this stuff from either vendor? Thanks j Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57719t=57719 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question for CCDP [7:57667]
I've heard that Priscilla Oppenheimer's book, Top-Down Network Design, is the best book for this exam. Shawn K. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 11:51 AM To: [EMAIL PROTECTED] Subject: Re: Question for CCDP [7:57667] What is the best book to buy for the CCDP test? Thanks. On Tue, 19 Nov 2002 15:54:42 GMT J.D. Chaiken wrote: Both CCDA and CID are requirements regardless of CCNP status. Jarett Vinh Le wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, Does anyone know if both CCDA CID #640-025 exams are required in order to get CCDP if you possess a CCNP? Or just CID #640-025 exam is all you need for CCDP? Thanks. to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57718t=57667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question for CCDP [7:57667]
Thanks for the clarification everyone. One more thing, does the Top-Down Network Design from Priscilla Oppenheimer covers both exams (CCDA CID)? Kaminski, Shawn G wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've heard that Priscilla Oppenheimer's book, Top-Down Network Design, is the best book for this exam. Shawn K. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 11:51 AM To: [EMAIL PROTECTED] Subject: Re: Question for CCDP [7:57667] What is the best book to buy for the CCDP test? Thanks. On Tue, 19 Nov 2002 15:54:42 GMT J.D. Chaiken wrote: Both CCDA and CID are requirements regardless of CCNP status. Jarett Vinh Le wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, Does anyone know if both CCDA CID #640-025 exams are required in order to get CCDP if you possess a CCNP? Or just CID #640-025 exam is all you need for CCDP? Thanks. to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57720t=57667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question for CCDP [7:57667]
In addition to Priscilla's invaluable work: CID: Cisco Internetwork Design ISBN 0072126531 - $42.95 new at bookpool.com - $42 new $7.82 used at amazon.com Cisco Internetwork Design (Cisco Press) ISBN 1578701716 - $46.50 new at bookpool.com - $60 new $8.50 used at amazon.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 10:50 AM To: [EMAIL PROTECTED] Subject: Re: Question for CCDP [7:57667] What is the best book to buy for the CCDP test? Thanks. On Tue, 19 Nov 2002 15:54:42 GMT J.D. Chaiken wrote: Both CCDA and CID are requirements regardless of CCNP status. Jarett Vinh Le wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, Does anyone know if both CCDA CID #640-025 exams are required in order to get CCDP if you possess a CCNP? Or just CID #640-025 exam is all you need for CCDP? Thanks. to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57721t=57667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question for CCDP [7:57667]
I used it to prep for both exams, supplemented by reading some action-packed, edge-of-your-seat CCO material on SNA. Ciscopress does have separate books for the ccda and ccdp, but I've never laid my hands on either of them. My advice is, if you're going to get a book to supplement top-down, go big and get the CCIE Case Studies book. Hal Logan CCAI, CCNP, CCDP Network Specialist / Adjunct Faculty Computing Engineering Technology Manatee Community College -Original Message- From: Vinh Le [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 12:56 PM To: [EMAIL PROTECTED] Subject: Re: Question for CCDP [7:57667] Thanks for the clarification everyone. One more thing, does the Top-Down Network Design from Priscilla Oppenheimer covers both exams (CCDA CID)? Kaminski, Shawn G wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've heard that Priscilla Oppenheimer's book, Top-Down Network Design, is the best book for this exam. Shawn K. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 11:51 AM To: [EMAIL PROTECTED] Subject: Re: Question for CCDP [7:57667] What is the best book to buy for the CCDP test? Thanks. On Tue, 19 Nov 2002 15:54:42 GMT J.D. Chaiken wrote: Both CCDA and CID are requirements regardless of CCNP status. Jarett Vinh Le wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, Does anyone know if both CCDA CID #640-025 exams are required in order to get CCDP if you possess a CCNP? Or just CID #640-025 exam is all you need for CCDP? Thanks. to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57722t=57667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NetIQ Chariot [7:57710]
We have it where I work and it, like any other tool has it's strong and weak points. Comes with several scripts but for QOS testing you may have to modify them yourself. For basic testing I found it easy and effective to use. Most here that have used it like it very much, but add that it is very complicated and can consume much of your time learning to use it most effectively. If you have the time to play with it and the money-then yes. Arni V. Skarphedinsson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I now this is somewhat off topic but, I am confident you can give me some valid input about this, My company is thinking about buying NetIQ4s Chariot software, any one here have any good or bad experince with that product, and Is it as helpfull as it seem for troubleshooting network problems. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57723t=57710 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Written [7:57610]
Thanks a lot for the feedback about Token Ring and IPX. I am very disapointed with the email I received from a Cisco's guy saying that Token Ring and IPX was no longer in the test; I attached the email on that discussion. It is very sad that an important information comes wrong from the main source, Cisco. In that time I was just starting the Token Ring review and I changed to other topic based on the received email from Cisco. Now I will go back to Token Ring and IPX topics. Jian Yu @groupstudy.com em 11/18/2002 09:48:15 PM Favor responder a Jian Yu Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:RE: CCIE Written [7:57610] Hi, Hixon, I failed it on Nov 9, got zero on desktop protocols. So, I read Caslow throughly and it helped me to pass last weekend. I do see some new material (MPLS,multicast) not covered by Caslow, but MPLS and VPN arch and Routing TCP/IP Vol2 should help. It is indeed very difficult, but sure you will pass it :-) cheers, Jian Hixon James wrote: Took the Written Friday- and failed. Very difficult- Passing score was 58. Know the exam objectives very well. To answer an item on question last week. There is still some token ring and IPX on it. Boson test#1 was pretty descent, but Caslow, Doyle, and Bruno's books were all a must. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57724t=57610 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question for CCDP [7:57667]
Well, Priscilla's Book covers the material. I had problems reading it though. I've gotten so used to reading poorly written technical books, that whenever I find a passage that is really readable I assume it's fluff and skip past it. Since most of her book is readable and well written, I found myself reading thorough it a couple of times. Seriously though Top-Down Network design is really helpful. These were the most difficult tests that I've taken. Jarett wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What is the best book to buy for the CCDP test? Thanks. On Tue, 19 Nov 2002 15:54:42 GMT J.D. Chaiken wrote: Both CCDA and CID are requirements regardless of CCNP status. Jarett Vinh Le wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, Does anyone know if both CCDA CID #640-025 exams are required in order to get CCDP if you possess a CCNP? Or just CID #640-025 exam is all you need for CCDP? Thanks. to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57725t=57667 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCSP [7:57713]
Joshua The CCSP is basically just a realignment of the current Cisco Security Specialist 1 certification into the Cisco Professional track. It does add one more exam to the requirements but other than that no real change. Cisco has even 'generously' allowed current CSS1s to take the remaining exam to get the cert. :-) As for the new specialist level certs, they are just dumbed down ^H^H^H^H^H^H^H^H^H^H^H more focussed variations of the CSS1. I really dont think Cisco have thought this one through as anyone who attains CCSP (with the current versions of the exams), will also automatically get three specialist level certs. In my opinion this totally devalues the specialist level certs. They should be something that takes specific specialised skill and knowledge to attain, not something you get for free as part of the process of attaining an intermediate level professional qualification. Peter Walker CISSP, CSS1, CITPSS, CCNP, CCIP, CCDP, etc (Putting flame proof clothing on) Joshua Green wrote: Anyone else hear about the new CCSP cert that Cisco is offering?! It's about time! Although I wish some of the other Professional level certs would count towards it in some way... I also like the three new Specialist level certs! Thank you, Joshua Green; MCSE, CCNA [EMAIL PROTECTED] CityScape Communications 2040 Timberbrooke Drive Springfield, IL 62702 (217) 793.6238 x18 (217) 793.6275 fax (217) 306.6201 cell Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57726t=57713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCSP [7:57713]
Good Info! I tried following the link for those new Specialist certs on Cisco's site, but the link is broken - are Specialists defined now by completing only the individual exams? (CSPFA for Firewall, CSVPN for VPN, and CSIDS for IDS) -Original Message- From: Peter.Walker:[EMAIL PROTECTED] [mailto:Peter.Walker:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 2:53 PM To: [EMAIL PROTECTED] Subject: Re: CCSP [7:57713] Joshua The CCSP is basically just a realignment of the current Cisco Security Specialist 1 certification into the Cisco Professional track. It does add one more exam to the requirements but other than that no real change. Cisco has even 'generously' allowed current CSS1s to take the remaining exam to get the cert. :-) As for the new specialist level certs, they are just dumbed down ^H^H^H^H^H^H^H^H^H^H^H more focussed variations of the CSS1. I really dont think Cisco have thought this one through as anyone who attains CCSP (with the current versions of the exams), will also automatically get three specialist level certs. In my opinion this totally devalues the specialist level certs. They should be something that takes specific specialised skill and knowledge to attain, not something you get for free as part of the process of attaining an intermediate level professional qualification. Peter Walker CISSP, CSS1, CITPSS, CCNP, CCIP, CCDP, etc (Putting flame proof clothing on) Joshua Green wrote: Anyone else hear about the new CCSP cert that Cisco is offering?! It's about time! Although I wish some of the other Professional level certs would count towards it in some way... I also like the three new Specialist level certs! Thank you, Joshua Green; MCSE, CCNA [EMAIL PROTECTED] CityScape Communications 2040 Timberbrooke Drive Springfield, IL 62702 (217) 793.6238 x18 (217) 793.6275 fax (217) 306.6201 cell Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57727t=57713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCSP [7:57713]
Nevermind - sometime earlier they enabled the links... -Original Message- From: Creighton Bill-BCREIGH1 [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 3:07 PM To: [EMAIL PROTECTED] Subject: RE: CCSP [7:57713] Good Info! I tried following the link for those new Specialist certs on Cisco's site, but the link is broken - are Specialists defined now by completing only the individual exams? (CSPFA for Firewall, CSVPN for VPN, and CSIDS for IDS) -Original Message- From: Peter.Walker:[EMAIL PROTECTED] [mailto:Peter.Walker:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 2:53 PM To: [EMAIL PROTECTED] Subject: Re: CCSP [7:57713] Joshua The CCSP is basically just a realignment of the current Cisco Security Specialist 1 certification into the Cisco Professional track. It does add one more exam to the requirements but other than that no real change. Cisco has even 'generously' allowed current CSS1s to take the remaining exam to get the cert. :-) As for the new specialist level certs, they are just dumbed down ^H^H^H^H^H^H^H^H^H^H^H more focussed variations of the CSS1. I really dont think Cisco have thought this one through as anyone who attains CCSP (with the current versions of the exams), will also automatically get three specialist level certs. In my opinion this totally devalues the specialist level certs. They should be something that takes specific specialised skill and knowledge to attain, not something you get for free as part of the process of attaining an intermediate level professional qualification. Peter Walker CISSP, CSS1, CITPSS, CCNP, CCIP, CCDP, etc (Putting flame proof clothing on) Joshua Green wrote: Anyone else hear about the new CCSP cert that Cisco is offering?! It's about time! Although I wish some of the other Professional level certs would count towards it in some way... I also like the three new Specialist level certs! Thank you, Joshua Green; MCSE, CCNA [EMAIL PROTECTED] CityScape Communications 2040 Timberbrooke Drive Springfield, IL 62702 (217) 793.6238 x18 (217) 793.6275 fax (217) 306.6201 cell Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57728t=57713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IGRP as proprietary? [7:57603]
Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hktco wrote: When I learned it for CCNA and CCNP, I was told that IGRP is Cisco proprietary. Until recent, I was being told that IGRP is no longer proprietary and became an open standard. No, neither IGRP nor EIGRP are open standards. They are Cisco proprietary. There are no RFCs or other industry-standard specifications that document the protocols. CL: at one time there was such a thing as IOS-IGRP. This was apparently an IGRP cversion created to the ISO CLNS specifications. One can still see the remnats of this on Cisco routers: Router_10(config)#router ? bgp Border Gateway Protocol (BGP) egp Exterior Gateway Protocol (EGP) eigrp Enhanced Interior Gateway Routing Protocol (EIGRP) igrp Interior Gateway Routing Protocol (IGRP) isis ISO IS-IS iso-igrp IGRP for OSI networksNOTE THIS ONE mobileMobile routes odr On Demand stub Routes ospf Open Shortest Path First (OSPF) rip Routing Information Protocol (RIP) staticStatic routes I don't believe I have ever seen any documentation on this version on CCO With IGRP, Cisco did allow Rutgers University to publish a good article that explains everything you need to know about IGRP. See here: http://www.cisco.com/warp/public/103/5.html With EIGRP, it would be much harder to figure out exactly how it all works unless you were a Cisco IOS software developer. But Cisco TAC does have some good Web pages about EIGRP. See here: http://www.cisco.com/warp/public/103/eigrp-toc.html So... with these documents, theoretically another company could gather enough info to implement IGRP and EIGRP. But legally Cisco wouldn't allow this without some sort of licensing agreement. Cisco owns the technology, in other words. The protocols are proprietary, even though Cisco doesn't seem opposed to publishing info on how they work. Cisco's motivation for publishing info is to help network admins use Cisco's implementations, not help a competitor (or even a collaborator) do their own implementation. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com I would like to verify on this. Any input from authority would be nice. Thanks. hktco Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57730t=57603 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
GRE on PIX and Concentrators [7:57729]
Hi Folks, Does anyone know if PIX or VPN Concentrators support GRE to enable multiprotocol routing such as EIGRP.I have 10 branches and am thinking to replace my FR clould with site-to-sit VPN. IPSEC doesn'tsupport multiprotocol routing such as EIGRP and requires GRE to work in parallel. As far as I know GRE is only supported in routers and Cisco yet to provide this feature in PIX and Concentrators.How in the world I could do this since my hearquarter has PIX and that is where I wanted my VPN tunnels.Is there any alternatives? Does PIX 510 support VPN? Regards, Teza ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57729t=57729 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Confreg problem...help! [7:57732]
Thanks for the reply. The problem is upon boot up I am getting only garbled asci characters and the screen appears to be frozen. It don't let me see anything and type anything to implement your suggestion...sorrry. I welcome if you could tell me some alternative...thanks a lot! thanks Robert M From: miken To: Robert Massiache , CC: , Subject: Re: Confreg problem...help! Date: Tue, 19 Nov 2002 00:52:49 -0700 I believe the config-register is stored in NVRAM. So in theory, if you bypass the startup config, you may default to the standard config-register settings. Haven't tried it though to know for sure. Have you tried booting into rommon(control-break sequence) and then stepping through the confreg steps? http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1831/products_comm and_summary_chapter09186a0080087baf.html#xtocid43127http://www.cisco.com/en/ US/partner/products/sw/iosswrel/ps1831/products_command_summary_chapter09186 a0080087baf.html#xtocid43127HTH,Mike- Original Message - From: Robert Massiache To: Cc: ; Sent: Monday, November 18, 2002 7:39 PM Subject: Confreg problem...help! Hi, I got a mc3810 router and was running perfect. Sometime ago I mistakenly typed a confreg value which I do not remeber exactly but I know it was not a relevant one. I was actually practicing with the confreg entries. What happened was that after I just rebooted the router I lost the console screen. I tried with all sorts of console port values like changing the baud-rate, start stop bit etc. I found it was responding to 1200 baud speed but all I could find is some corrupted and garbled ascii characters on the Teraterm. Same is the case with hyprterm. Any helpers please... thanks _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57732t=57732 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GRE on PIX and Concentrators [7:57729]
the last time I checked, the answer was no to either one. it has been several months, but at that time the Cisco position was why would you want to and there were several preferred means of terminating secure tunnels on either device. -- TANSTAAFL there ain't no such thing as a free lunch Azhar Teza wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Folks, Does anyone know if PIX or VPN Concentrators support GRE to enable multiprotocol routing such as EIGRP.I have 10 branches and am thinking to replace my FR clould with site-to-sit VPN. IPSEC doesn'tsupport multiprotocol routing such as EIGRP and requires GRE to work in parallel. As far as I know GRE is only supported in routers and Cisco yet to provide this feature in PIX and Concentrators.How in the world I could do this since my hearquarter has PIX and that is where I wanted my VPN tunnels.Is there any alternatives? Does PIX 510 support VPN? Regards, Teza ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57731t=57729 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCSP [7:57713]
Bill To gain the new specialist certs you need MCNS plus the current relevent exam (CSPFA, CSVPN or CSIDS). To gain the CCSP you need to pass MCNS, CSPFA, CSVPN, CSIDS and the new SAFE exam. Peter Creighton Bill-BCREIGH1 wrote: Good Info! I tried following the link for those new Specialist certs on Cisco's site, but the link is broken - are Specialists defined now by completing only the individual exams? (CSPFA for Firewall, CSVPN for VPN, and CSIDS for IDS) -Original Message- From: Peter.Walker:[EMAIL PROTECTED] [mailto:Peter.Walker:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 2:53 PM To: [EMAIL PROTECTED] Subject: Re: CCSP [7:57713] Joshua The CCSP is basically just a realignment of the current Cisco Security Specialist 1 certification into the Cisco Professional track. It does add one more exam to the requirements but other than that no real change. Cisco has even 'generously' allowed current CSS1s to take the remaining exam to get the cert. :-) As for the new specialist level certs, they are just dumbed down ^H^H^H^H^H^H^H^H^H^H^H more focussed variations of the CSS1. I really dont think Cisco have thought this one through as anyone who attains CCSP (with the current versions of the exams), will also automatically get three specialist level certs. In my opinion this totally devalues the specialist level certs. They should be something that takes specific specialised skill and knowledge to attain, not something you get for free as part of the process of attaining an intermediate level professional qualification. Peter Walker CISSP, CSS1, CITPSS, CCNP, CCIP, CCDP, etc (Putting flame proof clothing on) Joshua Green wrote: Anyone else hear about the new CCSP cert that Cisco is offering?! It's about time! Although I wish some of the other Professional level certs would count towards it in some way... I also like the three new Specialist level certs! Thank you, Joshua Green; MCSE, CCNA [EMAIL PROTECTED] CityScape Communications 2040 Timberbrooke Drive Springfield, IL 62702 (217) 793.6238 x18 (217) 793.6275 fax (217) 306.6201 cell Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57733t=57713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCSP [7:57713]
For those who havent already seen the announcement. Original Message Subject: New Cisco Certified Security Professional Date: Tue, 19 Nov 2002 11:01:39 -0500 (EST) From: Cisco Systems Inc Every organization has data, facilities, and workflow processes that are mission critical to their success. As more organizations make greater use of the Internet, it becomes critical that businesses defend their networks against attacks. Productivity gains and returns on company investments are at risk if the network is not defended. Cisco protects business from end to end, enabling business growth and increased productivity. Unlike point security products that leave vulnerable gaps, comprehensive solutions from Cisco embed integrated, layered security throughout your entire network to tie separate technologies and applications into a single, secure whole. Together with responsive, qualified partners, Cisco provides the components and training to build and maintain an effective security system that can safeguard your company's ability to generate revenue. Regardless of the size of your business, Cisco network security products and Cisco IOS(r) Software help keep your network secure. To help meet your needs, on November 19, 2002, Cisco will announce the new Cisco Certified Security Professional (CCSP) and three new security Cisco Qualified Specialists the Cisco Firewall Specialist, the Cisco VPN Specialist, and the Cisco IDS Specialist. Cisco is launching this new professional level security certification in response to the heightened need for knowledgeable network professionals who can design, build, and implement complete end-to-end security solutions coupled with an industry demand to provide a certification career path in the IT security market. This new certification provides an individual with professional level recognition in designing and implementing Cisco Secure networks. To become a Cisco Certified Security Professional (CCSP) you need to hold a valid CCNA(r) certification and complete and pass the following exams: Exam Recommended training 9E0-571 CSPFA or 9E0-111 CSPFA Cisco Secure Firewall Advanced (CSPFA) 2.1 Cisco Secure Firewall Advanced (CSPFA) 3.0 9E0-570 CSVPN or 9E0-121 CSVPN Cisco Secure Virtual Private Networks (CSVPN ) 2.0 Cisco Secure Virtual Private Networks (CSVPN ) 3.0 640-442 MCNS or 640-100 MCNS Managing Cisco Network Security (MCNS) 2.0 Managing Cisco Network Security (MCNS) 3.0 9E0-572 IDSPM or 9E0-100 CSIDS Cisco Secure Intrusion Detection System (CSIDS) 2.1 Cisco Secure Intrusion Detection System (CSIDS) 3.0 9E0-131 CSI Cisco SAFE Implementation (CSI) 1.0 The recommended training to prepare for the Cisco Certified Security Professional (CCSP) certification is offered through the global network of authorized Cisco Learning Partners. Now until September 30, 2003, individuals who currently hold the Cisco Security Specialist 1 certification can upgrade their certification to become a Cisco Certified Security Professional (CCSP) by taking one new exam, Cisco SAFE Implementation (CSI 9EO-131). Candidates with Cisco Security Specialist 1 certification have already demonstrated their knowledge of firewalls, intrusion detection systems, and virtual private networks. Therefore, if they maintain their CCNA status and pass this additional exam, they can become a Cisco Certified Security Professional (CCSP). Like other professional level Cisco certifications, the Cisco Certified Security Professional is valid for three years. New Cisco Qualified Specialists for Firewall, VPN, and IDS The three new Cisco Qualified Specialists are being launched to address the needs of individuals who want to validate skills in specific areas of network security. These individuals most likely work in organizations that have installed or are about to install Cisco security products. To earn the new focused certifications, you need to hold a valid CCNA certification and complete and pass the following exams: Focused Certification Exam Recommended training Cisco Firewall Specialist 640-100 MCNS and 9E0-111 CSPFA Managing Cisco Network Security (MCNS) 3.0 Cisco Secure PIX(r) Firewall Advanced (CSPFA) 3.0 Cisco VPN Specialist 640-100 MCNS and 9E0-121 CSVPN Managing Cisco Network Security (MCNS) 3.0 Cisco Secure Virtual Private Networks (CSVPN ) 3.0 Cisco IDS Specialist 640-100 MCNS and 9E0-100 CSIDS Managing Cisco Network Security (MCNS) 3.0 Cisco Secure Intrusion Detection System (CSIDS) 3.0 Individuals can still earn the Cisco Security Specialist 1 certification until February 28, 2003. After that date, this focused certification will no longer be offered. For those who have already earned the Cisco Security Specialist 1 certification, the certification remains valid until two years from date of achievement. Like all other focused Cisco certifications, all three new Cisco Security Specialist certifications are valid for two
RE: CCSP [7:57713]
Yes, along with 640-100 (MCNS) Thank you, Joshua Green; MCSE, CCNA [EMAIL PROTECTED] CityScape Communications 2040 Timberbrooke Drive Springfield, IL 62702 (217) 793.6238 x18 (217) 793.6275 fax (217) 306.6201 cell -Original Message- From: Creighton Bill-BCREIGH1 [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 3:07 PM To: [EMAIL PROTECTED] Subject: RE: CCSP [7:57713] Good Info! I tried following the link for those new Specialist certs on Cisco's site, but the link is broken - are Specialists defined now by completing only the individual exams? (CSPFA for Firewall, CSVPN for VPN, and CSIDS for IDS) -Original Message- From: Peter.Walker:[EMAIL PROTECTED] [mailto:Peter.Walker:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 2:53 PM To: [EMAIL PROTECTED] Subject: Re: CCSP [7:57713] Joshua The CCSP is basically just a realignment of the current Cisco Security Specialist 1 certification into the Cisco Professional track. It does add one more exam to the requirements but other than that no real change. Cisco has even 'generously' allowed current CSS1s to take the remaining exam to get the cert. :-) As for the new specialist level certs, they are just dumbed down ^H^H^H^H^H^H^H^H^H^H^H more focussed variations of the CSS1. I really dont think Cisco have thought this one through as anyone who attains CCSP (with the current versions of the exams), will also automatically get three specialist level certs. In my opinion this totally devalues the specialist level certs. They should be something that takes specific specialised skill and knowledge to attain, not something you get for free as part of the process of attaining an intermediate level professional qualification. Peter Walker CISSP, CSS1, CITPSS, CCNP, CCIP, CCDP, etc (Putting flame proof clothing on) Joshua Green wrote: Anyone else hear about the new CCSP cert that Cisco is offering?! It's about time! Although I wish some of the other Professional level certs would count towards it in some way... I also like the three new Specialist level certs! Thank you, Joshua Green; MCSE, CCNA [EMAIL PROTECTED] CityScape Communications 2040 Timberbrooke Drive Springfield, IL 62702 (217) 793.6238 x18 (217) 793.6275 fax (217) 306.6201 cell Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57735t=57713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: VTP modes Server/Client vs Transparent [7:57650]
Presently we run end to end vlans w/LANE. We are going to the gigabit ethernet design with end to end vlans. We plan for a slow migration to local vlans. Once the migration to local vlans is complete then a server/client model might be more efficient. Talking to another network professional, transparent mode seemed to be the only way during the transition period to local vlans. I really prefer transperent over the server/client model. But I don't want my ill advised emotions not to give the other side a fair chance. -Original Message- From: Zim [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 9:01 PM To: [EMAIL PROTECTED] Subject: Re: VTP modes Server/Client vs Transparent [7:57650] Like most networking problems it depends. How large is your switch domain? Are you doing End to End VLANs or Local? How large is your STP domain now? Will it grow larger? Here a link I would start with http://www.cisco.com/warp/customer/473/21.html ( stater for VTP) then hit this one http://www.cisco.com/warp/public/cc/so/neso/lnso/cpso/gcnd_wp.htm (covers GigE Design) Design solutions are usually need and resource driven...as for standards they change(some daily). JMHO Newell Ryan D SrA 18 CS/SCBT wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Network is migrating from ATM to Gigabit Ethernet. Transparent mode was default VTP for all distribution layer switches. We had hubs for all access layer switches. With the new migration to Gigabit switches would be at all access layer buildings. Would it be beneficial to run transparent abroad or a server/client model. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57736t=57650 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GRE on PIX and Concentrators [7:57729]
PIX supports GRE, i have setup GRE tunnel between my 2 sites. Here is link which might helps you. http://www.cisco.com/en/US/tech/tk648/tk367/technologies_configuration_examp le09186a00800a43f6.shtml thanks, -- Curious MCSE, CCNP The Long and Winding Road wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... the last time I checked, the answer was no to either one. it has been several months, but at that time the Cisco position was why would you want to and there were several preferred means of terminating secure tunnels on either device. -- TANSTAAFL there ain't no such thing as a free lunch Azhar Teza wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Folks, Does anyone know if PIX or VPN Concentrators support GRE to enable multiprotocol routing such as EIGRP.I have 10 branches and am thinking to replace my FR clould with site-to-sit VPN. IPSEC doesn'tsupport multiprotocol routing such as EIGRP and requires GRE to work in parallel. As far as I know GRE is only supported in routers and Cisco yet to provide this feature in PIX and Concentrators.How in the world I could do this since my hearquarter has PIX and that is where I wanted my VPN tunnels.Is there any alternatives? Does PIX 510 support VPN? Regards, Teza ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57738t=57729 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
pix vpn [7:57740]
Does anybody know if the PIX will support the client side TCP encapsulation of VPN traffic in the near future, or must you buy a VPN concentrator to get this feature?? Thanks CG ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. For more information contact [EMAIL PROTECTED] phone + 353 1 4093000 fax + 353 1 4093001 ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57740t=57740 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
passed cit. that's a wrap on ccnp [7:57741]
took the exam today and passed, barely. of the 4 it was by far the hardest. ccdp next and then, well who knows. perhaps i'll finish that piano concerto thanks all. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57741t=57741 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX site-to-site VPN question... [7:57648]
Edward Sohn wrote: Perfect... very interesting, indeed. I have long wondered about this scenario, and have wondered how companies are implementing their site-to-site VPN's over the internet. so you're saying (regarding your own roll out), that your ISP assigned you two address spaces and routed your /27 towards your perimeter router, right? in any case, your scenario explains the answer to that particular example...however, new questions arise: (1) if i DIDN'T decide to set up a GRE over the internet, then what other options do i have? would a simple NAT on the perimeter routers suffice? this would introduce dual-NAT, and i have heard that dual-NATing is less-than-desired in production due to performance issues. Double NATing doesn't sound like a good idea and shouldn't be necessary. (2) if i wanted to use public addressing on the outsides of the PIX's, Public addressing on the outsides of the PIXes seems to be the recommended approach. then would i have to have two address spaces, as described in your own scenario? You can make your own two address spacees. Perhaps you realize that, but I'm wondering if maybe you haven't considered it? You can do whatever you want with the /29 the provider gave you. Unfortunately, it's not a very big address space, but it can still be subdivided into two networks, one for the outside interface on the router and one for the PIX(outside)(inside)Router LAN. As an example, let's say the provider provided 55.55.55.0/29. You have the following addresses: First subnet: 55.55.55.1 (binary of last octet is 0001) 55.55.55.2 (binary of last octet is 0010) 55.55.55.3 (binary of last octet is 0011) Second subnet: 55.55.55.4 (binary of last octet is 0100) 55.55.55.5 (binary of last octet is 0101) 55.55.55.6 (binary of last octet is 0110) So do see that with a subnet mask of 255.255.255.252 (/30), you have two networks? Here's the addressing you can use: PIX(outside) = 55.55.55.1 (also used by PAT) Router (inside) = 55.55.55.2 Possible address for something else on that LAN = 55.55.55.3 Router (outside) = 55.55.55.6 Unfortunately, some addresses get wasted on that subnet. PIX's default route points to 55.55.55.2 Router's default route points to router at ISP. ISP points everything that matches 55.55.55.0/29 to you. If for some reason this wouldn't work in your particular scenario or I over-simplified to the point of not being helpful, I apologize! Hey, it's free consulting and you get what you pay for. :-) Keep us posted so we can all learn. Thanks. Priscilla can anyone think of any other options on the perimeter router? like i said, bridging or unnumbered or something of the like? thanks, ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark W. Odette II Sent: Monday, November 18, 2002 9:19 PM To: [EMAIL PROTECTED] Subject: RE: PIX site-to-site VPN question... [7:57648] The only way that you could put private addresses on the OUTSIDE interface of the PIX (Site A), and still successfully set up a Tunnel to another PIX across the internet that is behind an edge router of your own control (Site B), is to build a GRE Tunnel between the Edge Routers. EX: Public Addresses PIX1(outside)(e0)R1(e1)-INTERNET(e1)R2(e0)-(outside)PIX2 Pvt. Addresses G R E Tunnel Pvt. Addresses If you tried to set up NAT on the two Edge Routers to Static Translate for the PIX Hosts on their outside interfaces, the Tunnel would never establish. Even though you would define the Crypto Peer as a public address, when the packet arrives at the far side, it would have the private address headers, and thus the tunnel would never come up, and is why you would need a GRE Tunnel between the two routers to use private addresses between the two PIXen end-points. I have set up the scenario you speak of in production, but the ISP assigned a /30 for the routers connecting to the ISP, AND they assigned /27's for the customer's own use. So, with this, I configured the S0 interfaces of each router as part of the /30's, and configured the Fa0 interfaces of the Routers and the Pix Outside interfaces as hosts in the /27 blocks that were assigned to each site, while creating a PAT pool and NAT statics for appropriate hosts behind the PIX. The Inside/DMZ side of the PIXen were configured with RFC1918 addresses. Site to Site VPN's were established using the Public IP addresses on the Outside interface of each PIX. HTH's Mark -Original Message- From: Edward Sohn [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 10:13 PM To: [EMAIL PROTECTED] Subject: RE: PIX site-to-site VPN question... [7:57648] thanks for your help, elijah...however, i think are still missing the full point of my question...i am looking for a complete
somewhat OT: using link distance for ospf cost [7:57744]
Wondering if anyone has set their OSPF link costs based on link distance instead of based on interface bandwidth. As link speeds increase, corresponding serialization delay decreases. So another possible value one might use for link cost is the distance of the link instead of based on interface bandwidth. Curious is anyone has done this and if this worked well, if issues where observed, etc. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57744t=57744 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX site-to-site VPN question... [7:57648]
That is basically what I was saying in my email that he had 6 addresses to use so I am confused why there even needs to be another solution. Making it a lot harder than what it has to be. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 8:10 PM To: [EMAIL PROTECTED] Subject: RE: PIX site-to-site VPN question... [7:57648] Edward Sohn wrote: Perfect... very interesting, indeed. I have long wondered about this scenario, and have wondered how companies are implementing their site-to-site VPN's over the internet. so you're saying (regarding your own roll out), that your ISP assigned you two address spaces and routed your /27 towards your perimeter router, right? in any case, your scenario explains the answer to that particular example...however, new questions arise: (1) if i DIDN'T decide to set up a GRE over the internet, then what other options do i have? would a simple NAT on the perimeter routers suffice? this would introduce dual-NAT, and i have heard that dual-NATing is less-than-desired in production due to performance issues. Double NATing doesn't sound like a good idea and shouldn't be necessary. (2) if i wanted to use public addressing on the outsides of the PIX's, Public addressing on the outsides of the PIXes seems to be the recommended approach. then would i have to have two address spaces, as described in your own scenario? You can make your own two address spacees. Perhaps you realize that, but I'm wondering if maybe you haven't considered it? You can do whatever you want with the /29 the provider gave you. Unfortunately, it's not a very big address space, but it can still be subdivided into two networks, one for the outside interface on the router and one for the PIX(outside)(inside)Router LAN. As an example, let's say the provider provided 55.55.55.0/29. You have the following addresses: First subnet: 55.55.55.1 (binary of last octet is 0001) 55.55.55.2 (binary of last octet is 0010) 55.55.55.3 (binary of last octet is 0011) Second subnet: 55.55.55.4 (binary of last octet is 0100) 55.55.55.5 (binary of last octet is 0101) 55.55.55.6 (binary of last octet is 0110) So do see that with a subnet mask of 255.255.255.252 (/30), you have two networks? Here's the addressing you can use: PIX(outside) = 55.55.55.1 (also used by PAT) Router (inside) = 55.55.55.2 Possible address for something else on that LAN = 55.55.55.3 Router (outside) = 55.55.55.6 Unfortunately, some addresses get wasted on that subnet. PIX's default route points to 55.55.55.2 Router's default route points to router at ISP. ISP points everything that matches 55.55.55.0/29 to you. If for some reason this wouldn't work in your particular scenario or I over-simplified to the point of not being helpful, I apologize! Hey, it's free consulting and you get what you pay for. :-) Keep us posted so we can all learn. Thanks. Priscilla can anyone think of any other options on the perimeter router? like i said, bridging or unnumbered or something of the like? thanks, ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark W. Odette II Sent: Monday, November 18, 2002 9:19 PM To: [EMAIL PROTECTED] Subject: RE: PIX site-to-site VPN question... [7:57648] The only way that you could put private addresses on the OUTSIDE interface of the PIX (Site A), and still successfully set up a Tunnel to another PIX across the internet that is behind an edge router of your own control (Site B), is to build a GRE Tunnel between the Edge Routers. EX: Public Addresses PIX1(outside)(e0)R1(e1)-INTERNET(e1)R2(e0)-(outside)PIX2 Pvt. Addresses G R E Tunnel Pvt. Addresses If you tried to set up NAT on the two Edge Routers to Static Translate for the PIX Hosts on their outside interfaces, the Tunnel would never establish. Even though you would define the Crypto Peer as a public address, when the packet arrives at the far side, it would have the private address headers, and thus the tunnel would never come up, and is why you would need a GRE Tunnel between the two routers to use private addresses between the two PIXen end-points. I have set up the scenario you speak of in production, but the ISP assigned a /30 for the routers connecting to the ISP, AND they assigned /27's for the customer's own use. So, with this, I configured the S0 interfaces of each router as part of the /30's, and configured the Fa0 interfaces of the Routers and the Pix Outside interfaces as hosts in the /27 blocks that were assigned to each site, while creating a PAT pool and NAT statics for appropriate hosts behind the PIX. The Inside/DMZ side of the PIXen were configured with RFC1918 addresses. Site to Site VPN's were established using the Public IP addresses on
Re: NetIQ Chariot [7:57710]
On Tue, 19 Nov 2002, Arni V. Skarphedinsson wrote: My company is thinking about buying NetIQ4s Chariot software, any one here have any good or bad experince with that product, and Is it as helpfull as it seem for troubleshooting network problems. Contact me off list and I can answer a lot of your questions about it. I've used Chariot extensively and personally I don't like it. It has its niche and it wasn't what I was looking for. There is actually a device that does a better job if you are looking for more than only throughput testing. Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57746t=57710 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VoIP Question AGAIN... [7:57747]
Second call for this one. I never received any answers to my question. I want to know how to setup the link between the VoIP phones and the FXO's. Basically a dialplan, but how do I route inbound calls from the PSTN to the VoIP phones? And how do I route outbound calls from the VoIP phones over the FXO to the PSTN? I would like to avoid a system that uses 9 to dial an outside line. I want to do direct dialing to the PSTN without any special steps. Thanks, Andrew On Thu, 14 Nov 2002, Andrew Dorsett wrote: Hey everyone, I'm playing with an idea. I want to get ahold of a 3640 with FXO's and interface it to the PSTN and connect to some VOIP phones on a network behind it. I have done all of my research on the CCO and have found how to configure everything for phone connection and FXO configuration. However I haven't found out how to configure dialplans to dial the outside world. I basically need one that would say all 4 digit dialed calls are VoIP phones and all other numbers are outside PSTN phone numbers. And another question that I haven't found is how to link inbound calls from the PSTN to my VoIP phones. Say I have 555-1221 for one line and I want it as line 1 on my phones, and 555-1234 as the other line on my phones. I haven't found how to map the inbound calls to a VoIP extension. 555-1221 -- | || | || | 3640 ||SWITCH|-|IP Phone| 555-1234 -- | || | || My primary info source has been: http://www.cisco.com/en/US/tech/tk652/tk701/technologies_configuration_example09186a00800ffdcc.shtml#ITS3660 Thanks, Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57747t=57747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX site-to-site VPN question... [7:57648]
Elijah Savage III wrote: That is basically what I was saying in my email that he had 6 addresses to use so I am confused why there even needs to be another solution. You didn't say how he would use the 6 addresses. I thought it needed spelling out. Making it a lot harder than what it has to be. It's not hard, which may be your point. It's very simple if what I'm suggesting actually works. But maybe there are some gotchas I don't know about. The point that was missing in our discussion before was that there are multiple networks using the public addresses. I don't think anyone understood why he was aking about bridging. He will need bridging if he doesn't subdivide his address space. I simply told him how to subdivide it. I didn't mean to step on your toes or imply your answers were wrong. Priscilla -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 8:10 PM To: [EMAIL PROTECTED] Subject: RE: PIX site-to-site VPN question... [7:57648] Edward Sohn wrote: Perfect... very interesting, indeed. I have long wondered about this scenario, and have wondered how companies are implementing their site-to-site VPN's over the internet. so you're saying (regarding your own roll out), that your ISP assigned you two address spaces and routed your /27 towards your perimeter router, right? in any case, your scenario explains the answer to that particular example...however, new questions arise: (1) if i DIDN'T decide to set up a GRE over the internet, then what other options do i have? would a simple NAT on the perimeter routers suffice? this would introduce dual-NAT, and i have heard that dual-NATing is less-than-desired in production due to performance issues. Double NATing doesn't sound like a good idea and shouldn't be necessary. (2) if i wanted to use public addressing on the outsides of the PIX's, Public addressing on the outsides of the PIXes seems to be the recommended approach. then would i have to have two address spaces, as described in your own scenario? You can make your own two address spacees. Perhaps you realize that, but I'm wondering if maybe you haven't considered it? You can do whatever you want with the /29 the provider gave you. Unfortunately, it's not a very big address space, but it can still be subdivided into two networks, one for the outside interface on the router and one for the PIX(outside)(inside)Router LAN. As an example, let's say the provider provided 55.55.55.0/29. You have the following addresses: First subnet: 55.55.55.1 (binary of last octet is 0001) 55.55.55.2 (binary of last octet is 0010) 55.55.55.3 (binary of last octet is 0011) Second subnet: 55.55.55.4 (binary of last octet is 0100) 55.55.55.5 (binary of last octet is 0101) 55.55.55.6 (binary of last octet is 0110) So do see that with a subnet mask of 255.255.255.252 (/30), you have two networks? Here's the addressing you can use: PIX(outside) = 55.55.55.1 (also used by PAT) Router (inside) = 55.55.55.2 Possible address for something else on that LAN = 55.55.55.3 Router (outside) = 55.55.55.6 Unfortunately, some addresses get wasted on that subnet. PIX's default route points to 55.55.55.2 Router's default route points to router at ISP. ISP points everything that matches 55.55.55.0/29 to you. If for some reason this wouldn't work in your particular scenario or I over-simplified to the point of not being helpful, I apologize! Hey, it's free consulting and you get what you pay for. :-) Keep us posted so we can all learn. Thanks. Priscilla can anyone think of any other options on the perimeter router? like i said, bridging or unnumbered or something of the like? thanks, ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark W. Odette II Sent: Monday, November 18, 2002 9:19 PM To: [EMAIL PROTECTED] Subject: RE: PIX site-to-site VPN question... [7:57648] The only way that you could put private addresses on the OUTSIDE interface of the PIX (Site A), and still successfully set up a Tunnel to another PIX across the internet that is behind an edge router of your own control (Site B), is to build a GRE Tunnel between the Edge Routers. EX: Public Addresses PIX1(outside)(e0)R1(e1)-INTERNET(e1)R2(e0)-(outside)PIX2 Pvt. Addresses G R E Tunnel Pvt. Addresses If you tried to set up NAT on the two Edge Routers to Static Translate for the PIX Hosts on their outside interfaces, the Tunnel would never establish. Even though you would define the Crypto Peer as a public address, when the packet arrives at the far side, it would have the private address headers, and thus the tunnel would
RE: VoIP Question AGAIN... [7:57747]
Andrew The following links will explain in full details how to accomplish what you want Juan Blanco http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/voice _c/vcprt1/ http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/mult i_c/mcprt1/ http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam s/9E0-423.html#examdesc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andrew Dorsett Sent: Tuesday, November 19, 2002 9:18 PM To: [EMAIL PROTECTED] Subject: VoIP Question AGAIN... [7:57747] Second call for this one. I never received any answers to my question. I want to know how to setup the link between the VoIP phones and the FXO's. Basically a dialplan, but how do I route inbound calls from the PSTN to the VoIP phones? And how do I route outbound calls from the VoIP phones over the FXO to the PSTN? I would like to avoid a system that uses 9 to dial an outside line. I want to do direct dialing to the PSTN without any special steps. Thanks, Andrew On Thu, 14 Nov 2002, Andrew Dorsett wrote: Hey everyone, I'm playing with an idea. I want to get ahold of a 3640 with FXO's and interface it to the PSTN and connect to some VOIP phones on a network behind it. I have done all of my research on the CCO and have found how to configure everything for phone connection and FXO configuration. However I haven't found out how to configure dialplans to dial the outside world. I basically need one that would say all 4 digit dialed calls are VoIP phones and all other numbers are outside PSTN phone numbers. And another question that I haven't found is how to link inbound calls from the PSTN to my VoIP phones. Say I have 555-1221 for one line and I want it as line 1 on my phones, and 555-1234 as the other line on my phones. I haven't found how to map the inbound calls to a VoIP extension. 555-1221 -- | || | || | 3640 ||SWITCH|-|IP Phone| 555-1234 -- | || | || My primary info source has been: http://www.cisco.com/en/US/tech/tk652/tk701/technologies_configuration_examp le09186a00800ffdcc.shtml#ITS3660 Thanks, Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57749t=57747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VoIP Question AGAIN... [7:57747]
On Tue, 19 Nov 2002, Juan Blanco wrote: Andrew The following links will explain in full details how to accomplish what you want Thanks, BUT...I had already found all of those URL's. They show how to create a dial plan to send the data across a cloud but they never show how to do it all in one device. I want to use one router as my call gateway for the entire network (no other routers because the voice gateway is internal). The URL that I sent out was a great resource and shows it can be done, but it LACKS horribly in the fact that it leaves out the crucial part of the configuration, the dial plan mapping. My confusion comes over the part where you do a session target for the incoming PSTN to VoIP calls. Do you point the session target to localhost if you are only using one router? Thanks, Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57750t=57747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: GRE on PIX and Concentrators [7:57729]
Curious wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... PIX supports GRE, i have setup GRE tunnel between my 2 sites. Here is link which might helps you. http://www.cisco.com/en/US/tech/tk648/tk367/technologies_configuration_examp le09186a00800a43f6.shtml I don't know that that really counts as the Pix 'supporting' GRE. I would call it a case of 'allowing' GRE tunnels to go through it. Support for GRE usually connotes the ability to actually source/sink GRE tunnels, which the Pix still cannot do. thanks, -- Curious MCSE, CCNP The Long and Winding Road wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... the last time I checked, the answer was no to either one. it has been several months, but at that time the Cisco position was why would you want to and there were several preferred means of terminating secure tunnels on either device. -- TANSTAAFL there ain't no such thing as a free lunch Azhar Teza wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Folks, Does anyone know if PIX or VPN Concentrators support GRE to enable multiprotocol routing such as EIGRP.I have 10 branches and am thinking to replace my FR clould with site-to-sit VPN. IPSEC doesn'tsupport multiprotocol routing such as EIGRP and requires GRE to work in parallel. As far as I know GRE is only supported in routers and Cisco yet to provide this feature in PIX and Concentrators.How in the world I could do this since my hearquarter has PIX and that is where I wanted my VPN tunnels.Is there any alternatives? Does PIX 510 support VPN? Regards, Teza ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57751t=57729 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TFTP error message [7:57752]
I tried to set up a TFTP server on solaris. When I do write net on router, I got TFTP: error code 2 received - Access violation error message unless I create a destination file first. How do I fix this problem? Many thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57752t=57752 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CISCO NETWORKING BULK CBT BUNDLES 1-2 30 CD's [7:57737]
Let me know if some one use there CBTes from Cisco, If it is worthed to invest money on these CBTes. CISCO NETWORKING BULK CBT BUNDLES 1-2 30 CD's CISCO Switched Routing Training CD CISCO Security Training CD CISCO Call Manager-VOIP 3.0 AVVID Training CD CISCO Voice Video Technologies CD CISCO Configuration Troubleshooting CD CISCO Packet Data Serving Node Training CD CISCO Universal Gateway Manager Training CD CISCO Works2000 Tutorial Training CD CISCO DSL-CDM-CPE Training CD CISCO Advanced QoS/Fragmentation Training CD CISCO MPLS-VPN Training CD CISCO MGX-TDM Switch Training CD CISCO Wireless Technology Training CD CISCO Web Content Cache Engine Technology Training CD CISCO Videoconferencing Training CD CISCO SECURITY VPN ADVANCED TRAINING CBT CISCO MNET GSM MOBILE TELEPHONE TRAINING CBT CISCO CALL MANAGER TRAINING 3.0.5 CBT CISCO NETSCOUT nGENIUS TRAINING CBT CISCO ISDN MODEM WAN AGGREGATION TRAINING CBT CISCO ATM NRP2 CONCENTRATOR TRAINING CBT CISCO BOOMERANG SERVER - GLOBAL BALANCER CBT CISCO MGX 8800 IP VPN - VoIP - VoATM CBT CISCO CE-7320 CONTENT ENGINE CBT CISCO uBR7100 WIRELESS TRAINING CBT CISCO AMR II CONFIG. TROUBLESHOOTING CBT CISCO 6015 ARCHITECTURE ADSL DSL CBT CISCO CAMPUS - OPTICAL - DWDM - DESIGN CBT CISCO CATALYST 6000 SERVER LOAD BALANCING CBT CISCO AIRONET WIRELESS (WLAN) TRAINING CBT thanks, -- Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57737t=57737 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TFTP error message [7:57752]
Well, that's basically how TFTP works on Unix-style systems. You have to first create the file (i.e., 'touch cisco-confg'), then give everyone write permissions to it (i.e., 'chmod 666 cisco-confg') before it can be written by the TFTP server. As far as I know, there's no way to circumvent that using the default tftp server - at least not according to the man pages. It may be possible to find a third-party TFTP server that will, or modify the source to one and compile your own if it's a significant problem. James Willard [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of supernet Sent: Tuesday, November 19, 2002 10:35 PM To: [EMAIL PROTECTED] Subject: TFTP error message [7:57752] I tried to set up a TFTP server on solaris. When I do write net on router, I got TFTP: error code 2 received - Access violation error message unless I create a destination file first. How do I fix this problem? Many thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57753t=57752 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 640-901 BSCI [7:57599]
We can refer to a dictionary?, it that true. Thanks -Original Message- From: Kevin Phua [mailto:[EMAIL PROTECTED]] Sent: 19 November 2002 14:13 To: [EMAIL PROTECTED] Subject: Re: 640-901 BSCI [7:57599] I think 105min is the standard time (30 mins additional) if the exam is taken in non-English speaking countries, probably to give more time to candidates to refer a dictionary (that's provided in the Test Center). I took my CCNA in Taiwan and it was also 105 min (now there's a tip for English-speaking foreigners taking Cisco exams overseas). Vinh Le wrote: You only have 75 minutes for the exam. Other times are for survey and tutorial. THANGAVEL VISHNUKUMAR MUDALIAR wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, No of questions -57 Time you have -105 min Passing score - 700 -Original Message- From: James Gosnold [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 3:37 PM To: [EMAIL PROTECTED] Subject: 640-901 BSCI [7:57599] Hi people, Sorry, I'm sure this question gets asked 100's of times, I just went back 5 pages and couldn't find an answer. Anybody know the passign score required for 640-901? I'm sitting it on Saturday and would like an idea, someone earlier down said the CIT test had a passing score of 776/1000, are all CCNP exams the same? **Disclaimer ** Information contained in this E-MAIL being proprietary to Wipro Limited is 'privileged' and 'confidential' and intended for use only by the individual or entity to which it is addressed. You are notified that any use, copying or dissemination of the information contained in the E-MAIL in any manner whatsoever is strictly prohibited. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57754t=57599 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Confreg problem...help! [7:57732]
check your line speed on hyperterm/secureCRT/ whatever.. you probably have a mismatch Charles Robert Massiache wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks for the reply. The problem is upon boot up I am getting only garbled asci characters and the screen appears to be frozen. It don't let me see anything and type anything to implement your suggestion...sorrry. I welcome if you could tell me some alternative...thanks a lot! thanks Robert M From: miken To: Robert Massiache , CC: , Subject: Re: Confreg problem...help! Date: Tue, 19 Nov 2002 00:52:49 -0700 I believe the config-register is stored in NVRAM. So in theory, if you bypass the startup config, you may default to the standard config-register settings. Haven't tried it though to know for sure. Have you tried booting into rommon(control-break sequence) and then stepping through the confreg steps? http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1831/products_com m and_summary_chapter09186a0080087baf.html#xtocid43127http://www.cisco.com/en / US/partner/products/sw/iosswrel/ps1831/products_command_summary_chapter0918 6 a0080087baf.html#xtocid43127HTH,Mike- Original Message - From: Robert Massiache To: Cc: ; Sent: Monday, November 18, 2002 7:39 PM Subject: Confreg problem...help! Hi, I got a mc3810 router and was running perfect. Sometime ago I mistakenly typed a confreg value which I do not remeber exactly but I know it was not a relevant one. I was actually practicing with the confreg entries. What happened was that after I just rebooted the router I lost the console screen. I tried with all sorts of console port values like changing the baud-rate, start stop bit etc. I found it was responding to 1200 baud speed but all I could find is some corrupted and garbled ascii characters on the Teraterm. Same is the case with hyprterm. Any helpers please... thanks _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57755t=57732 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
question on IP telephony [7:57756]
Hi, I have a doubt while reading the IP telephony Book, In a Centralized Model of IP telephony,where there is a hub site and two spoke site.And all phones in the spoke site register with the Hub Call manager.My question is if the Wan link goes down how the phones in the spoke1 will communicated with each other.I have read that with SRST can be used in this scenario.Can someone tell me how it happens. **Disclaimer** Information contained in this E-MAIL being proprietary to Wipro Limited is 'privileged' and 'confidential' and intended for use only by the individual or entity to which it is addressed. You are notified that any use, copying or dissemination of the information contained in the E-MAIL in any manner whatsoever is strictly prohibited. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57756t=57756 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CISSP Certification [7:57757]
Can somebody please send me a url where I can find out more about this certification. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57757t=57757 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: Re: Fw: New CCIE Written Exam [7:57341]
I am planning to give CCIE RS. Can anyone please send me some question bank which can help me for the exam. Rgds Kavita Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57758t=57341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]