Many thanks to all that responded.
Andrew
-Original Message-
From: Frank Jimenez [mailto:[EMAIL PROTECTED]]
Sent: 13 January 2003 18:36
To: 'Andrew Larkins'; [EMAIL PROTECTED]
Subject: RE: Cat6500 PSU interoperability [7:60949]
Yes and no.
In combined mode they may be different
Hi All,
Quick question-
When a router sends a redirect to a particular host, how does the host
remember to use this in the future, does the ICMP place an entry into the
hosts routing table?
Thanks in advance.
-DJ
-
With Yahoo! Mail you can get a bigger
Yes,the host places this entry into its routing table.
-Original Message-
From: maine dude [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 14, 2003 2:56 PM
To: [EMAIL PROTECTED]
Subject: ICMP [7:61004]
Hi All,
Quick question-
When a router sends a redirect to a particular host, how
Hi Group,
Does any one know offhand how many simultaneous tunnels a Cisco 3620 can
handle (des and 3des)??
I can't find any hard evidence of this information on the cisco site...
Thanks,
CG
**
This email and any files
Maximum Number of Encrypted Tunnels
Up to 100 encrypted tunnel on a 1700, up to 300 tunnels on Cisco 2600, up to
800 for 2650 with AIM-VPN/ EP, up to 800 tunnels for the Cisco 2600XMs,
2691, and 3725, up to 800 tunnels on Cisco 3620 and 3640, and up to 2,000
tunnels on Cisco 3660 and 3745.
Maybe I should have asked if anyone is studying for the CCSP? What exams
have you accomplished and what is your next step? I may be amungst the
group of first participants in this set of exams (v3) and others are waiting
to get information concerning the exams before attempting. *grins*
Kim /
This is a fairly good link on object groups. There is not an awful lot of
information on them as of yet but possibly an advanced search off of the
Cisco TAC website may pull some hits. I had asked my Cisco rep the same
type of questions and this is what I was given.
Thinking about it at the minute.
I completed CSS1 the same week Cisco announced the CCSP, so I only need to
take the SAFE exam, but I'm not sure yet if I'll bother.
My current position doesn't deal as much with security as I'd like
(corporate team to do that), and if I changed positions/company, I
At 10:19 AM + 1/14/03, Michael Tan wrote:
Maximum Number of Encrypted Tunnels
Up to 100 encrypted tunnel on a 1700, up to 300 tunnels on Cisco 2600, up to
800 for 2650 with AIM-VPN/ EP, up to 800 tunnels for the Cisco 2600XMs,
2691, and 3725, up to 800 tunnels on Cisco 3620 and 3640, and up
Dear All, Anybody knows if any of Cisco Cache engines capable of caching
read audio, read video, mp3 and exe files ?
MSN 8 with e-mail virus protection service: 2 months FREE*
Message Posted at:
The following script that you must put when inside network 172.16.1.0 want
to access HTTP to outside and ping to outside:
access-list inside_access_in permit tcp 172.16.1.0 255.255.255.0 any eq 80
access-list inside_access_in permit udp 172.16.1.0 255.255.255.0 any eq 53
access-list
I currently only have IDS (9E0-572) to go and am booked for next week
Thursday at 10am and then I am CSS1 - apparently still valid until end Feb
2003. I will write the SAFE exam my early Feb 2003. Then I should be CCSP.
After that a short break and then onto CCIE - somehow I think with the kid
on
USing Cisco HIDS. I have 5 agents installed and running on 5 pcs, I have the
console installed and running. All agents and console are fully licensed. I
am running Version 2.5.3. the problem Iam expreiencing is that none of the
agents show up in the console. If I do a network sniff I can see all 5
Hi,
Me to appearing for CSIDS (9E0-572) .. do u know what sort of questions wud
appear. I mean wud there be Match the following, Fill in the blanks or is it
stimulation based one? I don't see much of commands (lots appeared in my
MCNS exam though). What all topics to be prepared on CSPM and IDS
I have no idea what sort of questions - I am not really a fan of these
total outlines that say what exactly you need to know - step by step. I feel
that you must understand the concepts and be able to work it out - then you
are OK.
I am using the Cisco Press book at the moment and all is great
The following LLQ is configured but no packets are going to the priority
queue; all packets go to the default class:
class-map match-all Priority-Queue
match access-group name TV
!
policy-map Policy
class Priority-Queue
priority 200
class class-default
random-detect
fair-queue
The IPExpert.net tutorial is pretty good combined with the docs from CCO.
http://www.ipexpert.net/downloads/Catalyst_3550_Tutorial.zip
TTFN
Lauren
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61019t=60989
--
FAQ, list archives,
Good luck!!
(for the exam and the kid )
-Original Message-
From: Andrew Larkins [mailto:[EMAIL PROTECTED]]
Sent: 14 January 2003 12:13
To: [EMAIL PROTECTED]
Subject: RE: CSIDS - 9E0-100 [7:60920]
I currently only have IDS (9E0-572) to go and am booked for next week
Thursday at 10am and
I'm studying for the CISSP test right now and have wondered the same thing.
I've talked to two people that have taken and passed the test (and been
confirmed by ISC2) and their jobs never were entirely security based but
always had some degree of security responsibility, as you're saying.
So I
Pass mark for me was 800 (back in November)
There were no simulation questions on mine, but a combination of all others.
I was asked about signatures, but tended to be general type questions rather
than absolute specifics.
more info can be found at:
Hi All,
Does anyone know how to make IAS use Active directory to authenticate VPN
users..
I have the sample from cisco but that only displays local authentication..
Thanks a bunch,
Kevin
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61023t=61023
You've got a few options. The most basic (and most limited) is using IP RTP
Priority. The will prioritize all RTP traffic on the applied interface. The
best solution (IMHO) is to use LLQ. Low Latency Queueing can be thought of
as CB-WFQ with the added benefit of a priority queue. This is probably
forgot to add one thing you probably already know this but if you
decide to use LLQ for a PPP serial connection (like a t1 or frac t1) you
will want to implement LFI (link fragmentation and interleave). this means
that your config will be implemented on a multilink1 interface rather than
All,
What is a good Book to use as a basis for studying for
the CCIE written exam 350-001. I see this one on
Amazon.
1) NLI's Study Guide for The CCIE RS Written Exam
Please Advise,
Bob
__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable.
I used the following document and it worked great - Very easy. Logs all VPN
access in both the IAS log files and on the Domain Controller running AD.
The 3rd part of the document explains the Win2k/IAS portion of the config.
I found it..
Thanks,
Kevin
- Original Message -
From: Kevin O'Gilvie
To: [EMAIL PROTECTED]
Sent: Monday, January 13, 2003 10:16 PM
Subject: IAS Authentication with Pix 515
Hi All,
Does anyone know how to make IAS use Active directory to authenticate VPN
users..
I have
Do you have experience with LLQ and MSFC that you can share?
I configured LLQ but it seems packets are not going to the priority queue:
class-map match-all Priority-Queue
match access-group name TV
!
policy-map Policy
class Priority-Queue
priority 200
class class-default
i don't see any obvious problems with your configuration. I can, however,
offer a couple of troubleshooting tips. I would start by checking out the
access list (show access-list) to make sure you have packets that qualify.
Second (and this is where I think your problem is), I would lose the
Does anyone know which version of IEEE STP bridge-groups use? Switches use
the PVST+ (one spanning tree per vlan). However, I can't determine if router
bridge-groups use PVST+ or the IEEE standard CST (one spanning tree instance
for all vlans). Here's my delimna: I've got a 4006 (Sup II) with a
I highly recommend Bruce Caslow's Bridges, Routers Switches for CCIEs.
This book is the best I've seen. I've also heard good things about Internet
Routing Architectures and Routing TCP/IP by Jeff Doyle. Hope this helps
and GOOD LUCK on your studies.
Message Posted at:
I am new to PIX and have a simple question. What methods do you (PIX Admins)
use to change and apply access-lists. Unlike IOS access-lists it seems you
can remove statements from the middle of the list. When you do this does the
change occur immediately or do you have to reapply the access-group?
Is this a good reading list
a.. Routing TCP/IP Volume I (CCIE Professional Development) and Vol 2 by
Jeff Doyle (Textbook Binding)
b.. Internet Routing Architectures (2nd Edition) by Sam Halabi, Danny
McPherson (Contributor) (Hardcover)
c.. CCIE Practical Studies, Volume I by Karl Solie
Not necessarily Scott. You've got to be able to prove (in others words have
documentable proof), that you've worked for a cumulative total of 4 years in
the security field. Now, the caveat is that your work can be spread amongst
the ten domains or relegated to one as long as your total time
Great to know I am not alone. I noticed you all were doing the earlier exam
and not the new one. Any particular reason? From my understanding you can
mix versions of tests to come to the same conclusion.
Andrew I follow your same thought patterns to a point. It would not feel
right getting a
Sam,
I used to copy my list out to notepad and add the new line. Do a 'no
access-list from-internet', then cut and paste the new one back in. Keep in
mind this will briefly leave you with no access list on that interface. Then
re-enter the 'access-group from-internet in interface outside'
Andrew Larkins wrote:
I currently only have IDS (9E0-572) to go and am booked for next week
Thursday at 10am and then I am CSS1 - apparently still valid until end Feb
2003. I will write the SAFE exam my early Feb 2003. Then I should be CCSP.
just my 0.02 euro:
i completed CSS1 and passed some
I've completed the BCSI and BCRAN exams toward the CCNP. I'm now working on
the Switching test and wonder if my home lab is robust enough for the task.
What I have is an old Cat5000 (w/ 12 port 10/100 blade) with a SUP I engine
and a 1912. I know that I can play lab rat with many of the
I have a PIX 525 with 6.1(1) version. I have setup a kiwi syslog server for
logging. What is the best choice out of
0-emergencies-System unusable messages
1-alerts-Take immediate action
2-critical-Critical condition
3-errors-Error message
4-warnings-Warning message
5-notifications-Normal but
Add Cisco LAN switching to it. I would also recommend to have a William
Parkhurst's BGP and OPSF Configuration books.--- On Tue 01/14, Manny lt;
[EMAIL PROTECTED] gt; wrote:
From: Manny [mailto: [EMAIL PROTECTED]]To: [EMAIL PROTECTED]: Tue,
14 Jan 2003 17:10:32 GMTSubject: CCIE READING
Add the keyword log at the end of your access list and check whether
there are really hits matching the ACL or not. Maybe everything is right
and u are just sending another traffic not matching with the ACL.
From: alaerte Vidali The following LLQ is configured but no packets
are going to the
I cannot seem to get the following config to work and am clueless why. My
incoming access lists for DMZ and outside are wide open. The goal is not to
NAT DMZ ever since its public addressing. I can't even ping hosts on the
outside network from PIX. Why am I having these problems?
nameif ethernet0
=?iso-8859-1?q?maine=20dude?= wrote:
Hi All,
Quick question-
When a router sends a redirect to a particular host, how does
the host
remember to use this in the future, does the ICMP place an
entry into the
hosts routing table?
Yes, the host places the new routing info in its
Hello All
How can I block some special service numbers (like adult services ) on voice
terminationrouter which is As 5300 with 1 E1 for outgoing call through
pots.
thanks in advance
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61049t=61049
By default, it should authenticate to AD first if it is part of the domain
and you have to enable the user object to have remote connective. I did it
three months ago.
Greg Owens
202-398-2552
fax 202-399-7690
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
Sam,
Do you have any sort of statement that's translating the addresses in your
DMZ? For example,
static (DMZ,outside) 141.152.135.23 141.152.135.23 netmask 255.255.255.255
If you aren't nat'ing I believe you still have to translate the address.
HTH,
Kris.
-Original Message-
From:
Hmm...that suggests that a VLSM-aware redirect would be useful. Send the
mask along with the network address in other words. Does such a thing exist,
or has it ever been proposed?
Answer: The host can't know about subnet masks being used
elsewhere. Also, with classless addressing, it can't
Trying to use the log keywork, I got the following message:
class-map TV : access-list with 'log' not supported
class-map Policy : access-list with 'log' not supported
YASSER ALY @groupstudy.com em 2003-01-14 15:47:54
Favor responder a YASSER ALY
Enviado Por: [EMAIL PROTECTED]
This type of NAT is required for incoming connections. I can't get access
going out so I haven't even looked at that yet. Even worse is from
83.23.44.60 (outside interface of PIX) I can't ping 83.23.44.50 which is
outside of the PIX. If you look at my access-list , this should not be a
problem. I
Hello,
I have a loopback interface 1 that I am trying to deny under redistribute
connected under ospf but am having no luck? What am I doing wrong? Please
advise. Thank you.
Config:
TS#
interface Loopback1
ip address 1.1.1.1 255.255.255.255
router ospf 100
redistribute connected subnets
depends what you want, you want it all pick 7 :)
Dave
Azhar Teza wrote:
I have a PIX 525 with 6.1(1) version. I have setup a kiwi syslog server
for
logging. What is the best choice out of
0-emergencies-System unusable messages
1-alerts-Take immediate action
2-critical-Critical
Say I set up a global pool:
Example
- global 1 199.199.199.3-199.199.199.62 netmask 255.255.255.192
- NAT the inside LAN addresses.
On my DMZ or internal network I want to create a static mapping to the mail
server.
My Question:
Can I use one of the globally assigned address or do I
It's a /32 and you are denying a /24. Try this:
interface lo1
ip ospf network point-to-point
or
access-list 99 permit host 1.1.1.1
HTH,
Scott
Cisco Nuts wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hello,
I have a loopback interface 1 that I am trying to deny under
Hello,
I have a loopback interface 1 that I am trying to deny under
redistribute
connected under ospf but am having no luck? What am I doing wrong?
Please
advise. Thank you.
Config:
TS#
interface Loopback1
ip address 1.1.1.1 255.255.255.255
router ospf 100
redistribute connected subnets
Why don't you try removing the line you want it to be below (as well as the
deny ip any any at the end) then put in the new line, the next line(s) and
the deny line?
ie
no access-list from-internet permit ip any host 10.10.10.4
no access-list from-internet permit ip any host 10.10.10.5
no
I think Priscilla gives some good reason why a VLSM-aware redirect
may not be very effective. Also redirects for default route or networks
outside of your IGP would be problomatic.
Dave
Black Jack wrote:
Hmm...that suggests that a VLSM-aware redirect would be useful. Send the
mask along
The deny statement is there implicitly but if you put it in as well when you
do a show access-list command you will see the staitisticsof how many times
it was hit
as far as your suggestion goes, it may not work as well if you have over 100
access-lists and you need to put one in lets say 8th
I know when I used to follow this group on a regular basis my following
question was one of the most annoying... but I just looked back through the
archives and didn't see anything recent. My CCNP has come up for recert and
was looking for someone's opinion on the best prep tests for all 4 exams.
I have a question for anyone with updated information on the Device weights
for IPT devices. In looking through CIPT 3.1x course materials I am unable
to locate the information/table that says how the devices are weighted. I am
able to find the information in the CIPT 3.0x materials. Are the
Black Jack wrote:
Hmm...that suggests that a VLSM-aware redirect would be useful.
Send the mask along with the network address in other words.
Does such a thing exist, or has it ever been proposed?
I don't think such a thing has been proposed. Also, it may not be practical.
The router
Is your outside link up, and plugged into an enabled switch port that is on
the correct vlan/segment and set to correct speed/duplex?
Can other devices on same switch communicate with anyone else?
Thanks!
TJ
[EMAIL PROTECTED]
-Original Message-
From: Sam Sneed [mailto:[EMAIL
The exam that I take on Monday 13/1/03 still got a few HSRP question.
-Original Message-
From: David Ristau [mailto:[EMAIL PROTECTED]]
Sent: 14 January 2003 06:03
To: [EMAIL PROTECTED]
Subject: CCNP 640-604 switching exam [7:60987]
Taking the 640-604 switching exam within the next
i think there is no way to deny that route when using ACLs because ACLs
doesn't filter LSAs. make your area an NSSA, then do a no-redistribute, to
filter out redistributed routes (your TS router will be an ASBR).
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61067t=61055
Can anyone figure out why my dial backup solution is not establishing
EIGRP routes? The routers don't peer up, though everything else looks
and works fine. After the dialup establishes, I am able to ping each
Serial Interface, as well.
Thanks,
Ed
Here are the configs:
ROUTER
Nope, wouldn't work well in that situation, but if you're only talking a few
entries then its not a problem
Also, in that sort of situation if you wanted to put a deny before a permit
(where order really does matter other than aesthetically), you remove the
line permitting the traffic, add the
Sam,
you can do 2 method ie: CLI based and GUI based (PDM).
If you using PDM, you just insert add rule it.
CLI based:
1. access-list from-internet2 permit ip any host 10.10.10.1
access-list from-internet2 permit ip any host 10.10.10.2
access-list from-internet2 permit ip any host
i think you should do a dialer map broadcast on router b too just like what
you did on the first router.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61072t=61068
--
FAQ, list archives, and subscription info:
you can do both. if i wanted to use an ip in the middle of your pool, say
199.199.199.35:
ip nat pool test prefix-lenth 26
199.199.199.3 199.199.199.34
199.199.199.36 199.199.199.62 - (i think this is the command, please verify)
ip nat inside source list 1 pool test
ip nat inside source static
Hi,
I have the following testing setup but it looks like the LLQ
does not work. Can you have a look on it?
When the 256k link was congested. Why I ping the prec. 5 packet behind the
256k line it only have the same response time with default ping?
128k--- FR 256k
Attached 256k router
In what condition is the EGP origin type generated?
Thanks
Wei
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61075t=61075
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct
Edward,
Since you are using PPP Authentication Chap, it requires that both sides
send (same) user name xx and Password .. to each other (Handsahing
using chap) after dialup, to authenticate each other both ways, then start
data transfer.
So, on Router B, u need to add:
username
I am attempting to setup a PVC between two Cisco 3640 Routers connected back
to back. The interface is an OC3 card. Whenever I issue the PVC command on
the ATM interface it says a PVC is not supported. If I use the ? to see for
supported commands for the interface, no PVC command is listed. Is
What commands are you typing in? To create a PVC the syntax is
int atm 1
atm pvc 6 0 106 aal5snap
I think you are missing the 'atm' before pvc.
There are several ways to hook the 3640s back to back. If they are within
fastethernet distance limitations you could use the fastethernet interfaces.
I am using a sample configuration from cisco that looks like this
First command config t
Second command ip routing
Third command interface atm 1/0
Fourth command no shutdown
Fifth command ip address 10.0.2.1 255.255.255.0
Sixth command pvc 1 32
Seventh command protocol ip 10.0.2.2 broadcast
The
Try to add atm in front of that.
-Original Message-
From: Ken Chipps [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 15, 2003 3:23 PM
To: 'Newell Ryan D SrA 18 CS/SCBT'; [EMAIL PROTECTED]
Subject: RE: Cisco 3640 Router ATM PVC Problem [7:61077]
I am using a sample configuration from
pvc x/y should work, which leads me to wonder about your IOS version. What
are you running? what is the image name?
I do not see an atm pvc command in the 12.1 command reference.
also you mention something about connecting two 3640's back to back via an
OC3 card? I'm not sure you can do that.
Only reason for the earlier exam from my side was the book we had. And also
to get me off my butt - sometimes I can be a little lazy!!.
At least with a deadline, I have to write!!
-Original Message-
From: Kim Graham [mailto:[EMAIL PROTECTED]]
Sent: 14 January 2003 19:36
To: [EMAIL
Thats relative to what you want to see and also depends on the volume of
traffic passing.
You could choose level 7 and then turn off some messages on the PIX and
revise later.
-Original Message-
From: Azhar Teza [mailto:[EMAIL PROTECTED]]
Sent: 14 January 2003 20:37
To: [EMAIL PROTECTED]
77 matches
Mail list logo