Routing 603 Exam [7:50518]
Hai, I have taken the new routing 603 twice, there are a few questions in the particular exam that I am unable to get the answer at all. Is there a way, that I can post a similar question with out breaking the NDA. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50518&t=50518 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
X.25 switching on CISCO; Please help [7:50519]
Hello, I have a test setup where in 2 remote VSATs are configured as XPAD. An X.121 address is given to each RS-232 port on the 2 VSATs. The SVC sessions of the 2 remotes are defined on a X25 device at the Central Hub. Since this device cannot do switching, I have connected a CISCO 2500 to the X25 device. X25 device is X25 DTE while the CISCO is X25 DCE. I hv configured x25 routing on CISCO and given 2 x25 routes for the remote X.121 addresses with the next hop as the se __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50519&t=50519 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
X.25 switching on CISCO; Please help [7:50521]
Hello, I have a test setup where in 2 remote VSATs are configured as XPAD. An X.121 address is given to each RS-232 port on the 2 VSATs. The SVC sessions of the 2 remotes are defined on a X25 device at the Central Hub. Since this device cannot do switching, I have connected a CISCO 2500 to the X25 device. X25 device is X25 DTE while the CISCO is X25 DCE. I hv configured x25 routing on CISCO and given 2 x25 routes for the remote X.121 addresses with the next hop as the same serial interface to which the X25 device is connected. But when I make a call from one remot to another, the debug on the router says cannot route call. Can u help me out and suggest what sud I do to make this work. Thanx __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50521&t=50521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw [7:50520]
Priscilla, I have seen your knew book at Amazon.com. I hope it will be like TDND though they say that the second book is never like the first. The first has got me through the scary CCDA today; hope your knew book will do the same for Support. LATER! I look forward to a copy, and Good Luck in its SALES! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50520&t=50520 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN not connecting [7:50144]
Hi mike, Could be that IPSEC is being filtered out by one of the intermediary providers. Would explain why your ike negotiation is working but ipsec never gets established. worth checking. rgds, C - Original Message - From: "supernet" To: Sent: Friday, August 02, 2002 3:08 AM Subject: RE: VPN not connecting [7:50144] > I've seen VPN problems between PIXs, Cisco routers and VPN-1s. Sometimes > everything seems to be right but it doesn't work. Remove "crypto map" > and add them back may help. At least, it helped me twice. > > HTH. > Yoshi > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > [EMAIL PROTECTED] > Sent: Thursday, August 01, 2002 2:40 PM > To: [EMAIL PROTECTED] > Subject: RE: VPN not connecting [7:50144] > > I've been working on trying to eliminate the variables on each side of > the > VPN The unfortunate thing is, the other side is home, so I usually > wait > until the late evening/night to work on the remote side That's also > the > reason for the "frustrating" comment earlier. I know I could SSH into > it, > but, this isn't the only project I've been working on (as I'm sure a lot > of > you can relate)... So I'm going to hopefully wrap it up by this > weekend. > > One of the main issues I was running into was the remote network was > subnetted from the main network so the ACLs got a little confusing. So > I've > changed the IP scheme on the remote side... This also brings me to > another > question; a rather newbie one, what other ports should be open(beside > 500)? > I received an email from someone saying 50 & 51, does that sound right? > If > you have the, "allow any out and return in", settings for firewall > rules... > Do the ports still need to be opened (I would think not since there is > the > nat0 command?)? The other issue I'm looking into is the MTU size > > Once I establish the tunnel and maintain connectivity I'll let y'all > know > what I find > > Thanx for the help, > mkj > > -Original Message- > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 01, 2002 2:54 PM > To: [EMAIL PROTECTED] > Subject: RE: VPN not connecting [7:50144] > > > Lidiya White wrote: > > > > Capture debugs on both ends at the same time. Should be more > > helpful. > > Make sure both ends have "isakmp identify address"... > > > > -- Lidiya White > > Sounds like a good idea. So Mike, what was the problem? It sure would > help > those of learning IPSec to hear how you resolved the issue. Thanks. > > Priscilla > > > > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > > Behalf Of > > [EMAIL PROTECTED] > > Sent: Tuesday, July 30, 2002 4:05 PM > > To: [EMAIL PROTECTED] > > Subject: RE: VPN not connecting [7:50144] > > > > The ACLs are mirrors of each other and the transform sets > > match > > Very > > frustrating > > > > -Original Message- > > From: Silju Pillai [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, July 30, 2002 2:29 PM > > To: [EMAIL PROTECTED] > > Subject: RE: VPN not connecting [7:50144] > > > > > > Hi, > > > > Pls check the interesting traffic configured > > (access list) configured at both ends. Your transform set > > parameters > > too. It > > should be same. > > > > As you are receiving IKMP_no_error your isakmp policies are > > working > > fine. > > > > regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50522&t=50144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw [7:50524]
Speaking of Priscilla's books: I've recently bought TDND as it was recommended as a great study guide for the CCDP, CID exam. However, now that I've got it, it seems everyone is suggesting it as the study guide for the DCN (640-441), CCDA exam. Perhaps those in the know (*ahem*...Priscilla ;-) ), can enlighten me as to if the book is meant for the CID (CCDP) or the DCN (CCDA) exam. Thanks in advance! Brendan. -Original Message- From: Abu Mwalie [mailto:[EMAIL PROTECTED]] Sent: 02 August 2002 10:27 To: [EMAIL PROTECTED] Subject: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw [7:50520] Priscilla, I have seen your knew book at Amazon.com. I hope it will be like TDND though they say that the second book is never like the first. The first has got me through the scary CCDA today; hope your knew book will do the same for Support. LATER! I look forward to a copy, and Good Luck in its SALES! This message contains information intended solely for the addressee, which is confidential or private in nature and subject to legal privilege. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message or any file attached to this message. Any such unauthorised use is prohibited and may be unlawful. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the original message from your machine. Furthermore, the information contained in this message, and any attachments thereto, is for information purposes only and may contain the personal views and opinions of the author, which are not necessarily the views and opinions of Dimension Data (South Africa) (Proprietary) Limited or is subsidiaries and associated companies ("Dimension Data"). Dimension Data therefore does not accept liability for any claims, loss or damages of whatsoever nature, arising as a result of the reliance on such information by anyone. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information transmitted electronically and to preserve the confidentiality thereof, Dimension Data accepts no liability or responsibility whatsoever if information or data is, for whatsoever reason, incorrect, corrupted or does not reach its intended destination. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50524&t=50524 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PRISCILLA OPPENHEIMER -Troubleshooting Campus [7:50524]
Actually, Priscilla's book is about Designing Computer Networks, the Proper Way NOT a Certification Guide, as she said herself. I totally agree with her. Why is this important? Because the CCDA exam follows some rigid procedure which can easily get you mixed up if you mix many books! Probably, for preparing for the exam, closely follow a Cisco Study Guide, but for a classic way of designing networks, I think Priscilla's book is first-class. I should know... I only buy good books and Priscilla's is one of them... it makes good reading because it is totally self-contained... just the way I will write when I become a world-famous author. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50525&t=50524 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw [7:50526]
Did you check her website? Lots of information on troubleshooting there. www.priscilla.com >>> "[EMAIL PROTECTED]" 08/02/02 10:47am >>> Speaking of Priscilla's books: I've recently bought TDND as it was recommended as a great study guide for the CCDP, CID exam. However, now that I've got it, it seems everyone is suggesting it as the study guide for the DCN (640-441), CCDA exam. Perhaps those in the know (*ahem*...Priscilla ;-) ), can enlighten me as to if the book is meant for the CID (CCDP) or the DCN (CCDA) exam. Thanks in advance! Brendan. -Original Message- From: Abu Mwalie [mailto:[EMAIL PROTECTED]] Sent: 02 August 2002 10:27 To: [EMAIL PROTECTED] Subject: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw [7:50520] Priscilla, I have seen your knew book at Amazon.com. I hope it will be like TDND though they say that the second book is never like the first. The first has got me through the scary CCDA today; hope your knew book will do the same for Support. LATER! I look forward to a copy, and Good Luck in its SALES! This message contains information intended solely for the addressee, which is confidential or private in nature and subject to legal privilege. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message or any file attached to this message. Any such unauthorised use is prohibited and may be unlawful. If you have received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the original message from your machine. Furthermore, the information contained in this message, and any attachments thereto, is for information purposes only and may contain the personal views and opinions of the author, which are not necessarily the views and opinions of Dimension Data (South Africa) (Proprietary) Limited or is subsidiaries and associated companies ("Dimension Data"). Dimension Data therefore does not accept liability for any claims, loss or damages of whatsoever nature, arising as a result of the reliance on such information by anyone. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information transmitted electronically and to preserve the confidentiality thereof, Dimension Data accepts no liability or responsibility whatsoever if information or data is, for whatsoever reason, incorrect, corrupted or does not reach its intended destination. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50526&t=50526 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Confusing about some FR & OSPF configuration o [7:50247]
Hi 1) You can use either P2P, Physical or P2MP. Beware of Split horizon here depending on your routing protocol 2) you can use either frame-relay map statements to map your layer2 dlci's to your layer3 ip's, or you can use inverse-arp. Do some research on both 3)bandwdith is a must for eigrp but you should configure bandwidth for any link. If you dont use ip ospf cost, the default metric will be employed, that is 10^8 / bandwidth . So if you have a serial line beware as it will grab the 1.544mpbs when in reality this might be a 64k frame circuit.. Hope that helps! Jnr Network Engineer :) Go easy please :( Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50527&t=50247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Standby Virtual MAC [7:50528]
To solve a problem, as a hack, I used HSRP to create a virtual MAC address that just applied to *1* subinterface on an ISL trunk. The rest of the subinterfaces use the BIA. To try to clean this up, is there any other way to use a virtual mac address on a subinterface? I noticed I don't have the #mac-address command available on the subinterface. Jay Greenberg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50528&t=50528 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix static mappings to the inside [7:50500]
I not sure what code your using, but Cisco recommend using Access-lists instead of conduit statements. Just create a typical cisco access-list (except don't invert your masks) and apply it inbound to the outside interface and you will get the same result as your conduits!! C - Original Message - From: "Elijah Savage III" To: Sent: Friday, August 02, 2002 4:23 AM Subject: Pix static mappings to the inside [7:50500] > I have my pix 501 firewall working but I have yet to be able to get > static mapping working. I try this > > Static "outside ip address" "inside ip address" > > Conduit permit tcp outside ip inside ip eq 25 any > > > > When I issue these commands I can get mail into my mail server behind > the pix but it breaks my nat. I have read that it is not good to use > your outside global ip address for static mapping but if you only have 1 > static ip address how else can you do it. > > > > With me only having one static ip will this work? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50523&t=50500 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN not connecting [7:50144]
Hi, Just wondering why you have to specifically open the ports 500, 50, 51. I have installed IPSec VPNs with PIX and Routers. I have never opened any port. Infact we have a VPN setup in my office itself. You believe me or not, with default ones it worked smoothly. Also according to Mike he is receiving IKMP_NO_Error message. So his ISAKMP policies are matching between the locations. I think you have to check your transform sets, access lists and crypto maps which comes in the second phase. Mike, the following link will help you with sample configurations. You might have already gone through it.But still I am putting it here. http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:IPSec&s=Implementation_and_Configuration#Samples_%26_Tips regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50529&t=50144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw [7:50530]
TDND can be used for both exams. TDND is actually better suited to the revised CID exam than the CID Study Guide. And that's pretty much the feeling of a lot of people that took the CID 3.0 exam... It's a good book. I'm glad I finally had the time to go through it. Priscilla's one of my favorites - I really like her writing style and I find it very easy to read. -- Leigh Anne > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Friday, August 02, 2002 3:48 AM > To: [EMAIL PROTECTED] > Subject: RE: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw > [7:50524] > > > Speaking of Priscilla's books: > > I've recently bought TDND as it was recommended as a great study guide for > the CCDP, CID exam. > > However, now that I've got it, it seems everyone is suggesting it as the > study guide for the DCN (640-441), CCDA exam. > > Perhaps those in the know (*ahem*...Priscilla ;-) ), can enlighten me as > to if the book is meant for the CID (CCDP) or the DCN (CCDA) exam. > > Thanks in advance! > Brendan. > > > > -Original Message- > From: Abu Mwalie [mailto:[EMAIL PROTECTED]] > Sent: 02 August 2002 10:27 > To: [EMAIL PROTECTED] > Subject: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw [7:50520] > > > Priscilla, > > I have seen your knew book at Amazon.com. > > I hope it will be like TDND though they say that the second book is > never like the first. > > The first has got me through the scary CCDA today; hope your knew book will > do the same for Support. LATER! > > I look forward to a copy, and Good Luck in its SALES! > This message contains information intended solely for the addressee, > which is confidential or private in nature and subject to legal privilege. > If you are not the intended recipient, you may not peruse, use, > disseminate, distribute or copy this message or any file attached to this > message. Any such unauthorised use is prohibited and may be unlawful. If > you have received this message in error, please notify the sender > immediately by e-mail, facsimile or telephone and thereafter delete the > original message from your machine. > > Furthermore, the information contained in this message, and any > attachments thereto, is for information purposes only and may contain the > personal views and opinions of the author, which are not necessarily the > views and opinions of Dimension Data (South Africa) (Proprietary) Limited > or is subsidiaries and associated companies ("Dimension Data"). Dimension > Data therefore does not accept liability for any claims, loss or damages > of whatsoever nature, arising as a result of the reliance on such > information by anyone. > > Whilst all reasonable steps are taken to ensure the accuracy and > integrity of information transmitted electronically and to preserve the > confidentiality thereof, Dimension Data accepts no liability or > responsibility whatsoever if information or data is, for whatsoever > reason, incorrect, corrupted or does not reach its intended destination. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50530&t=50530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
a thing of beauty (12.2T BGP chaos) [7:50531]
I am getting nipped by this today, and its more than just VPN that is affected. Latest 12.2.8T5, too :-( CSCdw84776 When a customer edge (CE) router advertises a route that contains the provider edge (PE)-CE link, the PE router fails to install this route to the virtual private network routing/forwarding instance (VRF) because the route is already registered in the VRF as a connected route. If the connected route is learned from the redistribution of connected routes to the Border Gateway Protocol (BGP) through the external Border Gateway Protocol (eBGP), the BGP on the PE router marks the route with Routing Information Base (RIB) failure and prevents the route from being advertised to other peer internal Border Gateway Protocol (iBGP) PE routers. This behavior causes a loss of connectivity from the local connected route to the remote sites. Workaround: Source the route on the PE router. Do not allow the CE router to advertise the route that connects the PE and the CE routers. This condition does not occur if eBGP is not configured between the CE and PE routers and if a routing protocol such as the VRF, Interior Gateway Protocol (IGP), Open Shortest Path First (OSPF), or Routing Information Protocol (RIP) is used. -- Neal Rauhauser CCNP, CCDP voice: 402-301-9555 mailto:[EMAIL PROTECTED] fcc : k0bsd "This is my private email devoted to various mailing lists. If you're a twerp with an attorney and someone else's money, don't bother my employer about the things I say, just come see me personally and we'll discuss the situation. No names, you twerps should know who you are". Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50531&t=50531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSS1 [7:50532]
I just signed up for all three Cisco Security exams! I thought this was a joke, but it is true! Managing Cisco Network Security Cisco Secure Pix Firewall Advanced Cisco Secure Virtual Private Networks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50532&t=50532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Does IOS 11.1(2) support "show tech" command [7:50494]
Jimmy, (watch for URL wrap) http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_r/ffrprt3/frf013.htm#1068334 Introduced in 11.2 IOS. The DDTS that implemented the command (CSCdi47180) shows integration in 10.3(12), 11.0(8), 11.1(3), and 11.2(1). Thanks, Shawn Jimmy wrote: > > Hi all : > > Does anyone know whether IOS 11.1(2) support "show > tech" command ? I have a 2501 router running on > 11.1(2) and it does not has "show tech ". However > another 2501 router running on 11.0(22) and it has > "show tech" command. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50533&t=50494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2501 IOS Flash! [7:50512]
Your flash is probably bad. I recently had a problem with some new flash and had to return it because half of it was uneraseable. I never found documentation or a solid answer for my error messages. All Flash chips on a stick should be identical (or at least detectable I guess). Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50534&t=50512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSS1 Beta [7:50536]
The 3 Cisco Security test I was talking about are from the Free Beta. I forgot to say that. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50536&t=50536 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN not connecting [7:50144]
Hi Silju, If my understanding of IPSEC is correct... his initial IKE (isakmp) negotiation - phase-1 exchange has completed, this is used to set up the exchange of the IPSEC proposals -- phase-2. So since phase-1 negotiations succeed (isakmp - udp500) but phase two proposals are never obtained it may be that the IPSEC (protocol 50/51) somewhere between himself and the remote VPN endpoints are being filtered... consequesntly phase-1 keeps timing out waiting for acceptance of ipsec proposals. The command "sysopt connection permit-ipsec" implicitly allows the IP protocols 50/51 and udp 500 through a pix firewall as long as there are matching crypto statements. You can turn this feature off if you want.. in which case you will have to explicitly allow those protocols through in your inbound access-list. Have you ever thought of how can you filter what traffic someone from the other side of the VPN sends you?? By default on a pix you can't. You just define what is interesting to bring the tunnel up from your side, but you can't decide on what the remote end point will send you... sure you can be restictive on your crypto-access list but you can't really stop it from getting into your network.. do you see the point I'm getting at?? rgds, ~Ciaron -Original Message- From: Silju Pillai [mailto:[EMAIL PROTECTED]] Sent: 02 August 2002 15:41 To: [EMAIL PROTECTED] Subject: RE: VPN not connecting [7:50144] Hi, Just wondering why you have to specifically open the ports 500, 50, 51. I have installed IPSec VPNs with PIX and Routers. I have never opened any port. Infact we have a VPN setup in my office itself. You believe me or not, with default ones it worked smoothly. Also according to Mike he is receiving IKMP_NO_Error message. So his ISAKMP policies are matching between the locations. I think you have to check your transform sets, access lists and crypto maps which comes in the second phase. Mike, the following link will help you with sample configurations. You might have already gone through it.But still I am putting it here. http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:IPSe c&s=Implementation_and_Configuration#Samples_%26_Tips regards ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. For more information contact [EMAIL PROTECTED] phone + 353 1 4093000 fax + 353 1 4093001 ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50535&t=50144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix static mappings to the inside [7:50500]
You can use the single IP address on your outside interface without a problem. If your outside address is 200.200.200.200 and you have a mail server on your inside 10.1.1.1 and a telnet server on your inside 10.2.2.2, you can do this: static (inside,outside) tcp 200.200.200.200 smtp 10.1.1.1 smtp static (inside,outside) tcp 200.200.200.200 telnet 10.2.2.2 telnet conduit permit tcp 200.200.200.200 255.255.255.255 eq smtp any conduit permit tcp 200.200.200.200 255.255.255.255 eq telnet any Hth, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: Ciaron Gogarty [mailto:[EMAIL PROTECTED]] Sent: Friday, August 02, 2002 8:29 AM To: [EMAIL PROTECTED] Subject: Re: Pix static mappings to the inside [7:50500] I not sure what code your using, but Cisco recommend using Access-lists instead of conduit statements. Just create a typical cisco access-list (except don't invert your masks) and apply it inbound to the outside interface and you will get the same result as your conduits!! C - Original Message - From: "Elijah Savage III" To: Sent: Friday, August 02, 2002 4:23 AM Subject: Pix static mappings to the inside [7:50500] > I have my pix 501 firewall working but I have yet to be able to get > static mapping working. I try this > > Static "outside ip address" "inside ip address" > > Conduit permit tcp outside ip inside ip eq 25 any > > > > When I issue these commands I can get mail into my mail server behind > the pix but it breaks my nat. I have read that it is not good to use > your outside global ip address for static mapping but if you only have 1 > static ip address how else can you do it. > > > > With me only having one static ip will this work? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50537&t=50500 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE number [7:50203]
I used to subscribe to the theory that by listing your certs, you somewhat shield yourself from flaming and criticism. For example, if a regular dude with no Cisco knowledge bashes Cisco, you could dismiss him as just a crank and people could justifiably flame him, etc. etc.. But if he's a CCIE, then you might actually have to take his complaints seriously. But I learned the hard way that this is not true. I learned that if people dislike your comments so much that they're going to flame you, they're going to do it whether you present your qualifications or not. They might flame you in a different way, but they're still going to do it. So at the end of the day, it doesn't matter a whit. For example, without answering the question of whether I am or am not a CCIE, I remember when I got into a discussion of the CCIE program, where I discussed the program's problems. Just like clockwork, dudes immediately shot back by asking me whether I was a CCIE myself, apparently under the guise I am just jealous of the program and the people who hold that designation. Yeah, well, what if I had decided to include in my sig my 4-digit number (which, again, is something I may or may not hold). I think we all know what would have happened - those same dudes who flamed me before for being jealous would have now flamed me for being insecure, because apparently my ulterior motive would be that I'm discouraging people from the program to protect my exclusive status (?!). Hmmm. The point is, it's a no-win situation and so I elect not to play. The people on this thread who are reasonable, which is most of them, will read your statements and judge them based on merit without regard to what your qualifications are. But then there are those people who have already made up their minds and couldn't care less even if you happened to be John Chambers himself. So there's no point in putting all your cards on the table if it isn't going to make a dam* bit of difference anyway. ""Mike Bernico"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I can't really speak for CCIEs because I'm not one, but like many of us on > this list I've gotten quite a few certifications. I believe very strongly > in industry certifications as benchmarks, however I don't list any of my > certifications on business cards, signature lines, etc anymore. I don't > like to be categorized into one thing or another. It also seems a bit > pretentious and maybe a bit insecure. I think everyone should be treated > the same regardless of certification and their statements should be judged > on their own merit and not weighted by a certification. But that's just my > $0.02. > > I think displaying some certifications could actually have a negative effect > as well. For example, I have a redhat certification. In a room full of > microsoft people that might work to discredit me. The same might go for > cisco certifications in a room full of whoever else makes Datacom equipment. > > > > --- > Mike Bernico [EMAIL PROTECTED] > Illinois Century Network http://www.illinois.net > (217) 557-6555 > > > > -Original Message- > > From: MADMAN [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, August 01, 2002 8:58 AM > > To: [EMAIL PROTECTED] > > Subject: Re: CCIE number [7:50203] > > > > > > FWIW I know off hand about 5 CCIE's that don't include their cert in > > their sig file. I have not asked them why, never really thought much > > about it. > > > > Dave > > > > ". ." wrote: > > > > > > Ok, may be i should rephase my question again. I have seen > > a lot of people > > > with their email signature as > > > John smith > > > CCIE 1024 > > > > > > or something like that. Then I know immediately that that > > person (i know > > > that 1024 belongs to the lab!) is a CCIE. > > > > > > However, would all CCIE include their "CCIE 1024" in their > > signature? If > > > not, just roughly how many of them? > > > > > > I know that it is not possible to answser this question. > > However, I am just > > > too curious to know this. > > > > > > If you find that this is stupid quesiton (no stupid > > question, only stupid > > > answer???), please kindly ignore this > > > > > > Thanks > > > > > > _ > > > Join the worlds largest e-mail service with MSN Hotmail. > > > http://www.hotmail.com > > -- > > David Madland > > Sr. Network Engineer > > CCIE# 2016 > > Qwest Communications Int. Inc. > > [EMAIL PROTECTED] > > 612-664-3367 > > > > "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50538&t=50203 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problem Redistributing BGP into OSPF. [7:50539]
Hi all. I was wondering if anyone has seen this before and could offer some advice. I have four routers, connected as follows. ISP1-ebgp-EdgeRouter1-ibgp-Core1-OSPF-Core2 EdgeRouter1 is advertising a Default route and a single /24 to Core1. Core1 is using "default-info Originate" to copy the default route into OSPF. That works great. On Core1 I am also using "redistribute bgp 65530 metric 1000 subnets" to copy the /24 into OSPF. This doesn't appear to be working. Specifically, the problem I am having is that Core2 doesn't seem to be receiving the /24 (from ospf). I have verified that the /24 is being advertised by Edge1 (show ip bgp neigh x.x.x.x adv), and that it is appearing in the Route Table of Core1. Anyone have any suggestions? Please CC: [EMAIL PROTECTED] on replies, as I am on the newsfeed and direct gets to me more quickly. Thanks, Ejay Hire _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50539&t=50539 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Installing a PA-2FE card in a 7206 [7:50540]
Does anyone know if this Fast Ethernet card is plug and play to when installed in a 7206 router? Also can you installing it without powering the router down and taking it offline? thx Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50540&t=50540 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem Redistributing BGP into OSPF. [7:50539]
What does a show IP ospf data show? You can do a "show IP OSPF data | include 10.20.30.40" to check the ospf database for the routing entry there ( assuming 10.20.30.40 is your /24 of course ) Thanks Larry -Original Message- From: Ejay Hire [mailto:[EMAIL PROTECTED]] Sent: Friday, August 02, 2002 11:40 AM To: [EMAIL PROTECTED] Subject: Problem Redistributing BGP into OSPF. [7:50539] Hi all. I was wondering if anyone has seen this before and could offer some advice. I have four routers, connected as follows. ISP1-ebgp-EdgeRouter1-ibgp-Core1-OSPF-Core2 EdgeRouter1 is advertising a Default route and a single /24 to Core1. Core1 is using "default-info Originate" to copy the default route into OSPF. That works great. On Core1 I am also using "redistribute bgp 65530 metric 1000 subnets" to copy the /24 into OSPF. This doesn't appear to be working. Specifically, the problem I am having is that Core2 doesn't seem to be receiving the /24 (from ospf). I have verified that the /24 is being advertised by Edge1 (show ip bgp neigh x.x.x.x adv), and that it is appearing in the Route Table of Core1. Anyone have any suggestions? Please CC: [EMAIL PROTECTED] on replies, as I am on the newsfeed and direct gets to me more quickly. Thanks, Ejay Hire _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50541&t=50539 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Kind suggestion is Needed! [7:50317]
try some router rental labs that you can access online. there are some links on the groupstudy home page itself. --- "a. ahmad" wrote: > Dear All, > > Thanks for some valueable suggestions. One more > thingif one is willing > to be a great networker, young, energatic but unable > to get hands on > experience then what are some guidelines for > him/her.. > > Thanks, > AA [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50542&t=50317 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Installing a PA-2FE card in a 7206 [7:50540]
Yes as long as you have the IOS that supports it and it is hot swappable. Dave McHugh Randy wrote: > > Does anyone know if this Fast Ethernet card is plug and play to when > installed in a 7206 router? Also can you installing it without powering the > router down and taking it offline? > thx > Randy -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50543&t=50540 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IP unnumbered loopback & dialup [7:50544]
Hi all, I am trying to conserve IP addresses by using private IPs for dialin users. >From clients I can dial in to network but cant get beyond 3640 NAS, cant even ping e0/0. From 3640, I can ping connected client and any host on Internet. From 2611 Internet gateway, I can ping 3640 e0/0 and lo0, but not a connected dialin user on Async with private IP address assigned by 3640 from IP pool. Traffic in both directions disappear at the 3640. Can somebody pls point out what I'm missing? Below are my configs and route tables: 3640-NAS: interface Loopback0 ip address 192.168.200.254 255.255.255.0 ! interface Ethernet0/0 ip address 216.199.175.12 255.255.255.224 ! interface Group-Async1 ip unnumbered Loopback0 peer default ip address pool PRIVATE ! router eigrp 10 network 192.168.1.0 network 192.168.200.0 network 216.199.175.0 no auto-summary ! ip local pool PRIVATE 192.168.200.41 192.168.200.88 ip classless ip route 0.0.0.0 0.0.0.0 216.199.175.1 Gateway of last resort is 216.199.175.1 to network 0.0.0.0 216.199.175.0/27 is subnetted, 1 subnets C 216.199.175.0 is directly connected, Ethernet0/0 192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.200.52/32 is directly connected, Async101 C 192.168.200.0/24 is directly connected, Loopback0 192.168.1.0/30 is subnetted, 1 subnets D 192.168.1.0 [90/2195456] via 216.199.175.1, 00:58:16, Ethernet0/0 S* 0.0.0.0/0 [1/0] via 216.199.175.1 2611-Gateway interface Ethernet0/0 ip address 216.199.175.1 255.255.255.224 ! interface Serial0/0 ip address 192.168.1.2 255.255.255.252 ! router eigrp 10 network 192.168.1.0 network 192.168.200.0 network 216.199.175.0 no auto-summary ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.1.1 Gateway of last resort is 192.168.1.1 to network 0.0.0.0 216.199.175.0/27 is subnetted, 1 subnets C 216.199.175.0 is directly connected, Ethernet0/0 192.168.200.0/24 is subnetted, 1 subnets D 192.168.200.0 [90/409600] via 216.199.175.12, 07:51:45, Et0/0 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.0 is directly connected, Serial0/0 S* 0.0.0.0/0 [1/0] via 192.168.1.1 TIA Tunji _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50544&t=50544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
WS-G5483 [7:50545]
I have a customer who is going to be using the WS-G5483 GBIC. This requires catOS 7.2. I have not yet loaded 7.2. Anyone out there running 7.2?? Good, bad or indifferant?! Thanks Dave -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50545&t=50545 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PRISCILLA OPPENHEIMER -Troubleshooting Campus [7:50524]
[EMAIL PROTECTED] wrote: > > Speaking of Priscilla's books: > > I've recently bought TDND as it was recommended as a great > study guide for > the CCDP, CID exam. > > However, now that I've got it, it seems everyone is suggesting > it as the > study guide for the DCN (640-441), CCDA exam. > > Perhaps those in the know (*ahem*...Priscilla ;-) ), can > enlighten me as > to if the book is meant for the CID (CCDP) or the DCN (CCDA) > exam. Top-Down Network Design wasn't meant to be a certification book at all. What would be the fun in writing something like that? ;-) But I worked at Cisco on both the Designing Cisco Networks 1.0 and Cisco Internetwork Design 2.0 classes, so the book is similar to both of those. The history is that, with the help of gurus like Howard Berkowitz, Marty Adkins, Peter Welcher, and some senior Cisco SEs, I developed a design methodology and explained it in the first version of the Designing Cisco Networks class. Then I left Cisco and continued developing methods for doing and explaining network design and wrote TDND. In the meantime, people still at Cisco turned DCN into a general-purpose course, certification program, Cisco Press book, etc. It took on a life of its own! I hear that TDND is still good for both CCDA and CID. It is currently influencing development of both those programs, which originally influenced it. It's been kind of a spiral. My new book, Troubleshooting Campus Networks, isn't really a certification book either. But after I learned how well cert books sell, I did make sure that it covers all the topics in the Support exam and that it provides the right info to help people pass that test. Thank-you very much for your interests in my books. I hope they work out well for you. Priscilla > > Thanks in advance! > Brendan. > > > > -Original Message- > From: Abu Mwalie [mailto:[EMAIL PROTECTED]] > Sent: 02 August 2002 10:27 > To: [EMAIL PROTECTED] > Subject: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw > [7:50520] > > > Priscilla, > > I have seen your knew book at Amazon.com. > > I hope it will be like TDND though they say that the second > book is > never like the first. > > The first has got me through the scary CCDA today; hope your > knew book will > do the same for Support. LATER! > > I look forward to a copy, and Good Luck in its SALES! > This message contains information intended solely for the > addressee, > which is confidential or private in nature and subject to legal > privilege. > If you are not the intended recipient, you may not peruse, use, > disseminate, distribute or copy this message or any file > attached to this > message. Any such unauthorised use is prohibited and may be > unlawful. If > you have received this message in error, please notify the > sender > immediately by e-mail, facsimile or telephone and thereafter > delete the > original message from your machine. > > Furthermore, the information contained in this message, and any > attachments thereto, is for information purposes only and may > contain the > personal views and opinions of the author, which are not > necessarily the > views and opinions of Dimension Data (South Africa) > (Proprietary) Limited > or is subsidiaries and associated companies ("Dimension Data"). > Dimension > Data therefore does not accept liability for any claims, loss > or damages > of whatsoever nature, arising as a result of the reliance on > such > information by anyone. > > Whilst all reasonable steps are taken to ensure the accuracy and > integrity of information transmitted electronically and to > preserve the > confidentiality thereof, Dimension Data accepts no liability or > responsibility whatsoever if information or data is, for > whatsoever > reason, incorrect, corrupted or does not reach its intended > destination. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50546&t=50524 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
not very good, but good enough... [7:50547]
... to pass!!! :) Just came back from my Vue Testing Center where I took the 350-001 today... I got a 73% grade, which is not very good, but it is good enough to get a PASS :) I'd like to thank everybody for all the information shared here on this group, it was very helpful... hopefully, it will also be helpful on the lab :) See you guys there!!! Persio Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50547&t=50547 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Route Summary syntax [7:50507]
Well, In the first lot, this is what I get: Sydney = 10.64.0.0 - 10.64.7.255 Melbourne = 10.64.0.0 - 10.64.1.255 Brisbane = 10.64.0.0 - 10.64.1.255 I.E your addrersses supplied are host addresses, not network addresses. Your second lot is 10.64.0.0 - 10.64.7.255 10.64.8.0 - 10.64.9.255 10.64.10.0 - 10.64.11.255 So yes, very different -Original Message- From: John Brandis [mailto:[EMAIL PROTECTED]] Sent: 02 August 2002 04:12 To: [EMAIL PROTECTED] Subject: Route Summary syntax [7:50507] Hi All, are the 2 following statements the same ? Route Summary for my global empire Sydney 10.64.0.0/21 Melb10.64.0.8/23 Bris10.64.0.10/23 Is whats below the same ? 10.64.0.0/21 10.64.8.0/23 10.64.10.0/23 Thanks for your time everyone. JB ** visit http://www.solution6.com visit http://www.eccountancy.com - everything for accountants. UK Customers - http://www.solution6.co.uk * This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50548&t=50507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS1 [7:50532]
what is a promo code , where did you get it for the all three exam , I was trying to register but no promo code ? Rahul ""Brian Zeitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I just signed up for all three Cisco Security exams! I thought this was > a joke, but it is true! > > > > Managing Cisco Network Security > > Cisco Secure Pix Firewall Advanced > > Cisco Secure Virtual Private Networks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50549&t=50532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS1 [7:50532]
Can you send me the promocode for registering the css1 exams? Rahul ccnp,ccna, [EMAIL PROTECTED] ""Brian Zeitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I just signed up for all three Cisco Security exams! I thought this was > a joke, but it is true! > > > > Managing Cisco Network Security > > Cisco Secure Pix Firewall Advanced > > Cisco Secure Virtual Private Networks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50550&t=50532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix static mappings to the inside [7:50500]
I would agree in their suggestion to use ACL's instead of conduits. What you want to look up is actually called port redirection. John Kaberna CCIE #7146 (R/S, Security) ""Ole Drews Jensen"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You can use the single IP address on your outside interface without a > problem. > > If your outside address is 200.200.200.200 and you have a mail server on > your inside 10.1.1.1 and a telnet server on your inside 10.2.2.2, you can do > this: > > static (inside,outside) tcp 200.200.200.200 smtp 10.1.1.1 smtp > static (inside,outside) tcp 200.200.200.200 telnet 10.2.2.2 telnet > > conduit permit tcp 200.200.200.200 255.255.255.255 eq smtp any > conduit permit tcp 200.200.200.200 255.255.255.255 eq telnet any > > Hth, > > Ole > > ~ > Ole Drews Jensen > Systems Network Manager > CCNP, MCSE, MCP+I > RWR Enterprises, Inc. > [EMAIL PROTECTED] > ~ > http://www.RouterChief.com > ~ > Need a Job? > http://www.OleDrews.com/job > ~ > > > > > -Original Message- > From: Ciaron Gogarty [mailto:[EMAIL PROTECTED]] > Sent: Friday, August 02, 2002 8:29 AM > To: [EMAIL PROTECTED] > Subject: Re: Pix static mappings to the inside [7:50500] > > > I not sure what code your using, but Cisco recommend using Access-lists > instead of conduit statements. Just create a typical cisco access-list > (except don't invert your masks) and apply it inbound to the outside > interface and you will get the same result as your conduits!! > > C > - Original Message - > From: "Elijah Savage III" > To: > Sent: Friday, August 02, 2002 4:23 AM > Subject: Pix static mappings to the inside [7:50500] > > > > I have my pix 501 firewall working but I have yet to be able to get > > static mapping working. I try this > > > > Static "outside ip address" "inside ip address" > > > > Conduit permit tcp outside ip inside ip eq 25 any > > > > > > > > When I issue these commands I can get mail into my mail server behind > > the pix but it breaks my nat. I have read that it is not good to use > > your outside global ip address for static mapping but if you only have 1 > > static ip address how else can you do it. > > > > > > > > With me only having one static ip will this work? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50551&t=50500 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2501 IOS Flash! [7:50512]
I guess the Flash are bad then :( Thanks for the comments Paul & KW :) Now, where can i get some flash..hmmm. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50552&t=50512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CSS1 [7:50532]
I sent it to you already! OR A LIMITED TIME FREE CISCO SECURITY CERTIFICATION BETA EXAMS Use these Promotional Codes to take them for free >From August 2nd through 22nd, the first 300 candidates to take each of >these 3 new Cisco security certification BETA exams can do so AT NO COST: Managing Cisco Network Security (MCNS), Cisco Secure PIX Firewall Advanced (CSPFA), and Cisco Secure Virtual Private Networks (CSVPN). Please share this opportunity with your coworkers, customers and Partners. Registration for these BETA exams starts August 2nd. Candidates must reference the following PROMOTIONAL CODES to take the BETA exams for free ---MCNS BETA exam #641-100, CODE: mcnsbe ---CSPFA BETA exam #9E1-111, CODE: cspfab ---CSVPN BETA exam #9E1-121, CODE: csvpnb To register, contact one of the following testing centers: Prometric: US and Canada: 1-800-829-NETS (6387)-option 2, then 4. Outside U.S. and Canada, visit http://www.prometric.com. VUE: U.S. and Canada call 1-800-829-NETS (6387)-option 2, then 4. Outside U.S. and Canada, visit www.vue.com. The testing centers will need your social security number and some demographic information before scheduling your exam. You will receive the results of your test approximately 8-12 weeks after the BETA period has ended. A passing score on a BETA exam can be applied toward the relevant Cisco security certifications. The finalized versions of these exams will go-live October 1st and will be available worldwide at their regular cost. So be sure to take advantage of this opportunity to take these exams at no cost! BETA Exam Description: The MCNS 641-100 BETA exam is the final step in preparation for the October 2002 launch of the revised MCNS exam. It focuses on the new material included in the new MCNS 3.0 course releasing August 2002. The MCNS 3.0 course fully replaces the existing MCNS 2.0 course. Content covering the PIX Firewall has been removed and several new IOS Firewall and IPSec features have been added. In addition to these new chapters and labs, all content focuses on the IOS software version 12.2.8T, CS ACS 3.0 for Windows 2000 Server, as well as the new Cisco Unified 3.0 IPSec Client. BETA Exam Description: The CSPFA 9E1-111 BETA exam is the final step in preparation for the October 2002 launch of the revised CSPFA exam. It focuses on the new material included in the new CSPFA 3.0 course releasing August 2002. The CSPFA 3.0 course updates CSPFA 2.1 and includes new lab exercises (Configuring Object Grouping, Configuring Command-Level Authorization, and Configuring a VPN with the PIX Device Manager), how to upgrade an activation key, how to use NAT 0 ACLs, how to configure secure remote access to your PIX Firewall, and how the PIX Firewall works with common applications. Labs focus on PIX Firewall software version 6.2, and content covering the Cisco IOS Firewall feature set have been removed. BETA Exam Description: The CSVPN 9E1-121BETA exam is the final step in preparation for the October 2002 launch of the revised CSVPN exam. It focuses on the new material included in the new CSVPN 3.0 course releasing August 2002. The CSVPN 3.0 course fully replaces the existing CSVPN 2.0 course. Content covering Cisco PIX Firewall-VPN and IOS-VPN theory has been removed and the course now focuses on the Cisco VPN 3000 Concentrator release 3.5 software, new Cisco VPN 3002 features, as well as installation and configuration of the Cisco VPN 3.5 Software Client (on Windows 2000 platforms) and installation and configuration of the Cisco VPN 3002. __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50553&t=50532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN not connecting [7:50144]
HI Ciaron, I totally agree with you that Phase-1 is completed in Mike's setup. But I would like to discuss some points. The problem I think is in phase-2 only. 1. Normally if your end-to-end traffic has to pass the ISP (public network) then you create a VPN tunnel. ISPs doesnt block any traffic or ports (500,50 or 51). If at all you are blocking these ports it will be at customer site. 2. You are right that "sysopt connection permit-ipsec" should be given on PIX to allow the IPSec traffic. But I assume Mike might hvae already tried that. Thanks a lot for this information as I never thought of turning it off and testing it. I just had a look at the cisco site regarding this info. Which is better? Turn it off and permit the specific ports or give this command and let PIX do the rest. 3. You define interesting traffic only for those networks or machines where you want to communicate using private network securely. So there is no point in filtering the traffic. Configure access-list so that only specific traffic is permitted. If the traffic doesnt match the crypto access list how the packets will enter into the network? In my opinion they will get dropped. Hope you get me. thanks once again, regards Silju Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50554&t=50144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN Tunnel through the PIX [7:50417]
HI Fabil, Its very difficult to explain unless you give the exact scenario.Normally you configure an access list for the VPN traffic and deny the NATing using "nat (inside) 0 access-list " command. Try the below link. You will find all the configurations there. http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:IPSec&s=Implementation_and_Configuration#Samples_%26_Tips Hope this helps, regards, Silju Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50555&t=50417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to setup Pix site-to-site VPN with overlapping [7:50255]
HI David, I have a link for you. It may help you a bit. It says NAT the existing addresses to a different address at both sites (although the document says one bcoz of the concentrator). http://www.cisco.com/warp/public/707/vpn_pix_private.html. If you are trying this ust tell me if it works or not. regards Silju Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50556&t=50255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: **PROMO CODES**for FREE Security Certification BETA Exams, [7:50557]
Passing on something sent to me by a Cisco Channel SE. FOR A LIMITED TIME FREE CISCO SECURITY CERTIFICATION BETA EXAMS Use these Promotional Codes to take them for free >From August 2nd through 22nd, the first 300 candidates to take each of these 3 new Cisco security certification BETA exams can do so AT NO COST: Managing Cisco Network Security (MCNS), Cisco Secure PIX Firewall Advanced (CSPFA), and Cisco Secure Virtual Private Networks (CSVPN). Please share this opportunity with your coworkers, customers and Partners. Registration for these BETA exams starts August 2nd. Candidates must reference the following PROMOTIONAL CODES to take the BETA exams for free ---MCNS BETA exam #641-100, CODE: mcnsbe ---CSPFA BETA exam #9E1-111, CODE: cspfab ---CSVPN BETA exam #9E1-121, CODE: csvpnb To register, contact one of the following testing centers: Prometric: US and Canada: 1-800-829-NETS (6387)-option 2, then 4. Outside U.S. and Canada, visit http://www.prometric.com. VUE: U.S. and Canada call 1-800-829-NETS (6387)-option 2, then 4. Outside U.S. and Canada, visit www.vue.com. The testing centers will need your social security number and some demographic information before scheduling your exam. You will receive the results of your test approximately 8-12 weeks after the BETA period has ended. A passing score on a BETA exam can be applied toward the relevant Cisco security certifications. The finalized versions of these exams will go-live October 1st and will be available worldwide at their regular cost. So be sure to take advantage of this opportunity to take these exams at no cost! BETA Exam Description: The MCNS 641-100 BETA exam is the final step in preparation for the October 2002 launch of the revised MCNS exam. It focuses on the new material included in the new MCNS 3.0 course releasing August 2002. The MCNS 3.0 course fully replaces the existing MCNS 2.0 course. Content covering the PIX Firewall has been removed and several new IOS Firewall and IPSec features have been added. In addition to these new chapters and labs, all content focuses on the IOS software version 12.2.8T, CS ACS 3.0 for Windows 2000 Server, as well as the new Cisco Unified 3.0 IPSec Client. BETA Exam Description: The CSPFA 9E1-111 BETA exam is the final step in preparation for the October 2002 launch of the revised CSPFA exam. It focuses on the new material included in the new CSPFA 3.0 course releasing August 2002. The CSPFA 3.0 course updates CSPFA 2.1 and includes new lab exercises (Configuring Object Grouping, Configuring Command-Level Authorization, and Configuring a VPN with the PIX Device Manager), how to upgrade an activation key, how to use NAT 0 ACLs, how to configure secure remote access to your PIX Firewall, and how the PIX Firewall works with common applications. Labs focus on PIX Firewall software version 6.2, and content covering the Cisco IOS Firewall feature set have been removed. BETA Exam Description: The CSVPN 9E1-121BETA exam is the final step in preparation for the October 2002 launch of the revised CSVPN exam. It focuses on the new material included in the new CSVPN 3.0 course releasing August 2002. The CSVPN 3.0 course fully replaces the existing CSVPN 2.0 course. Content covering Cisco PIX Firewall-VPN and IOS-VPN theory has been removed and the course now focuses on the Cisco VPN 3000 Concentrator release 3.5 software, new Cisco VPN 3002 features, as well as installation and configuration of the Cisco VPN 3.5 Software Client (on Windows 2000 platforms) and installation and configuration of the Cisco VPN 3002. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50557&t=50557 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2501 IOS Flash! [7:50512]
Richard, You need to boot the 2501 router into RXBoot mode before you can Upgrade the IOS in Flash. Visit this CCO URL: http://www.cisco.com/warp/public/130/sw_upgrade_proc_flash.shtml Here is probably the cause of your problem: -- Configure the router or access server to boot into Rxboot mode On these platforms, the Cisco IOS software image is actually running directly from the Flash memory. Therefore, you cannot copy the Cisco IOS software image from the TFTP server to the Flash if you are in user privileged EXEC mode (router#). You have to configure the router or access server to boot into Rxboot mode. Check the current value of the configuration register. You can see it on the bottom line of the show version output. It is usually set to 0x2102 or 0x102. You will need this value for a later step. Change the configuration register to the value 0x2101 as follows: Router>enable Password: password Router# Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#config-register 0x2101 Router(config)#^Z Router# %SYS-5-CONFIG_I: Configured from console by console !--- It's not necessary to !--- save the configuration here, as the configuration register has already !--- been changed in NVRAM Router#reload Note: If you are connected through Telnet, the session is lost after the reload. Wait a few minutes and try again. It is strongly recommended that you do not perform a Cisco IOS software upgrade remotely since most disaster recovery procedures require you to be physically located where the router is installed. -- Good luck, Angel Leiva - MCSE, CCNP-R&S, CCNP-WAN Senior Network Systems Consultant International Network Services Irving, TX -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 11:30 PM To: [EMAIL PROTECTED] Subject: 2501 IOS Flash! [7:50512] Hey all, Could someone be kind enough to explain to me why I can't copy IOS by tftp to my flash, my flash currently reads: System flash directory: No files in System flash [0 bytes used, 16777216 available, 16777216 total] 16384K bytes of System flash (Device not programmable) I think (Device not programmable) may be the problem(could be wrong), any ideas how to rectify this? Please help. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50558&t=50512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2501 IOS Flash! [7:50512]
Richard, You need to boot the 2501 router into RXBoot mode before you can Upgrade the IOS in Flash. Visit this CCO URL: http://www.cisco.com/warp/public/130/sw_upgrade_proc_flash.shtml Here is probably the cause of your problem: -- Configure the router or access server to boot into Rxboot mode On these platforms, the Cisco IOS software image is actually running directly from the Flash memory. Therefore, you cannot copy the Cisco IOS software image from the TFTP server to the Flash if you are in user privileged EXEC mode (router#). You have to configure the router or access server to boot into Rxboot mode. Check the current value of the configuration register. You can see it on the bottom line of the show version output. It is usually set to 0x2102 or 0x102. You will need this value for a later step. Change the configuration register to the value 0x2101 as follows: Router>enable Password: password Router# Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#config-register 0x2101 Router(config)#^Z Router# %SYS-5-CONFIG_I: Configured from console by console !--- It's not necessary to !--- save the configuration here, as the configuration register has already !--- been changed in NVRAM Router#reload Note: If you are connected through Telnet, the session is lost after the reload. Wait a few minutes and try again. It is strongly recommended that you do not perform a Cisco IOS software upgrade remotely since most disaster recovery procedures require you to be physically located where the router is installed. -- Good luck, Angel Leiva - MCSE, CCNP-R&S, CCNP-WAN Senior Network Systems Consultant International Network Services Irving, TX -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, August 02, 2002 1:55 AM To: [EMAIL PROTECTED] Subject: RE: 2501 IOS Flash! [7:50512] Argh! Still can't get the IOS to copy from tftp to flash! In addition, here's what i got from #sh flash all command: System flash directory: No files in System flash [0 bytes used, 16777216 available, 16777216 total] 16384K bytes of System flash (Device not programmable) ChipBankCode Size Name 1 1 89A0 4096KBINTEL 28F016SA 2 1 89A0 4096KBINTEL 28F016SA 3 1 4096KBUnknown Chip 4 1 89A0 4096KBINTEL 28F016SA Are the chips still good? Whats the "unknown chip" and does it have any effect on the transfer?! Says "READ-ONLY" for the flash when copying, any idea/s on how to change that? Been through loads of documentation but still can't find the answer! Do hope someone can help...thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50559&t=50512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2501 IOS Flash! [7:50512]
I've been ordering from this guy for almost 3 years. PC Wholesale [[EMAIL PROTECTED]] Prices are great and I've always received my orders in just a few days. All the best !!! Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, August 02, 2002 3:45 PM To: [EMAIL PROTECTED] Subject: RE: 2501 IOS Flash! [7:50512] I guess the Flash are bad then :( Thanks for the comments Paul & KW :) Now, where can i get some flash..hmmm. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50560&t=50512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CSS1 Beta Exams [7:50561]
Thanks for the heads up. I was signing up this evening to take the existing CSPFA over the weekend. So I gave myself an extra week in hopes to save $200 CDN. The MCNS looked to good to turn down at that price. So I will see if squeaking by can be acheived. I have 20 days to go over the blue print, pull out what I use daily and read up on things that I may have seen but don't realize they exist. Thus my path is laid out ;). Kim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50561&t=50561 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PRISCILLA OPPENHEIMER -Troubleshooting Campus [7:50530]
I have to agree that TDND is a very good book overall and the added benefit to the book is it will help people study for their design exams. I have to compare this book to many of Mark Minasi's NT/2000 books, and although he does not write the book to specifically help you prepare for the MCSE, many people use it to do just that. - Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50562&t=50530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: not very good, but good enough... [7:50547]
Now onto the lab :) Kim > > From: "Persio Pucci" > Date: 2002/08/02 Fri PM 03:17:07 EDT > To: [EMAIL PROTECTED] > Subject: not very good, but good enough... [7:50547] > > ... to pass!!! :) > > Just came back from my Vue Testing Center where I took the 350-001 today... I > got a 73% grade, which is not very good, but it is good enough to get a PASS > :) > > I'd like to thank everybody for all the information shared here on this > group, > it was very helpful... hopefully, it will also be helpful on the lab :) > > See you guys there!!! > > Persio Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50563&t=50547 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN not connecting [7:50144]
Hi Silju, I would have to disagree with you one point, or perhaps modify your statement -- "Normally" ISP's don't filter IPSEC, but some do -- I know this from personal experience. Granted the ISP in question didn't know they were doing it (misconfigured access-list). I remember reading somewhere that some ISP's were going to actively filter IPSEC transiting their AS. This may or may not be true.. does anybody on the group know for sure??? Either way, it may be prudent to check with his upstream ISP!! Although your correct in saying that most VPN's terminate at secure or wholly trusted sites, this is not always the case. Suppose you wanted to also extend your VPN to a support company for a particular server app, your corporate policy may not like that fact that you cannot actively control what is sent through the tunnel. Sure you can make sure a reply will only go back to a destination address defined as "interesting" in your return access list.. but those packest are still coming from his side of the VPN and entering your network... so in that case, you could turn off the sysopt connect permit-ipsec and use access-lists on the outside to filter the traffic before it enters the network. I could be wrong, but that is my understanding of the pix implementation of IPSEC... does anybody know for sure?? cheers dude, Ciaron - Original Message - From: "Silju Pillai" To: Sent: Friday, August 02, 2002 10:18 PM Subject: RE: VPN not connecting [7:50144] > HI Ciaron, > > I totally agree with you that Phase-1 is completed in Mike's setup. > But I would like to discuss some points. The problem I think is in phase-2 > only. > > 1. Normally if your end-to-end traffic has to pass the ISP (public network) > then you create a VPN tunnel. ISPs doesnt block any traffic or ports (500,50 > or 51). If at all you are blocking these ports it will be at customer site. > > 2. You are right that "sysopt connection permit-ipsec" should be given on > PIX to allow the IPSec traffic. But I assume Mike might hvae already tried > that. Thanks a lot for this information as I never thought of turning it off > and testing it. I just had a look at the cisco site regarding this info. > Which is better? Turn it off and permit the specific ports or give this > command and let PIX do the rest. > > 3. You define interesting traffic only for those networks or machines where > you want to communicate using private network securely. So there is no point > in filtering the traffic. Configure access-list so that only specific > traffic is permitted. If the traffic doesnt match the crypto access list how > the packets will enter into the network? In my opinion they will get > dropped. Hope you get me. > > thanks once again, > regards > Silju Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50564&t=50144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Pix 501 connected to dsl [7:50449]
Hi, How are your setting a default route for this pix firewall? - Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50565&t=50449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Press OSPF? [7:50567]
All, Looking for a book that will cover OSPF in detail outside of the BSCN book. I recently purchased "Internet Routing Architectures" to give me more detailed knowledge of BGP, but need to round out the OSPF with another book. Any advice? Thanks Rob Cluett, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50567&t=50567 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Press OSPF? [7:50567]
Might consider this one: Cisco OSPF Command and Configuration Handbook by William R. Parkhurst I haven't read this one myself, but according to the reviews it is written in the same vein as his BGP book, which I believe is a far better way to learn the knobs. HTH ""Robert D. Cluett"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > All, > > Looking for a book that will cover OSPF in detail outside of the BSCN book. > I recently purchased "Internet Routing Architectures" to give me more > detailed knowledge of BGP, but need to round out the OSPF with another book. > Any advice? > > Thanks > Rob Cluett, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50568&t=50567 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2501 IOS Flash! [7:50512]
www.memorydealers.com They have a very good price and very reliabletake a look... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Phil Lorenz Sent: Friday, August 02, 2002 6:42 PM To: [EMAIL PROTECTED] Subject: RE: 2501 IOS Flash! [7:50512] I've been ordering from this guy for almost 3 years. PC Wholesale [[EMAIL PROTECTED]] Prices are great and I've always received my orders in just a few days. All the best !!! Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, August 02, 2002 3:45 PM To: [EMAIL PROTECTED] Subject: RE: 2501 IOS Flash! [7:50512] I guess the Flash are bad then :( Thanks for the comments Paul & KW :) Now, where can i get some flash..hmmm. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50569&t=50512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2501 IOS Flash! [7:50512]
AGGG !!! Back to the very first post... if this router somehow is booting with a run from FLASH IOS, you cannot upgrade it in normal operating mode. The 2500 started many many years ago, with run from RAM IOS. Run from RAM meant the FLASH is more of a repository for the compressed IOS code and the router could not function until the IOS image decompressed when loading into RAM. This was the case with 11.3, where routers were delivered with 8 FLASH and 16 RAM. Today- the 2500 is so processor and memory limited, that FLASH now works like a hard drive. What portion of the IOS code is needed is loaded into FLASH. That's why 12.1, which is about when these guys went EOL, started with 16 FLASH and 8 RAM setups. Try breaking the boot (Cntrl Break @ the boot up) and loading IOS from ROM (boot mode) and keep in mind this process will not work without 11.0(10c) boot ROMs. All the best !!! Phil -Original Message- From: Juan Blanco [mailto:[EMAIL PROTECTED]] Sent: Friday, August 02, 2002 8:30 PM To: 'Phil Lorenz'; [EMAIL PROTECTED] Subject: RE: 2501 IOS Flash! [7:50512] www.memorydealers.com They have a very good price and very reliabletake a look... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Phil Lorenz Sent: Friday, August 02, 2002 6:42 PM To: [EMAIL PROTECTED] Subject: RE: 2501 IOS Flash! [7:50512] I've been ordering from this guy for almost 3 years. PC Wholesale [[EMAIL PROTECTED]] Prices are great and I've always received my orders in just a few days. All the best !!! Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, August 02, 2002 3:45 PM To: [EMAIL PROTECTED] Subject: RE: 2501 IOS Flash! [7:50512] I guess the Flash are bad then :( Thanks for the comments Paul & KW :) Now, where can i get some flash..hmmm. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50570&t=50512 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Press OSPF? [7:50567]
The Cisco Press OSPF book by Tom Thomas would go great with Dr. Parkhurst's book as well. - Original Message - From: "Chuck" To: Sent: Friday, August 02, 2002 10:04 PM Subject: Re: Cisco Press OSPF? [7:50567] > Might consider this one: > > Cisco OSPF Command and Configuration Handbook > by William R. Parkhurst > > I haven't read this one myself, but according to the reviews it is written > in the same vein as his BGP book, which I believe is a far better way to > learn the knobs. > > HTH > > > ""Robert D. Cluett"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > All, > > > > Looking for a book that will cover OSPF in detail outside of the BSCN > book. > > I recently purchased "Internet Routing Architectures" to give me more > > detailed knowledge of BGP, but need to round out the OSPF with another > book. > > Any advice? > > > > Thanks > > Rob Cluett, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50571&t=50567 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
DRAM for 2500 series [7:50572]
I don't care about a SmartNet contract. Will a standard, fast-page with parity SIMM chip work with a 2500 series router? Am I asking for trouble if I don't get a "for Cisco 2500 series" ram? I found this chip for $6: 16 MB SIMM FAST PAGE with PARITY (4X36) 72 PIN Thanks, Jack Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50572&t=50572 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Route Reflectors? [7:50573]
Group, In reading the BSCN book, I have stumbled across something confusing when it is discussing "route reflectors". The books states that the use of route reflectors eliminates the need to run BGP in a full mesh environment. Based on this statement I have assumed that BGP therefore must be configured only on a network that is fully meshed (unless route reflectors are used). Is this true? Robert D. Cluett, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50573&t=50573 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Route Reflectors? [7:50573]
only the iBGP speakers must be in a full mesh - not necessarily the entire network. ""Robert D. Cluett"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Group, > > In reading the BSCN book, I have stumbled across something confusing when it > is discussing "route reflectors". The books states that the use of route > reflectors eliminates the need to run BGP in a full mesh environment. Based > on this statement I have assumed that BGP therefore must be configured only > on a network that is fully meshed (unless route reflectors are used). Is > this true? > > Robert D. Cluett, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50574&t=50573 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: X.25 switching on CISCO; Please help [7:50521]
can you please paste a copy of your x25 debug? Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Pooja Thakur Sent: Friday, August 02, 2002 11:30 AM To: [EMAIL PROTECTED] Subject: X.25 switching on CISCO; Please help [7:50521] Hello, I have a test setup where in 2 remote VSATs are configured as XPAD. An X.121 address is given to each RS-232 port on the 2 VSATs. The SVC sessions of the 2 remotes are defined on a X25 device at the Central Hub. Since this device cannot do switching, I have connected a CISCO 2500 to the X25 device. X25 device is X25 DTE while the CISCO is X25 DCE. I hv configured x25 routing on CISCO and given 2 x25 routes for the remote X.121 addresses with the next hop as the same serial interface to which the X25 device is connected. But when I make a call from one remot to another, the debug on the router says cannot route call. Can u help me out and suggest what sud I do to make this work. Thanx __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50575&t=50521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: LANE Information [7:50420]
I'd appreciate if you can send me a copy of the same. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mark W. Odette II Sent: Thursday, August 01, 2002 11:42 PM To: [EMAIL PROTECTED] Subject: RE: LANE Information [7:50420] I'd like a copy of that doc, if you would be so kind... will be some very interesting reading. Mark -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 3:11 PM To: [EMAIL PROTECTED] Subject: Re: LANE Information [7:50420] I have digitized the doc but I doubt I can send a pdf to the list. If interested send me an email Dave MADMAN wrote: > > Ha, straight forward LANE, that's an oxymoron!! > > Actually I have a internal doc titled "LANE, it ain't rocket science" > I got several years ago from a Cisco engineer that is very good, clear > and consice in a way you won't find on CCO but I don't have it in > electronic form. > > Dave > > Neil Borne wrote: > > > > Does anyone know where I get can get some "straight forward" LANE > > information? > > > > Thanks, > > > > P. Neil Borne, CCDA,CCNP,C-voice and CWNA > > Systems Integrator III > > > > _ > > Send and receive Hotmail on your mobile device: http://mobile.msn.com > -- > David Madland > Sr. Network Engineer > CCIE# 2016 > Qwest Communications Int. Inc. > [EMAIL PROTECTED] > 612-664-3367 > > "Emotion should reflect reason not guide it" -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 "Emotion should reflect reason not guide it" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50576&t=50420 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Route Reflectors? [7:50573]
Well, route-reflectors and route-reflector-clients have an iBGP relationship with each other, yet the route-reflector-clients need not be part of the full mesh. iBGP speakers tell each other about locally injected routes, routes learned from ebgp neighbors, and routes learned from ibgp route-reflector-clients. Additionally, iBGP speakers announce all bgp routes to route-reflector-clients. Of course, the above is subject to applied routing policies. Route-reflection (and confederations), in my experience, are best used when physical (or administrative) hierarchy promote a matching routing hierarchy. For instance, say a site has 2 core routers connected to core routers at other sites, and 2 distribution routers connected to the two local core routers, and each other. It would make sense to make the core routers part of the full ibgp mesh, and then make the distribution routers route-reflector-clients of both core routers at that site. In large networks, a combination of confederations and route-reflectors can really cut down on the overhead involved in managing huge router configs. Regards, --phil On Sat, Aug 03, 2002 at 05:06:18AM +, Chuck wrote: only the iBGP speakers must be in a full mesh - not necessarily the entire network. ""Robert D. Cluett"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Group, > > In reading the BSCN book, I have stumbled across something confusing when it > is discussing "route reflectors". The books states that the use of route > reflectors eliminates the need to run BGP in a full mesh environment. Based > on this statement I have assumed that BGP therefore must be configured only > on a network that is fully meshed (unless route reflectors are used). Is > this true? > > Robert D. Cluett, CCNA -- Regards, --phil Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50577&t=50573 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]