Routing 603 Exam [7:50518]

[Nuurul Basar Mohd Baki]

Hai,

I have taken the new routing 603 twice, there are a few questions in the
particular exam that I am unable to get the answer at all.
Is there a way, that I can post a similar question with out breaking the
NDA.  


Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50518&t=50518
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

X.25 switching on CISCO; Please help [7:50519]

[Pooja Thakur]

Hello,

I have a test setup where in 2 remote VSATs are
configured as XPAD. An X.121 address is given to each
RS-232 port on the 2 VSATs. The SVC sessions of the 2
remotes are defined on a X25 device at the Central
Hub. Since this device cannot do switching, I have
connected a CISCO 2500 to the X25 device. X25 device
is X25 DTE while the CISCO is X25 DCE. I hv configured
x25 routing on CISCO and given 2 x25 routes for the
remote X.121 addresses with the next hop as the se

__
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50519&t=50519
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

X.25 switching on CISCO; Please help [7:50521]

[Pooja Thakur]

Hello,

I have a test setup where in 2 remote VSATs are
configured as XPAD. An X.121 address is given to each
RS-232 port on the 2 VSATs. The SVC sessions of the 2
remotes are defined on a X25 device at the Central
Hub. Since this device cannot do switching, I have
connected a CISCO 2500 to the X25 device. X25 device
is X25 DTE while the CISCO is X25 DCE. I hv configured
x25 routing on CISCO and given 2 x25 routes for the
remote X.121 addresses with the next hop as the same
serial interface to which the X25 device is connected.


But when I make a call from one remot to another, the
debug on the router says cannot route call. Can u help
me out and suggest what sud I do to make this work. 

Thanx

__
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50521&t=50521
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw [7:50520]

[Abu Mwalie]

Priscilla,

I have seen your knew book at Amazon.com.

I hope it will be like TDND though they say that the second book is
never like the first.

The first has got me through the scary CCDA today; hope your knew book will
do the same for Support. LATER!

I look forward to a copy, and Good Luck in its SALES!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50520&t=50520
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN not connecting [7:50144]

[Ciaron Gogarty]

Hi mike,

Could be that IPSEC is being filtered out by one of the intermediary
providers.  Would explain why your ike negotiation is working but ipsec
never gets established.

worth checking.

rgds,

C
- Original Message -
From: "supernet" 
To: 
Sent: Friday, August 02, 2002 3:08 AM
Subject: RE: VPN not connecting [7:50144]


> I've seen VPN problems between PIXs, Cisco routers and VPN-1s. Sometimes
> everything seems to be right but it doesn't work. Remove "crypto map"
> and add them back may help. At least, it helped me twice.
>
> HTH.
> Yoshi
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Thursday, August 01, 2002 2:40 PM
> To: [EMAIL PROTECTED]
> Subject: RE: VPN not connecting [7:50144]
>
> I've been working on trying to eliminate the variables on each side of
> the
> VPN  The unfortunate thing is, the other side is home, so I usually
> wait
> until the late evening/night to work on the remote side  That's also
> the
> reason for the "frustrating" comment earlier.  I know I could SSH into
> it,
> but, this isn't the only project I've been working on (as I'm sure a lot
> of
> you can relate)...  So I'm going to hopefully wrap it up by this
> weekend.
>
> One of the main issues I was running into was the remote network was
> subnetted from the main network so the ACLs got a little confusing.  So
> I've
> changed the IP scheme on the remote side...  This also brings me to
> another
> question; a rather newbie one, what other ports should be open(beside
> 500)?
> I received an email from someone saying 50 & 51, does that sound right?
> If
> you have the, "allow any out and return in", settings for firewall
> rules...
> Do the ports still need to be opened (I would think not since there is
> the
> nat0 command?)?  The other issue I'm looking into is the MTU size
>
> Once I establish the tunnel and maintain connectivity I'll let y'all
> know
> what I find
>
> Thanx for the help,
> mkj
>
> -Original Message-
> From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 01, 2002 2:54 PM
> To: [EMAIL PROTECTED]
> Subject: RE: VPN not connecting [7:50144]
>
>
> Lidiya White wrote:
> >
> > Capture debugs on both ends at the same time. Should be more
> > helpful.
> > Make sure both ends have "isakmp identify address"...
> >
> > -- Lidiya White
>
> Sounds like a good idea. So Mike, what was the problem? It sure would
> help
> those of learning IPSec to hear how you resolved the issue. Thanks.
>
> Priscilla
>
>
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
> > Behalf Of
> > [EMAIL PROTECTED]
> > Sent: Tuesday, July 30, 2002 4:05 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: VPN not connecting [7:50144]
> >
> > The ACLs are mirrors of each other and the transform sets
> > match
> > Very
> > frustrating
> >
> > -Original Message-
> > From: Silju Pillai [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, July 30, 2002 2:29 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: VPN not connecting [7:50144]
> >
> >
> > Hi,
> >
> >   Pls check the interesting traffic configured
> > (access list) configured at both ends. Your transform set
> > parameters
> > too. It
> > should be same.
> >
> > As you are receiving IKMP_no_error your isakmp policies are
> > working
> > fine.
> >
> > regards




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50522&t=50144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw [7:50524]

[[EMAIL PROTECTED]]

Speaking of Priscilla's books:

I've recently bought TDND as it was recommended as a great study guide for
the CCDP, CID exam.

However, now that I've got it, it seems everyone is suggesting it as the
study guide for the DCN (640-441), CCDA exam.

Perhaps those in the know (*ahem*...Priscilla ;-) ), can enlighten me as
to if the book is meant for the CID (CCDP) or the DCN (CCDA) exam.

Thanks in advance!
Brendan.



-Original Message-
From: Abu Mwalie [mailto:[EMAIL PROTECTED]] 
Sent: 02 August 2002 10:27
To: [EMAIL PROTECTED]
Subject: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw [7:50520]


Priscilla,

I have seen your knew book at Amazon.com.

I hope it will be like TDND though they say that the second book is
never like the first.

The first has got me through the scary CCDA today; hope your knew book will
do the same for Support. LATER!

I look forward to a copy, and Good Luck in its SALES!
This message contains information intended solely for the addressee,
which is confidential or private in nature and subject to legal privilege.
If you are not the intended recipient, you may not peruse, use,
disseminate, distribute or copy this message or any file attached to this
message. Any such unauthorised use is prohibited and may be unlawful. If
you have received this message in error, please notify the sender
immediately by e-mail, facsimile or telephone and thereafter delete the
original message from your machine. 
 
Furthermore, the information contained in this message, and any
attachments thereto, is for information purposes only and may contain the
personal views and opinions of the author, which are not necessarily the
views and opinions of Dimension Data (South Africa) (Proprietary) Limited
or is subsidiaries and associated companies ("Dimension Data"). Dimension
Data therefore does not accept liability for any claims, loss or damages
of whatsoever nature, arising as a result of the reliance on such
information by anyone. 
 
Whilst all reasonable steps are taken to ensure the accuracy and
integrity of information transmitted electronically and to preserve the
confidentiality thereof, Dimension Data accepts no liability or
responsibility whatsoever if information or data is, for whatsoever
reason, incorrect, corrupted or does not reach its intended destination.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50524&t=50524
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PRISCILLA OPPENHEIMER -Troubleshooting Campus [7:50524]

[Abu Mwalie]

Actually, Priscilla's book is about Designing Computer Networks, the Proper
Way NOT a Certification Guide, as she said herself. I totally agree with
her.

Why is this important? Because the CCDA exam follows some rigid procedure
which can easily get you mixed up if you mix many books! Probably, for
preparing for the exam, closely follow a Cisco Study Guide, but for a
classic way of designing networks, I think Priscilla's book is first-class.

I should know... I only buy good books and Priscilla's is one of them... it
makes good reading because it is totally self-contained... just the way I
will write when I become a world-famous author.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50525&t=50524
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw [7:50526]

[Jose A Rola]

Did you check her website?
Lots of information on troubleshooting there.

www.priscilla.com

>>> "[EMAIL PROTECTED]"  08/02/02 10:47am >>>
Speaking of Priscilla's books:

I've recently bought TDND as it was recommended as a great study guide for
the CCDP, CID exam.

However, now that I've got it, it seems everyone is suggesting it as the
study guide for the DCN (640-441), CCDA exam.

Perhaps those in the know (*ahem*...Priscilla ;-) ), can enlighten me as
to if the book is meant for the CID (CCDP) or the DCN (CCDA) exam.

Thanks in advance!
Brendan.



-Original Message-
From: Abu Mwalie [mailto:[EMAIL PROTECTED]] 
Sent: 02 August 2002 10:27
To: [EMAIL PROTECTED]
Subject: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw [7:50520]


Priscilla,

I have seen your knew book at Amazon.com.

I hope it will be like TDND though they say that the second book is
never like the first.

The first has got me through the scary CCDA today; hope your knew book will
do the same for Support. LATER!

I look forward to a copy, and Good Luck in its SALES!
This message contains information intended solely for the addressee,
which is confidential or private in nature and subject to legal privilege.
If you are not the intended recipient, you may not peruse, use,
disseminate, distribute or copy this message or any file attached to this
message. Any such unauthorised use is prohibited and may be unlawful. If
you have received this message in error, please notify the sender
immediately by e-mail, facsimile or telephone and thereafter delete the
original message from your machine. 
 
Furthermore, the information contained in this message, and any
attachments thereto, is for information purposes only and may contain the
personal views and opinions of the author, which are not necessarily the
views and opinions of Dimension Data (South Africa) (Proprietary) Limited
or is subsidiaries and associated companies ("Dimension Data"). Dimension
Data therefore does not accept liability for any claims, loss or damages
of whatsoever nature, arising as a result of the reliance on such
information by anyone. 
 
Whilst all reasonable steps are taken to ensure the accuracy and
integrity of information transmitted electronically and to preserve the
confidentiality thereof, Dimension Data accepts no liability or
responsibility whatsoever if information or data is, for whatsoever
reason, incorrect, corrupted or does not reach its intended destination.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50526&t=50526
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Confusing about some FR & OSPF configuration o [7:50247]

[Kris Keen]

Hi

1) You can use either P2P, Physical or P2MP. Beware of Split horizon here
depending on your routing protocol
2) you can use either frame-relay map statements to map your layer2 dlci's
to your layer3 ip's, or you can use inverse-arp. Do some research on both

3)bandwdith is a must for eigrp but you should configure bandwidth for any
link.

If you dont use ip ospf cost, the default metric will be employed, that is
10^8 /  bandwidth . So if you have a serial line beware as it will grab the
1.544mpbs when in reality this might be a 64k frame circuit..

Hope that helps!
Jnr Network Engineer :) Go easy please :(


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50527&t=50247
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Standby Virtual MAC [7:50528]

[Jay Greenberg]

To solve a problem, as a hack, I used HSRP to create a virtual MAC
address that just applied to *1* subinterface on an ISL trunk.  The rest
of the subinterfaces use the BIA.   

To try to clean this up, is there any other way to use a virtual mac
address on a subinterface?  I noticed I don't have the #mac-address
command available on the subinterface.

Jay Greenberg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50528&t=50528
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Pix static mappings to the inside [7:50500]

[Ciaron Gogarty]

I not sure what code your using, but Cisco recommend using Access-lists
instead of conduit statements.   Just create a typical cisco access-list
(except don't invert your masks) and apply it inbound to the outside
interface and you will get the same result as your conduits!!

C
- Original Message -
From: "Elijah Savage III" 
To: 
Sent: Friday, August 02, 2002 4:23 AM
Subject: Pix static mappings to the inside [7:50500]


> I have my pix 501 firewall working but I have yet to be able to get
> static mapping working. I try this
>
> Static "outside ip address" "inside ip address"
>
> Conduit permit tcp outside ip inside ip eq 25 any
>
>
>
> When I issue these commands I can get mail into my mail server behind
> the pix but it breaks my nat. I have read that it is not good to use
> your outside global ip address for static mapping but if you only have 1
> static ip address how else can you do it.
>
>
>
> With me only having one static ip will this work?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50523&t=50500
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN not connecting [7:50144]

[Silju Pillai]

Hi,

Just wondering why you have to specifically open the ports 500, 50, 51. 
I have installed IPSec VPNs with PIX and Routers. I have never opened any
port. Infact we have a VPN setup in my office itself. You believe me or not,
with default ones it worked smoothly.
Also according to Mike he is receiving IKMP_NO_Error message. So his ISAKMP
policies are matching between the locations. I think you have to check your
transform sets, access lists and crypto maps which comes in the second phase.

Mike, the following link will help you with sample configurations. You might
have already gone through it.But still I am putting it here.

http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:IPSec&s=Implementation_and_Configuration#Samples_%26_Tips

regards




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50529&t=50144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw [7:50530]

[Leigh Anne Chisholm]

TDND can be used for both exams.  TDND is actually better suited to the
revised CID exam than the CID Study Guide.  And that's pretty much the
feeling
of a lot of people that took the CID 3.0 exam...

It's a good book.  I'm glad I finally had the time to go through it.
Priscilla's one of my favorites - I really like her writing style and I find
it very easy to read.


  -- Leigh Anne

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> [EMAIL PROTECTED]
> Sent: Friday, August 02, 2002 3:48 AM
> To: [EMAIL PROTECTED]
> Subject: RE: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw
> [7:50524]
>
>
> Speaking of Priscilla's books:
>
> I've recently bought TDND as it was recommended as a great study guide for
> the CCDP, CID exam.
>
> However, now that I've got it, it seems everyone is suggesting it as the
> study guide for the DCN (640-441), CCDA exam.
>
> Perhaps those in the know (*ahem*...Priscilla ;-) ), can enlighten me
as
> to if the book is meant for the CID (CCDP) or the DCN (CCDA) exam.
>
> Thanks in advance!
> Brendan.
>
>
>
> -Original Message-
> From: Abu Mwalie [mailto:[EMAIL PROTECTED]]
> Sent: 02 August 2002 10:27
> To: [EMAIL PROTECTED]
> Subject: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw [7:50520]
>
>
> Priscilla,
>
> I have seen your knew book at Amazon.com.
>
> I hope it will be like TDND though they say that the second book is
> never like the first.
>
> The first has got me through the scary CCDA today; hope your knew book will
> do the same for Support. LATER!
>
> I look forward to a copy, and Good Luck in its SALES!
> This message contains information intended solely for the addressee,
> which is confidential or private in nature and subject to legal privilege.
> If you are not the intended recipient, you may not peruse, use,
> disseminate, distribute or copy this message or any file attached to this
> message. Any such unauthorised use is prohibited and may be unlawful. If
> you have received this message in error, please notify the sender
> immediately by e-mail, facsimile or telephone and thereafter delete the
> original message from your machine.
>
> Furthermore, the information contained in this message, and any
> attachments thereto, is for information purposes only and may contain the
> personal views and opinions of the author, which are not necessarily the
> views and opinions of Dimension Data (South Africa) (Proprietary) Limited
> or is subsidiaries and associated companies ("Dimension Data"). Dimension
> Data therefore does not accept liability for any claims, loss or damages
> of whatsoever nature, arising as a result of the reliance on such
> information by anyone.
>
> Whilst all reasonable steps are taken to ensure the accuracy and
> integrity of information transmitted electronically and to preserve the
> confidentiality thereof, Dimension Data accepts no liability or
> responsibility whatsoever if information or data is, for whatsoever
> reason, incorrect, corrupted or does not reach its intended destination.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50530&t=50530
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

a thing of beauty (12.2T BGP chaos) [7:50531]

[Neal Rauhauser]

I am getting nipped by this today, and its more than just VPN that is
affected. Latest 12.2.8T5, too :-(


CSCdw84776

   When a customer edge (CE) router advertises a route that contains the
provider edge (PE)-CE
   link, the PE router fails to install this route to the virtual
private network routing/forwarding
   instance (VRF) because the route is already registered in the VRF as
a connected route. If the
   connected route is learned from the redistribution of connected
routes to the Border Gateway
   Protocol (BGP) through the external Border Gateway Protocol (eBGP),
the BGP on the PE
   router marks the route with Routing Information Base (RIB) failure
and prevents the route from
   being advertised to other peer internal Border Gateway Protocol
(iBGP) PE routers. This
   behavior causes a loss of connectivity from the local connected route
to the remote sites. 

   Workaround: Source the route on the PE router. Do not allow the CE
router to advertise the
   route that connects the PE and the CE routers. This condition does
not occur if eBGP is not
   configured between the CE and PE routers and if a routing protocol
such as the VRF, Interior
   Gateway Protocol (IGP), Open Shortest Path First (OSPF), or Routing
Information Protocol
   (RIP) is used. 
-- 
Neal Rauhauser CCNP, CCDP   voice: 402-301-9555
mailto:[EMAIL PROTECTED] fcc  : k0bsd
"This is my private email devoted to various mailing lists. If you're
a twerp with an attorney and someone else's money, don't bother my
employer about the things I say, just come see me personally and we'll
discuss the situation. No names, you twerps should know who you are".




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50531&t=50531
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CSS1 [7:50532]

[Brian Zeitz]

I just signed up for all three Cisco Security exams! I thought this was
a joke, but it is true!



Managing Cisco Network Security

Cisco Secure Pix Firewall Advanced

Cisco Secure Virtual Private Networks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50532&t=50532
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Does IOS 11.1(2) support "show tech" command [7:50494]

[Shawn Heisey]

Jimmy,

(watch for URL wrap)

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_r/ffrprt3/frf013.htm#1068334

Introduced in 11.2 IOS.

The DDTS that implemented the command (CSCdi47180) shows integration in
10.3(12), 11.0(8), 11.1(3), and 11.2(1).

Thanks,
Shawn

Jimmy wrote:
> 
> Hi all :
> 
> Does anyone know whether IOS 11.1(2) support "show
> tech" command ? I have a 2501 router running on
> 11.1(2) and it does not has "show tech ". However
> another 2501 router running on 11.0(22) and it has
> "show tech" command.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50533&t=50494
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2501 IOS Flash! [7:50512]

[McAllister Paul]

Your flash is probably bad.  I recently had a problem with some new flash
and had to return it because half of it was uneraseable.  I never found
documentation or a solid answer for my error messages.

All Flash chips on a stick should be identical (or at least detectable I
guess).


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50534&t=50512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CSS1 Beta [7:50536]

[Brian Zeitz]

The 3 Cisco Security test I was talking about are from the Free Beta. I
forgot to say that.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50536&t=50536
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN not connecting [7:50144]

[Ciaron Gogarty]

Hi Silju,

If my understanding of IPSEC is correct...  his initial IKE (isakmp)
negotiation - phase-1 exchange has completed, this is used to set up the
exchange of the IPSEC proposals -- phase-2.  So since phase-1 negotiations
succeed  (isakmp - udp500) but phase two proposals are never obtained it may
be that the IPSEC (protocol 50/51) somewhere between himself and the remote
VPN endpoints are being filtered... consequesntly phase-1 keeps timing out
waiting for acceptance of ipsec proposals.

The command "sysopt connection permit-ipsec" implicitly allows the IP
protocols 50/51 and udp 500 through a pix firewall as long as there are
matching crypto statements.  You can turn this feature off if you want.. in
which case you will have to explicitly allow those protocols through in your
inbound access-list.  

Have you ever thought of how can you filter what traffic someone from the
other side of the VPN sends you??  By default on a pix you can't.  You just
define what is interesting to bring the tunnel up from your side, but you
can't decide on what the remote end point will send you... sure you can be
restictive on your crypto-access list but you can't really stop it from
getting into your network.. do you see the point I'm getting at??  

rgds,

~Ciaron
-Original Message-
From: Silju Pillai [mailto:[EMAIL PROTECTED]]
Sent: 02 August 2002 15:41
To: [EMAIL PROTECTED]
Subject: RE: VPN not connecting [7:50144]


Hi,

Just wondering why you have to specifically open the ports 500, 50, 51. 
I have installed IPSec VPNs with PIX and Routers. I have never opened any
port. Infact we have a VPN setup in my office itself. You believe me or not,
with default ones it worked smoothly.
Also according to Mike he is receiving IKMP_NO_Error message. So his ISAKMP
policies are matching between the locations. I think you have to check your
transform sets, access lists and crypto maps which comes in the second
phase.

Mike, the following link will help you with sample configurations. You might
have already gone through it.But still I am putting it here.

http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:IPSe
c&s=Implementation_and_Configuration#Samples_%26_Tips

regards
**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept for the
presence of computer viruses.

For more information contact [EMAIL PROTECTED]

phone + 353 1 4093000

fax + 353 1 4093001

**




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50535&t=50144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix static mappings to the inside [7:50500]

[Ole Drews Jensen]

You can use the single IP address on your outside interface without a
problem.

If your outside address is 200.200.200.200 and you have a mail server on
your inside 10.1.1.1 and a telnet server on your inside 10.2.2.2, you can do
this:

static (inside,outside) tcp 200.200.200.200 smtp 10.1.1.1 smtp
static (inside,outside) tcp 200.200.200.200 telnet 10.2.2.2 telnet

conduit permit tcp 200.200.200.200 255.255.255.255 eq smtp any
conduit permit tcp 200.200.200.200 255.255.255.255 eq telnet any

Hth,

Ole

~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~
 http://www.RouterChief.com
~
 Need a Job?
 http://www.OleDrews.com/job
~




-Original Message-
From: Ciaron Gogarty [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 02, 2002 8:29 AM
To: [EMAIL PROTECTED]
Subject: Re: Pix static mappings to the inside [7:50500]


I not sure what code your using, but Cisco recommend using Access-lists
instead of conduit statements.   Just create a typical cisco access-list
(except don't invert your masks) and apply it inbound to the outside
interface and you will get the same result as your conduits!!

C
- Original Message -
From: "Elijah Savage III" 
To: 
Sent: Friday, August 02, 2002 4:23 AM
Subject: Pix static mappings to the inside [7:50500]


> I have my pix 501 firewall working but I have yet to be able to get
> static mapping working. I try this
>
> Static "outside ip address" "inside ip address"
>
> Conduit permit tcp outside ip inside ip eq 25 any
>
>
>
> When I issue these commands I can get mail into my mail server behind
> the pix but it breaks my nat. I have read that it is not good to use
> your outside global ip address for static mapping but if you only have 1
> static ip address how else can you do it.
>
>
>
> With me only having one static ip will this work?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50537&t=50500
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE number [7:50203]

[nrf]

I used to subscribe to the theory that by listing your certs, you somewhat
shield yourself from flaming and criticism.  For example, if a regular dude
with no Cisco knowledge bashes Cisco, you could dismiss him as just a crank
and people could justifiably flame him, etc. etc..  But if he's a CCIE, then
you might actually have to take his complaints seriously.

But I learned the hard way that this is not true.   I learned that if people
dislike your comments so much that they're going to flame you, they're going
to do it whether you present your qualifications or not.  They might flame
you in a different way, but they're still going to do it.   So at the end of
the day, it doesn't matter a whit.

For example, without answering the question of whether I am or am not a
CCIE, I remember when I got into a discussion of the CCIE program, where I
discussed the program's problems.  Just like clockwork, dudes immediately
shot back by asking me whether I was a CCIE myself, apparently under the
guise I am just jealous of the program and the people who hold that
designation.  Yeah, well, what if I had decided to include in my sig my
4-digit number (which, again, is something I may or may not hold).   I think
we all know what would have happened - those same dudes who flamed me before
for being jealous would have now flamed me for being insecure, because
apparently my ulterior motive would be that I'm discouraging people from the
program to protect my exclusive status (?!).   Hmmm.

The point is, it's a no-win situation and so I elect not to play.  The
people on this thread who are reasonable, which is most of them, will read
your statements and judge them based on merit without regard to what your
qualifications are.   But then there are those people who have already made
up their minds and couldn't care less even if you happened to be John
Chambers himself.   So there's no point in putting all your cards on the
table if it isn't going to make a dam* bit of difference anyway.



""Mike Bernico""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I can't really speak for CCIEs because I'm not one, but like many of us on
> this list I've gotten quite a few certifications.  I believe very strongly
> in industry certifications as benchmarks, however I don't list any of my
> certifications on business cards, signature lines, etc anymore.  I don't
> like to be categorized into one thing or another.  It also seems a bit
> pretentious and maybe a bit insecure.  I think everyone should be treated
> the same regardless of certification and their statements should be judged
> on their own merit and not weighted by a certification.  But that's just
my
> $0.02.
>
> I think displaying some certifications could actually have a negative
effect
> as well.  For example, I have a redhat certification.  In a room full of
> microsoft people that might work to discredit me.  The same might go for
> cisco certifications in a room full of whoever else makes Datacom
equipment.
>
>
>
> ---
> Mike Bernico [EMAIL PROTECTED]
> Illinois Century Network  http://www.illinois.net
> (217) 557-6555
>
>
> > -Original Message-
> > From: MADMAN [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, August 01, 2002 8:58 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: CCIE number [7:50203]
> >
> >
> > FWIW I know off hand about 5 CCIE's that don't include their cert in
> > their sig file.  I have not asked them why, never really thought much
> > about it.
> >
> >   Dave
> >
> > ". ." wrote:
> > >
> > > Ok, may be i should rephase my question again. I have seen
> > a lot of people
> > > with their email signature as
> > > John smith
> > > CCIE 1024
> > >
> > > or something like that. Then I know immediately that that
> > person (i know
> > > that 1024 belongs to the lab!) is a CCIE.
> > >
> > > However, would all CCIE include their "CCIE 1024" in their
> > signature? If
> > > not, just roughly how many of them?
> > >
> > > I know that it is not possible to answser this question.
> > However, I am just
> > > too curious to know this.
> > >
> > > If you find that this is stupid quesiton (no stupid
> > question, only stupid
> > > answer???), please kindly ignore this
> > >
> > > Thanks
> > >
> > > _
> > > Join the worlds largest e-mail service with MSN Hotmail.
> > > http://www.hotmail.com
> > --
> > David Madland
> > Sr. Network Engineer
> > CCIE# 2016
> > Qwest Communications Int. Inc.
> > [EMAIL PROTECTED]
> > 612-664-3367
> >
> > "Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50538&t=50203
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Problem Redistributing BGP into OSPF. [7:50539]

[Ejay Hire]

Hi all.  I was wondering if anyone has seen this before and could offer some 
advice.

I have four routers, connected as follows.

ISP1-ebgp-EdgeRouter1-ibgp-Core1-OSPF-Core2

EdgeRouter1 is advertising a Default route and a single /24 to Core1.
Core1 is using "default-info Originate" to copy the default route into OSPF. 
  That works great.  On Core1 I am also using "redistribute bgp 65530 metric 
1000 subnets" to copy the /24 into OSPF.  This doesn't appear to be working. 
  Specifically, the problem I am having is that Core2 doesn't seem to be 
receiving the /24 (from ospf).  I have verified that the /24 is being 
advertised by Edge1 (show ip bgp neigh x.x.x.x adv), and that it is 
appearing in the Route Table of Core1.

Anyone have any suggestions?  Please CC: [EMAIL PROTECTED] on replies, as 
I am on the newsfeed and direct gets to me more quickly.

Thanks,
Ejay Hire

_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50539&t=50539
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Installing a PA-2FE card in a 7206 [7:50540]

[McHugh Randy]

Does anyone know if this Fast Ethernet card is plug and play to when
installed in a 7206 router?  Also can you installing it without powering the
router down and taking it offline?
thx
Randy


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50540&t=50540
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Problem Redistributing BGP into OSPF. [7:50539]

[Roberts, Larry]

What does a show IP ospf data show?

You can do a "show IP OSPF data | include 10.20.30.40" to check the ospf
database for the routing entry there ( assuming 10.20.30.40 is your /24 of
course )


Thanks

Larry
 

-Original Message-
From: Ejay Hire [mailto:[EMAIL PROTECTED]] 
Sent: Friday, August 02, 2002 11:40 AM
To: [EMAIL PROTECTED]
Subject: Problem Redistributing BGP into OSPF. [7:50539]


Hi all.  I was wondering if anyone has seen this before and could offer some

advice.

I have four routers, connected as follows.

ISP1-ebgp-EdgeRouter1-ibgp-Core1-OSPF-Core2

EdgeRouter1 is advertising a Default route and a single /24 to Core1. Core1
is using "default-info Originate" to copy the default route into OSPF. 
  That works great.  On Core1 I am also using "redistribute bgp 65530 metric

1000 subnets" to copy the /24 into OSPF.  This doesn't appear to be working.

  Specifically, the problem I am having is that Core2 doesn't seem to be 
receiving the /24 (from ospf).  I have verified that the /24 is being 
advertised by Edge1 (show ip bgp neigh x.x.x.x adv), and that it is 
appearing in the Route Table of Core1.

Anyone have any suggestions?  Please CC: [EMAIL PROTECTED] on replies, as

I am on the newsfeed and direct gets to me more quickly.

Thanks,
Ejay Hire

_
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50541&t=50539
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Kind suggestion is Needed! [7:50317]

[John Green]

try some router rental labs that you can access
online. there are some links on the groupstudy home
page itself. 

--- "a. ahmad"  wrote:
> Dear All,
> 
> Thanks for some valueable suggestions. One more
> thingif one is willing
> to be a great networker, young, energatic but unable
> to get hands on
> experience then what are some guidelines for
> him/her..
> 
> Thanks,
> AA
[EMAIL PROTECTED]


__
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50542&t=50317
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Installing a PA-2FE card in a 7206 [7:50540]

[MADMAN]

Yes as long as you have the IOS that supports it and it is hot
swappable.

  Dave

McHugh Randy wrote:
> 
> Does anyone know if this Fast Ethernet card is plug and play to when
> installed in a 7206 router?  Also can you installing it without powering
the
> router down and taking it offline?
> thx
> Randy
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50543&t=50540
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

IP unnumbered loopback & dialup [7:50544]

[Tunji Suleiman]

Hi all,

I am trying to conserve IP addresses by using private IPs for dialin users. 
>From clients I can dial in to network but cant get beyond 3640 NAS, cant 
even ping e0/0. From 3640, I can ping connected client and any host on 
Internet. From 2611 Internet gateway, I can ping 3640 e0/0 and lo0, but not 
a connected dialin user on Async with private IP address assigned by 3640 
from IP pool. Traffic in both directions disappear at the 3640. Can somebody 
pls point out what I'm missing? Below are my configs and route tables:

3640-NAS:
interface Loopback0
ip address 192.168.200.254 255.255.255.0
!
interface Ethernet0/0
ip address 216.199.175.12 255.255.255.224
!
interface Group-Async1
ip unnumbered Loopback0
peer default ip address pool PRIVATE
!
router eigrp 10
network 192.168.1.0
network 192.168.200.0
network 216.199.175.0
no auto-summary
!
ip local pool PRIVATE 192.168.200.41 192.168.200.88
ip classless
ip route 0.0.0.0 0.0.0.0 216.199.175.1

Gateway of last resort is 216.199.175.1 to network 0.0.0.0

 216.199.175.0/27 is subnetted, 1 subnets
C   216.199.175.0 is directly connected, Ethernet0/0
 192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks
C   192.168.200.52/32 is directly connected, Async101
C   192.168.200.0/24 is directly connected, Loopback0
 192.168.1.0/30 is subnetted, 1 subnets
D   192.168.1.0 [90/2195456] via 216.199.175.1, 00:58:16, Ethernet0/0
S*   0.0.0.0/0 [1/0] via 216.199.175.1

2611-Gateway
interface Ethernet0/0
ip address 216.199.175.1 255.255.255.224
!
interface Serial0/0
ip address 192.168.1.2 255.255.255.252
!
router eigrp 10
network 192.168.1.0
network 192.168.200.0
network 216.199.175.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

 216.199.175.0/27 is subnetted, 1 subnets
C   216.199.175.0 is directly connected, Ethernet0/0
 192.168.200.0/24 is subnetted, 1 subnets
D   192.168.200.0 [90/409600] via 216.199.175.12, 07:51:45, Et0/0
 192.168.1.0/30 is subnetted, 1 subnets
C   192.168.1.0 is directly connected, Serial0/0
S*   0.0.0.0/0 [1/0] via 192.168.1.1

TIA

Tunji





_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50544&t=50544
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

WS-G5483 [7:50545]

[MADMAN]

I have a customer who is going to be using the WS-G5483 GBIC.  This
requires catOS 7.2.  I have not yet loaded 7.2.  Anyone out there
running 7.2??  Good, bad or indifferant?!

  Thanks

  Dave
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50545&t=50545
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PRISCILLA OPPENHEIMER -Troubleshooting Campus [7:50524]

[Priscilla Oppenheimer]

[EMAIL PROTECTED] wrote:
> 
> Speaking of Priscilla's books:
> 
> I've recently bought TDND as it was recommended as a great
> study guide for
> the CCDP, CID exam.
> 
> However, now that I've got it, it seems everyone is suggesting
> it as the
> study guide for the DCN (640-441), CCDA exam.
> 
> Perhaps those in the know (*ahem*...Priscilla ;-) ), can
> enlighten me as
> to if the book is meant for the CID (CCDP) or the DCN (CCDA)
> exam.

Top-Down Network Design wasn't meant to be a certification book at all. What
would be the fun in writing something like that? ;-) But I worked at Cisco
on both the Designing Cisco Networks 1.0 and Cisco Internetwork Design 2.0
classes, so the book is similar to both of those.

The history is that, with the help of gurus like Howard Berkowitz, Marty
Adkins, Peter Welcher, and some senior Cisco SEs, I developed a design
methodology and explained it in the first version of the Designing Cisco
Networks class.

Then I left Cisco and continued developing methods for doing and explaining
network design and wrote TDND. In the meantime, people still at Cisco turned
DCN into a general-purpose course, certification program, Cisco Press book,
etc. It took on a life of its own!

I hear that TDND is still good for both CCDA and CID. It is currently
influencing development of both those programs, which originally influenced
it. It's been kind of a spiral.

My new book, Troubleshooting Campus Networks, isn't really a certification
book either. But after I learned how well cert books sell, I did make sure
that it covers all the topics in the Support exam and that it provides the
right info to help people pass that test.

Thank-you very much for your interests in my books. I hope they work out
well for you.

Priscilla

> 
> Thanks in advance!
> Brendan.
> 
> 
> 
> -Original Message-
> From: Abu Mwalie [mailto:[EMAIL PROTECTED]] 
> Sent: 02 August 2002 10:27
> To: [EMAIL PROTECTED]
> Subject: PRISCILLA OPPENHEIMER -Troubleshooting Campus Netw
> [7:50520]
> 
> 
> Priscilla,
> 
> I have seen your knew book at Amazon.com.
> 
> I hope it will be like TDND though they say that the second
> book is
> never like the first.
> 
> The first has got me through the scary CCDA today; hope your
> knew book will
> do the same for Support. LATER!
> 
> I look forward to a copy, and Good Luck in its SALES!
> This message contains information intended solely for the
> addressee,
> which is confidential or private in nature and subject to legal
> privilege.
> If you are not the intended recipient, you may not peruse, use,
> disseminate, distribute or copy this message or any file
> attached to this
> message. Any such unauthorised use is prohibited and may be
> unlawful. If
> you have received this message in error, please notify the
> sender
> immediately by e-mail, facsimile or telephone and thereafter
> delete the
> original message from your machine. 
>  
> Furthermore, the information contained in this message, and any
> attachments thereto, is for information purposes only and may
> contain the
> personal views and opinions of the author, which are not
> necessarily the
> views and opinions of Dimension Data (South Africa)
> (Proprietary) Limited
> or is subsidiaries and associated companies ("Dimension Data").
> Dimension
> Data therefore does not accept liability for any claims, loss
> or damages
> of whatsoever nature, arising as a result of the reliance on
> such
> information by anyone. 
>  
> Whilst all reasonable steps are taken to ensure the accuracy and
> integrity of information transmitted electronically and to
> preserve the
> confidentiality thereof, Dimension Data accepts no liability or
> responsibility whatsoever if information or data is, for
> whatsoever
> reason, incorrect, corrupted or does not reach its intended
> destination.
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50546&t=50524
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

not very good, but good enough... [7:50547]

[Persio Pucci]

... to pass!!! :)

Just came back from my Vue Testing Center where I took the 350-001 today... I
got a 73% grade, which is not very good, but it is good enough to get a PASS
:)

I'd like to thank everybody for all the information shared here on this
group,
it was very helpful... hopefully, it will also be helpful on the lab :)

See you guys there!!!

Persio




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50547&t=50547
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Route Summary syntax [7:50507]

[Symon Thurlow]

Well, In the first lot, this is what I get:

Sydney = 10.64.0.0 - 10.64.7.255
Melbourne = 10.64.0.0 - 10.64.1.255
Brisbane = 10.64.0.0 - 10.64.1.255

I.E your addrersses supplied are host addresses, not network addresses.

Your second lot is

10.64.0.0 - 10.64.7.255
10.64.8.0 - 10.64.9.255
10.64.10.0 - 10.64.11.255

So yes, very different


-Original Message-
From: John Brandis [mailto:[EMAIL PROTECTED]] 
Sent: 02 August 2002 04:12
To: [EMAIL PROTECTED]
Subject: Route Summary syntax [7:50507]


Hi All, are the 2 following statements the same ?

Route Summary for my global empire

Sydney 10.64.0.0/21

Melb10.64.0.8/23

Bris10.64.0.10/23

Is whats below the same ?

10.64.0.0/21

10.64.8.0/23

10.64.10.0/23

Thanks for your time everyone.

JB


**

visit http://www.solution6.com
visit http://www.eccountancy.com - everything for accountants.

UK Customers - http://www.solution6.co.uk

*
This email message (and attachments) may contain information that is
confidential to Solution 6. If you are not the intended recipient you
cannot use, distribute or copy the message or attachments.  In such a
case, please notify the sender by return email immediately and erase all
copies of the message and attachments.  Opinions, conclusions and other
information in this message and attachments that do not relate to the
official business of Solution 6 are neither given nor endorsed by it.
*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50548&t=50507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CSS1 [7:50532]

[groupstudy.com]

what is  a promo code , where did you get it for the all three exam , I was
trying to register but no promo code ?

Rahul

""Brian Zeitz""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I just signed up for all three Cisco Security exams! I thought this was
> a joke, but it is true!
>
>
>
> Managing Cisco Network Security
>
> Cisco Secure Pix Firewall Advanced
>
> Cisco Secure Virtual Private Networks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50549&t=50532
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CSS1 [7:50532]

[groupstudy.com]

Can you send me the promocode for registering the css1 exams?

Rahul
ccnp,ccna,
[EMAIL PROTECTED]
""Brian Zeitz""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I just signed up for all three Cisco Security exams! I thought this was
> a joke, but it is true!
>
>
>
> Managing Cisco Network Security
>
> Cisco Secure Pix Firewall Advanced
>
> Cisco Secure Virtual Private Networks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50550&t=50532
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Pix static mappings to the inside [7:50500]

[John Kaberna]

I would agree in their suggestion to use ACL's instead of conduits.  What
you want to look up is actually called port redirection.

John Kaberna
CCIE #7146 (R/S, Security)


""Ole Drews Jensen""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> You can use the single IP address on your outside interface without a
> problem.
>
> If your outside address is 200.200.200.200 and you have a mail server on
> your inside 10.1.1.1 and a telnet server on your inside 10.2.2.2, you can
do
> this:
>
> static (inside,outside) tcp 200.200.200.200 smtp 10.1.1.1 smtp
> static (inside,outside) tcp 200.200.200.200 telnet 10.2.2.2 telnet
>
> conduit permit tcp 200.200.200.200 255.255.255.255 eq smtp any
> conduit permit tcp 200.200.200.200 255.255.255.255 eq telnet any
>
> Hth,
>
> Ole
>
> ~
>  Ole Drews Jensen
>  Systems Network Manager
>  CCNP, MCSE, MCP+I
>  RWR Enterprises, Inc.
>  [EMAIL PROTECTED]
> ~
>  http://www.RouterChief.com
> ~
>  Need a Job?
>  http://www.OleDrews.com/job
> ~
>
>
>
>
> -Original Message-
> From: Ciaron Gogarty [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 02, 2002 8:29 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Pix static mappings to the inside [7:50500]
>
>
> I not sure what code your using, but Cisco recommend using Access-lists
> instead of conduit statements.   Just create a typical cisco access-list
> (except don't invert your masks) and apply it inbound to the outside
> interface and you will get the same result as your conduits!!
>
> C
> - Original Message -
> From: "Elijah Savage III"
> To:
> Sent: Friday, August 02, 2002 4:23 AM
> Subject: Pix static mappings to the inside [7:50500]
>
>
> > I have my pix 501 firewall working but I have yet to be able to get
> > static mapping working. I try this
> >
> > Static "outside ip address" "inside ip address"
> >
> > Conduit permit tcp outside ip inside ip eq 25 any
> >
> >
> >
> > When I issue these commands I can get mail into my mail server behind
> > the pix but it breaks my nat. I have read that it is not good to use
> > your outside global ip address for static mapping but if you only have 1
> > static ip address how else can you do it.
> >
> >
> >
> > With me only having one static ip will this work?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50551&t=50500
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2501 IOS Flash! [7:50512]

[richard roe]

I guess the Flash are bad then :( 
Thanks for the comments Paul & KW :)
Now, where can i get some flash..hmmm.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50552&t=50512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CSS1 [7:50532]

[Brian Zeitz]

I sent it to you already!


OR A LIMITED TIME
FREE CISCO SECURITY CERTIFICATION BETA EXAMS
Use these Promotional Codes to take them for free

>From August 2nd through 22nd, the first 300 candidates to take each of 
>these
3 new Cisco security certification BETA exams can do so AT NO COST:
Managing Cisco Network Security (MCNS), Cisco Secure PIX Firewall
Advanced (CSPFA), and Cisco Secure Virtual Private Networks (CSVPN).
Please share this opportunity with your coworkers, customers and
Partners.  Registration for these BETA exams starts August 2nd.
Candidates must reference the following PROMOTIONAL CODES to take the
BETA exams for free ---MCNS BETA exam #641-100, CODE: mcnsbe
---CSPFA BETA exam #9E1-111, CODE: cspfab ---CSVPN BETA exam #9E1-121,
CODE: csvpnb

To register, contact one of the following testing centers:
Prometric: US and Canada: 1-800-829-NETS (6387)-option 2, then 4.
Outside U.S. and Canada, visit http://www.prometric.com.
VUE: U.S. and Canada call 1-800-829-NETS (6387)-option 2, then 4.
Outside U.S. and Canada, visit www.vue.com.

The testing centers will need your social security number and some
demographic information before scheduling your exam. You will receive
the results of your test approximately 8-12 weeks after the BETA period
has ended.  A passing score on a BETA exam can be applied toward the
relevant Cisco security certifications.

The finalized versions of these exams will go-live October 1st and will
be available worldwide at their regular cost.  So be sure to take
advantage of this opportunity to take these exams at no cost!



BETA Exam Description:
The MCNS 641-100 BETA exam is the final step in preparation for the
October 2002 launch of the revised MCNS exam.  It focuses on the new
material included in the new MCNS 3.0 course releasing  August 2002. The
MCNS 3.0 course fully replaces the existing MCNS 2.0 course. Content
covering the PIX Firewall has been removed and several new IOS Firewall
and IPSec features have been added.  In addition to these new chapters
and labs, all content focuses on the IOS software version 12.2.8T, CS
ACS 3.0 for Windows 2000 Server, as well as the new Cisco Unified 3.0
IPSec Client.

BETA Exam Description:
The CSPFA 9E1-111 BETA exam is the final step in preparation for the
October 2002 launch of the revised CSPFA exam.  It focuses on the new
material included in the new CSPFA 3.0 course releasing  August 2002.
The CSPFA 3.0 course updates CSPFA 2.1 and includes new lab exercises
(Configuring Object Grouping, Configuring Command-Level Authorization,
and Configuring a VPN with the PIX Device Manager), how to upgrade an
activation key, how to use NAT 0 ACLs, how to configure secure remote
access to your PIX Firewall, and how the PIX Firewall works with common
applications. Labs focus on PIX Firewall software version 6.2, and
content covering the Cisco IOS Firewall feature set have been removed.

BETA Exam Description:
The CSVPN 9E1-121BETA exam is the final step in preparation for the
October 2002 launch of the revised CSVPN exam.  It focuses on the new
material included in the new CSVPN 3.0 course releasing  August 2002.
The CSVPN 3.0 course fully replaces the existing CSVPN 2.0 course.
Content covering Cisco PIX Firewall-VPN and IOS-VPN theory has been
removed and the course now focuses on the Cisco VPN 3000 Concentrator
release 3.5 software, new Cisco VPN 3002 features, as well as
installation and configuration of the Cisco VPN 3.5 Software Client (on
Windows 2000 platforms) and installation and configuration of the Cisco
VPN 3002.
__
To unsubscribe from the SECURITY list, send a message to
[EMAIL PROTECTED] with the body containing: unsubscribe SECURITY




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50553&t=50532
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN not connecting [7:50144]

[Silju Pillai]

HI Ciaron,

  I totally agree with you that Phase-1 is completed in Mike's setup.
But I would like to discuss some points. The problem I think is in phase-2
only.

1. Normally if your end-to-end traffic has to pass the ISP (public network)
then you create a VPN tunnel. ISPs doesnt block any traffic or ports (500,50
or 51). If at all you are blocking these ports it will be at customer site.

2. You are right that "sysopt connection permit-ipsec" should be given on
PIX to allow the IPSec traffic. But I assume Mike might hvae already tried
that. Thanks a lot for this information as I never thought of turning it off
and testing it. I just had a look at the cisco site regarding this info.
Which is better? Turn it off and permit the specific ports or give this
command and let PIX do the rest.

3. You define interesting traffic only for those networks or machines where
you want to communicate using private network securely. So there is no point
in filtering the traffic. Configure access-list so that only specific
traffic is permitted. If the traffic doesnt match the crypto access list how
the packets will enter into the network? In my opinion they will get
dropped. Hope you get me.

thanks once again,
regards
Silju


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50554&t=50144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN Tunnel through the PIX [7:50417]

[Silju Pillai]

HI Fabil,

Its very difficult to explain unless you give the exact scenario.Normally
you configure an access list for the VPN traffic and deny the NATing using
"nat (inside) 0 access-list " command.

Try the below link. You will find all the configurations there.

http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:IPSec&s=Implementation_and_Configuration#Samples_%26_Tips

Hope this helps,
regards,
Silju


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50555&t=50417
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to setup Pix site-to-site VPN with overlapping [7:50255]

[Silju Pillai]

HI David,

I have a link for you. It may help you a bit. It says NAT the existing
addresses to a different address at both sites (although the document says
one bcoz of the concentrator).

http://www.cisco.com/warp/public/707/vpn_pix_private.html.

If you are trying this ust tell me if it works or not.

regards
Silju


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50556&t=50255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: **PROMO CODES**for FREE Security Certification BETA Exams, [7:50557]

[Daniel Cotts]

Passing on something sent to me by a Cisco Channel SE.

FOR A LIMITED TIME
FREE CISCO SECURITY CERTIFICATION BETA EXAMS
Use these Promotional Codes to take them for free

>From August 2nd through 22nd, the first 300 candidates to take each of
these
3 new Cisco security certification BETA exams can do so AT NO COST: Managing
Cisco Network Security (MCNS), Cisco Secure PIX Firewall Advanced (CSPFA),
and Cisco Secure Virtual Private Networks (CSVPN).  Please share this
opportunity with your coworkers, customers and Partners.  Registration for
these BETA exams starts August 2nd.  Candidates must reference the following
PROMOTIONAL CODES to take the BETA exams for free
---MCNS BETA exam #641-100, CODE: mcnsbe
---CSPFA BETA exam #9E1-111, CODE: cspfab
---CSVPN BETA exam #9E1-121, CODE: csvpnb

To register, contact one of the following testing centers:
Prometric: US and Canada: 1-800-829-NETS (6387)-option 2, then 4.
Outside U.S. and Canada, visit http://www.prometric.com.
VUE: U.S. and Canada call 1-800-829-NETS (6387)-option 2, then 4.
Outside U.S. and Canada, visit www.vue.com.

The testing centers will need your social security number and some
demographic information before scheduling your exam. You will receive the
results of your test approximately 8-12 weeks after the BETA period has
ended.  A passing score on a BETA exam can be applied toward the relevant
Cisco security certifications.

The finalized versions of these exams will go-live October 1st and will be
available worldwide at their regular cost.  So be sure to take advantage of
this opportunity to take these exams at no cost!



BETA Exam Description:
The MCNS 641-100 BETA exam is the final step in preparation for the October
2002 launch of the revised MCNS exam.  It focuses on the new material
included in the new MCNS 3.0 course releasing  August 2002.  The MCNS 3.0
course fully replaces the existing MCNS 2.0 course.  Content covering the
PIX Firewall has been removed and several new IOS Firewall and IPSec
features have been added.  In addition to these new chapters and labs, all
content focuses on the IOS software version 12.2.8T, CS ACS 3.0 for Windows
2000 Server, as well as the new Cisco Unified 3.0 IPSec Client.

BETA Exam Description:
The CSPFA 9E1-111 BETA exam is the final step in preparation for the October
2002 launch of the revised CSPFA exam.  It focuses on the new material
included in the new CSPFA 3.0 course releasing  August 2002.  The CSPFA 3.0
course updates CSPFA 2.1 and includes new lab exercises (Configuring Object
Grouping, Configuring Command-Level Authorization, and Configuring a VPN
with the PIX Device Manager), how to upgrade an activation key, how to use
NAT 0 ACLs, how to configure secure remote access to your PIX Firewall, and
how the PIX Firewall works with common applications. Labs focus on PIX
Firewall software version 6.2, and content covering the Cisco IOS Firewall
feature set have been removed.

BETA Exam Description:
The CSVPN 9E1-121BETA exam is the final step in preparation for the October
2002 launch of the revised CSVPN exam.  It focuses on the new material
included in the new CSVPN 3.0 course releasing  August 2002.  The CSVPN 3.0
course fully replaces the existing CSVPN 2.0 course. Content covering Cisco
PIX Firewall-VPN and IOS-VPN theory has been removed and the course now
focuses on the Cisco VPN 3000 Concentrator release 3.5 software, new Cisco
VPN 3002 features, as well as installation and configuration of the Cisco
VPN 3.5 Software Client (on Windows 2000 platforms) and installation and
configuration of the Cisco VPN 3002.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50557&t=50557
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2501 IOS Flash! [7:50512]

[Leiva, Angel E]

Richard,

You need to boot the 2501 router into RXBoot mode before you can Upgrade the
IOS in Flash.

Visit this CCO URL:
http://www.cisco.com/warp/public/130/sw_upgrade_proc_flash.shtml

Here is probably the cause of your problem:

--
Configure the router or access server to boot into Rxboot mode

On these platforms, the Cisco IOS software image is actually running
directly from the Flash memory. Therefore, you cannot copy the Cisco IOS
software image from the TFTP server to the Flash if you are in user
privileged EXEC mode (router#). You have to configure the router or access
server to boot into Rxboot mode.

Check the current value of the configuration register. You can see it on the
bottom line of the show version output. It is usually set to 0x2102 or
0x102. You will need this value for a later step.

Change the configuration register to the value 0x2101 as follows:

Router>enable
Password: password
Router#
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#config-register 0x2101
Router(config)#^Z
Router#
%SYS-5-CONFIG_I: Configured from console by console !--- It's not necessary
to
   !--- save the configuration here, as the configuration register has
already
   !--- been changed in NVRAM
Router#reload
Note: If you are connected through Telnet, the session is lost after the
reload. Wait a few minutes and try again. It is strongly recommended that
you do not perform a Cisco IOS software upgrade remotely since most disaster
recovery procedures require you to be physically located where the router is
installed.

--

Good luck,

Angel Leiva - MCSE, CCNP-R&S, CCNP-WAN
Senior Network Systems Consultant
International Network Services  Irving, TX

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 11:30 PM
To: [EMAIL PROTECTED]
Subject: 2501 IOS Flash! [7:50512]


Hey all,

Could someone be kind enough to explain to me why I can't copy IOS by tftp
to my flash, my flash currently reads:
System flash directory:
No files in System flash
[0 bytes used, 16777216 available, 16777216 total]
16384K bytes of  System flash (Device not programmable)

I think (Device not programmable) may be the problem(could be wrong), any
ideas how to rectify this?

Please help.

Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50558&t=50512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2501 IOS Flash! [7:50512]

[Leiva, Angel E]

Richard,

You need to boot the 2501 router into RXBoot mode before you can Upgrade the
IOS in Flash.

Visit this CCO URL:
http://www.cisco.com/warp/public/130/sw_upgrade_proc_flash.shtml

Here is probably the cause of your problem:

--
Configure the router or access server to boot into Rxboot mode

On these platforms, the Cisco IOS software image is actually running
directly from the Flash memory. Therefore, you cannot copy the Cisco IOS
software image from the TFTP server to the Flash if you are in user
privileged EXEC mode (router#). You have to configure the router or access
server to boot into Rxboot mode.

Check the current value of the configuration register. You can see it on the
bottom line of the show version output. It is usually set to 0x2102 or
0x102. You will need this value for a later step.

Change the configuration register to the value 0x2101 as follows:

Router>enable
Password: password
Router#
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#config-register 0x2101
Router(config)#^Z
Router#
%SYS-5-CONFIG_I: Configured from console by console !--- It's not necessary
to
   !--- save the configuration here, as the configuration register has
already
   !--- been changed in NVRAM
Router#reload
Note: If you are connected through Telnet, the session is lost after the
reload. Wait a few minutes and try again. It is strongly recommended that
you do not perform a Cisco IOS software upgrade remotely since most disaster
recovery procedures require you to be physically located where the router is
installed.

--

Good luck,

Angel Leiva - MCSE, CCNP-R&S, CCNP-WAN
Senior Network Systems Consultant
International Network Services  Irving, TX


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 02, 2002 1:55 AM
To: [EMAIL PROTECTED]
Subject: RE: 2501 IOS Flash! [7:50512]


Argh! Still can't get the IOS to copy from tftp to flash!

In addition, here's what i got from #sh flash all command:
System flash directory:
No files in System flash
[0 bytes used, 16777216 available, 16777216 total]
16384K bytes of  System flash (Device not programmable)

   ChipBankCode  Size  Name
1  1   89A0  4096KBINTEL 28F016SA
2  1   89A0  4096KBINTEL 28F016SA
3  1     4096KBUnknown Chip
4  1   89A0  4096KBINTEL 28F016SA

Are the chips still good? Whats the "unknown chip" and does it have any
effect on the transfer?! Says "READ-ONLY" for the flash when copying, any
idea/s on how to change that?

Been through loads of documentation but still can't find the answer!
Do hope someone can help...thanks!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50559&t=50512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2501 IOS Flash! [7:50512]

[Phil Lorenz]

I've been ordering from this guy for almost 3 years.

PC Wholesale [[EMAIL PROTECTED]]

Prices are great and I've always received my orders in just a few days.

All the best !!!
Phil

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Friday, August 02, 2002 3:45 PM
To: [EMAIL PROTECTED]
Subject: RE: 2501 IOS Flash! [7:50512]

I guess the Flash are bad then :( 
Thanks for the comments Paul & KW :)
Now, where can i get some flash..hmmm.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50560&t=50512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CSS1 Beta Exams [7:50561]

[Kim Graham]

Thanks for the heads up.   I was signing up this evening to take the
existing CSPFA over the weekend. So I gave myself an extra week in hopes to
save $200 CDN.

The MCNS looked to good to turn down at that price. So I will see if
squeaking by can be acheived.   I have 20 days to go over the blue print,
pull out what I use daily and read up on things that I may have seen but
don't realize they exist.

Thus my path is laid out ;).  

Kim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50561&t=50561
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PRISCILLA OPPENHEIMER -Troubleshooting Campus [7:50530]

[Paul Jin]

I have to agree that TDND is a very good book overall and the added benefit
to the book is it will help people study for their
design exams.

I have to compare this book to many of Mark Minasi's NT/2000 books, and
although he does not write the book to specifically help you prepare for the
MCSE, many people use it to do just that.

- Paul


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50562&t=50530
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: not very good, but good enough... [7:50547]

[Kim Graham]

Now onto the lab :) 

Kim 

> 
> From: "Persio Pucci" 
> Date: 2002/08/02 Fri PM 03:17:07 EDT
> To: [EMAIL PROTECTED]
> Subject: not very good, but good enough... [7:50547]
> 
> ... to pass!!! :)
> 
> Just came back from my Vue Testing Center where I took the 350-001
today... I
> got a 73% grade, which is not very good, but it is good enough to get a
PASS
> :)
> 
> I'd like to thank everybody for all the information shared here on this
> group,
> it was very helpful... hopefully, it will also be helpful on the lab :)
> 
> See you guys there!!!
> 
> Persio




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50563&t=50547
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN not connecting [7:50144]

[Ciaron Gogarty]

Hi Silju,

I would have to disagree with you one point, or perhaps modify your
statement --  "Normally"  ISP's don't filter IPSEC, but some do -- I know
this from personal experience.  Granted the ISP in question didn't know they
were doing it (misconfigured access-list).

I remember reading somewhere that some ISP's were going to actively filter
IPSEC transiting their AS.  This may or may not be true.. does anybody on
the group know for sure???

Either way, it may be prudent to check with his upstream ISP!!

Although your correct in saying that most VPN's terminate at secure or
wholly trusted sites, this is not always the case.  Suppose you wanted to
also extend your VPN to a support company for a particular server app, your
corporate policy may not like that fact that you cannot actively control
what is sent through the tunnel.  Sure you can make sure a reply will only
go back to a destination address defined as "interesting" in your return
access list.. but those packest are still coming from his side of the VPN
and entering your network... so in that case, you could turn off the sysopt
connect permit-ipsec and use access-lists on the outside to filter the
traffic before it enters the network.  I could be wrong, but that is my
understanding of the pix implementation of IPSEC... does anybody know for
sure??

cheers dude,

Ciaron


- Original Message -
From: "Silju Pillai" 
To: 
Sent: Friday, August 02, 2002 10:18 PM
Subject: RE: VPN not connecting [7:50144]


> HI Ciaron,
>
>   I totally agree with you that Phase-1 is completed in Mike's setup.
> But I would like to discuss some points. The problem I think is in phase-2
> only.
>
> 1. Normally if your end-to-end traffic has to pass the ISP (public
network)
> then you create a VPN tunnel. ISPs doesnt block any traffic or ports
(500,50
> or 51). If at all you are blocking these ports it will be at customer
site.
>
> 2. You are right that "sysopt connection permit-ipsec" should be given on
> PIX to allow the IPSec traffic. But I assume Mike might hvae already tried
> that. Thanks a lot for this information as I never thought of turning it
off
> and testing it. I just had a look at the cisco site regarding this info.
> Which is better? Turn it off and permit the specific ports or give this
> command and let PIX do the rest.
>
> 3. You define interesting traffic only for those networks or machines
where
> you want to communicate using private network securely. So there is no
point
> in filtering the traffic. Configure access-list so that only specific
> traffic is permitted. If the traffic doesnt match the crypto access list
how
> the packets will enter into the network? In my opinion they will get
> dropped. Hope you get me.
>
> thanks once again,
> regards
> Silju




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50564&t=50144
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix 501 connected to dsl [7:50449]

[Paul Jin]

Hi,

How are your setting a default route for this pix firewall?

- Paul


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50565&t=50449
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Cisco Press OSPF? [7:50567]

[Robert D. Cluett]

All,

Looking for a book that will cover OSPF in detail outside of the BSCN book.
I recently purchased "Internet Routing Architectures" to give me more
detailed knowledge of BGP, but need to round out the OSPF with another book.
Any advice?

Thanks
Rob Cluett, CCNA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50567&t=50567
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Press OSPF? [7:50567]

[Chuck]

Might consider this one:

Cisco OSPF Command and Configuration Handbook
by  William R. Parkhurst

I haven't read this one myself, but according to the reviews it is written
in the same vein as his BGP book, which I believe is a far better way to
learn the knobs.

HTH


""Robert D. Cluett""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> All,
>
> Looking for a book that will cover OSPF in detail outside of the BSCN
book.
> I recently purchased "Internet Routing Architectures" to give me more
> detailed knowledge of BGP, but need to round out the OSPF with another
book.
> Any advice?
>
> Thanks
> Rob Cluett, CCNA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50568&t=50567
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2501 IOS Flash! [7:50512]

[Juan Blanco]

www.memorydealers.com

They have a very good price and very reliabletake a look...



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Phil Lorenz
Sent: Friday, August 02, 2002 6:42 PM
To: [EMAIL PROTECTED]
Subject: RE: 2501 IOS Flash! [7:50512]


I've been ordering from this guy for almost 3 years.

PC Wholesale [[EMAIL PROTECTED]]

Prices are great and I've always received my orders in just a few days.

All the best !!!
Phil

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 02, 2002 3:45 PM
To: [EMAIL PROTECTED]
Subject: RE: 2501 IOS Flash! [7:50512]

I guess the Flash are bad then :(
Thanks for the comments Paul & KW :)
Now, where can i get some flash..hmmm.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50569&t=50512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2501 IOS Flash! [7:50512]

[Phil Lorenz]

AGGG !!!

Back to the very first post... if this router somehow is booting with a
run from FLASH IOS, you cannot upgrade it in normal operating mode.

The 2500 started many many years ago, with run from RAM IOS.  Run from
RAM meant the FLASH is more of a repository for the compressed IOS code
and the router could not function until the IOS image decompressed when
loading into RAM.  This was the case with 11.3, where routers were
delivered with 8 FLASH and 16 RAM.

Today- the 2500 is so processor and memory limited, that FLASH now works
like a hard drive.  What portion of the IOS code is needed is loaded
into FLASH.  That's why 12.1, which is about when these guys went EOL,
started with 16 FLASH and 8 RAM setups.

Try breaking the boot (Cntrl Break @ the boot up) and loading IOS from
ROM (boot mode) and keep in mind this process will not work without
11.0(10c) boot ROMs.

All the best !!!
Phil
 

-Original Message-
From: Juan Blanco [mailto:[EMAIL PROTECTED]] 
Sent: Friday, August 02, 2002 8:30 PM
To: 'Phil Lorenz'; [EMAIL PROTECTED]
Subject: RE: 2501 IOS Flash! [7:50512]

www.memorydealers.com

They have a very good price and very reliabletake a look...



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Phil Lorenz
Sent: Friday, August 02, 2002 6:42 PM
To: [EMAIL PROTECTED]
Subject: RE: 2501 IOS Flash! [7:50512]


I've been ordering from this guy for almost 3 years.

PC Wholesale [[EMAIL PROTECTED]]

Prices are great and I've always received my orders in just a few days.

All the best !!!
Phil

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 02, 2002 3:45 PM
To: [EMAIL PROTECTED]
Subject: RE: 2501 IOS Flash! [7:50512]

I guess the Flash are bad then :(
Thanks for the comments Paul & KW :)
Now, where can i get some flash..hmmm.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50570&t=50512
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Press OSPF? [7:50567]

[Chuck Ryan]

The Cisco Press OSPF book by Tom Thomas would go great with Dr. Parkhurst's
book as well.

- Original Message -
From: "Chuck" 
To: 
Sent: Friday, August 02, 2002 10:04 PM
Subject: Re: Cisco Press OSPF? [7:50567]


> Might consider this one:
>
> Cisco OSPF Command and Configuration Handbook
> by  William R. Parkhurst
>
> I haven't read this one myself, but according to the reviews it is written
> in the same vein as his BGP book, which I believe is a far better way to
> learn the knobs.
>
> HTH
>
>
> ""Robert D. Cluett""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > All,
> >
> > Looking for a book that will cover OSPF in detail outside of the BSCN
> book.
> > I recently purchased "Internet Routing Architectures" to give me more
> > detailed knowledge of BGP, but need to round out the OSPF with another
> book.
> > Any advice?
> >
> > Thanks
> > Rob Cluett, CCNA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50571&t=50567
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

DRAM for 2500 series [7:50572]

[Jack Lane]

I don't care about a SmartNet contract.  Will a standard, fast-page with
parity SIMM chip work with a 2500 series router?  Am I asking for trouble if
I don't get a "for Cisco 2500 series" ram?

I found this chip for $6: 16 MB SIMM FAST PAGE with PARITY (4X36) 72 PIN 

Thanks,

Jack


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50572&t=50572
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BGP Route Reflectors? [7:50573]

[Robert D. Cluett]

Group,

In reading the BSCN book, I have stumbled across something confusing when it
is discussing "route reflectors".  The books states that the use of route
reflectors eliminates the need to run BGP in a full mesh environment.  Based
on this statement I have assumed that BGP therefore must be configured only
on a network that is fully meshed (unless route reflectors are used). Is
this true?

Robert D. Cluett, CCNA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50573&t=50573
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP Route Reflectors? [7:50573]

[Chuck]

only the iBGP speakers must be in a full mesh - not necessarily the entire
network.


""Robert D. Cluett""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Group,
>
> In reading the BSCN book, I have stumbled across something confusing when
it
> is discussing "route reflectors".  The books states that the use of route
> reflectors eliminates the need to run BGP in a full mesh environment.
Based
> on this statement I have assumed that BGP therefore must be configured
only
> on a network that is fully meshed (unless route reflectors are used). Is
> this true?
>
> Robert D. Cluett, CCNA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50574&t=50573
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: X.25 switching on CISCO; Please help [7:50521]

[Fathalla A. Fathalla]

can you please paste a copy of your x25 debug?
Regards,

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Pooja Thakur
Sent: Friday, August 02, 2002 11:30 AM
To: [EMAIL PROTECTED]
Subject: X.25 switching on CISCO; Please help [7:50521]


Hello,

I have a test setup where in 2 remote VSATs are
configured as XPAD. An X.121 address is given to each
RS-232 port on the 2 VSATs. The SVC sessions of the 2
remotes are defined on a X25 device at the Central
Hub. Since this device cannot do switching, I have
connected a CISCO 2500 to the X25 device. X25 device
is X25 DTE while the CISCO is X25 DCE. I hv configured
x25 routing on CISCO and given 2 x25 routes for the
remote X.121 addresses with the next hop as the same
serial interface to which the X25 device is connected.


But when I make a call from one remot to another, the
debug on the router says cannot route call. Can u help
me out and suggest what sud I do to make this work.

Thanx

__
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50575&t=50521
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: LANE Information [7:50420]

[Fathalla A. Fathalla]

I'd appreciate if you can send me a copy of the same.
Regards,

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Mark W. Odette II
Sent: Thursday, August 01, 2002 11:42 PM
To: [EMAIL PROTECTED]
Subject: RE: LANE Information [7:50420]


I'd like a copy of that doc, if you would be so kind... will be some
very interesting reading.

Mark

-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 01, 2002 3:11 PM
To: [EMAIL PROTECTED]
Subject: Re: LANE Information [7:50420]

I have digitized the doc but I doubt I can send a pdf to the list.  If
interested send me an email

  Dave

MADMAN wrote:
>
> Ha, straight forward LANE, that's an oxymoron!!
>
>   Actually I have a internal doc titled "LANE, it ain't rocket
science"
> I got several years ago from a Cisco engineer that is very good, clear
> and consice in a way you won't find on CCO but I don't have it in
> electronic form.
>
>   Dave
>
> Neil Borne wrote:
> >
> > Does anyone know where I get can get some "straight forward" LANE
> > information?
> >
> > Thanks,
> >
> > P. Neil Borne, CCDA,CCNP,C-voice and CWNA
> > Systems Integrator III
> >
> > _
> > Send and receive Hotmail on your mobile device:
http://mobile.msn.com
> --
> David Madland
> Sr. Network Engineer
> CCIE# 2016
> Qwest Communications Int. Inc.
> [EMAIL PROTECTED]
> 612-664-3367
>
> "Emotion should reflect reason not guide it"
--
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50576&t=50420
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP Route Reflectors? [7:50573]

[Phillip Heller]

Well, route-reflectors and route-reflector-clients have an iBGP
relationship with each other, yet the route-reflector-clients need not
be part of the full mesh.

iBGP speakers tell each other about locally injected routes, routes
learned from ebgp neighbors, and routes learned from ibgp
route-reflector-clients.

Additionally, iBGP speakers announce all bgp routes to
route-reflector-clients.

Of course, the above is subject to applied routing policies.

Route-reflection (and confederations), in my experience, are best used
when physical (or administrative) hierarchy promote a matching routing
hierarchy.

For instance, say a site has 2 core routers connected to core routers at
other sites, and 2 distribution routers connected to the two local core
routers, and each other.

It would make sense to make the core routers part of the full ibgp mesh,
and then make the distribution routers route-reflector-clients of both
core routers at that site.

In large networks, a combination of confederations and route-reflectors
can really cut down on the overhead involved in managing huge router
configs.

Regards,

  --phil
 
On Sat, Aug 03, 2002 at 05:06:18AM +, Chuck wrote:
  only the iBGP speakers must be in a full mesh - not necessarily the entire
  network.
  
  
  ""Robert D. Cluett""  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  > Group,
  >
  > In reading the BSCN book, I have stumbled across something confusing when
  it
  > is discussing "route reflectors".  The books states that the use of route
  > reflectors eliminates the need to run BGP in a full mesh environment.
  Based
  > on this statement I have assumed that BGP therefore must be configured
  only
  > on a network that is fully meshed (unless route reflectors are used). Is
  > this true?
  >
  > Robert D. Cluett, CCNA
-- 
Regards,

  --phil




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=50577&t=50573
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]