FW: Lab workbook? amp; Voice modules? [7:63163]
I would recommend a well-rounded set of prep material. Out of all of them, CCBootCamp is the most consisten and widest range of simper to very complex labs to attack all of the difficulties you want to see. As for the voice stuff, it is increasing in its point value on the exam. So I wouldn't blow it off, but you needn't necessarily spend your money on the stuff either! There are plenty of remote racks to rent that have that equipment in it already (and ATM). Check out www.ccbootcamp.com and you'll see all of that stuff to help you along. And check out www.@!#$.com as well for the QA forums on the labs that you get! Hope that helps, Scott Morris, MCSE, CCDP, CCIE3 (RS/ISP-Dial/Security) #4713, CCNA-WAN Switching, Security Specialist, Cable Communications Specialist, IP Telephony Support Specialist, IP Telephony Design Specialist, CISSP CCSI #21903 [EMAIL PROTECTED] -Original Message- From: edward Huang Newsgroups: groupstudy.cisco Sent: Monday, February 17, 2003 9:18 AM Subject: Lab workbook? Voice modules? [7:63163] I'm preparing for ccie rs exam. But I lived out side U.S.;Could anyone recommend any lab_workbook for studying self? BTW, I'm collecting for the rack equipment, is it worth to invest on voice modules(ex.NM-1V,2FXS...etc.) for practice? I've heard that this part only be tested very little of the Lab ,is it true? Thanks! Best Regards, Edward Huang Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63223t=63163 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Packet Magazine and the CCIE Lab [7:62994]
ket_department09186a0080142dfb.html#title Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62994t=62994 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE and Packet Magazine (attempt 2) [7:62995]
ket_department09186a0080142dfb.html#title ;) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62995t=62995 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE and Packet (the cut'n'paste from hell!) [7:62998]
Ok, so we'll try avoiding the first line of the message. Bottom line, check out Packet. Good magazine, useful articles, but thought this may be of interest... Just the e-mail engine doesn't like the link! http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_ exams/641-661.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62998t=62998 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how to break out of the sequence when in write term or [7:61127]
Hit 'q' :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ferguson, Steven R. Sent: Wednesday, January 15, 2003 1:50 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: how to break out of the sequence when in write term or show running in Pix firewall Try ctrl shift 6 6. That will usually do it. -- Sent from my BlackBerry Wireless Handheld -Original Message- From: eric nguyen To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] Sent: Wed Jan 15 13:35:17 2003 Subject: how to break out of the sequence when in write term or show running in Pix firewall Hi All, My pix configuration is about 800 lines long. Everytime, I do a show running or write term and I would like to break somewhere in the configuration it is not possible for me to send the Control ^C to stop listing of the configuration. Control ^C works on both Cisco routers and switches but apparently not on Pix firewalls. Now I can use pager command to set the page break or no pager not to set the page break. However, in either case, it is not possible to send the break sequence to break out of the show running configuration. This is very frustrating. Why doesn't Cisco make this damn thing work? I am running version 6.2(2) - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61127t=61127 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Hello (long response) [7:59244]
Wow, spoken like a true person who believes they know a lot more than they really do! Elping's assessment of CheckPoint is pretty much right on there. And your response to it shows many things, including your areas of weakness beyond the marketing fluff that Checkpoint likes everyone to believe. You concede about the support though, which there's no arguing against! Shifting your point from God Save CheckPoint to CCIE's aren't all that isn't necessarily a bright thing to do in a Cisco mailing list. (WHY are you here again?) I'm happy you know how to do the nmap utility and it's features. I don't memorize that, nor would I care to. Perhaps your CCIE's were looking to gain your valuable insight on running that. Being a CCIE does not mean that you know everything. It means you can solve some complex problems, and have experience on Cisco gear. Solving problems may mean referencing the right people/items to solve a problem. Shame on them for looking to you for assistance only to get stabbed in the back by it. As a side note, you mention working for a Linux shop and being amazed by the CCIE's lack of knowledge. I assume they weren't hired for their unix-specific knowledge. How much do you know about OSPF in detail? Would you need to ask anyone for help (remember, they may fire you later because you were incompetent)? Many unix folks I know can modify the kernel to levels far beyond what I have ever cared to know, but they can't subnet to save their lives? So your four CCIEs at $130k a year were sucking your budget dry, but you at $100k a year weren't? That's pretty selective budgeting! So I'll turn your initial statement back towards yourself... Until you really know what you're talking about, do NOT make any statements regarding Cisco, CCIEs or the PIX vs. Checkpoint without knowing all the facts. It is pretty obvious that your focus (and thought-process) is single-threaded and limited in nature. Worse, you have wasted my time and bandwidth with this message. *sigh* Scott PS. Unix is a general purpose operating system as well. :) And Nokia is routinely 2-3 months behind in updates due to testing it's software configurations with its hardware. -Original Message- --- adrian jones wrote: Elping, Please do NOT make any statements regarding CheckPoint Firewall without knowing all the facts. I've been working with both Checkpoint and Pix firewalls. I even build a few franken pix firewalls so that I can learn as much as I can about Cisco Pix firewalls. The franken pix firewall actually help me landed my current job that pays 100k/year. Both CheckPoint and Pix firewalls have its strength and weaknesses. I agree that Cisco TAC is much superior than CheckPoint support. The no text configuration that you refer to in CheckPoint, you must be refered to running CheckPoint on Winblows platforms. NEVER RUN FIREWALL ON A GENERAL PURPOSE OPERATING SYSTEM. If you worry about cost, check out CheckPoint SecurePlatform. If you are unix literate, does the term tcpdump mean anything to you? That's how you troubleshoot my friend. Now if you are talking about cost, Cisco Pix will beat CheckPoint by a long shot in term of performance for your $. However, for a small/medium business, Checkpoint does come with a lot of features such as URL filtering (native), http load balancing, etc which Pix doesn't have (without 3rd party products). For enterprise environment, CheckPoint does come with ClusterXL (aka, load-sharing or Active/Active Firewall), which again, Pix doesn't support. Last but not least, CheckPoint does have a very nice Management piece called provider-1 that Cisco Pix doesn't have. I do have to say that the price for CP products is totally outrageous; however, CP is a good product. In terms of hardware product, you can run CheckPoint on Nokia Platforms which is very stable and proven product. New version of Nokia firewalls do come with Flash instead of hard-drive so that the reliability is very high. Nokia is a big partner with CP. You can get CP support if you purchase Nokia firewalls from Nokia. Nokia TAC is just as good as Cisco TAC. I've completed my first week at my new job as a Security Engineer and I am amazed at the # of Cisco Certified folks at my company that are completely incompetent and downright clueless at what they can do. We are a consulting company and being in the consulting business, you are forced to know pretty much about everything. I have a couple of CCIEs in the office came to me and ask me how to restart sendmail and postfix (we are a linux shop) in linux. Another CCIE asked me how to use nmap in unix. The last one is down right funny, one CCIE asked how to start Apache in Solaris. It just seems to me like RS are all they know and nothing else. We also do RS here but at these times, demands for those have not been that great. Therefore, we
RE: EVODD Courseware [7:58731]
Just a note... Those being copyrighted materials, should not be asked for in a public forum that many Cisco employees and many Cisco trainers happen to be active members in! I believe there are even legal restrictions for people attending a course and reselling their student kits, although I'm not a lawyer. But scans are definitely a legal no-no... Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jason T. Rohm Sent: Friday, December 06, 2002 7:50 PM To: CCIELIST; [EMAIL PROTECTED] Subject: OT: EVODD Courseware I am looking to get my hands on the courseware for EVODD ASAP, I need to take it on Monday morning. I am also looking (less urgently) for copies of the IDS, VPN, and Aironet class materials. If you have electronic copies or scans available for gift/trade, please e-mail me off-group. Thanks, Jason T. Rohm CCIE #6861 (RS and Security) [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58731t=58731 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: AVVID Discussion Group [7:56673]
Check out www.@!#$.com for discussion boards surrounding Call Manager and AVVID subjects. Scott -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com] On Behalf Of Albert Lu Sent: Friday, November 01, 2002 5:54 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: OT: AVVID Discussion Group Hello Group, I was wondering if anyone know of any good and active discussion groups mainly focusing on Cisco's AVVID. The groupstudy groups tend to be dealing mainly with certification questions, with sprinkling real-world issues. What I would like to be involved in is a discussion of the full project lifecycle of a AVVID rollout. I know that AVVID is very general which incoporates such things as voice, video, data, security, qos, datacentre, vpn, etc. I've recently been reading Cisco's Solution Reference Network Design Guide white papers which gives quite alot of good insight of the various AVVID architectures. It would be great to see discussions based on these, to improve on these and also to improve our knowledge-base. Thanks Albert Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56673t=56673 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what to put ???? [7:51576]
You put the level you have attained. Passing MCNS or CVOICE by themselves afford you no certifications. Having the CSS1 says you have passed the 4 requisite exams. Having the IP Telephony Support Specialist says you've passed the 3 requisite exams. So on and so on. You may want to put the individual tests on your resume or something to tell prospective employers you're on your way to being whatever certification, but otherwise, I don't think it means anything alone. HTH, Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Juan Blanco Sent: Saturday, August 17, 2002 4:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: what to put Team, What do you put on your resume when you pass any one test of the Security Specialization or the Voice Track. For example: If you pass the MCNS test you should put the following: Cisco Certified Network Professional - Security Specialization (MCNS) If you pass the CVOICE test you should put the following: Cisco Certified Network Professional - Voice Specialization (CVOICE) I have seem some people that they have on their resume CSS1 (how do you translate this symbol) - Does it means a person that took the four security test. Thanks, Juan Blanco The greatest glory in living lies not in never falling, but in rising every time we fall . -- Nelson Mandela __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51576t=51576 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco quot;Frankenquot; Pix Firewall [7:51063]
And you believe it's smart to box with Cisco's lawyers why? If you tried to sell your Franken Benz as something that performs exactly like a Mercedes Benz and runs the same software and commands and everything else but the outer shell, then I'd be willing to bet Mercedes would kick you around the courtroom too. Intel's NICs are a commodity designed to go with computers of any variety. PIX Flash cards are not. PIX Flash cards are designed to go in Cisco's PIX boxes. Period. No grey area. Knock yourself out, study how you will and quit arguing about the stupid point. Sell your franken-pix as such if you want, and write me from your prison's AOL account telling me that I was right. :) Get back to studying useful things. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sabertech Networks Sent: Friday, August 09, 2002 11:45 AM To: patrick ramsey; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Cisco Franken Pix Firewall In spite of all the urban legends to the contrary, there is no law against buying a computer, buying a card, putting the card in the computer and selling it. You own both parts, do whatever you want, it's a free country. Last week I bought a Pentium 3 machine, added an Intel NIC and I will sell it next week. I'm serious, so now is the time to report this crime to Intel. The herd will say it's illegal and make lots of scary references to past legal action by Cisco in such cases, but NO ONE AS EVER PROVED that it has happened. Ghost stories. First off, a 501 costs $400 and will teach you everything except DMZ interfaces and Fail Over, each subject can be mastered in about five minutes. Secondly, a Franken Pix has no commercial value, I really don't think that I'm going to give my customers the choice of securing their networks with a cool Franken PIX that I assembled with various junk parts. That's silly. Here's a good analogy, say I start buying old junk cars, then I pay $20,000 each for factory built Mercedes Benz engines, I put them in my junk cars and sell them. Is Mercedes Benz going to worry about my Franken Benz? Party onRichard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of patrick ramsey Sent: Friday, August 09, 2002 6:19 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: OT: Cisco Franken Pix Firewall Hopefully someone in this group can help me answer it. I purchased a couple of ISA Pix Flash card on the Internet last year to build a couple of clone pix firewalls so that I can get hand-on experience with the platforms. I built two pix firewalls out of two Dell PII 233MHz box and they work great just like a regular Pix 520. Twelve months later, I have to say I've become an expert with Pix firewalls that I otherwise would not have been able to achieve had it not been for these two Pix clones. These two clone pix firewalls are running version 6.2(2) with PDM 2.0(2). Here is my question. I am pretty sure that it is illegal for me to sell these clone pix firewall (please confirm); however, can I sell just the Pix Flash card without the dell machine? Personally, I think this could be a great resource for someone who would like to learn Pix firewall. I just don't think the Pix 501 and 506 is adequate for someone to learn everything there is to learn about Pix because two interfaces are just not enough. You need to have at least three interfaces so that you can mimic a real production environment and frankly these clone pix520 firewall can provide up to six interfaces which work just great. I don't care what anybody say, after playing these clones for the past 12 months, 7 days a week, I can definitely say with confidence that you can learn a hell lot more with more than just inside and outside interfaces. - Do You Yahoo!? HotJobs, a Yahoo! service - Search Thousands of New Jobs __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51063t=51063 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco quot;Frankenquot; Pix Firewall [7:51121]
This is why McDonald's builds in the self-destructing bacteria in case you choose to use your burger for a paperweight. Not only will it exude grease 'n' stuff all over your papers, but will become quite ripe in short order. Cisco hasn't quite figured out how to put those protections in their equipment yet! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sabertech Networks Sent: Friday, August 09, 2002 12:22 PM To: [EMAIL PROTECTED]; 'patrick ramsey'; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Cisco Franken Pix Firewall Scott, Thanks for setting me straight, I forgot about the legal concept of intention and design. When I buy a hamburger at McDonalds, they intended that I eat it, it was designed for that purpose, if use it as a paper weight, I'm according to you, committing a crime. That part about the prison really scared me though, I guess I'd better stop all this independent thinking and rejoin the herd. Party on...Richard -Original Message- From: Scott Morris [mailto:[EMAIL PROTECTED]] Sent: Friday, August 09, 2002 9:05 AM To: 'Sabertech Networks'; 'patrick ramsey'; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Cisco Franken Pix Firewall And you believe it's smart to box with Cisco's lawyers why? If you tried to sell your Franken Benz as something that performs exactly like a Mercedes Benz and runs the same software and commands and everything else but the outer shell, then I'd be willing to bet Mercedes would kick you around the courtroom too. Intel's NICs are a commodity designed to go with computers of any variety. PIX Flash cards are not. PIX Flash cards are designed to go in Cisco's PIX boxes. Period. No grey area. Knock yourself out, study how you will and quit arguing about the stupid point. Sell your franken-pix as such if you want, and write me from your prison's AOL account telling me that I was right. :) Get back to studying useful things. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sabertech Networks Sent: Friday, August 09, 2002 11:45 AM To: patrick ramsey; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Cisco Franken Pix Firewall In spite of all the urban legends to the contrary, there is no law against buying a computer, buying a card, putting the card in the computer and selling it. You own both parts, do whatever you want, it's a free country. Last week I bought a Pentium 3 machine, added an Intel NIC and I will sell it next week. I'm serious, so now is the time to report this crime to Intel. The herd will say it's illegal and make lots of scary references to past legal action by Cisco in such cases, but NO ONE AS EVER PROVED that it has happened. Ghost stories. First off, a 501 costs $400 and will teach you everything except DMZ interfaces and Fail Over, each subject can be mastered in about five minutes. Secondly, a Franken Pix has no commercial value, I really don't think that I'm going to give my customers the choice of securing their networks with a cool Franken PIX that I assembled with various junk parts. That's silly. Here's a good analogy, say I start buying old junk cars, then I pay $20,000 each for factory built Mercedes Benz engines, I put them in my junk cars and sell them. Is Mercedes Benz going to worry about my Franken Benz? Party onRichard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of patrick ramsey Sent: Friday, August 09, 2002 6:19 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: OT: Cisco Franken Pix Firewall Hopefully someone in this group can help me answer it. I purchased a couple of ISA Pix Flash card on the Internet last year to build a couple of clone pix firewalls so that I can get hand-on experience with the platforms. I built two pix firewalls out of two Dell PII 233MHz box and they work great just like a regular Pix 520. Twelve months later, I have to say I've become an expert with Pix firewalls that I otherwise would not have been able to achieve had it not been for these two Pix clones. These two clone pix firewalls are running version 6.2(2) with PDM 2.0(2). Here is my question. I am pretty sure that it is illegal for me to sell these clone pix firewall (please confirm); however, can I sell just the Pix Flash card without the dell machine? Personally, I think this could be a great resource for someone who would like to learn Pix firewall. I just don't think the Pix 501 and 506 is adequate for someone to learn everything there is to learn about Pix because two interfaces are just not enough. You need to have at least three interfaces so that you can mimic a real production environment and frankly these clone pix520 firewall can provide up to six interfaces which work just great. I don't care what anybody say, after playing these clones for the past 12 months, 7 days a week, I can definitely
RE: MCNS Exam Papers *sigh* [7:50202]
First, I resent the fact that you make a bold assumption that EVERYONE does things as you may do. Second, there are borderline rules about things like Napster and such. (Read the court cases in case you're curious) And whether you quietly do it in your own home is a different story and different problem. When you take something to use for your PROFIT (getting a certification yields profit) that's different. When you BLATANTLY ask for the crack in a public forum, that's different. Do you see anyone going around and asking for a copy of the .NET servers so they run an ISP??? No. If you want to test them out, you get 120 day evals for free. If you want to test the Boson out, you download it for free and get a few questions. If you want to use the WHOLE thing for profit, you BUY the damned thing. This isn't an argument about being an angel or not. I'm fully aware of the arguments on both sides of the issue. However, there's no grey maybe area for a certification test. So quit being uppity and retarded about the whole concept and spend your $35. If you don't manage to make that money back in a year from your certification, send me an e-mail, and IFrom: Scott Morris Reply-To: Scott Morris To: CC: Subject: RE: MCNS Exam Papers Date: Tue, 30 Jul 2002 17:39:16 -0400 And there's great logic coming from the new security professionals who want to keep things secure on your network... Sure, you can trust 'em, I mean... They're not doing anything REALLY illegal, because other things cost too much. You're trying to tell me that $35 is too expensive for you? First, it's a far cry from several hundred for other products. However, the bottom line is that if you REALLY use something, and you obviously find value in it (otherwise you wouldn't be asking for it), then just buy the damned thing. Not only is it the right thing to do, but it keeps costs down for the rest of us who put some value on the concept of security and legality to begin with! Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Scott Polano Sent: Tuesday, July 30, 2002 3:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: MCNS Exam Papers Relax Jeremy. Like you never cracked any software before. Oh, and I'm sure all of your Microsoft software is properly licensed! . . . The truth is that those tests cost to much money, so does most software. Who wants to pay! If you can crack it, then good for you !!! Scott From: Wright, Jeremy Reply-To: Wright, Jeremy To: 'Faisal Iftikhar Khan' , [EMAIL PROTECTED] CC: '[EMAIL PROTECTED]' Subject: RE: MCNS Exam Papers Date: Tue, 30 Jul 2002 14:41:10 -0500 thats illegal. go to www.boson.com and pay for the practice tests. a lot of people (including people on this list) put a lot of hard work into writing those tests!!! -Original Message- From: Faisal Iftikhar Khan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 3:32 PM To: [EMAIL PROTECTED] Cc: '[EMAIL PROTECTED]' Subject: MCNS Exam Papers Hi Everyone, I am looking for Managing Cisco Network Security (MCNS) Examination transcenders or Boson Tests. As i am about to appear for the exams in the next 3 days.I would really appreciate if someone, can give me a link from where i can download the exams. (costfree ofcourse). For the people who are aware of this, I have the Boson exam unlocker, but i need the trx files, 66722.trx 66723.trx files so i can unlock the Boson Exam. Thanks for your help guys. Regards. Faisal Khan __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY -Scott _ Chat with friends online, try MSN Messenger: http://messenger.msn.com __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY -Scott _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50202t=50202 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to get the activation key for my clone Pix [7:36627]
Somebody's already been selling 'em on EBay. And I never said legal action should be brought against anyway... I merely said it wasn't a bright idea to discuss it in a public forum where Cisco people were at. As for discouraging the program, I hardly think this would do it. You don't see people cloning ATM boxes, or VoIP stuff, do ya? So the argument of this is a cost-effective marketing tool for the CCIE program hasn't historically been a problem. *shrug* If people want to do it, they'll do it. However, I don't think it is advisable to discuss it publically, nor sell it. Whether to another person for study purposes only or whatever... Control gets lost after that. And you can get a 501 for the same price, if not less than the 16 meg card anyway, so what the hell is the point in building your own? It's not the price-point! Scott -Original Message- From: Wes Stevens [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 7:53 AM To: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix? Scott, use other then intended Maybe, but they sell the board with the code installed. It is intended as an upgrade, but I don't think there is any legal clause shipped with it saying you can use it for no other purpose. Again the original post was a pix for a CCIE security lab. I just cannot see Cisco taking legal action there. They have never been a legally heavy handed company. To take action in that case would send the wrong message. The CCIE program is one of their best marketing tools. It puts industry reconized experts in the field with a diffinite Cisco bias to them. The CCIE Security program is fairly new and I don't think it would be in their best interest to discourage it in any way. Now if someone starts cloning pix's by the dozens and selling them on ebay that is a whole different story. From: Scott Morris Reply-To: To: 'Wes Stevens' Subject: RE: How to get the activation key for my clone Pix? Date: Wed, 27 Feb 2002 07:26:33 -0500 I believe that would be a use other than intended Cisco is a little lax in enforcing software licenses... Lots of people resell routers with IOS installed (not supposed to). Lots of people download feature sets they don't have licenses for (not supposed to). There have actually been some cases where Cisco's gone after people (typically larger companies). But it's a WHOLE different thing to BUILD a device and put their software on it... If I were to build my own router (god only knows why), and put their software on it, I would fully expect to hear from Cisco. Worse, if I were to sell it on EBay, that's just asking for trouble. And before you comment, yes, PIX clones HAVE been sold on Ebay from not-so-bright individuals. Where do you draw the line? Lots of people drive fast. It's still illegal. If you do it enough, and publically flaunt it, chances are you'll get pulled over sometime. Go figure. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wes Stevens Sent: Wednesday, February 27, 2002 7:15 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix? Is this pirating software? Cisco sells this board with the software installed in it. This is no different then buying any other router on on Ebay and using it without putting it on smartnet. Are you going to take legal action against all of those people also? From: Jason Sullivan To: Wes Stevens Subject: RE: How to get the activation key for my clone Pix? Date: Tue, 26 Feb 2002 20:14:50 -0700 First give me a break it was just an observation. Second, pirating software is illegal. Read the disclaimer out on CCO. -Original Message- From: Wes Stevens [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 26, 2002 8:05 PM To: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix? J From: Jason Sullivan Reply-To: Jason Sullivan To: Athony Jones , , Subject: RE: How to get the activation key for my clone Pix? Date: Tue, 26 Feb 2002 17:58:32 -0700 You should take the 400 you spent and buy a 501. I promise it will be less than your legal fees if Cisco were to get involved. Jason Sullivan Systems Engineer [EMAIL PROTECTED] Office (801)270-6732 Pager (800)365-4578 --- - --- Welcome to the Internet, Transportation provided by Cisco Systems --- - --- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Athony Jones Sent: Tuesday, February 26, 2002 1:02 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: How to get the activation key for my clone Pix? Hi Everyone, After struggling for the past two days, I have successfully cloned
RE: How to get the activation key for my clone Pix [7:36638]
Personally? I have two 520's that I got a sweet deal on (EBay). But other than that, what is the functional difference between having two 501's and two of something higher? By that, I mean what is the difference between setting up VPN's to the outside interfaces versus a DMZ? What is the big deal? There's nothing that you can't test yourself on with a pair of 501's that will be that dramatically different with 506's, 515's or whatever The difference would be in the permissions or translations, but as long as you understand that difference, I don't see what the big deal is. Other than playing around for emulating a customers network, I've really never used my DMZ interfaces for lab testing. So if I didn't have them, it wouldn't affect me one way or the other. -Original Message- From: Wes Stevens [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 8:56 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix? In my own lab a I have a 506. I would like to have another pix with a dmz interface. I am sure pretty sure they will cover pix to pix and dmz in the ccie security. But even on ebay to buy a 520 with three interfaces usually runs over $2k. I have a full lab at home - atm, token ring, isdn, frame - ten routers and three switches. Another $2k to $3k for a pix with three interfaces is beyond my reach. So how do you practice pix to pix and dmz? From: Scott Morris Reply-To: To: 'Wes Stevens' Subject: RE: How to get the activation key for my clone Pix? Date: Wed, 27 Feb 2002 08:32:24 -0500 Somebody's already been selling 'em on EBay. And I never said legal action should be brought against anyway... I merely said it wasn't a bright idea to discuss it in a public forum where Cisco people were at. As for discouraging the program, I hardly think this would do it. You don't see people cloning ATM boxes, or VoIP stuff, do ya? So the argument of this is a cost-effective marketing tool for the CCIE program hasn't historically been a problem. *shrug* If people want to do it, they'll do it. However, I don't think it is advisable to discuss it publically, nor sell it. Whether to another person for study purposes only or whatever... Control gets lost after that. And you can get a 501 for the same price, if not less than the 16 meg card anyway, so what the hell is the point in building your own? It's not the price-point! Scott -Original Message- From: Wes Stevens [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 7:53 AM To: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix? Scott, use other then intended Maybe, but they sell the board with the code installed. It is intended as an upgrade, but I don't think there is any legal clause shipped with it saying you can use it for no other purpose. Again the original post was a pix for a CCIE security lab. I just cannot see Cisco taking legal action there. They have never been a legally heavy handed company. To take action in that case would send the wrong message. The CCIE program is one of their best marketing tools. It puts industry reconized experts in the field with a diffinite Cisco bias to them. The CCIE Security program is fairly new and I don't think it would be in their best interest to discourage it in any way. Now if someone starts cloning pix's by the dozens and selling them on ebay that is a whole different story. From: Scott Morris Reply-To: To: 'Wes Stevens' Subject: RE: How to get the activation key for my clone Pix? Date: Wed, 27 Feb 2002 07:26:33 -0500 I believe that would be a use other than intended Cisco is a little lax in enforcing software licenses... Lots of people resell routers with IOS installed (not supposed to). Lots of people download feature sets they don't have licenses for (not supposed to). There have actually been some cases where Cisco's gone after people (typically larger companies). But it's a WHOLE different thing to BUILD a device and put their software on it... If I were to build my own router (god only knows why), and put their software on it, I would fully expect to hear from Cisco. Worse, if I were to sell it on EBay, that's just asking for trouble. And before you comment, yes, PIX clones HAVE been sold on Ebay from not-so-bright individuals. Where do you draw the line? Lots of people drive fast. It's still illegal. If you do it enough, and publically flaunt it, chances are you'll get pulled over sometime. Go figure. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wes Stevens Sent: Wednesday, February 27, 2002 7:15 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix? Is this pirating software? Cisco sells this board with the software installed in it. This is no different then buying any other router on on Ebay and using
RE: How to get the activation key for my clone Pix [7:36638]
Correct. but the discussion we were having was regarding particular firewalls over another specifically for the purpose of studying for the CCIE Security test. Therefore nothing like real life. :) For a real network, you are absolutely 100% correct! Scott -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 10:29 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix [7:36638] setting up vpn's is nothign like having a dmz... Having multiport firewalls allows for segregation of all networks behind those interfaces while still allowing internet connectivity to all. Who wants to connect to a vpn just to browse to a web server that could be in the dmz? -Patrick Scott Morris 02/27/02 09:58AM Personally? I have two 520's that I got a sweet deal on (EBay). But other than that, what is the functional difference between having two 501's and two of something higher? By that, I mean what is the difference between setting up VPN's to the outside interfaces versus a DMZ? What is the big deal? There's nothing that you can't test yourself on with a pair of 501's that will be that dramatically different with 506's, 515's or whatever The difference would be in the permissions or translations, but as long as you understand that difference, I don't see what the big deal is. Other than playing around for emulating a customers network, I've really never used my DMZ interfaces for lab testing. So if I didn't have them, it wouldn't affect me one way or the other. -Original Message- From: Wes Stevens [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 8:56 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix? In my own lab a I have a 506. I would like to have another pix with a dmz interface. I am sure pretty sure they will cover pix to pix and dmz in the ccie security. But even on ebay to buy a 520 with three interfaces usually runs over $2k. I have a full lab at home - atm, token ring, isdn, frame - ten routers and three switches. Another $2k to $3k for a pix with three interfaces is beyond my reach. So how do you practice pix to pix and dmz? From: Scott Morris Reply-To: To: 'Wes Stevens' Subject: RE: How to get the activation key for my clone Pix? Date: Wed, 27 Feb 2002 08:32:24 -0500 Somebody's already been selling 'em on EBay. And I never said legal action should be brought against anyway... I merely said it wasn't a bright idea to discuss it in a public forum where Cisco people were at. As for discouraging the program, I hardly think this would do it. You don't see people cloning ATM boxes, or VoIP stuff, do ya? So the argument of this is a cost-effective marketing tool for the CCIE program hasn't historically been a problem. *shrug* If people want to do it, they'll do it. However, I don't think it is advisable to discuss it publically, nor sell it. Whether to another person for study purposes only or whatever... Control gets lost after that. And you can get a 501 for the same price, if not less than the 16 meg card anyway, so what the hell is the point in building your own? It's not the price-point! Scott -Original Message- From: Wes Stevens [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 7:53 AM To: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix? Scott, use other then intended Maybe, but they sell the board with the code installed. It is intended as an upgrade, but I don't think there is any legal clause shipped with it saying you can use it for no other purpose. Again the original post was a pix for a CCIE security lab. I just cannot see Cisco taking legal action there. They have never been a legally heavy handed company. To take action in that case would send the wrong message. The CCIE program is one of their best marketing tools. It puts industry reconized experts in the field with a diffinite Cisco bias to them. The CCIE Security program is fairly new and I don't think it would be in their best interest to discourage it in any way. Now if someone starts cloning pix's by the dozens and selling them on ebay that is a whole different story. From: Scott Morris Reply-To: To: 'Wes Stevens' Subject: RE: How to get the activation key for my clone Pix? Date: Wed, 27 Feb 2002 07:26:33 -0500 I believe that would be a use other than intended Cisco is a little lax in enforcing software licenses... Lots of people resell routers with IOS installed (not supposed to). Lots of people download feature sets they don't have licenses for (not supposed to). There have actually been some cases where Cisco's gone after people (typically larger companies). But it's a WHOLE different thing to BUILD a device and put their software on it... If I were to build my own router (god only knows why), and put their software on it, I would fully
RE: How to get the activation key for my clone Pix [7:36638]
If it's any consolation, yes. And also upgraded one of them after purchase (2meg to 16meg). That, however, is not the conversation So apparantly we have no degraded into personal territory instead of a vaguely educational conversation. So, go do what you want, because my opinion isn't going to change yours anyway. Just remember that speeders get pulled over every once and a while... And people honk and wave and laugh as they pass you just like you passed them earlier. *shrug* Scott -Original Message- From: Wes Stevens [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 10:25 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix [7:36638] Scott, Have you purchased a smartnet contract for your 520's and other routers? By the book the software is not tranferable and your pix's and routers are no more legal then the code in the pix flash card that was bought on ebay. From: Scott Morris Reply-To: Scott Morris To: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix [7:36638] Date: Wed, 27 Feb 2002 09:58:30 -0500 Personally? I have two 520's that I got a sweet deal on (EBay). But other than that, what is the functional difference between having two 501's and two of something higher? By that, I mean what is the difference between setting up VPN's to the outside interfaces versus a DMZ? What is the big deal? There's nothing that you can't test yourself on with a pair of 501's that will be that dramatically different with 506's, 515's or whatever The difference would be in the permissions or translations, but as long as you understand that difference, I don't see what the big deal is. Other than playing around for emulating a customers network, I've really never used my DMZ interfaces for lab testing. So if I didn't have them, it wouldn't affect me one way or the other. -Original Message- From: Wes Stevens [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 8:56 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix? In my own lab a I have a 506. I would like to have another pix with a dmz interface. I am sure pretty sure they will cover pix to pix and dmz in the ccie security. But even on ebay to buy a 520 with three interfaces usually runs over $2k. I have a full lab at home - atm, token ring, isdn, frame - ten routers and three switches. Another $2k to $3k for a pix with three interfaces is beyond my reach. So how do you practice pix to pix and dmz? From: Scott Morris Reply-To: To: 'Wes Stevens' Subject: RE: How to get the activation key for my clone Pix? Date: Wed, 27 Feb 2002 08:32:24 -0500 Somebody's already been selling 'em on EBay. And I never said legal action should be brought against anyway... I merely said it wasn't a bright idea to discuss it in a public forum where Cisco people were at. As for discouraging the program, I hardly think this would do it. You don't see people cloning ATM boxes, or VoIP stuff, do ya? So the argument of this is a cost-effective marketing tool for the CCIE program hasn't historically been a problem. *shrug* If people want to do it, they'll do it. However, I don't think it is advisable to discuss it publically, nor sell it. Whether to another person for study purposes only or whatever... Control gets lost after that. And you can get a 501 for the same price, if not less than the 16 meg card anyway, so what the hell is the point in building your own? It's not the price-point! Scott -Original Message- From: Wes Stevens [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 7:53 AM To: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix? Scott, use other then intended Maybe, but they sell the board with the code installed. It is intended as an upgrade, but I don't think there is any legal clause shipped with it saying you can use it for no other purpose. Again the original post was a pix for a CCIE security lab. I just cannot see Cisco taking legal action there. They have never been a legally heavy handed company. To take action in that case would send the wrong message. The CCIE program is one of their best marketing tools. It puts industry reconized experts in the field with a diffinite Cisco bias to them. The CCIE Security program is fairly new and I don't think it would be in their best interest to discourage it in any way. Now if someone starts cloning pix's by the dozens and selling them on ebay that is a whole different story. From: Scott Morris Reply-To: To: 'Wes Stevens' Subject: RE: How to get the activation key for my clone Pix? Date: Wed, 27 Feb 2002 07:26:33 -0500 I believe that would be a use other than intended Cisco is a little lax in enforcing software licenses... Lots of people resell routers with IOS installed
RE: How to get the activation key for my clone Pix [7:36638]
That was STILL not the conversation we were having... It doesn't have to do with purchasing a router or a firewall and being technically licensed to use the code or not... It has to do with purchasing a small PIECE of the router or firewall, using it to build something NEW that most definitely is NOT a Cisco box, and then either talking about it publically and/or selling it. THAT is the conversation we were having. I don't think anyone cares that someone has a bunch of Mercedes hood ornaments at their home. If they go out and purchase a cheap car and stick the Mercedes hood ornament on it, some people may think it's funny, others not. If the person then tried to tell everyone about their new Mercedes or worse yet, tried to SELL their Mercedes THAT is a problem. Anyway... Enough bantering on this and going nowhere... I have work to do. -Original Message- From: Wes Stevens [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 10:48 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix [7:36638] Scott, I am not trying to have this degrade into personal territory , truly not my intent. If you have purchased smartnet for your equipment I applaud that. I can tell you for sure that were I work that is also true. But for my home lab which was all purchased from ebay I have not. I would venture to say that the majority of home labs have not purchased smartnet contracts. Many people seem to feel that it is un ethical to use code in a pix board purchased on ebay but do not have the same problem with the code that comes in flash on router or switches purchased on ebay. To me they are the same thing. From: Scott Morris Reply-To: To: 'Wes Stevens' CC: Subject: RE: How to get the activation key for my clone Pix [7:36638] Date: Wed, 27 Feb 2002 10:37:47 -0500 If it's any consolation, yes. And also upgraded one of them after purchase (2meg to 16meg). That, however, is not the conversation So apparantly we have no degraded into personal territory instead of a vaguely educational conversation. So, go do what you want, because my opinion isn't going to change yours anyway. Just remember that speeders get pulled over every once and a while... And people honk and wave and laugh as they pass you just like you passed them earlier. *shrug* Scott -Original Message- From: Wes Stevens [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 10:25 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix [7:36638] Scott, Have you purchased a smartnet contract for your 520's and other routers? By the book the software is not tranferable and your pix's and routers are no more legal then the code in the pix flash card that was bought on ebay. From: Scott Morris Reply-To: Scott Morris To: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix [7:36638] Date: Wed, 27 Feb 2002 09:58:30 -0500 Personally? I have two 520's that I got a sweet deal on (EBay). But other than that, what is the functional difference between having two 501's and two of something higher? By that, I mean what is the difference between setting up VPN's to the outside interfaces versus a DMZ? What is the big deal? There's nothing that you can't test yourself on with a pair of 501's that will be that dramatically different with 506's, 515's or whatever The difference would be in the permissions or translations, but as long as you understand that difference, I don't see what the big deal is. Other than playing around for emulating a customers network, I've really never used my DMZ interfaces for lab testing. So if I didn't have them, it wouldn't affect me one way or the other. -Original Message- From: Wes Stevens [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 8:56 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: How to get the activation key for my clone Pix? In my own lab a I have a 506. I would like to have another pix with a dmz interface. I am sure pretty sure they will cover pix to pix and dmz in the ccie security. But even on ebay to buy a 520 with three interfaces usually runs over $2k. I have a full lab at home - atm, token ring, isdn, frame - ten routers and three switches. Another $2k to $3k for a pix with three interfaces is beyond my reach. So how do you practice pix to pix and dmz? From: Scott Morris Reply-To: To: 'Wes Stevens' Subject: RE: How to get the activation key for my clone Pix? Date: Wed, 27 Feb 2002 08:32:24 -0500 Somebody's already been selling 'em on EBay. And I never said legal action should be brought against anyway... I merely said it wasn't a bright idea to discuss it in a public forum where Cisco people were at. As for discouraging the program, I hardly think this would do it. You don't see people cloning ATM boxes
RE: How to get the activation key for my clone Pix [7:36574]
First, Jason made an observation, not a threat. :) Second, there's a fine line between lab and real-life with things like that, and I could certainly appreciate that aspect... It's one thing to do it on your own and tinker, it's another to post stuff blatantly in a public forum. If nothing else, perhaps everyone else isn't quite so ethical as yourself about it? Third, the Juniper Olives were blessed by Juniper in the beginning, so it's not like they're a random hack... Now, however, they aren't, and the there is a plausible threat from Juniper about dissemination of that information. Oh, and fourth, check around EBay, there is one idiot who has cloned the PIX and decided to put it on EBay. So there's your move beyond tinkering. Now that all that is done, can we get back to studying? :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Roger Sohn Sent: Tuesday, February 26, 2002 8:12 PM To: '[EMAIL PROTECTED] '; '[EMAIL PROTECTED] ' Subject: RE: How to get the activation key for my clone Pix? Now, nowlet's not threaten each other. I'm sure the guy is just messing around with this to see if it's possible to get the contraption to just work. Besides, what's the big deal anyway? I doubt he has any intentions of selling anything or doing something outrageous like that anyway. It's sort of interesting anyway - like the whole idea of porting the JunOS onto a unix box and seeing if you can still capture most of the functionality of their routers. -Original Message- From: Jason Sullivan To: Athony Jones; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: 2/26/2002 4:58 PM Subject: RE: How to get the activation key for my clone Pix? You should take the 400 you spent and buy a 501. I promise it will be less than your legal fees if Cisco were to get involved. Jason Sullivan Systems Engineer [EMAIL PROTECTED] Office (801)270-6732 Pager (800)365-4578 --- Welcome to the Internet, Transportation provided by Cisco Systems --- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Athony Jones Sent: Tuesday, February 26, 2002 1:02 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: How to get the activation key for my clone Pix? Hi Everyone, After struggling for the past two days, I have successfully cloned a Pix firewall by using my PC. I plug the 16MB flash card into the PC's ISA slot and the PC recognize that it is a Pix flash card (cost me $400.00). It boots up fine and everything seems to be in order. However, after the boot up sequence, it asks me for the activation key. I've been trying many different possible scenarios without much success. I even tried to use the activation key from another Pix firewall but that doesn't work either. Anybody know how I can fake my clone Pix with a fake activation key? By the way,I am running Pix OS code version 6.1(2). I even tried 5.3(1), 5.3(2), 6.0(1) and 6.1(1) and one of them works. By the way, the PC has 128MB of RAM and a 16Mb Flash ISA card. I tried to clone a Pix520. Please help. Jason __ Do You Yahoo!? Yahoo! Greetings - Send FREE e-cards for every occasion! http://greetings.yahoo.com __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36574t=36574 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Portfast
It's not specific to Windows 2000 machines... Any machine that needs DHCP and boots up with any speed (less than 50 seconds), or any machine running a novell client where it would try a GetNearestServer and find nothing Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chuck Church Sent: Thursday, March 01, 2001 4:22 PM To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail) Subject: RE: Portfast If this bdpu guard works as it supposed to, I'll definitely use it. Windows 2000 machines seem to need portfast for DHCP, and almost all Windows machines need it for IPX. I've always pointed out to the customer about NEVER connecting other layer 2 devices to the ports I configured portfast on. This is good insurance. Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 -Original Message- From: Latimer, Keith [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 01, 2001 11:13 AM To: 'McCallum, Robert'; 'John Chang'; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail) Subject: RE: Portfast Check out the new portfast bpdu guard feature. It can shut down ports that have portfast enabled when detecting bpdus on the line. Keith -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 01, 2001 10:44 AM To: 'John Chang'; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail) Subject: RE: Portfast No, The problem occurs if he creates a loop i.e. you have a main switch a cable from the main switch goes to user A. User A decides to connect a hub and a few terminals - Outcome fine. User B then says hey user A can you access those terminals and the main network. User A says yeah how do you want to connect? User A says yes and inadvertently patches his own pc and the original connection that was from him to the main switch outcome is now main switch has 2 connections to the minihub. NOW spanning tree goes oh my and recalculates - outcome 30 second outage for everyone on that vlan. Then the users go home, switch off their kit and go to the pub. Next day. The mini hub is switched back on - because portfast is enabled the ports go whoosh straight into forwarding mode - result - spanning tree goes oh my!! and recalculates. Outcome -- You and every other support member run about like loonies trying to find this fault which occurs only when the user decides to switch on his equipment. -Original Message- From: John Chang [mailto:[EMAIL PROTECTED]] Sent: 01 March 2001 15:34 To: McCallum, Robert Subject: RE: Portfast Let me see if I got this correct. If he only connects one mini-hub or mini-switch it is OK to have portfast on on the main switch. If he then connects another mini-hub or mini-switch onto the first mini-hub or mini-switch than there will be a problem. But when you connect 2 mini-hubs aren't you just extending the amount of ports and in a sense there is only one virtual mini-hub? At 03:24 PM 3/1/2001 +, you wrote: yes, but only if he then connects another link to another hub / switch and causes a bridging loop. -Original Message- From: John Chang [mailto:[EMAIL PROTECTED]] Sent: 01 March 2001 15:08 To: [EMAIL PROTECTED] Subject: Portfast In the below website it says not to have portfast on if you connect switches, hubs, or routers. I understand that point but what if a user connected a mini-hub (Ex. Linksys EtherFast 8-Port 10/100 Desktop Hub) or unmanaged mini-switch (Ex. Farallon NetLINE 10/100 switch) so that he could connect multiple computers. Would this cause any problems? Thank you! http://www-1.cisco.com/warp/public/473/12.html Note: The portfast feature should never be used on switch ports that connect to other switches, hubs, or routers. These connections may cause physical loops and it is very important that spanning tree go through the full initialization procedure in these situations. A spanning tree loop can bring your network down. If portfast is turned on for a port that is part of a physical loop, it can cause a window of time where packets could possibly be continuously forwarded (and even multiply) in such a way that the network cannot recover. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab
RE: last try: tough VPN question
An interesting idea here... And bear in mind I haven't tried using my PIX as a DHCP server yet... BUT You only have a maximum of 10 IPs you can use for a DHCP pool. You are assigning them to the same netmask as your inside interface (I assume this, the docs don't say anything one way or the other, just stating the IPs must be in the "same subnet" as the inside interface)... So: #1, check the ipconfig of your workstations, make sure the netmask is /24 as your inside interface... #2, you are offering specific translation for 10.1.1.255, which is where the Windows stations are going to attempt to do local broadcast stuff to. Therefore, those packets will never leave your network. On a router (like the 3620) you can do an ip helper address. I would be interested in what your 3620 config looks like. I don't believe that PAT translating the broadcasts is supported (though I could be wrong on that). Have you tried the LMHOSTS approach? Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Bond Sent: Sunday, December 10, 2000 6:18 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: last try: tough VPN question Hello, Let me re-describe the situation: Central office 7100 router, site office PIX (NAT overload 1 public ip address), IPSec tunnel is establised, clients at site office can't logon NT domain but can do everthing else. Today, I replaced the PIX with a 3620 router (same IPSec setup), everything works fine. Clients can logon NT domain. I think that proves 1)I don't have naming issue 2) PAT works with IPSec. I don't understand why PIX wouldn't work. Please see my PIX config. Thanks in advance. Jim PIX Version 5.2(3) access-list 100 permit ip host 24.176.210.204 167.191.0.0 255.255.0.0 ip address outside 24.176.210.204 255.255.255.0 ip address inside 10.1.1.1 255.255.255.0 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 24.176.210.1 1 sysopt connection permit-ipsec crypto ipsec transform-set IPSEC esp-des esp-md5-hmac crypto map newmap 10 ipsec-isakmp crypto map newmap 10 match address 100 crypto map newmap 10 set peer 169.193.13.2 crypto map newmap 10 set transform-set IPSEC crypto map newmap interface outside isakmp enable outside isakmp key address 169.193.13.2 netmask 255.255.255.255 isakmp identity hostname isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 1 isakmp policy 10 lifetime 86400 dhcpd address 10.1.1.101-10.1.1.110 inside dhcpd dns 24.1.64.33 24.1.64.34 dhcpd wins 169.193.28.60 169.193.148.25 dhcpd lease 3600 dhcpd domain dhcp.lamrc.com dhcpd enable inside __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: tough VPN question
Your problem is likely the propgation of broadcasts... Or lack thereof. One thing you can do (I'm assuming you have a router before (LAN-side) the PIX) is set up an ip-helper address to forward UDP-level broadcasts (like 138/139 Netbios) to the NT server. The other thing you can do is bypass that broadcast thought process by using LMHosts files on the workstations at the branch office. That will pre-load (if you use the #PRE designation) the NetBIOS cache and give you IP addresses to go to. So if you have IP reachability, things will work just fine then. In LMHOSTS. : (ip address) (Netbios name) #PRE #DOM:(domain name if domain controller) Also, to refresh without rebooting the PCs, "nbtstat -R" Hope this helps! Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Bond Sent: Thursday, December 07, 2000 1:19 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: tough VPN question Hello, I'm trying to set up a IPSec between a PIX (branch office) and router (central office). All PCs at branch office share 1 ip address. IPSec seems to be working fine because clients can ping/telnet/email/map drives from/to central office. The problem is they can't logon NT domain. They can ping domain controller though. Any idea why they can't log on NT domain? (The machines were already added to domain) Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]