Re: [c-nsp] Can't ping outside network over T1

[Mikael Abrahamsson]

On Thu, 25 Jun 2009, Todd Shipway wrote:


Any ideas what may cause something like this?  I've got a ton of other
customers setup with this identical hardware and configuration working fine.
I've also swapped out hardware at the remote end as well.


If you traceroute from the peer, how far do you get towards the customer? 
Do you even get to the 7500?


--
Mikael Abrahamssonemail: swm...@swm.pp.se
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PIX/ASA Change Control

[Justin Shore]

Like Ryan said, clogin takes care of it.  The only problem I've run into 
is with v8.2 of the ASA code.  Some nimrod programmer thought it would 
be a good idea to store config related to the new core dump option in 
v8.2 in a text file on the flash volume.  The programmer also decided to 
update this file every time 'sh run' is executed.  So every time RANCID 
would run against at v8.2 ASA it would execute 'sh run' (write term 
actually) which would cause the text file to be regenrated (though 
nothing in the file changed) with a new timestamp; then when RANCID 
extracted the contents of 'dir all' it would alert you that a timestamp 
had changed on a file on the flash volume.  Genius!  I worked with TAC 
to get that identified as a bug.  Earlier this week my TAC engineer 
posted a interim release that is supposed to fix the issue.  I haven't 
had a chance to apply it just yet.  If anyone wants the BugID so you can 
request the fixed image from TAC let me know; it hasn't been rolled into 
a publicly-accessible interim release yet.


Other than that RANCID is fantastic.  I unleash RANCID on my equipment 
once an hour.  In a way it's also like a TripWire check for my network 
devices.  If something changes that I know I didn't change then I have 
cause to investigate.  This actually led me to discover a compromised 
router about 3 years ago.  Someone set up a GRE tunnel out of a router 
I'd recently taken control over (but hadn't migrated AAA yet or hardened 
to my standards).  The tunnel hit a server in Korea.  They pointed 
several statics across the tunnel including some that covered Paypal and 
Amazon.  I'm assuming they were trying to steal credit card info.  I 
found the RANCID diff emails the next morning when I got to work and had 
the router cleaned up inside of an hour.  RANCID has been an absolute 
life saver for me several dozen times.


Justin


Ryan West wrote:

It handles it fine.  This is basically all you have to do to get it work with 
ASA/PIXen:

add user customer-fw1 admin
add password customer-fw1 mypasswordmypassword
add autoenable customer-fw1   0
add method customer-fw1   ssh telnet

We did a very minor tweak to allow netscreen's to be backed up and parsed as 
well and configured cvsweb to manage the diffs / revision control.

-ryan

-Original Message-
From: a.l.m.bu...@lboro.ac.uk [mailto:a.l.m.bu...@lboro.ac.uk] 
Sent: Thursday, June 25, 2009 12:39 PM

To: Sigurbjörn Birkir Lárusson
Cc: Ryan West; William; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] PIX/ASA Change Control

hi,

regarding RANCID and Cisco ASAs - are there common
scripts etc for logging/scraping such devices as there
are for cisco (clogin), foundry (flogin) etc

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ASR as BBRAS... ? (is this a sane solution)

[Frank Bulk]

Ah, so there's non-BBRAS traffic you need to push around -- then the ASR
makes more sense.

We're using RADIUS for those who need static IPs -- all others get it via
DHCP.  There's no difference in the VC creation, but what happens with those
who have a Framed-IP entry, they get that IP address assigned during the PPP
process.

Yes, VLAN translation support among Cisco's gear is mixed, at best.

Frank

-Original Message-
From: Peter Krüpl [mailto:pe...@linkstate.dk] 
Sent: Thursday, June 25, 2009 1:19 AM
To: Frank Bulk
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Cisco ASR as BBRAS... ? (is this a sane solution)

Hi Frank,

The reason for choosing the ASR it that it also has to terminate some 
bigger access connections
delivered to us as OinQ ethernet, but thats plain stuff and is not a 
speciffic BBRAS function.

Just to clarify, are you using radius for DHCP subscribers or only for PPP ?

One last thing that came to my mind is juniper's abillity to hasve local 
xconnects/EoMPLS circuits,
so you can connect port a vlan x to port b vlan y, very usefull when 
providing point to point  L2
services, eg. when the access circuits are delivered on the same 
interface in different vlans.

Kind Regards,
Peter Krüpl


Frank Bulk wrote:
> The ASR1002 seems overkill for 2000 subs, but perhaps a certain feature or
> PPS is not supported on a 7200 platform.
>
> Yes, RADIUS can hand out a Framed-IP just fine.  We do it all the time.
>
> Frank
>
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net
> [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Peter Krüpl
> Sent: Wednesday, June 24, 2009 3:11 AM
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] Cisco ASR as BBRAS... ? (is this a sane solution)
>
> Hi Group,
>
> I am currently considdering to replace a couple of juniper ERX310's,
> with cisco ASR1002's. The junipers, are doing PPPoE termination for
> both OinQ vlans and ATM pvc's and also DHCP for some subscribers.
> The ATM part will remain on the juniper routers, as this will be
> decomissioned in the near future.
>
> We have approx. 1000 subscribers on each ERX right now, and that
> stays the same for the ASR's. Maybe 2000 subscribers per box, in
> 2 years time.
>
> So the task for the ASR's is to terminate QinQ and provide PPPoE
> or DHCP servcies to each subscriber in order to provide them with
> internet access. The ASR should also be a part of our MPLS network,
> that contains Cat6500/Sup720 and Cat7600/Rsp720 boxes. As we have
> some connections terminated into different VRF's, but in that case the  
> service
> is static confiured on the routers, so no DHCP, PPP or other stuff  
> just plain IP.
>
> It is also a reuirement that it is possible to build EoMPLS circuits  
> from either
> a single or double tagged vlan on the ASR to a vlan subinterface on a
> Cat6500/7600.
>
> The juniper routers today provide the DHCP service via RADIUS,
> has cisco something simillar ? You can get lot's of radius servers  
> that use
> a database as their backend, but no decent DHCP server. This makes
> subscriber  provisioning harder to do on the fly. So it would be a shame
> to loose this feature. All of our subscribers have static IP's.
>
> I have made the following shopping list:
> ASR1002- 5G/K9 ASR1002 w/ESP 5G,AESK9,4GB DRAM
> FLASR1- BB- RTU Broadband Right To Use Feature Lic for ASR1000 Series
> FLASR1- BB- 4K Broadband 4K Sessions Feature Lic for ASR1000 Series
> SASR1R1- AIS-K9 -21SR Cisco ASR 1000 Series RP1 ADVANCED IP SERVICES
> SPA- 8X1GE- V2 Cisco 8 Port Gigabit Ethernet Shared Port Adapter
>
> Would this solution workout fine ?
> Any alternatives ?
>
> Kind Regards,
> Peter Krüpl
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>   


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Can't ping outside network over T1

[Todd Shipway]

Nope.  No filtering at all on the entire path for this customer.

On Thu, Jun 25, 2009 at 11:28 PM,  wrote:

> Todd, any egress filtering to the customer in place that is different from
> your other configs?
> Richard
> --Original Message--
> From: Todd Shipway
> Sender: cisco-nsp-boun...@puck.nether.net
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] Can't ping outside network over T1
> Sent: Jun 25, 2009 9:51 PM
>
> I've got a weird issue that I can't seem to solve.
> Overview.  Network is running on a core router which is a 7513 with
> channelized DS3's split into ds1's to customers.  I have one customer who
> has 2 T1's bonded using multilink ppp.  I can ping everything on our
> network, including other customers.  But nothing is making it out of our
> network to our peers.  I've moved the t1 to multiple cards and interfaces.
>  Separating the T1's works fine, but multilink kills the public routing
> side
> of it, even when the source IP is a public address that routes fine on a
> single interface.
>
> Any ideas what may cause something like this?  I've got a ton of other
> customers setup with this identical hardware and configuration working
> fine.
>  I've also swapped out hardware at the remote end as well.
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
> Sent via BlackBerry from T-Mobile
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Can't ping outside network over T1

[Todd Shipway]

I've got a weird issue that I can't seem to solve.
Overview.  Network is running on a core router which is a 7513 with
channelized DS3's split into ds1's to customers.  I have one customer who
has 2 T1's bonded using multilink ppp.  I can ping everything on our
network, including other customers.  But nothing is making it out of our
network to our peers.  I've moved the t1 to multiple cards and interfaces.
 Separating the T1's works fine, but multilink kills the public routing side
of it, even when the source IP is a public address that routes fine on a
single interface.

Any ideas what may cause something like this?  I've got a ton of other
customers setup with this identical hardware and configuration working fine.
 I've also swapped out hardware at the remote end as well.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] VRF-AWARE MBGP

[Gergely Antal]

you need address-family ipv4 mdt
and a separate vrf to carry the traffic

Josh Fleishman wrote:
> I'm looking for a way to advertise vrf routes via MBGP.  I would expect it
> to look something like this:
> 
> router bgp AS#
> address-family ipv4 vrf NAME multicast
> 
> or
> 
> address-family ipv4 multicast vrf NAME
> 
> But neither of these are valid options. Any suggestions?
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



signature.asc
Description: OpenPGP digital signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Mac OSX WakeOnLan

[Alexander Clouter]

Christina Klam  wrote:
> 
> We have been trying to get WakeOnLan for Mac OSX to work reliably
> across subnets without success.  I have added "ip directed-broadcast
> [access-list#]" to the interface VLANs for those buildings/users with
> Mac Minis.  However, it works only part of the time.  On the same
> switch, some Minis work all the time, while others work only part of
> the time.   I have done a a couple of packet capture but nothing jumps
> out at me.   In addition, using the cable-diagnostics tdr on the
> switches, I have verified that all of the cabling is good.
> 
> We are using Cisco 3750G/E stacks (version 12.2(44)SE1) and Cisco
> 4507R-E (cat4500e-ipbasek9-mz.122-46.SG.bin).
> 
We are 12.2(50)SEish

> Anyone else had similar issues?
> 
Not bothered trying to wake up the fruits here, but PeeCee's have been 
sulking.  I thought it was just typical borked Dull kit however even 
packet sniffing off the port I fail to get the magic packets.  That on 
the same switch on other identically configured ports it works :-/

We have the 'extra fun' of it being an 802.1X port but the 
'dot1x direction in' bits are in there and it *can* work...occasionally.

>From my experience, I don't have hard and fast info and it was a while 
back, the issue is linked to the switch thinking there is no spanning 
tree edge port action.  You can see a difference on working/non-working 
ports when you type 'show dot1x int  detail' and querying 
about what spanning tree is making of the situation too.

Sorry it's all vague, I looked into this about three months ago (when we 
were using 12.2(44)ish) and it's on my books for revisiting this 
summer.

At least you know you are not alone :)

Cheers

-- 
Alexander Clouter
.sigmonster says: 42

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] VRF-AWARE MBGP

[Josh Fleishman]

I'm looking for a way to advertise vrf routes via MBGP.  I would expect it
to look something like this:

router bgp AS#
address-family ipv4 vrf NAME multicast

or

address-family ipv4 multicast vrf NAME

But neither of these are valid options. Any suggestions?
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Mac OSX WakeOnLan

[Christina Klam]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Hello,

We have been trying to get WakeOnLan for Mac OSX to work reliably
across subnets without success.  I have added "ip directed-broadcast
[access-list#]" to the interface VLANs for those buildings/users with
Mac Minis.  However, it works only part of the time.  On the same
switch, some Minis work all the time, while others work only part of
the time.   I have done a a couple of packet capture but nothing jumps
out at me.   In addition, using the cable-diagnostics tdr on the
switches, I have verified that all of the cabling is good.

We are using Cisco 3750G/E stacks (version 12.2(44)SE1) and Cisco
4507R-E (cat4500e-ipbasek9-mz.122-46.SG.bin).

Anyone else had similar issues?

Thank you,
Christina

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iQEVAwUBSkPXSt9pUgshfvqBAQI5QggAg0yXzdwy6tCMUBmwt8puuGYA6j74S1q7
hJxrMlRmoovGJDjEBENVlFmmNRo9NiOS797OtRNmYl68P/dHR5EqtaKLkr+FBUNl
C/xOAXnCYzdSSXxMfNx6o0cISslD0rZhUouYZB14HDiN9NmQNIN1QTvhM67CwLsA
Y9VNzLodv5CzMdJsNcvZNjN3WOUwOtwWeKhm62dDxA0ZX+nw+tZDZveaKSjeQAbs
NJOcIQgChGvgtwbzkWiKX/oTa+CZikeX0G7oyZFVq5o0KCqdUUSOYeCTqK9/k7pE
ung0+wG6YzkZEWC6QtoLh0k1/hM4KtaFBQ1g1aJU1bGSnwmx+c2xcg==
=3fXS
-END PGP SIGNATURE-

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Network Address Response

[Ray Burkholder]

I was wondering the reasoning for routers/switches to respond for the
network portion of an ip-address range.

For example, a router interface A with 10.0.0.1/30 and interface B with
10.0.0.5/30.

Generate a ping from a device several hops away on the A side to the B side
network address of 10.0.0.4.  The router will respond with an echo reply
with an address of 10.0.0.1.

Is this expected behaviour?  And the reason?

Ray



-- 
Scanned for viruses and dangerous content at 
http://www.oneunified.net and is believed to be clean.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] number of broadband sessions on ESR10K and 7600

[Marlon Duksa]

Hi - does anyone know how many PPPoE and IPoE sessions can 7600 support PER
CHASSIS with ES+40 cards (no interested in SIP-400)?
Also how many PPPoX sessions can support ESR 10K - I see in the
documentation that the number per chassis is 32K but then Cisco is selling
licenses for 64K sessions. WHich one is true?

Thanks,
Marlon
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PIX/ASA Change Control

[Don Nightingale]

I use rancid with my asa5540's, works like a charm with clogin.

a.l.m.bu...@lboro.ac.uk wrote:

hi,

regarding RANCID and Cisco ASAs - are there common
scripts etc for logging/scraping such devices as there
are for cisco (clogin), foundry (flogin) etc?

..or does it all just magically work with clogin
(looking at the clogin and rancid code it seems to
be that way...but theres so many CLI quirks with
it and TACACS+ login doesnt autoenable no matter what
we seem to send back in the priv etc)

alan
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
  



--
Don Nightingale
Systems and Networks Manager
Wellesley College
781-283-3271

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PIX/ASA Change Control

[Ryan West]

It handles it fine.  This is basically all you have to do to get it work with 
ASA/PIXen:

add user customer-fw1 admin
add password customer-fw1 mypasswordmypassword
add autoenable customer-fw1   0
add method customer-fw1   ssh telnet

We did a very minor tweak to allow netscreen's to be backed up and parsed as 
well and configured cvsweb to manage the diffs / revision control.

-ryan

-Original Message-
From: a.l.m.bu...@lboro.ac.uk [mailto:a.l.m.bu...@lboro.ac.uk] 
Sent: Thursday, June 25, 2009 12:39 PM
To: Sigurbjörn Birkir Lárusson
Cc: Ryan West; William; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] PIX/ASA Change Control

hi,

regarding RANCID and Cisco ASAs - are there common
scripts etc for logging/scraping such devices as there
are for cisco (clogin), foundry (flogin) etc?

..or does it all just magically work with clogin
(looking at the clogin and rancid code it seems to
be that way...but theres so many CLI quirks with
it and TACACS+ login doesnt autoenable no matter what
we seem to send back in the priv etc)

alan
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PIX/ASA Change Control

[A . L . M . Buxey]

hi,

regarding RANCID and Cisco ASAs - are there common
scripts etc for logging/scraping such devices as there
are for cisco (clogin), foundry (flogin) etc?

..or does it all just magically work with clogin
(looking at the clogin and rancid code it seems to
be that way...but theres so many CLI quirks with
it and TACACS+ login doesnt autoenable no matter what
we seem to send back in the priv etc)

alan
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] WS-X6724+CFC and ES20 line cards

[victor]

On Thu, 25 Jun 2009 19:30:54 +0400, Gert Doering   
wrote:



On Thu, Jun 25, 2009 at 07:23:44PM +0400, victor wrote:

I'd very much like to ask the same question my head-office which
distributes this kind of reference material. The only purpose ES20 serve
in their design is to establish VPLS connection between two (four in the
future) core c7604.


Well, yes.  If you do VPLS, you need the ES20 (or SIP+SPA).


I think this setup hardly justifies the efforts and money that's been
invested into it. Correct me if I'm wrong but for 2 MLS switches sitting
in the same rack it is too much of an overhead to configure VPLS. A  
trunk

link would be considerably simpler and more reliable in this case.


If they sit in the very same rack, just bridge the traffic directly,
and leave MPLS out of the question.  Yes.

(But then you are not fully buzzword compliant... bad for marketing)

Even more than that :) because the design was verified, simulated and  
approved by a Cisco Systems lab in Raleigh (NC)
Insubordination regarding this matter may result in an unpleasant  
conversation with my boss. I should probably insist on ordering ES20 :)))



--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] NAT

[madunix]

I have a RAC 2xnodes (CRS) setup behind a NAT Firewall (IP nating 1:1), when
the clients connect to DB they only connect to first IP and not using
the second IP. How should I configure my RAC/NAT/TNSnames to give the
clients the option to connect both IP's inorder to have Load balance?
since am not able to get the clients to swap between the 2x nodes

The NAT is made on a ROUTER

R1#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3660-IK2O3S-M), Version 12.0(7)XK1, EARLY
DEPLOYMENT RELEASE SOFTWARE (fc1)
TAC:Home:SW:IOS:Specials for info
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Fri 17-Mar-00 19:37 by phanguye
Image text-base: 0x60008900, data-base: 0x611AC000
ROM: System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
ROM: 3600 Software (C3660-IK2O3S-M), Version 12.0(7)XK1, EARLY
DEPLOYMENT RELEASE SOFTWARE (fc1)


on the clients:
node=
   (DESCRIPTION =
   (FAILOVER=ON)
   (LOAD_BALANCE=YES)
   (ADDRESS = (PROTOCOL = TCP)(HOST = 10.5.1.X)(PORT = 1521))
   (ADDRESS = (PROTOCOL = TCP)(HOST = 10.5.1.Y)(PORT = 1521))
   (CONNECT_DATA =
   (SERVICE_NAME = CO)
   (FAILOVER_MODE=(TYPE=SELECT)(METHOD=BASIC))
   )
   )

 on the server:
## Public Network ##
10.4.1.X   node1
10.4.1.Y   node2

## Virtual IP Address 
10.4.1.XX  node1_vip
10.4.1.YY  node2_vip


regards,
madunix
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PIX/ASA Change Control

[Sigurbjörn Birkir Lárusson]

I'm using rancid with good results for the same purpose

The only problem I've seen is that with the ASA when you make changes there
is sometimes re-ordering in the config, or a slight difference in tabulation
(I've seen missing spaces in network-object groups for example) between the
configs so the config diff is slightly bigger than it should be, isn't
really a big problem though.

And yeah, rancid is awesome.

BR,

--

  `./syso//-. Sigurbjorn B. Larusson
.omMNy:`.sNMNh/`  Network Specialist
  `+NMMd-   /hNd- Routing and Transmission
  +MMMd.  `oN.sigurbjo...@vodafone.is
  + o/+354 599 9000
  y`+/
  oy` `+N.Vodafone
  `oNhsosyNm: Skutuvogi 2
-sNMMmo.  104 Reykjavik
  `:ssyhhys+-`Iceland
  www.vodafone.is
vodafone  DISCLAIMER: http://www.vodafone.is/disclaimer



On 25.6.2009 11:33, "Ryan West"  wrote:

> No. It's really awesome.
> 
> Sent from handheld.
> 
> On Jun 25, 2009, at 5:19 AM, "William"  wrote:
> 
>> Hi Mark,
>> 
>> Try RANCID (http://www.shrubbery.net/rancid/) - its free and awesome!
>> 
>> Cheers,
>> 
>> Will
>> 
>> 2009/6/25 Kelsay, Mark :
>>> I have recently taken over management of about 10 Firewalls.  We
>>> have a
>>> mix of ASA and PIX's.  I am currently using a text file to track
>>> changes
>>> I make to the firewalls.  I would like to find a piece of software
>>> that
>>> is geared to doing this more efficiently.  I have Googled and did not
>>> find anything that fits the bill.
>>> 
>>> 
>>> 
>>> What are you using that you would recommend?
>>> 
>>> 
>>> 
>>> 
>>> 
>>> Thanks,
>>> 
>>> 
>>> 
>>> Mark
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> ** This email is sent for and on behalf of Inspop.com Limited
>>> **
>>> Authorised and regulated by the Financial Services Authority.
>>> Registration no. 310635.
>>> Inspop.com Limited [also trading as "Confused.com"] is registered
>>> in England and Wales at 2nd Floor, Friary House, Greyfriars Road,
>>> Cardiff, CF10 3AE [Reg. No. 03857130].  Any opinions expressed in
>>> this email are those of the individual and not necessarily the
>>> company. This email and any files transmitted with it, including
>>> replies and forwarded copies  [which may contain alterations]
>>> subsequently transmitted from the Company, are confidential  and
>>> solely for the use of the intended recipient. It may contain
>>> material protected by  attorney-client privilege. If you are not
>>> the intended recipient or the person responsible for  delivering to
>>> the intended recipient, be advised that you have received this
>>> email in error  and that any use is strictly prohibited.
>>> If you have received this email in error please notify the
>>> Information Security Officer by  telephone on +44 [0] 29 2043 4372.
>>> Please then delete this email and destroy any copies of it.   This
>>> email has been swept for viruses before leaving our system.
>>> Security Warning: Please note that this email has been created in
>>> the knowledge that Internet  email is not a 100% secure
>>> communications medium.  We advise that you understand and accept
>>> this lack of security when emailing us.
>>> Viruses: Although we have taken steps to ensure that this email and
>>> any attachments are free  from any virus, we advise that in keeping
>>> with good computing practice the recipient should  ensure they are
>>> actually virus free.
>>> We may monitor the content of E-mails sent and received via our
>>> network for viruses or  unauthorised use and for other lawful
>>> business purposes.
>>> 
>>> 
>>> 
>  
> 
>>> This e-mail has been scanned for all viruses by Messagelabs. The
>>> service is powered by MessageLabs.
>>> 
>  
> 
>>> ___
>>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>> 
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] WS-X6724+CFC and ES20 line cards

[Gert Doering]

Hi,

On Thu, Jun 25, 2009 at 07:23:44PM +0400, victor wrote:
> I'd very much like to ask the same question my head-office which  
> distributes this kind of reference material. The only purpose ES20 serve  
> in their design is to establish VPLS connection between two (four in the  
> future) core c7604.

Well, yes.  If you do VPLS, you need the ES20 (or SIP+SPA).

> I think this setup hardly justifies the efforts and money that's been  
> invested into it. Correct me if I'm wrong but for 2 MLS switches sitting  
> in the same rack it is too much of an overhead to configure VPLS. A trunk  
> link would be considerably simpler and more reliable in this case.

If they sit in the very same rack, just bridge the traffic directly, 
and leave MPLS out of the question.  Yes.

(But then you are not fully buzzword compliant... bad for marketing)

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpHcNzTwIb7n.pgp
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] WS-X6724+CFC and ES20 line cards

[victor]

On Wed, 24 Jun 2009 18:25:48 +0400, Gert Doering   
wrote:



I found some specs about latter but nothing useful
about X6724.
The problem that I'm facing now is with given small ISP network  
blueprint

to implement and the lack of some specified parts. I.e. I need two
mentioned ES20 to build a domain to interconnect 2 Cisco 7600 with 2
BRASes, 2 BRs and 2 c3750 switches for servers. Right now I only have  
two

WS-X6724 and no ES20.


Why do you think you need ES20s here?


Thank you, Gert
I'd very much like to ask the same question my head-office which  
distributes this kind of reference material. The only purpose ES20 serve  
in their design is to establish VPLS connection between two (four in the  
future) core c7604.
I think this setup hardly justifies the efforts and money that's been  
invested into it. Correct me if I'm wrong but for 2 MLS switches sitting  
in the same rack it is too much of an overhead to configure VPLS. A trunk  
link would be considerably simpler and more reliable in this case.



--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PIX/ASA Change Control

[Ryan West]

No. It's really awesome.

Sent from handheld.

On Jun 25, 2009, at 5:19 AM, "William"  wrote:

> Hi Mark,
>
> Try RANCID (http://www.shrubbery.net/rancid/) - its free and awesome!
>
> Cheers,
>
> Will
>
> 2009/6/25 Kelsay, Mark :
>> I have recently taken over management of about 10 Firewalls.  We  
>> have a
>> mix of ASA and PIX's.  I am currently using a text file to track  
>> changes
>> I make to the firewalls.  I would like to find a piece of software  
>> that
>> is geared to doing this more efficiently.  I have Googled and did not
>> find anything that fits the bill.
>>
>>
>>
>> What are you using that you would recommend?
>>
>>
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Mark
>>
>>
>>
>>
>>
>>
>> ** This email is sent for and on behalf of Inspop.com Limited  
>> **
>> Authorised and regulated by the Financial Services Authority.   
>> Registration no. 310635.
>> Inspop.com Limited [also trading as "Confused.com"] is registered  
>> in England and Wales at 2nd Floor, Friary House, Greyfriars Road,  
>> Cardiff, CF10 3AE [Reg. No. 03857130].  Any opinions expressed in  
>> this email are those of the individual and not necessarily the   
>> company. This email and any files transmitted with it, including  
>> replies and forwarded copies  [which may contain alterations]  
>> subsequently transmitted from the Company, are confidential  and  
>> solely for the use of the intended recipient. It may contain  
>> material protected by  attorney-client privilege. If you are not  
>> the intended recipient or the person responsible for  delivering to  
>> the intended recipient, be advised that you have received this  
>> email in error  and that any use is strictly prohibited.
>> If you have received this email in error please notify the  
>> Information Security Officer by  telephone on +44 [0] 29 2043 4372.  
>> Please then delete this email and destroy any copies of it.   This  
>> email has been swept for viruses before leaving our system.
>> Security Warning: Please note that this email has been created in  
>> the knowledge that Internet  email is not a 100% secure  
>> communications medium.  We advise that you understand and accept   
>> this lack of security when emailing us.
>> Viruses: Although we have taken steps to ensure that this email and  
>> any attachments are free  from any virus, we advise that in keeping  
>> with good computing practice the recipient should  ensure they are  
>> actually virus free.
>> We may monitor the content of E-mails sent and received via our  
>> network for viruses or  unauthorised use and for other lawful  
>> business purposes.
>>
>>
>> 
 

>> This e-mail has been scanned for all viruses by Messagelabs. The
>> service is powered by MessageLabs.  
>> 
 

>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PIX/ASA Change Control

[Dale Shaw]

Hi,

On Thu, Jun 25, 2009 at 9:02 PM, Roy Otto
Kleiv wrote:
> I can truly recommend NCM, works like a charm, although it does cost a
> bit

I've heard good things about NCM, and was given an extra boost of
confidence once I discovered it wasn't a Cisco software product (it's
OEM'd from Opsware)

http://tinyurl.com/45m88q

:-)

cheers,
Dale
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PIX/ASA Change Control

[Roy Otto Kleiv]

I can truly recommend NCM, works like a charm, although it does cost a
bit

Mvh,
Roy Otto Kleiv
NC-Spectrum


-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Oddiraju, Kiran
@ London SMC
Sent: 25. juni 2009 11:02
To: Kelsay, Mark; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] PIX/ASA Change Control

Have you looked at SolarWinds Network Configuration Manager (Cirrus),
you can track changes very easily.

Regards,
Kiran

-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Kelsay, Mark
Sent: 25 June 2009 09:21
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] PIX/ASA Change Control

I have recently taken over management of about 10 Firewalls.  We have a
mix of ASA and PIX's.  I am currently using a text file to track changes
I make to the firewalls.  I would like to find a piece of software that
is geared to doing this more efficiently.  I have Googled and did not
find anything that fits the bill.

 

What are you using that you would recommend?

 

 

Thanks,

 

Mark

 

 


** This email is sent for and on behalf of Inspop.com Limited **

Authorised and regulated by the Financial Services Authority.
Registration no. 310635.
Inspop.com Limited [also trading as "Confused.com"] is registered in
England and Wales at 2nd Floor, Friary House, Greyfriars Road, Cardiff,
CF10 3AE [Reg. No. 03857130].  Any opinions expressed in this email are
those of the individual and not necessarily the  company. This email and
any files transmitted with it, including replies and forwarded copies
[which may contain alterations] subsequently transmitted from the
Company, are confidential  and solely for the use of the intended
recipient. It may contain material protected by  attorney-client
privilege. If you are not the intended recipient or the person
responsible for  delivering to the intended recipient, be advised that
you have received this email in error  and that any use is strictly
prohibited. 
If you have received this email in error please notify the Information
Security Officer by  telephone on +44 [0] 29 2043 4372. Please then
delete this email and destroy any copies of it.   This email has been
swept for viruses before leaving our system.
Security Warning: Please note that this email has been created in the
knowledge that Internet  email is not a 100% secure communications
medium.  We advise that you understand and accept  this lack of security
when emailing us.
Viruses: Although we have taken steps to ensure that this email and any
attachments are free  from any virus, we advise that in keeping with
good computing practice the recipient should  ensure they are actually
virus free.
We may monitor the content of E-mails sent and received via our network
for viruses or  unauthorised use and for other lawful business purposes.



This e-mail has been scanned for all viruses by Messagelabs. The
service is powered by MessageLabs.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
CB Richard Ellis Limited, Registered Office: St Martin's Court, 
10 Paternoster Row, London, EC4M 7HP, registered in England and Wales
No. 3536032. 
Regulated by the RICS and an appointed representative of CB Richard
Ellis 
Indirect Investment Services Limited which is authorised and regulated
by the Financial Services Authority.

This communication is from CB Richard Ellis Limited or one of its 
associated/subsidiary companies. This communication contains information

which is confidential and may be privileged. If you are not the intended
recipient, 
please contact the sender immediately. Any use of its contents is
strictly prohibited 
and you must not copy, send or disclose it, or rely on its contents in
any way whatsoever. 
Reasonable care has been taken to ensure that this communication 
(and any attachments or hyperlinks contained within it) is free from
computer viruses. 
No responsibility is accepted by CB Richard Ellis Limited or its
associated/subsidiary 
companies and the recipient should carry out any appropriate virus
checks.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ASR as BBRAS... ? (is this a sane solution)

[Никита Усков]

I think, ASR quite good solutoin for your case because ERX is too big and too 
expensive for 2K subscribers.
Planing inmplementation you should remember that you need ISG for CoA support 
and your Radius servers should support Cisco AVPairs for service activation.

Nik

> 
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net
> [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Peter KrЭpl
> Sent: Wednesday, June 24, 2009 3:11 AM
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] Cisco ASR as BBRAS... ? (is this a sane solution)
> 
> Hi Group,
> 
> I am currently considdering to replace a couple of juniper ERX310's,
> with cisco ASR1002's. The junipers, are doing PPPoE termination for
> both OinQ vlans and ATM pvc's and also DHCP for some subscribers.
> The ATM part will remain on the juniper routers, as this will be
> decomissioned in the near future.
> 
> We have approx. 1000 subscribers on each ERX right now, and that
> stays the same for the ASR's. Maybe 2000 subscribers per box, in
> 2 years time.
> 
> So the task for the ASR's is to terminate QinQ and provide PPPoE
> or DHCP servcies to each subscriber in order to provide them with
> internet access. The ASR should also be a part of our MPLS network,
> that contains Cat6500/Sup720 and Cat7600/Rsp720 boxes. As we have
> some connections terminated into different VRF's, but in that case the  
> service
> is static confiured on the routers, so no DHCP, PPP or other stuff  
> just plain IP.
> 
> It is also a reuirement that it is possible to build EoMPLS circuits  
> from either
> a single or double tagged vlan on the ASR to a vlan subinterface on a
> Cat6500/7600.
> 
> The juniper routers today provide the DHCP service via RADIUS,
> has cisco something simillar ? You can get lot's of radius servers  
> that use
> a database as their backend, but no decent DHCP server. This makes
> subscriber  provisioning harder to do on the fly. So it would be a shame
> to loose this feature. All of our subscribers have static IP's.
> 
> I have made the following shopping list:
> ASR1002- 5G/K9 ASR1002 w/ESP 5G,AESK9,4GB DRAM
> FLASR1- BB- RTU Broadband Right To Use Feature Lic for ASR1000 Series
> FLASR1- BB- 4K Broadband 4K Sessions Feature Lic for ASR1000 Series
> SASR1R1- AIS-K9 -21SR Cisco ASR 1000 Series RP1 ADVANCED IP SERVICES
> SPA- 8X1GE- V2 Cisco 8 Port Gigabit Ethernet Shared Port Adapter
> 
> Would this solution workout fine ?
> Any alternatives ?
> 
> Kind Regards,
> Peter KrЭpl
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PIX/ASA Change Control

[Hauke Krull]

Hi,

Kelsay, Mark schrieb:
> I have recently taken over management of about 10 Firewalls.  We have a
> mix of ASA and PIX's.  I am currently using a text file to track changes
> I make to the firewalls.  I would like to find a piece of software that
> is geared to doing this more efficiently.  I have Googled and did not
> find anything that fits the bill.

A commercial solution for Management of Firewall-Policies comes from Tufin.

You can find a list of supported vendors under:
http://www.tufin.com/products_requirements.php

We're selling and implementing this solution for quiet some time but if you
need more details please contact me off-list.

Regards
 Hauke Krull
-- 
Dipl.-Phys. Hauke Krull

NetUSE AG
Dr.-Hell-Straße 6
D-24107 Kiel
Tel: +49 431 2390 400
Fax: +49 431 2390 499
http://www.NetUSE.DE/

Vorstand: Andreas Seeger (Vorsitz), Dr. Roland Kaltefleiter, Dr. Joerg Posewang
Aufsichtsrat: Detlev Huebner (Vorsitz)
Sitz der AG: Kiel, HRB 5358 USt.ID: DE156073942

Diese E-Mail enthaelt vertrauliche oder rechtlich geschuetzte Informationen.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.

The information contained in this message is confidential or protected by
law. Any unauthorised copying of this message or unauthorised distribution
of the information contained herein is prohibited.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PIX/ASA Change Control

[William]

Hi Mark,

Try RANCID (http://www.shrubbery.net/rancid/) - its free and awesome!

Cheers,

Will

2009/6/25 Kelsay, Mark :
> I have recently taken over management of about 10 Firewalls.  We have a
> mix of ASA and PIX's.  I am currently using a text file to track changes
> I make to the firewalls.  I would like to find a piece of software that
> is geared to doing this more efficiently.  I have Googled and did not
> find anything that fits the bill.
>
>
>
> What are you using that you would recommend?
>
>
>
>
>
> Thanks,
>
>
>
> Mark
>
>
>
>
>
>
> ** This email is sent for and on behalf of Inspop.com Limited **
> Authorised and regulated by the Financial Services Authority.  Registration 
> no. 310635.
> Inspop.com Limited [also trading as "Confused.com"] is registered in England 
> and Wales at 2nd Floor, Friary House, Greyfriars Road, Cardiff, CF10 3AE 
> [Reg. No. 03857130].  Any opinions expressed in this email are those of the 
> individual and not necessarily the  company. This email and any files 
> transmitted with it, including replies and forwarded copies  [which may 
> contain alterations] subsequently transmitted from the Company, are 
> confidential  and solely for the use of the intended recipient. It may 
> contain material protected by  attorney-client privilege. If you are not the 
> intended recipient or the person responsible for  delivering to the intended 
> recipient, be advised that you have received this email in error  and that 
> any use is strictly prohibited.
> If you have received this email in error please notify the Information 
> Security Officer by  telephone on +44 [0] 29 2043 4372. Please then delete 
> this email and destroy any copies of it.   This email has been swept for 
> viruses before leaving our system.
> Security Warning: Please note that this email has been created in the 
> knowledge that Internet  email is not a 100% secure communications medium.  
> We advise that you understand and accept  this lack of security when emailing 
> us.
> Viruses: Although we have taken steps to ensure that this email and any 
> attachments are free  from any virus, we advise that in keeping with good 
> computing practice the recipient should  ensure they are actually virus free.
> We may monitor the content of E-mails sent and received via our network for 
> viruses or  unauthorised use and for other lawful business purposes.
>
>
> 
> This e-mail has been scanned for all viruses by Messagelabs. The
> service is powered by MessageLabs. 
> 
> ___
> cisco-nsp mailing list  cisco-...@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PIX/ASA Change Control

[Oddiraju, Kiran @ London SMC]

Have you looked at SolarWinds Network Configuration Manager (Cirrus),
you can track changes very easily.

Regards,
Kiran

-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Kelsay, Mark
Sent: 25 June 2009 09:21
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] PIX/ASA Change Control

I have recently taken over management of about 10 Firewalls.  We have a
mix of ASA and PIX's.  I am currently using a text file to track changes
I make to the firewalls.  I would like to find a piece of software that
is geared to doing this more efficiently.  I have Googled and did not
find anything that fits the bill.

 

What are you using that you would recommend?

 

 

Thanks,

 

Mark

 

 


** This email is sent for and on behalf of Inspop.com Limited **

Authorised and regulated by the Financial Services Authority.
Registration no. 310635.
Inspop.com Limited [also trading as "Confused.com"] is registered in
England and Wales at 2nd Floor, Friary House, Greyfriars Road, Cardiff,
CF10 3AE [Reg. No. 03857130].  Any opinions expressed in this email are
those of the individual and not necessarily the  company. This email and
any files transmitted with it, including replies and forwarded copies
[which may contain alterations] subsequently transmitted from the
Company, are confidential  and solely for the use of the intended
recipient. It may contain material protected by  attorney-client
privilege. If you are not the intended recipient or the person
responsible for  delivering to the intended recipient, be advised that
you have received this email in error  and that any use is strictly
prohibited. 
If you have received this email in error please notify the Information
Security Officer by  telephone on +44 [0] 29 2043 4372. Please then
delete this email and destroy any copies of it.   This email has been
swept for viruses before leaving our system.
Security Warning: Please note that this email has been created in the
knowledge that Internet  email is not a 100% secure communications
medium.  We advise that you understand and accept  this lack of security
when emailing us.
Viruses: Although we have taken steps to ensure that this email and any
attachments are free  from any virus, we advise that in keeping with
good computing practice the recipient should  ensure they are actually
virus free.
We may monitor the content of E-mails sent and received via our network
for viruses or  unauthorised use and for other lawful business purposes.



This e-mail has been scanned for all viruses by Messagelabs. The
service is powered by MessageLabs.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
CB Richard Ellis Limited, Registered Office: St Martin's Court, 
10 Paternoster Row, London, EC4M 7HP, registered in England and Wales No. 
3536032. 
Regulated by the RICS and an appointed representative of CB Richard Ellis 
Indirect Investment Services Limited which is authorised and regulated by the 
Financial Services Authority.

This communication is from CB Richard Ellis Limited or one of its 
associated/subsidiary companies. This communication contains information 
which is confidential and may be privileged. If you are not the intended 
recipient, 
please contact the sender immediately. Any use of its contents is strictly 
prohibited 
and you must not copy, send or disclose it, or rely on its contents in any way 
whatsoever. 
Reasonable care has been taken to ensure that this communication 
(and any attachments or hyperlinks contained within it) is free from computer 
viruses. 
No responsibility is accepted by CB Richard Ellis Limited or its 
associated/subsidiary 
companies and the recipient should carry out any appropriate virus checks.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PIX/ASA Change Control

[Roland Dobbins]

On Jun 25, 2009, at 3:21 PM, Kelsay, Mark wrote:


What are you using that you would recommend?





---
Roland Dobbins  // 

Unfortunately, inefficiency scales really well.

   -- Kevin Lawton

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] PIX/ASA Change Control

[Kelsay, Mark]

I have recently taken over management of about 10 Firewalls.  We have a
mix of ASA and PIX's.  I am currently using a text file to track changes
I make to the firewalls.  I would like to find a piece of software that
is geared to doing this more efficiently.  I have Googled and did not
find anything that fits the bill.

 

What are you using that you would recommend?

 

 

Thanks,

 

Mark

 

 


** This email is sent for and on behalf of Inspop.com Limited ** 
Authorised and regulated by the Financial Services Authority.  Registration no. 
310635.
Inspop.com Limited [also trading as "Confused.com"] is registered in England 
and Wales at 2nd Floor, Friary House, Greyfriars Road, Cardiff, CF10 3AE [Reg. 
No. 03857130].  Any opinions expressed in this email are those of the 
individual and not necessarily the  company. This email and any files 
transmitted with it, including replies and forwarded copies  [which may contain 
alterations] subsequently transmitted from the Company, are confidential  and 
solely for the use of the intended recipient. It may contain material protected 
by  attorney-client privilege. If you are not the intended recipient or the 
person responsible for  delivering to the intended recipient, be advised that 
you have received this email in error  and that any use is strictly prohibited. 
If you have received this email in error please notify the Information Security 
Officer by  telephone on +44 [0] 29 2043 4372. Please then delete this email 
and destroy any copies of it.   This email has been swept for viruses before 
leaving our system.
Security Warning: Please note that this email has been created in the knowledge 
that Internet  email is not a 100% secure communications medium.  We advise 
that you understand and accept  this lack of security when emailing us.
Viruses: Although we have taken steps to ensure that this email and any 
attachments are free  from any virus, we advise that in keeping with good 
computing practice the recipient should  ensure they are actually virus free.
We may monitor the content of E-mails sent and received via our network for 
viruses or  unauthorised use and for other lawful business purposes.



This e-mail has been scanned for all viruses by Messagelabs. The
service is powered by MessageLabs. 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/