Hi,
I have a question on MPLS TE and Fast Re-Route.
I have a test network and I want to check that the behaviour I am seeing is
correct.
When you set-up an backup path for patch-protection, it would seem that RSVP
sends signalling messages down the backup path to reserve the bandwidth.
Howev
On Sep 14, 2009, at 5:53 PM, Alan Buxey wrote:
Hi,
We're actually quite happy with SXI2 (since the initial thread
starter
turned out to go away with proper grounding). The crash bugs can be
worked around by turning off these diagnostic checks.
and hope you dont hit another bug. waiting w
Hi,
> As others mentioned, the Anyconnect client also works well. The only
> platform Anyconnect is giving me fits on is Vista... XP 32-bit and
> 64-bit Windows 7 run it fine...
really? 32bit Vista okay with AnyConnect here - but not okay with 64bit Vista
(so interesting that it works with
Hi,
> We're actually quite happy with SXI2 (since the initial thread starter
> turned out to go away with proper grounding). The crash bugs can be
> worked around by turning off these diagnostic checks.
and hope you dont hit another bug. waiting with intense interest
for SXI3 which should stop t
Given all this.. is the SXI2a a 'no go' for a production platform at this
time? We are planning on doing a version refresh to address the TCP State
manipulation issue, and considering moving to SXI2a from the SXF chain.
Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x1
Hi,
On Mon, Sep 14, 2009 at 01:47:15PM -0700, Peter Kranz wrote:
> Given all this.. is the SXI2a a 'no go' for a production platform at this
> time? We are planning on doing a version refresh to address the TCP State
> manipulation issue, and considering moving to SXI2a from the SXF chain.
We're
On Mon, Sep 14, 2009 at 09:16:06AM -0400, Jason Lixfeld wrote:
> As I look through the release notes, I thought I'd also ask here to
> see if anyone here has experience upgrading between these two versions
> on a 7600. Any major gotchas? Our box is pretty vanilla: HA/SSO,
> VLANs, BGP4, pe
Dear Internet Geniuses,
I am attempting to set up a solution for a customer where we provide a
multipoint Layer 2 bridge over several DSL connections. Unfortunately,
the DSL connections are leased and outside of our control. The wholesale
provider's network complained to no end believing there was
On 14/09/2009 19:29, Mike Andrews wrote:
Kind of a side note here, but Apple now ships a Cisco-compatible IPSec
client as part of Snow Leopard. In System Preferences -> Network, if you
add a new connection, and pick VPN as the type, "Cisco IPSec" is now one
of the choices... where previously only
> > TAC was pretty responsive, they have identified this as CSCtb27643.
> > It happens in SXI2, both modular and monolithic, and whether in VSS
> > or not, just when DFCs are in place. The ddts is not public so ask
> > your local team.
>
> FWIW we just ran into this; TAC told me SXI2a would be
I opened a TAC case and they confirmed after research with a DE that the
"carrier-delay msec 100" interface command is configurable, but it
doesn't do anything. If your 4500 linecards don't have support for the
port debounce capability then your out of luck.
Clinton.
Clinton Work wrote:
> > that is not feasible, completely abandon IOS and provide XE or NX-OS
> > on *all* platforms)
>
> NX-OS on all platforms? nothanks - some of us want functionality ;-)
No, that's exactly the problem. The balkanization of the OS platforms
only amplifies this; "non-core" functionality such as
> It's sad when you see all the effort that went into the modular over the
> years
> being thrown away/ignored then keep having devices crash with more
> catastrophic
> outcomes and no usable debugging information.
Indeed, that too and the (much anticipated) promise of hot-patching never seem
On Mon, Sep 14, 2009 at 01:31:54PM -0400, Dan Benson wrote:
> I have a 4948 that I was hoping to upgrade a few systems with but I am dead
> in the water as it seems it does not support NAT.
>
> According to the NAT matrix:
>
> http://supportwiki.cisco.com/ViewWiki/index.php/Network_Address_Trans
Hi,
We are currently getting ready to migrate Cisco Secure ACS v3.3 (windows
server) to cisco 1113 ACS SE v4.2 (windows) appliance based solution.
Just wondering whether anyone has successfully migrated (exported) ACS
v3.3 database to ACS v4.2 database (imported) w/o having to upgrade v3.3
OS?
I
On Fri, 2009-09-11 at 17:18 +0300, Mohammad Khalil wrote:
> and they mentioned the supported platforms and 2811 and 7600 for
> example are not mentioned is the list updated or they do not really
> support snmp v3 ?
I know from experience that 2800 supports SNMPv3 in at least 12.2(40),
12.3(26) and
Nick Hilliard wrote:
On 14/09/2009 12:19, Mark Tinka wrote:
PS: I'm now running Snow Leopard (10.6.1). No crashes due to
this, thus far, but who knows...
Unsurprisingly, VPN client doesn't run on a 64 bit snow leopard kernel.
However, VPN client works fine with Parallels desktop chugging
Dan Benson wrote:
I have a 4948 that I was hoping to upgrade a few systems with but I am
dead in the water as it seems it does not support NAT.
I don't have any idea how to make it work but I do question doing NAT on
a CAT to begin with. Even if it did support NAT it would be done in
softwar
I have a 4948 that I was hoping to upgrade a few systems with but I am
dead in the water as it seems it does not support NAT.
According to the NAT matrix:
http://supportwiki.cisco.com/ViewWiki/index.php/Network_Address_Translation_Catalyst_Switch_Support_Matrix
This matrix seems very outdated
(First post on the list, so please be gentle!)
I'm working on a VPN solution which creates multiple VRFs and assigns VPN
traffic into a particular VRF based on it's ISAKMP profile and a dynamic
crypto-map. The application in hand is a CPE management network - each
CPE device builds a VPN tunnel b
Hi,
On Mon, Sep 14, 2009 at 09:52:36AM -0400, Jared Mauch wrote:
> While you're at it, ask for protected memory in the software. It's
> not like ram/flash are expensive these days...
Does "modular" have that? Or not yet?
(I want to see modular on *all* IOS based platforms, and not as a
some
On Sep 14, 2009, at 10:36 AM, Gert Doering wrote:
Hi,
On Mon, Sep 14, 2009 at 09:52:36AM -0400, Jared Mauch wrote:
While you're at it, ask for protected memory in the software. It's
not like ram/flash are expensive these days...
Does "modular" have that? Or not yet?
(I want to see modula
> From: "Dominic Ian"
>
> Hi Everyone,
>
> I need to terminate T1s to a Cisco 7206VXR. The T1s will be hauled in via a
> channelised
> DS3, and I am looking for the right interface card to do the job. I came
> accross the
> PA-MC-2T3-EC, but for an interface card, the cost is really up there. A
On Monday 14 September 2009 07:51:40 pm Alan Buxey wrote:
> Hi,
Hello Alan.
> I'd turn on full debugging on your client end and for
> your client at the server end and see exactly what event
> goes on just after those 10 minutes.
Already turned on the debug for the client on my end, but
nothin
On Monday 14 September 2009 08:41:22 pm Ryan West wrote:
> Mark,
Hi Ryan.
> What version of the Windows client are you running?
5.0.05.0290
Cheers,
Mark.
signature.asc
Description: This is a digitally signed message part.
___
cisco-nsp mailing lis
Hi,
> that is not feasible, completely abandon IOS and provide XE or NX-OS
> on *all* platforms)
NX-OS on all platforms? nothanks - some of us want functionality ;-)
alan
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mai
Hi,
today I tried to create a new bgp neighbor, and the following message
was prompted:
router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#router bgp 1235
router1(config-router)#neighbor 1.2.3.5 remote-as 1235
*% Create the peer-group first
*Has anyone
Hi Everyone,
I need to terminate T1s to a Cisco 7206VXR. The T1s will be hauled in via a
channelised DS3, and I am looking for the right interface card to do the job. I
came accross the PA-MC-2T3-EC, but for an interface card, the cost is really up
there. Any suggestions as to other options?
As I look through the release notes, I thought I'd also ask here to
see if anyone here has experience upgrading between these two versions
on a 7600. Any major gotchas? Our box is pretty vanilla: HA/SSO,
VLANs, BGP4, per-port MTU, trust DSCP, LACP, OSPF, EIGRP, IPv4 only.
We're upgrading
On Sep 13, 2009, at 10:28 PM, Kevin Graham wrote:
Sorry for the late response, had to dig through some old cases...
But anyway - my routers are lying to me. They list *.179 just fine
(BGP),
but all the other interesting stuff (telnet, ssh, ldp) is not
there...
Last dug into this 2.5y a
$100 for essentials on a 5510 isn't a bad deal, I still think it should be
included in the base license after upgrading to 8.2(x)
-ryan
is
> 2.3.0254 and the ASAs are running 8.0(x) and 8.2(x).
... if you have the appropriate license.
g...@net.informatik.tu-muenchen.de
___
Starting with 8.2(1), Cisco now offers an Anyconnect only license called
"Anyconnect essentials" which allows you to use the Anyconnect client in
a very similar mode to the IPsec client. Doesn't offer traditional web
based SSL services or posture assessment, but does allow you to support
64bit OS'
They are being closed back down via:
CSCtb90653TCP Ports , 4509, 4510 should not be opened by default
They are designed for some internal communication inside the box. Should
not have been reachable outside the box.
Rodney
Brandon Applegate wrote:
PORT STATE SERVICE VERSIO
Unfortunately, DAP as well.
-ryan
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Kaj Niemi
Sent: Monday, September 14, 2009 9:30 AM
To: Alan Buxey
Cc: Vinny Abello; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Cisco VP
Good data point.
Rodney
Kaegler, Mike wrote:
Right now at one ~400 person site, I have 187 active local IPs sharing 1487
still-alive connections. Its your regular everyday sales cubefarm.
That's just shy of an average of 8 translations per active user. By those
numbers, you could have 8,000 s
Hi,
On Mon, Sep 14, 2009 at 06:22:04AM -0700, Kaj Niemi wrote:
> The Cisco VPN Client (CVC) doesn't support IPv6 but AnyConnect SSL VPN
> Client (AVC) does. It works well, too, even on OS X 10.6 - AVC is 2.3.0254
> and the ASAs are running 8.0(x) and 8.2(x).
... if you have the appropriate licens
I've managed to be without ASDM so far.. I guess one _has_ to use it for the
WebVPN portal configuration though.. ;)
Kaj
> From: Alan Buxey
> Date: Mon, 14 Sep 2009 06:28:32 -0700
> To: Kaj Niemi
> Cc: Vinny Abello , , Mark
> Tinka
> Subject: Re: [c-nsp] Cisco VPN Client Causes Mac OS X Cr
Hi,
> The Cisco VPN Client (CVC) doesn't support IPv6 but AnyConnect SSL VPN
> Client (AVC) does. It works well, too, even on OS X 10.6 - AVC is 2.3.0254
> and the ASAs are running 8.0(x) and 8.2(x).
running 2.4 beta here because of other issues... but the ASDM still
isnt happy with IPv6 configur
Hi,
The Cisco VPN Client (CVC) doesn't support IPv6 but AnyConnect SSL VPN
Client (AVC) does. It works well, too, even on OS X 10.6 - AVC is 2.3.0254
and the ASAs are running 8.0(x) and 8.2(x).
Kaj
> From: Alan Buxey
> Date: Mon, 14 Sep 2009 04:45:49 -0700
> To: Mark Tinka
> Cc: Vinny Abe
Mark,
What version of the Windows client are you running?
-ryan
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Hi,
We have a design issue here.
We are not able to apply ACLs to create a reflexive ACL, so we are
thinking on the idea to apply a outbound service policy in an interface
and then build a reflexibe ACL based on the ACL matches of the service
policy.
Platform is 7600
Is that possible?
___
Hello Almog,
There are probably 1000 of ways to access a pix from the outside, one of
those ways is to use SSH.
pixfirewall# conf ter
pixfirewall(config)# int e0
pixfirewall(config-if)# ip add 192.168.1.1 255.255.255.0
pixfirewall(config-if)# nameif outside
INFO: Security level for "outside" set
Hi,
I'd turn on full debugging on your client end and for your
client at the server end and see exactly what event goes on
just after those 10 minutes. I wonder if its a timeout
of somekind - eg perhaps DHCP renew and your system is being
given a DNS server that it cant talk to when VPN is running
hi,
'cisco does not support virtual environments' - yes
we've heard the same thing.
however. forgive me if I'm wrong here but you were using
the VPN client in the main host and not in a virtual host
on the system - yes? in which case its not a virtual environment
its a real 'level 0' host.
and
On 14/09/2009 12:19, Mark Tinka wrote:
PS: I'm now running Snow Leopard (10.6.1). No crashes due to
this, thus far, but who knows...
Unsurprisingly, VPN client doesn't run on a 64 bit snow leopard kernel.
However, VPN client works fine with Parallels desktop chugging away in the
backgrou
Nope, no loopback, it's a firewall appliance!
Anyway, DMZ and/or static NAT/PAT could give you what you need
Worst case, set a vpn access of any kind (IPSec, SSL, PPTP)
HTH
Ziv
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Beh
Hello all.
I'm having an issue with a Cisco IPSec/VPN connection that
won't seem to shake.
I connect to a 2811 Cisco router configured with the EazyVPN
infrastructure, using Cisco's VPN Client for Mac OS X 10.6.1
(the latest Cisco VPN client for Mac, 4.9.01.0180). The
router is running 12.4(2
Thought I'd provide an update for the archives...
Many thanks to one folk who contacted me privately after
Google'ing their way to this thread:
Frequent kernel panics have been experienced on all versions
of Mac OS X 10.5 (Leopard) with VMware Fusion 2 and the
Cisco VPN Client installed.
Work
Hello Everyone,I want to know if there is a way to get access to internal
Cisco ASA interface from the "Outside world".
I want to achieve something similar to Loopback interface on Cisco routers.
Thanks,
--
Almog.
___
cisco-nsp mailing list cisco-nsp@pu
I am trying the Bug Query toolkit:
http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
- specifing all IOS releases and trying keywords like "vlan" or "vty" which
should have some hits but I keep getting:
No bugs meet your search criteria, try widening your search criteria
50 matches
Mail list logo