hi guys, found this logs on my mail server about possible fraud attempt and phising. is this normal ?
Found ip-based phishing fraud from 10.2.0.0 Found ip-based phishing fraud from 255.255.255.255 Found ip-based phishing fraud from 10.1.0.0 Found ip-based phishing fraud from 255.255.255.255
. MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee
Sent: Wednesday, February 08, 2006 6:01 PM - Show quoted text - \n Subject: Fwd: 16 new messages in 8 topics \n - digest \n
---------- Forwarded message ---------- From: comp.dcom.sys.cisco \n group noreply@googlegroups.com Date: \n Feb 8, 2006 5:03 PM Subject: 16 new messages in 8 topics - digest To: \n "comp.dcom.sys.cisco digest subscribers" <comp.dcom.sys.cisco@googlegroups.com \n >
comp.dcom.sys.cisco http://groups.google.com/group/comp.dcom.sys.cisco comp.dcom.sys.cisco@googlegroups.com
Today's \n topics:
* getting in - 4 messages, 2 authors http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f48d... \n * memory - 4 messages, 2 authors http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/235e... \n * Which switch? - 1 messages, 1 author http://groups.google.com/group%22,1] ); //-->- Show quoted text - Subject: Fwd: 16 new messages in 8 topics - digest
---------- Forwarded message ---------- From: comp.dcom.sys.cisco group noreply@googlegroups.com Date: Feb 8, 2006 5:03 PM Subject: 16 new messages in 8 topics - digest To: "comp.dcom.sys.cisco digest subscribers" <comp.dcom.sys.cisco@googlegroups.com >
comp.dcom.sys.cisco http://groups.google.com/group/comp.dcom.sys.cisco comp.dcom.sys.cisco@googlegroups.com
Today's topics:
* getting in - 4 messages, 2 authors http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f48d... * memory - 4 messages, 2 authors http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/235e... * Which switch? - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/a626... \n * Definitive max flash/DRAM for a 2621 non-XM - 1 messages, 1 \n author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f7c8... \n * C3750 Layer 3 Switching and VLANs - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d9a7... \n * PIX to PIX VPN problem - 3 messages, 2 authors http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d8ca... \n * AP1200 wds server hanging - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/ebdd... \n * IOS for 1401. - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f0db... \n
\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d TOPIC: \n getting in ",1] ); //-->/comp.dcom.sys.cisco/browse_thread/thread/a6263c2a6cf2f5ab * Definitive max flash/DRAM for a 2621 non-XM - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f7c8... * C3750 Layer 3 Switching and VLANs - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d9a7... * PIX to PIX VPN problem - 3 messages, 2 authors http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d8ca... * AP1200 wds server hanging - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/ebdd... * IOS for 1401. - 1 messages, 1 author http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f0db...
============================================================================== TOPIC: getting in /comp.dcom.sys.cisco/browse_thread/thread/f48de60251014965 \n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d
\u003d\u003d \n 1 of 4 \u003d\u003d Date: Wed, Feb 8 2006 4:16am From: roberson@hushmail.com (Walter \n Roberson)
In article 1139371420.774575.279580@f14g2000cwb.googlegroups.com, <fatlobsterman@yahoo.com > \n wrote: [PIX 515E]
thanks for replying so wuickly. I don't even \n know how to do that. I have it hooked to my pc but I heard that I have \n to match ip addresses and telnet which is way beyong my knowledge. Is \n it a big deal to do all of this?
Take the serial cable you got \n with the PIX 515E. Connect it to a serial port on your PC. Plug the RJ45 \n end into the "console" connection on the 515E. If you don't know which one \n that is, look at the diagram at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/hig63/...
Then \n on your PC, fire up Hyperterm and set it to use the appropriate COM port at \n 9600 8 N 1. Now press return in the Hyperterm window.
Alternately, \n follow the instructions in chapter 3 of the Quick Start Guide at http://www.cisco.com/univercd%22,1] ); //-->http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f48d... ==============================================================================
== 1 of 4 == Date: Wed, Feb 8 2006 4:16am From: roberson@hushmail.com (Walter Roberson)
In article 1139371420.774575.279580@f14g2000cwb.googlegroups.com, <fatlobsterman@yahoo.com > wrote: [PIX 515E]
thanks for replying so wuickly. I don't even know how to do that. I have it hooked to my pc but I heard that I have to match ip addresses and telnet which is way beyong my knowledge. Is it a big deal to do all of this?
Take the serial cable you got with the PIX 515E. Connect it to a serial port on your PC. Plug the RJ45 end into the "console" connection on the 515E. If you don't know which one that is, look at the diagram at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/hig63/...
Then on your PC, fire up Hyperterm and set it to use the appropriate COM port at 9600 8 N 1. Now press return in the Hyperterm window.
Alternately, follow the instructions in chapter 3 of the Quick Start Guide at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63qsg/...
\u003d\u003d \n 2 of 4 \u003d\u003d Date: Tues, Feb 7 2006 8:35pm From: fatlobsterman@yahoo.com
are \n you referring to using the pcterminal adapter with the rj45into the console \n like in figure 4-7?
\u003d\u003d 3 of 4 \u003d\u003d Date: Tues, Feb 7 2006 \n 8:56pm From: fatlobsterman@yahoo.com
I \n think I may be in if that is the way that you were referring to. I used \n com3 with the other info you gave me and hyperterminal says connected but \n show version does nothering- what else can I do?\
\u003d\u003d 4 of 4 \n \u003d\u003d Date: Wed, Feb 8 2006 6:15am From: roberson@hushmail.com (Walter \n Roberson)
In article 1139374576.472587.175160@o13g2000cwo.googlegroups.com, < fatlobsterman@yahoo.com> \n wrote: [PIX 515E]
I think I may be in if that is the way that \n you were referring to.
I don't use googlegroups for actively reading \n postings (only when I am researching old postings), so your previous \n postings are not visible on my screen. It would therefore be \n appreciated if you would follow the Usenet convention of quoting enough \n of the previous conversation to establish the context of your \n remarks.
For example if you go back and re-read your message in \n isolation, you will see that there is no reference present as to what \n kind",1] ); //-->/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63qsg/515quick.pdf
== 2 of 4 == Date: Tues, Feb 7 2006 8:35pm From: fatlobsterman@yahoo.com
are you referring to using the pcterminal adapter with the rj45into the console like in figure 4-7?
== 3 of 4 == Date: Tues, Feb 7 2006 8:56pm From: fatlobsterman@yahoo.com
I think I may be in if that is the way that you were referring to. I used com3 with the other info you gave me and hyperterminal says connected but show version does nothering- what else can I do?\
== 4 of 4 == Date: Wed, Feb 8 2006 6:15am From: roberson@hushmail.com (Walter Roberson)
In article 1139374576.472587.175160@o13g2000cwo.googlegroups.com, < fatlobsterman@yahoo.com> wrote: [PIX 515E]
I think I may be in if that is the way that you were referring to.
I don't use googlegroups for actively reading postings (only when I am researching old postings), so your previous postings are not visible on my screen. It would therefore be appreciated if you would follow the Usenet convention of quoting enough of the previous conversation to establish the context of your remarks.
For example if you go back and re-read your message in isolation, you will see that there is no reference present as to what kindof device you are using -- that's why I stuck the "[PIX 515E]" \n in, to give back that necessary context.
I used com3 with \n the other info you gave me and hyperterminal says connected but show \n version does nothering- what else can I do?\
You haven't provided any \n information about what kind of PC you are using or how it is set up, so I \n will have to make wild guesses here.
In most PCs that I have seen, \n COM3 is either not connected at all, or is a modem port; the standard \n serial ports that are connected are COM1 and COM2. On most laptops that I \n have seen, the standard serial ports are COM1 and COM3 with COM2 not \n present, and COM3 usually being a modem port. So, lacking further \n information, I would -suspect- that you have used the wrong COM port number \n and that if you are talking to anything, you are talking to a \n modem.
\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d TOPIC: \n memory http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/235e... \n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d
\u003d\u003d \n 1 of 4 \u003d\u003d Date: Tues, Feb 7 2006 8:18pm From: fatlobsterman@yahoo.com
I \n have 2 pix- one is a 515e-UR and the other is 515e-FO. I don't even know \n how to get into the pix. I have it hooked up to my PC but I am clueless \n when it comes to these. Is there a place where I can go or could you \n possibly help me get it to get that information. I was told that I have to \n set up the same ips and telnet but again, I'm clueless when it comes to \n this but I do know my way around PCs very well just to",1] ); //--> of device you are using -- that's why I stuck the "[PIX 515E]" in, to give back that necessary context.
I used com3 with the other info you gave me and hyperterminal says connected but show version does nothering- what else can I do?\
You haven't provided any information about what kind of PC you are using or how it is set up, so I will have to make wild guesses here.
In most PCs that I have seen, COM3 is either not connected at all, or is a modem port; the standard serial ports that are connected are COM1 and COM2. On most laptops that I have seen, the standard serial ports are COM1 and COM3 with COM2 not present, and COM3 usually being a modem port. So, lacking further information, I would -suspect- that you have used the wrong COM port number and that if you are talking to anything, you are talking to a modem.
============================================================================== TOPIC: memory http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/235e... ==============================================================================
== 1 of 4 == Date: Tues, Feb 7 2006 8:18pm From: fatlobsterman@yahoo.com
I have 2 pix- one is a 515e-UR and the other is 515e-FO. I don't even know how to get into the pix. I have it hooked up to my PC but I am clueless when it comes to these. Is there a place where I can go or could you possibly help me get it to get that information. I was told that I have to set up the same ips and telnet but again, I'm clueless when it comes to this but I do know my way around PCs very well just togive you an idea of \n my knowledge.
thanks
\u003d\u003d 2 of 4 \u003d\u003d Date: Tues, \n Feb 7 2006 8:54pm From: fatlobsterman@yahoo.com
I \n think that I am logged in b/c hypertermal is saying I'm connected- I used \n the serial to rj45 to the console on the back- I used com 3 is that \n alright? maybe it is since I am connected but I tried shpow version in the \n hyperterminal window and nothing happens
\u003d\u003d 3 of 4 \n \u003d\u003d Date: Tues, Feb 7 2006 8:54pm From: fatlobsterman@yahoo.com
I \n think that I am logged in b/c hypertermal is saying I'm connected- I used \n the serial to rj45 to the console on the back- I used com 3 is that \n alright? maybe it is since I am connected but I tried shpow version in the \n hyperterminal window and nothing happens
\u003d\u003d 4 of 4 \n \u003d\u003d Date: Tues, Feb 7 2006 10:07pm From: "J"
Honestly I don't know \n if I could walk you through this. Connecting to the console \n could be an all day speaking event for some people. Do you have \n the right cable, a serial port or USB adapter, and DB9 adapter \n if applicable? What COM port are you on. Are you \n using the 9600 8N1 settings? Do you know the password for the \n device? Do you have the necessary file to attempt password \n recovery? There are too many unknowns for me to be of any real \n assistance. I googled for "cisco console howto" and found a few \n useful hits.
http://www.google.com/search?hl%5Cu003den&q%5Cu003dcisco+console+howto&a...
Setting \n up a Pix is certainly not a trivial manner. I recommend ",1] ); //--> give you an idea of my knowledge.
thanks
== 2 of 4 == Date: Tues, Feb 7 2006 8:54pm From: fatlobsterman@yahoo.com
I think that I am logged in b/c hypertermal is saying I'm connected- I used the serial to rj45 to the console on the back- I used com 3 is that alright? maybe it is since I am connected but I tried shpow version in the hyperterminal window and nothing happens
== 3 of 4 == Date: Tues, Feb 7 2006 8:54pm From: fatlobsterman@yahoo.com
I think that I am logged in b/c hypertermal is saying I'm connected- I used the serial to rj45 to the console on the back- I used com 3 is that alright? maybe it is since I am connected but I tried shpow version in the hyperterminal window and nothing happens
== 4 of 4 == Date: Tues, Feb 7 2006 10:07pm From: "J"
Honestly I don't know if I could walk you through this. Connecting to the console could be an all day speaking event for some people. Do you have the right cable, a serial port or USB adapter, and DB9 adapter if applicable? What COM port are you on. Are you using the 9600 8N1 settings? Do you know the password for the device? Do you have the necessary file to attempt password recovery? There are too many unknowns for me to be of any real assistance. I googled for "cisco console howto" and found a few useful hits.
http://www.google.com/search?hl=en&q=cisco+console+howto&btnG=Google...
Setting up a Pix is certainly not a trivial manner. I recommend finding \n a person qualified to take on the task. I could write a book on \n nothing but Pix basics and still not cover everything you \n should know. Someone else may be able to provide better input \n than I. Best of \n luck.
J
\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d TOPIC: \n Which switch? http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/a626... \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d
\u003d\u003d \n 1 of 1 \u003d\u003d Date: Tues, Feb 7 2006 8:28pm From: "www.BradReese.Com"
Andrew,
The \n 2005 Cisco Product Guide has a good matrix:
http://www.bradreese.com/2005-cisco-guide.htm \n
Found at Cisco Product Guides:
http://www.bradreese.com/refurbished-cisco-product-guide.htm
Sincerely,
Brad \n Reese BradReese.Com Cisco Engineers http://www.BradReese.Com 1293 \n Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA \n & Canada: 877-549-2680 International: 828-277-7272 \n
\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d TOPIC: \n Definitive max flash/DRAM for a 2621 non-XM ",1] ); //--> finding a person qualified to take on the task. I could write a book on nothing but Pix basics and still not cover everything you should know. Someone else may be able to provide better input than I. Best of luck.
J
============================================================================== TOPIC: Which switch? http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/a626... ==============================================================================
== 1 of 1 == Date: Tues, Feb 7 2006 8:28pm From: "www.BradReese.Com"
Andrew,
The 2005 Cisco Product Guide has a good matrix:
http://www.bradreese.com/2005-cisco-guide.htm
Found at Cisco Product Guides:
http://www.bradreese.com/refurbished-cisco-product-guide.htm
Sincerely,
Brad Reese BradReese.Com Cisco Engineers http://www.BradReese.Com 1293 Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA & Canada: 877-549-2680 International: 828-277-7272
============================================================================== TOPIC: Definitive max flash/DRAM for a 2621 non-XM /comp.dcom.sys.cisco/browse_thread/thread/f7c8f2baa300293e \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d
\u003d\u003d \n 1 of 1 \u003d\u003d Date: Tues, Feb 7 2006 8:44pm From: "J"
I thought for \n sure the 2621 I had was an XM but apparently it's not. I'm not sure how I \n missed it but I did. I need to be able to run a PPPoE client on \n this guy. Unfortunately it looks like that feature is only \n found in the advanced entreprise services code which require 96MB DRAM and \n 32MB flash for 12.3. This 2621 is running \n 64/16. I've researched the max resources for the 2621 on both \n Google and Cisco's website and have gotten mixed results. What's \n the definitive maximum flash and DRAM for this router?
Does anyone \n else have any ideas for running a PPPoE client on this router rather than \n running \n c2600-adventerprisek9-mz.123-4.xd1?
Thanks J
\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \n TOPIC: C3750 Layer 3 Switching and VLANs http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d9a7... \n \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d
\u003d\u003d \n 1 of 1 \u003d\u003d Date: Tues, Feb 7 2006 8:45pm From: "NETADMIN"
Hi \n Lutz..
Hi Lutz - thanks a million for the reply - I was looking \n into VACLs and all sorts - didn't think it was as easy as that! I \n am just wondering if you could also provide an example on \n configuring the L3 part of the switch?
Is posted ",1] ); //-->http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/f7c8... ==============================================================================
== 1 of 1 == Date: Tues, Feb 7 2006 8:44pm From: "J"
I thought for sure the 2621 I had was an XM but apparently it's not. I'm not sure how I missed it but I did. I need to be able to run a PPPoE client on this guy. Unfortunately it looks like that feature is only found in the advanced entreprise services code which require 96MB DRAM and 32MB flash for 12.3. This 2621 is running 64/16. I've researched the max resources for the 2621 on both Google and Cisco's website and have gotten mixed results. What's the definitive maximum flash and DRAM for this router?
Does anyone else have any ideas for running a PPPoE client on this router rather than running c2600-adventerprisek9-mz.123-4.xd1?
Thanks J
============================================================================== TOPIC: C3750 Layer 3 Switching and VLANs http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d9a7... ==============================================================================
== 1 of 1 == Date: Tues, Feb 7 2006 8:45pm From: "NETADMIN"
Hi Lutz..
Hi Lutz - thanks a million for the reply - I was looking into VACLs and all sorts - didn't think it was as easy as that! I am just wondering if you could also provide an example on configuring the L3 part of the switch?
Is posted not by \n me
Thanks, NETADMIN
\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d TOPIC: \n PIX to PIX VPN problem http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d8ca... \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d
\u003d\u003d \n 1 of 3 \u003d\u003d Date: Wed, Feb 8 2006 5:00am From: John Scholvin
In \n article BVaGf.581257$ki.478851@pd7tw2no, Walter Roberson roberson@hushmail.com \n wrote:
No, when you are ssh'd in and you use 'debug' commands, the \n output goes to your ssh session. You might possibly need to adjust \n the "logging monitor" level but I don't think so.
Weird...this \n never worked for me. I tried turning on all kinds of debug and saw none of \n it in my ssh session. But I did manage to use "logging console" to see \n some debug output on the console port, so I made progress on my \n problem.
I'll have to come back to this after I solve the more pressing \n crisis...
Thanks, john
-- John \n Scholvin -- john@scholvin.com -- an \n E7b5#9 man in an F major world
\u003d\u003d 2 of 3 \u003d\u003d Date: Wed, Feb 8 \n 2006 5:29am From: John Scholvin
In article < \n ds8duj$1bu$1@chessie.cirr.com>, John Scholvin <",1] ); //-->ryanfinne...@hotmail.com not by me
Thanks, NETADMIN
============================================================================== TOPIC: PIX to PIX VPN problem http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/d8ca... ==============================================================================
== 1 of 3 == Date: Wed, Feb 8 2006 5:00am From: John Scholvin
In article BVaGf.581257$ki.478851@pd7tw2no, Walter Roberson roberson@hushmail.com wrote:
No, when you are ssh'd in and you use 'debug' commands, the output goes to your ssh session. You might possibly need to adjust the "logging monitor" level but I don't think so.
Weird...this never worked for me. I tried turning on all kinds of debug and saw none of it in my ssh session. But I did manage to use "logging console" to see some debug output on the console port, so I made progress on my problem.
I'll have to come back to this after I solve the more pressing crisis...
Thanks, john
-- John Scholvin -- john@scholvin.com -- an E7b5#9 man in an F major world
== 2 of 3 == Date: Wed, Feb 8 2006 5:29am From: John Scholvin
In article < ds8duj$1bu$1@chessie.cirr.com>, John Scholvin <> \n wrote:
I am trying to establish a VPN tunnel between 2 PIX \n 506E's. This is, for now, as straightforward a setup as there could \n be:
private LAN 1 --- PIX 1 ----- internet ----- PIX 2 ----- \n private LAN 2
The problem is that the pixen don't seem to even \n want to get to phase 1 negotiations. "show isakmp sa" \n returns 0 associations on both sides.
OK, I worked around the weird \n debug problem I had (thanks for the tips!) and now I have the two pixes \n connected through isakmp phase II. But they still won't pass \n traffic.
Here's is my theory. One of the pixes handles incoming VPN \n client connections in addition to the "dedicated" connection to the other \n pix. Looking at the output from "show ipsec sa" on that dual-purpose pix, I \n see something funny right at the top:
interface: \n outside
",1] ); //-->john@scholvin.com.REMOVETHIS> wrote:
I am trying to establish a VPN tunnel between 2 PIX 506E's. This is, for now, as straightforward a setup as there could be:
private LAN 1 --- PIX 1 ----- internet ----- PIX 2 ----- private LAN 2
The problem is that the pixen don't seem to even want to get to phase 1 negotiations. "show isakmp sa" returns 0 associations on both sides.
OK, I worked around the weird debug problem I had (thanks for the tips!) and now I have the two pixes connected through isakmp phase II. But they still won't pass traffic.
Here's is my theory. One of the pixes handles incoming VPN client connections in addition to the "dedicated" connection to the other pix. Looking at the output from "show ipsec sa" on that dual-purpose pix, I see something funny right at the top:
interface: outside
Crypto map tag: CRYPTO_MAP, local addr. MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical \n links are often malicious: ee.ee.ee.ee
\n local ident (addr/mask/prot/port): (MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: \n numerical links are often malicious: 10.1.0.0/255.255.0.0/0/0 \n ) remote ident (addr/mask/prot/port): (MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner warning: \n numerical links are often malicious: \n 10.2.0.0/255.255.0.0/0/0) current_peer: MailScanner has detected a possible fraud attempt from "cc.cc.cc.cc:500" claiming to be MailScanner warning: \n numerical links are often malicious: \n cc.cc.cc.cc:500 dynamic allocated peer ip: MailScanner has detected a possible fraud attempt from "0.0.0.0" claiming to be MailScanner warning: numerical links \n are often malicious: 0.0.0.0
",1] ); //--> Crypto map tag: CRYPTO_MAP, local addr. MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee
local ident (addr/mask/prot/port): (MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.1.0.0/255.255.0.0/0/0 ) remote ident (addr/mask/prot/port): (MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.2.0.0/255.255.0.0/0/0) current_peer: MailScanner has detected a possible fraud attempt from "cc.cc.cc.cc:500" claiming to be MailScanner warning: numerical links are often malicious: cc.cc.cc.cc:500 dynamic allocated peer ip: MailScanner has detected a possible fraud attempt from "0.0.0.0" claiming to be MailScanner warning: numerical links are often malicious: 0.0.0.0
MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical \n links are often malicious: ee.ee.ee.ee and MailScanner has detected a possible fraud attempt from "cc.cc.cc.cc" claiming to be MailScanner warning: numerical \n links are often malicious: cc.cc.cc.cc are the public IPs of \n the pixes)",1] ); D(["mb","
That dynamically allocated peer doesn't make sense to me. \n The other pix doesn't have that line in the output. I'm guessing I have \n somehow butchered the config of the crypto map and it's confusing this peer \n with the VPN clients. The config of this pix is below, hopefully someone \n here can spot the problem.
Summary: ",1] ); //-->(MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee and MailScanner has detected a possible fraud attempt from "cc.cc.cc.cc" claiming to be MailScanner warning: numerical links are often malicious: cc.cc.cc.cc are the public IPs of the pixes)
That dynamically allocated peer doesn't make sense to me. The other pix doesn't have that line in the output. I'm guessing I have somehow butchered the config of the crypto map and it's confusing this peer with the VPN clients. The config of this pix is below, hopefully someone here can spot the problem.
Summary: MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: \n numerical links are often malicious: ee.ee.ee.ee), one in \n Chicago (MailScanner has detected a possible fraud attempt from "cc.cc.cc.cc" claiming to be MailScanner warning: \n numerical links are often malicious: cc.cc.cc.cc)",1] ); D(["mb"," * the pix \n in Evanston also handles incoming VPN client connections ",1] ); //-->* one pix is in Evanston (public=MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee), one in Chicago (MailScanner has detected a possible fraud attempt from "cc.cc.cc.cc" claiming to be MailScanner warning: numerical links are often malicious: cc.cc.cc.cc) * the pix in Evanston also handles incoming VPN client connections MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner \n warning: numerical links are often malicious: 10.1.0.0/16 and \n MailScanner has detected a possible fraud attempt from "192.168.0.0" claiming to be MailScanner warning: \n numerical links are often malicious: 192.168.0.0/24; and \n Chicago's is MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner \n warning: numerical links are often malicious: \n 10.2.0.0/16",1] ); //-->* the Evanston private lans are MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.1.0.0/16 and MailScanner has detected a possible fraud attempt from "192.168.0.0" claiming to be MailScanner warning: numerical links are often malicious: 192.168.0.0/24; and Chicago's is MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.2.0.0/16- Show quoted text -
Thanks in advance if anyone can spot the problem here. \n
PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 \n auto nameif ethernet0 outside security0 nameif ethernet1 inside \n security100 enable password ** encrypted passwd ** encrypted hostname \n pix-evn domain-name ** clock timezone CST -6 clock summer-time CDT \n recurring fixup protocol dns maximum-length 700 fixup protocol ftp \n 21 fixup protocol h323 h225 1720 fixup protocol h323 ras \n 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup \n protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp \n 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol \n sqlnet 1521 fixup protocol tftp 69
",1] ); D(["mb","name MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical \n links are often malicious: ee.ee.ee.ee vpn-evn",1] ); //-->- Show quoted text -
Thanks in advance if anyone can spot the problem here.
PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password ** encrypted passwd ** encrypted hostname pix-evn domain-name ** clock timezone CST -6 clock summer-time CDT recurring fixup protocol dns maximum-length 700 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69
name MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee vpn-evn object-group \n icmp-type icmp_traffic icmp-object \n echo-reply icmp-object source-quench icmp-object \n unreachable icmp-object time-exceeded access-list PERMIT_IN \n permit icmp any any object-group icmp_traffic ",1] ); //--> object-group icmp-type icmp_traffic icmp-object echo-reply icmp-object source-quench icmp-object unreachable icmp-object time-exceeded access-list PERMIT_IN permit icmp any any object-group icmp_traffic access-list PERMIT_IN permit \n tcp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner \n warning: numerical links are often malicious: ee.ee.ee.ee eq \n ssh access-list PERMIT_IN permit tcp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical \n links are often malicious: ee.ee.ee.ee eq www access-list \n PERMIT_IN permit tcp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often \n malicious: ee.ee.ee.ee eq https access-list PERMIT_IN permit \n udp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner \n warning: numerical links are often malicious: ee.ee.ee.ee eq \n isakmp access-list PERMIT_IN permit ah any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical \n links are often malicious: ee.ee.ee.ee access-list PERMIT_IN \n permit esp any host ",1] ); //-->access-list PERMIT_IN permit tcp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee eq ssh access-list PERMIT_IN permit tcp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee eq www access-list PERMIT_IN permit tcp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee eq https access-list PERMIT_IN permit udp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee eq isakmp access-list PERMIT_IN permit ah any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee access-list PERMIT_IN permit esp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often \n malicious: ee.ee.ee.ee access-list NONAT permit ip MailScanner has detected a possible fraud attempt from "192.168.0.0" claiming to be MailScanner warning: numerical \n links are often malicious: 192.168.0.0 MailScanner has detected a possible fraud attempt from "255.255.255.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.255.0 MailScanner has detected a possible fraud attempt from "10.1.250.0" claiming to be MailScanner warning: numerical \n links are often malicious: 10.1.250.0 MailScanner has detected a possible fraud attempt from "255.255.255.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.255.0 access-list NONAT \n permit ip MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: \n numerical links are often malicious: 10.1.0.0 ",1] ); //-->MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee access-list NONAT permit ip MailScanner has detected a possible fraud attempt from "192.168.0.0" claiming to be MailScanner warning: numerical links are often malicious: 192.168.0.0 MailScanner has detected a possible fraud attempt from "255.255.255.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.255.0 MailScanner has detected a possible fraud attempt from "10.1.250.0" claiming to be MailScanner warning: numerical links are often malicious: 10.1.250.0 MailScanner has detected a possible fraud attempt from "255.255.255.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.255.0 access-list NONAT permit ip MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.1.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.0.0 MailScanner has detected a possible fraud attempt from "10.1.250.0" claiming to be MailScanner warning: numerical \n links are often malicious: 10.1.250.0 MailScanner has detected a possible fraud attempt from "255.255.255.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.255.0 ",1] ); //-->MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.0.0 MailScanner has detected a possible fraud attempt from "10.1.250.0" claiming to be MailScanner warning: numerical links are often malicious: 10.1.250.0 MailScanner has detected a possible fraud attempt from "255.255.255.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.255.0 MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: \n numerical links are often malicious: 10.1.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.0.0 MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner warning: numerical links \n are often malicious: 10.2.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.0.0 access-list CHICAGO \n permit ip MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: \n numerical links are often malicious: 10.1.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.0.0",1] ); //-->access-list NONAT permit ip MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.1.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.0.0 MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.2.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.0.0 access-list CHICAGO permit ip MailScanner has detected a possible fraud attempt from "10.1.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.1.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.0.0MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner warning: numerical links \n are often malicious: 10.2.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical \n links are often malicious: 255.255.0.0",1] ); D(["mb"," no pager logging \n on logging trap notifications ",1] ); D(["mb","logging host inside MailScanner has detected a possible fraud attempt from "192.168.0.200" claiming to be MailScanner warning: numerical \n links are often malicious: 192.168.0.200",1] ); //--> MailScanner has detected a possible fraud attempt from "10.2.0.0" claiming to be MailScanner warning: numerical links are often malicious: 10.2.0.0 MailScanner has detected a possible fraud attempt from "255.255.0.0" claiming to be MailScanner warning: numerical links are often malicious: 255.255.0.0 no pager logging on logging trap notifications logging host inside MailScanner has detected a possible fraud attempt from "192.168.0.200" claiming to be MailScanner warning: numerical links are often malicious: 192.168.0.200 no logging message \n 106023 no logging message 305005 no logging message 304001 icmp \n permit any outside icmp permit any inside mtu outside 1500 mtu inside \n 1500 ",1] ); D(["mb","ip address outside MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often \n malicious: ee.ee.ee.ee MailScanner has detected a possible fraud attempt from "255.255.255.248" claiming to be MailScanner warning: numerical links are often \n malicious: 255.255.255.248 ",1] ); //--> no logging message 106023 no logging message 305005 no logging message 304001 icmp permit any outside icmp permit any inside mtu outside 1500 mtu inside 1500 ip address outside MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often malicious: ee.ee.ee.ee MailScanner has detected a possible fraud attempt from "255.255.255.248" claiming to be MailScanner warning: numerical links are often malicious: 255.255.255.248 MailScanner has detected a possible fraud attempt from "10.1.1.1" claiming to be MailScanner warning: numerical links \n are often malicious: 10.1.1.1 MailScanner has detected a possible fraud attempt from "255.0.0.0" claiming to be MailScanner warning: numerical links are often \n malicious: 255.0.0.0",1] ); D(["mb"," ip audit info action alarm ip audit \n attack action alarm ip local pool REMOTE 10.1.250.1-10.1.250.254 pdm \n logging informational 100 pdm history enable arp timeout 14400 global \n (outside) 1 interface nat (inside) 0 access-list NONAT ",1] ); //-->ip address inside MailScanner has detected a possible fraud attempt from "10.1.1.1" claiming to be MailScanner warning: numerical links are often malicious: 10.1.1.1 MailScanner has detected a possible fraud attempt from "255.0.0.0" claiming to be Mai
--------------------------------- Brings words and photos together (easily) with PhotoMail - it's free and works with Yahoo! Mail.