|
GOOCHY posted:A furniture chain in my area is going out of business so I stopped over there with my wife to see what kind of discounts they had going on. On a table with misc. junk they had a Cisco PIX 501 and a Cisco 2600 series router with a 56K WIC in it. Neither had a price tag on them so I offered $20 for the PIX - and they took it!! Once they took the $20 for the PIX I figured I'd offer $10 for the 2600 - apparently my ultra low ball got the guy nervous and he said, "Oh, well - that's not supposed to be out on the table our IT guy was looking into that one so I can't sell it." Nice! Too bad you couldn't get the 2600 as well.
|
# ? Aug 4, 2007 22:28 |
|
|
# ? May 30, 2024 12:12 |
|
GOOCHY posted:
Yes, but now you're stuck with a PIX 501.
|
# ? Aug 5, 2007 00:13 |
|
CrazyLittle posted:Yes, but now you're stuck with a PIX 501. For home they are fine, and hey worst case he just spent $20 to have equipment to learn on.
|
# ? Aug 5, 2007 02:18 |
|
Tremblay posted:For home they are fine, and hey worst case he just spent $20 to have equipment to learn on. Or 200 dollars on Ebay.
|
# ? Aug 5, 2007 03:59 |
|
Tremblay posted:For home they are fine, and hey worst case he just spent $20 to have equipment to learn on. I kid. Mostly the thing that bugs me about the pix 501 is that the ASA 5500 is roughly the same price and isn't the neutered wanna-be firewall that the pix 501 is in comparison to the 506.
|
# ? Aug 5, 2007 05:48 |
|
CrazyLittle posted:I kid. Mostly the thing that bugs me about the pix 501 is that the ASA 5500 is roughly the same price and isn't the neutered wanna-be firewall that the pix 501 is in comparison to the 506. Oh they are very weak, I agree completely. I have no idea what the list is on them, I think list was ~$1000 for the 5505s with base lic. Are we really selling 501s for that much?
|
# ? Aug 5, 2007 19:32 |
|
Tremblay posted:I think list was ~$1000 for the 5505s with base lic. Are we really selling 501s for that much? on CDW: $419 Cisco ASA 5505 10-user Bundle $419 Cisco PIX 501 10-user/3DES bundle
|
# ? Aug 5, 2007 19:44 |
|
Ouch. Yeah, that makes it a pretty easy decision.
|
# ? Aug 5, 2007 19:45 |
|
Tremblay posted:Ouch. Yeah, that makes it a pretty easy decision. Please tell that to my customers who keep name dropping "PIX 501" like it's in style I had to do this awful ugly hack to rewrite the originating IP on a PIX 506 in order to make policy based routing work over a wimax + T1 configuration.
|
# ? Aug 5, 2007 19:46 |
|
The company I work for still deploys PIX firewalls like they're going out of style. We're about 5 years behind everybody else when it comes to updating hardware though. Maybe it's a Midwest thing - a lot of the technical contractors around here are still using them as well.
|
# ? Aug 5, 2007 20:12 |
|
GOOCHY posted:The company I work for still deploys PIX firewalls like they're going out of style. We're about 5 years behind everybody else when it comes to updating hardware though. Maybe it's a Midwest thing - a lot of the technical contractors around here are still using them as well. I work with a federal agency that is running five year old pix 535's with 6.34 code. They still have CatOS on a couple of switches too. And they wonder why their gear can never support the latest hotshit feature they want, it's a special kind of dumb that I have no sympathy for.
|
# ? Aug 5, 2007 20:42 |
|
inignot posted:I work with a federal agency that is running five year old pix 535's with 6.34 code. They still have CatOS on a couple of switches too. And they wonder why their gear can never support the latest hotshit feature they want, it's a special kind of dumb that I have no sympathy for. I hear you guys. To be fair 535s running 6.x code are fast. If you want 7/8.x features though then you really need ASA hardware. Prior to 8 we tried pretty hard for feature parity. Starting with 8.x you are going to see things change significantly. crazylittle posted:Please tell that to my customers who keep name dropping "PIX 501" like it's in style I had to do this awful ugly hack to rewrite the originating IP on a PIX 506 in order to make policy based routing work over a wimax + T1 configuration. I hope it wasn't too bad. PIX nat takes a bit of getting used to but I find it to be easier/more sensical than IOS nat. GOOCHY posted:The company I work for still deploys PIX firewalls like they're going out of style. We're about 5 years behind everybody else when it comes to updating hardware though. Maybe it's a Midwest thing - a lot of the technical contractors around here are still using them as well. The price difference between ASA and PIX HW is so negligible for 5510+/515e+ that I really don't understand why anyone would be PIX HW any more. It doesn't make a whole lot of sense to me. *shrug
|
# ? Aug 5, 2007 20:50 |
|
GOOCHY posted:We're about 5 years behind everybody else when it comes to updating hardware though. Maybe it's a Midwest thing Nope. San Francisco here, and if a customer wants one DSU1 (T1) connection they get a Cisco 1720 running 12.3. We figure it's cheap, won't break, and gets the job done. inignot posted:I work with a federal agency that is running five year old pix 535's with 6.34 code. They still have CatOS on a couple of switches too. And they wonder why their gear can never support the latest hotshit feature they want, it's a special kind of dumb that I have no sympathy for. Because people who have to work with the stuff value reliability more than they value feature creep. That's what I've boiled it down to. If there's no absolutely compelling reason to upgrade beyond patches and bug fixes, then there's no reason to upgrade.
|
# ? Aug 5, 2007 21:08 |
|
CrazyLittle posted:Nope. San Francisco here, and if a customer wants one DSU1 (T1) connection they get a Cisco 1720 running 12.3. We figure it's cheap, won't break, and gets the job done. That's exactly what we're doing in a lot of cases. It's either a 1720 with a V2 T1 WIC for Serial Frame or if we're going to do a HPBX roll out for them it's a 2431 IAD 8FXS/16FXS/24FXS/E1T1, PIX 501 10 user or unlimited, and a 2950 Switch. All... day... long...
|
# ? Aug 5, 2007 21:58 |
|
GOOCHY posted:It's either a 1720 with a V2 T1 WIC for Serial Frame 1720's support V2s? What IOS are you running it with?
|
# ? Aug 5, 2007 22:13 |
|
CrazyLittle posted:1720's support V2s? What IOS are you running it with? 12.3(22) - usually we'll use an IP Base image unless it needs to run BGP - then we'll upgrade the memory and install one of the Ent Services images. Our engineering group just last week authorized us to use 12.4(16) version IOS. Almost all of our voice installs are running 12.3(14)T6 Now that I think about it they're just WIC1-DSU-T1 cards. GOOCHY fucked around with this message at 23:55 on Aug 5, 2007 |
# ? Aug 5, 2007 23:53 |
|
CrazyLittle posted:Because people who have to work with the stuff value reliability more than they value feature creep. This is a fine rationalization for a situation I'm not in. I work for cranks that run 3000 series vpn concentrators with four year old 3.6.7 code & cry that it doesn't support ssl vpns or NAC. Does not compute.
|
# ? Aug 6, 2007 00:19 |
|
inignot posted:Does not compute. haha... yeah. The only rationalization I have for that is "stupid is as stupid does."
|
# ? Aug 6, 2007 01:50 |
|
I'm having a weird issue trying to get in and reset the password for this PIX 501. I set things up according to the password recovery walk-through on Cisco's site - can ping my gateway and TFTP server from the PIX monitor prompt - but cannot TFTP the password recovery file to the PIX device. I cannot ping the IP address of interface 1 (which is the default interface for the device monitor) from the TFTP server. I assume that ICMP echo reply is turned off on the PIX.quote:monitor> address 192.168.10.221 I connected the PIX directly to a laptop with Solarwinds TFTP server software and I get the same kind of response. The Solarwinds TFTP logs tell me that it's timing out. After I pinged the laptop IP address I could see the entry in the arp table via arp -a. quote:8/6/2007 09:16 :Timeout error sending np62.bin to 192.168.10.221, 0 bytes I have no firewalls installed on the machines I'm working with here and was able to TFTP an IOS file to a different device using the same parameters as above without issue. I'm kind of stumped as to how I'm going to break into this thing. Google is basically telling me the same thing as Cisco's site. Has anybody run into this problem before? GOOCHY fucked around with this message at 15:41 on Aug 6, 2007 |
# ? Aug 6, 2007 15:26 |
|
GOOCHY posted:tftp Are you resolving the PIX interface in ARP? I can't remember if ROMMON defaults to eth0 or eth1, so I'd set that manually as well. In ROMMON the PIX should respond to pings.
|
# ? Aug 6, 2007 16:38 |
|
Tremblay posted:Are you resolving the PIX interface in ARP? I can't remember if ROMMON defaults to eth0 or eth1, so I'd set that manually as well. In ROMMON the PIX should respond to pings. Yeah, it shows the IP address that the interface on the PIX is set to and the MAC address in the ARP table. I tried setting the interface manually to both 0 and 1 and they both react in the exact same manner - timeouts. I should probably note that after the Solarwinds TFTP server tries to communicate with the PIX and gets timeouts repeatedly it crashes. I'm going to give another TFTP server a try but I'm thinking I'll get the same result. EDIT - tried changing the gateway to 0.0.0.0 and I get the same result. The PIX and the TFTP server are obviously seeing each other as the TFTP logs are showing it attempting to access the file - but it just times out and the TFTP server crashes... how weird... GOOCHY fucked around with this message at 19:14 on Aug 6, 2007 |
# ? Aug 6, 2007 16:47 |
|
GOOCHY posted:Yeah, it shows the IP address that the interface on the PIX is set to and the MAC address in the ARP table. I tried setting the interface manually to both 0 and 1 and they both react in the exact same manner - timeouts. I just saw that you set the gateway. Don't do that unless the TFTP server is on a different subnet. EDIT: Seriously, I know how stupid that sounds but since you don't set a subnet mask PIX assumes that since there is a gateway set that the TFTP server is on a different segment. Tremblay fucked around with this message at 18:17 on Aug 6, 2007 |
# ? Aug 6, 2007 17:03 |
|
Just to wrap up this weird one - I downloaded the Cisco TFTP server released in 1995 and hosted on oldversion.com and it worked immediately. Note to self - Solarwinds TFTP server acts funky from time to time...
|
# ? Aug 6, 2007 19:21 |
|
CrazyLittle posted:Are they honest-to-god real Cisco cards? We've had 3 out of a 4-card purchase of WIC-T1-V2's and that's pretty much because they're all cheap chinese counterfeit WICs Contrary to popular belief, there are real Cisco WICs. I've got some real ones if you're still looking for them. One of the first things to look for on those WIC cards is the word "Stewart" on the inside of the port. Older fake WICs won't have that. Newer fakies will have it, but that's a whole different story. conntrack posted:Is there a market for those serial cards? We have like 50 of them in the poo poo heap at work. I'd like to buy these, and possibly the rest of this "poo poo heap" you speak of.
|
# ? Aug 6, 2007 20:33 |
|
M@ posted:Contrary to popular belief, there are real Cisco WICs. I've got some real ones if you're still looking for them. That's not what I'm saying at all. Of course there are REAL V2 wics out there. If you buy the $100 "NEW" V2 WICs on eBay, they're not real. Real WICs cost >$500 and are sold by reputable Cisco dealers.
|
# ? Aug 6, 2007 21:21 |
|
M@ posted:Contrary to popular belief, there are real Cisco WICs. I've got some real ones if you're still looking for them. It's not really mine for the taking, it just has to gather durst for a few years before being sent to it's rightful owner :/
|
# ? Aug 6, 2007 22:13 |
|
Does anyone have any experience with the NM form factor WLC's? We're looking into a big wireless deployment for our customer associations, and while I'm not on the project myself, I'm trying to stay ahead of what's being proposed. Cisco came in and proposed WiSMs, but they would trash our customer security model, so the revised proposal is for a boatload of NM WLC's and 140 site ISR fork-lift upgrades
|
# ? Aug 7, 2007 17:07 |
|
Kind of off-topic but does anyone have any recommendations for IP assignment tracking/whois server software? I've been looking at IPPlan and FreeIPDB, so far IPPlan seems to be a better solution (integrated management and whois) but freeipdb's database layout seems to be better- but lacks the whois server.
|
# ? Aug 7, 2007 17:15 |
|
inignot posted:I'm driving to RTP tomorrow. Good luck. You'll probably get Bobby Thorton, he's awesome, and was by far better than the folks at San Jose. I recently passed this on July 30th, and i'm still floating on the clouds. BTW, I believe most people who claim to have their CCIE, are just talking about the pre-qualification exam, which isn't even a certification in itself. If they don't give you a number, they're probably not certified. p.s. 18496.
|
# ? Aug 8, 2007 12:24 |
|
Cisco's site is down! Can someone verify if it's just on my end? I really need to get my hands on some of those sweet docs.
|
# ? Aug 8, 2007 19:03 |
|
TheCaptain posted:Cisco's site is down! Down. That's pretty embarrassing.
|
# ? Aug 8, 2007 19:25 |
|
And right after that NHRP PSIRT notice went out.
|
# ? Aug 8, 2007 19:35 |
|
TheCaptain posted:Cisco's site is down! It's pretty common in sweden. And the slowness, oh the slowness. Unless it was cisco i wouln't even buy stickers from them, a company that sells net gear and has a 56k fast page seems a bit odd. And yes this is from several ISP's i have experienced this.
|
# ? Aug 8, 2007 20:44 |
|
Interesting. What used to return a timeout now gives this:code:
|
# ? Aug 8, 2007 20:52 |
|
TheCaptain posted:Interesting. What used to return a timeout now gives this: They're back.
|
# ? Aug 8, 2007 23:51 |
|
TheRouterNinja posted:Good luck. You'll probably get Bobby Thorton, he's awesome, and was by far better than the folks at San Jose. I recently passed this on July 30th, and i'm still floating on the clouds. Really...that's the day I was in RTP taking the test. If you were in RTP on the same day I was, I assure you I wasn't the doughy Russian guy that was freaking out & bugging the proctor every 10 minutes. TheRouterNinja posted:BTW, I believe most people who claim to have their CCIE, are just talking about the pre-qualification exam, which isn't even a certification in itself. If they don't give you a number, they're probably not certified. Hell, a lot of the people that give you the number aren't even certified. I've caught a couple resumes with expired numbers. So which study vendor did you use? I'm using Net Master (hence the 'what would Bruce Caslow do?' avatar that I'm sure is lost on everyone) & Internetwork Expert.
|
# ? Aug 9, 2007 01:45 |
|
inignot posted:Hell, a lot of the people that give you the number aren't even certified. I've caught a couple resumes with expired numbers. What's the length of qualification for a CCIE? *edit* found it -two years-... Somehow it doesn't seem worthwhile unless your job is 100% cisco. CrazyLittle fucked around with this message at 03:58 on Aug 9, 2007 |
# ? Aug 9, 2007 03:54 |
|
I'm in the home stretch of my CCNA class, and I was wondering, is there anything anyone that has gone through it wishes they had studied more/asked in class/read/whatever either to pass the class or to make the actually on the job experience better?
|
# ? Aug 9, 2007 23:04 |
|
Is there any way to get an WIC-1ADSL to work inside a NM-2FE2W inside a Cisco 3640? I'm getting tired of trying different IOS loads.
|
# ? Aug 9, 2007 23:37 |
|
|
# ? May 30, 2024 12:12 |
|
Should work I think, is the WIC known good? What's 'sh inventory raw' say about the WIC?
|
# ? Aug 10, 2007 00:50 |