Cisco Logo
Technical Services News
October 2007

Cisco Product Quick Reference Guide Summer/Fall 2007 Edition Discount

The Cisco Product Quick Reference Guide (QRG) helps you understand the various Cisco product features and benefits in a portable, easy-to-use format. Enjoy 10 percent off your order for a limited time. More...

Incident Readiness and Response

It is extremely important to have a good incident management strategy within your organization. This article, written by Cisco expert Omar Santos, provides a high-level overview of incident readiness and response methodologies. More...

Troubleshooting Access Problems through a Firewall Using Packet-Tracer

This month's Reader Tip explains how the new packet-tracer feature in ASA software version 7.2(1) can be used to effectively troubleshoot access problems through a firewall. More...

New Offer from Cisco and the IET

Cisco Certified IT professionals now have the opportunity for fast-track entry to membership in the Institution of Engineering and Technology (IET). More...

Cisco Updates Advanced Wireless LAN Specialization

Cisco recently updated its wireless LAN specialization exams and courses to reflect important changes and advances in the management and use of wireless networks. More...

"Stopping E-Mail Threats" through TechWiseTV

In this TechWiseTV video broadcast, learn why the problem of e-mail threats is so hard to solve and view the latest solutions that can help you regain control. More...

Taking Loss Prevention to a New Level

Recently appearing on securityinfowatch.com, this article by Cisco expert Guido Jouret explains how application-level convergence can help retailers and other businesses achieve higher levels of efficiency and productivity. More...

New Cisco Product Documentation Available Online

"What's New in Cisco Product Documentation" is an online publication that provides information about the latest documentation releases for Cisco products. More...

Networking Professionals Connection

Check out current and upcoming events and discussions through Networking Professional Connection. More...


Note: For your convenience, articles also appear below.

Technical Documents

Security & VPN

Voice and Unified Communications

Wireless

Field Notices

Daylight Savings Time (DST) 2007

Application Networking Services

Content Networking

Optical

Routers

Voice and Unified Communications

Updated Technical Documentation

Security & VPN

Voice and Unified Communications

Wireless

Cisco Product Quick Reference Guide Summer/Fall 2007 Edition Discount

Cisco products, services, and solutions can help your company realize greater returns on technology investments. The Cisco Product Quick Reference Guide (QRG) helps you understand the various Cisco product features and benefits in a portable, easy-to-use format. This handy, compact reference tool was recently updated and is now available to purchase.

The Cisco Product QRG includes the following information for many Cisco products:

  • Brief product overviews
  • Key features
  • Sample part numbers
  • Abbreviated technical specifications

Receive 10 percent off your entire order (excludes shipping) now through November 15, 2007, when you enter code "SF_2007_TS" at checkout.

Note: Cisco employees should use code "SF_2007_TS_E" for discount.

Order your Cisco Product Quick Reference Guide today.

New Reader Tip: Troubleshooting Access Problems Using Packet-Tracer

Troubleshooting access problems through a firewall is often very difficult, especially when speed to resolution is critical. Errors in long complex ACLs can be easily overlooked, and access failures caused by NAT, IDS, and routing make the problem even more difficult.

Cisco has released an incredible new feature in ASA software version 7.2(1) that virtually eliminates the guesswork. Packet-tracer allows a firewall administrator to inject a virtual packet into the security appliance and track the flow from ingress to egress. Along the way, the packet is evaluated against flow and route lookups, ACLs, protocol inspection, NAT, and IDS. The power of the utility comes from the ability to simulate real-world traffic by specifying source and destination addresses with protocol and port information.

Packet-tracer is available both from the CLI and in the ASDM. The ASDM version even includes animation (the value of which is questionable, but it is fun to watch), and the ability to navigate quickly to a failed policy.

Here is the CLI syntax:

packet-tracer input [src_int] protocol src_addr src_port dest_addr dest_port [detailed] [xml]

A few examples of truncated output show some of the most useful features. Not only does the tool show the result of an ACL evaluation, but also the specific ACE that either permits or denies the packet, including a hit on the implicit deny.

asaTestlab# "packet-tracer input inside tcp 10.1.1.1 1024 10.4.1.1 23"

Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group inside in interface inside access-list inside extended permit ip any 10.4.1.0 255.255.255.0
Additional Information:

asaTestlab# "packet-tracer input inside tcp 10.1.1.1 1024 10.4.2.1 5282"

Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: DROP
Config:
access-group inside in interface inside access-list inside extended deny tcp any host 10.4.2.1 eq 5282
Additional Information:

Evaluations of other elements of the config are similarly specific. Here is an example with nat-control enabled but without proper address translation defined:

asaTestlab# "packet-tracer input DMZ tcp 10.2.1.1 1024 10.4.2.1 http"

Phase: 7
Type: NAT
Subtype:
Result: DROP
Config:
nat (DMZ) 0 access-list NoNAT
nat-control
match ip DMZ any outside any
no translation group, implicit deny
policy_hits = 1
Additional Information:

- Kevin Miller, Herman Miller, Inc., Zeeland, Michigan , USA

Editor's Note: Packet-tracer does more than just inject a 'virtual' packet into the data-plane. One can also add the 'trace' option to the capture command, so that actual packets the security appliance receives (which are matched by the capture) are also traced.

Example:

ASA# "capture mycap access-list 199 interface outside trace"

To view the packet-trace from captured packet #3 in the capture, use the command:

ASA# "show capture mycap trace packet-number 3"

To learn more about Reader Tip submission and guidelines, visit the Reader Tip submission page. If your Tip is selected for publication, you will receive a complimentary Cisco polo t-shirt from the Cisco Technical Services Newsletter staff.

Note: All tips published in the Cisco Technical Services Newsletter are reviewed by Cisco technical support engineers; however, the Cisco Technical Services Newsletter and Cisco cannot guarantee the accuracy or completeness of these tips.

Cisco and the IET Advance Professional Development of Certified Community

Cisco Certified IT professionals can now take advantage of an outstanding career development opportunity: Fast-track entry to membership in the Institution of Engineering and Technology (IET). With more than 150,000 members in 128 countries, the IET is one of the world's leading professional societies for the engineering and technology community. Holders of active Cisco Associate, Professional, Expert, and Specialist certifications worldwide will be eligible for the IET fast-track membership program.

Find out more about IET membership or how you can join now.

Cisco Updates Advanced Wireless LAN Specialization

Cisco recently updated its wireless LAN specialization exams and courses to reflect important changes and advances in the management and use of wireless networks.

Advanced Wireless LAN for System Engineers (AWLANSE 642-586) and Advanced Wireless LAN for Field Engineers (AWLANFE 642-587) currently test knowledge of wireless LANs, including RF and antenna theory, 802.11a/b/g standards, and the ability to design and support a Cisco Unified Wireless Network. The new versions will also cover the ability to configure and verify voice transmission over a wireless network, configuration of Cisco Services Secure Clients, increased emphasis on outdoor mesh, new site survey tools, and updates to the wireless controller code. Exams are available at all worldwide Pearson VUE testing centers as of August 15, 2007.

These changes are also reflected in the curriculum:

  • Cisco Wireless LAN Fundamentals (CWLF) v2.0 will include about 10 percent new material
  • Cisco Wireless LAN Advanced Topics (CWLAT) v2.0 will include about 50 percent new material

The CWLF and CWLAT courses cover all topics included on the revised exams and are recommended for those pursuing technical specialization in wireless.

Find out more about Cisco's revised Wireless LAN certifications.

TechWiseTV: "Stopping E-Mail Threats"

Spam and other e-mail scams are costing American business $10 billion annually in lost productivity, wasted IT resources, and help desk costs. And, despite predictions from industry " experts " a few years ago, the crisis is getting worse.

Now, learn why this problem is so hard to solve and view the latest solutions that can help you regain control. This must-see 45-minute video broadcast will show you:

  • How spammers work and why they are so difficult to stop
  • The latest e-mail scams such as image spam and botnets -- and the dangers they pose
  • The limitations and pitfalls of traditional antispam solutions such as black and white lists
  • A comprehensive overview of the two-layer approach developed by IronPort and how it effectively filters out more than 95 percent of all spam and other e-mail threats
  • How organizations of any size can easily implement the solution on a local or global basis

Learn more and register to view video.

New Cisco Product Documentation Available Online

"What's New in Cisco Product Documentation" is an online publication that provides information about the latest documentation releases for Cisco products. Updated monthly, this online publication is organized by product category to direct you quickly to the documentation for your products.

In addition to many new and revised documents, highlights of the October release include documentation for the following:

  • Cisco IOS Release 12.2 SX Command References
  • Cisco IOS IPv6 Configuration Library

View the latest release of "What's New in Cisco Product Documentation" today.

Upcoming "Ask the Expert" Events and TechTalks from Networking Professionals Connection

Networking Professionals Connection is an interactive Website where you can discuss Cisco networking products and technologies with Cisco experts and networking professionals around the world.

Upcoming events on Networking Professionals Connection include:

  • "Ask the Expert" events, which allow you to discuss specific networking issues online with Cisco engineers:
    • "CCIE Routing & Switching," now through October 19
    • "IOS Security Technologies," now through October 19
    • "NAC in Branch Office," October 22 through November 2
    • "Incident Management," October 22 through November 2
      Note: "Ask the Expert" events are subject to rescheduling. Please refer to the URL above for the most current schedule.
  • TechTalks are online Webcasts that focus on particular technology subjects. You can view the latest event schedule, register to attend a live session, and view archived presentations on the Web any time.

To attend an event or participate in a discussion forum, visit Networking Professionals Connection.

About This Newsletter

Forget Your User ID or Password?

Your user ID is usually your first initial followed by your last name; for example, John Doe's user ID might be "jdoe." If you cannot remember your password, send a blank e-mail message. An automatic check will verify that your e-mail address is registered with Cisco.com. Account details with a new random password will be sent in an e-mail to you.

Contact Us:

E-mail us your questions and comments.

Important Notices:

1992-2007 Cisco Systems, Inc. All rights reserved.

Terms and Conditions, Privacy Statement, Cookie Policy, and Trademarks of Cisco Systems, Inc.