From: Roberts, Larry (Larry.Roberts@expanets.com)
Date: Sat Sep 06 2003 - 19:28:26 GMT-3
Perhaps I should have used the word "suspected plagiarism".
Several chapters appear to be a merged version of 2 separate documents
public ally available. If I'm going to pay $75 for a book, I don't expect
the author to cut-and-paste critical chapters from a document on the web. I
have already read those documents, so don't make me pay to read them again!
If it is in fact "permitted" to cut-and-paste from another document, then at
least notate that you did in fact do that. And proper journalism also
dictates that you at least credit the original author's, which I don't see.
I'm feeling like I'm getting off topic for the list, so lets take this
off-line for additional comments.
I don't want to start another CCIE:Written thingy again.
:)
Thanks
Larry
-----Original Message-----
From: Shafi, Shahid [mailto:sshafi@qualcomm.com]
Sent: Saturday, September 06, 2003 5:17 PM
To: Roberts, Larry; MMoniz; ccielab@groupstudy.com
Subject: RE: CCIE Practical Studies:Security Case Study
I am interested in knowing where you found shades of plagirism? I went
through some of the early chapters including 3550 and they all are
rehash/copied from doc cd. You read SAFE paeprs and then read ISP
Essentials, most of the paragraphs are even same. I think Cisco authors
allow each other to copy their material and that's what we people need: All
info at one place and no searching from doc cd!!
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Roberts, Larry
Sent: Saturday, September 06, 2003 3:06 PM
To: 'MMoniz'; ccielab@groupstudy.com
Subject: RE: CCIE Practical Studies:Security Case Study
I'm more miffed about how the author states that he is doing "X" when he is
in fact doing "Y". In the 20-1 scenario, I would have just added the
networks to OSPF and removed all the GRE tunnel info. I mean, why add that
extra overhead? The configuration is simpler, you can still do the IPSec
encapsulation , however now you only apply your map to the Serial Interface.
I'm reading the Lab 20-2 now, and getting even more miffed....
I have 4 pages of errors that I have sent to Cisco Press and even a
notification of plagiarism. I have yet to get an answer.
I'm really afraid to trust ANYTHING that is in this book. Its become more of
an outline on what to study.
I think I gave up when the author implied that the OSPF process ID's needed
to match on all routers in an AS...
(The note on Pg 280 for those playing at home ..)
Thanks
Larry
-----Original Message-----
From: MMoniz [mailto:ccie2002@tampabay.rr.com]
Sent: Saturday, September 06, 2003 4:56 PM
To: Roberts, Larry; ccielab@groupstudy.com
Subject: RE: CCIE Practical Studies:Security Case Study
Well I have tried something similar. Never was the routing traffic itself
encrypted, in fact never matched on the acl for the crypto map.
I don't think it is possible to actually encrypt the routing traffic with
IPSEC. Even when it was uni-cast traffic defined by neighbor statements.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Roberts, Larry
Sent: Saturday, September 06, 2003 5:42 PM
To: Ccielab Mailing List (ccielab@groupstudy.com)
Subject: CCIE Practical Studies:Security Case Study
OK,
Just curious if anyone else has looked at Case Study 20-1? They claim that
the configuration is Dynamic routing information over an IPSec VPN.
I have reviewed it a BUNCH and I don't think that this is what they are
doing at all. If you review, you will see that the private networks
12.12.12.12/32
13.13.13.13/32
14.14.14.14/32
Are all learned over the GRE Tunnels.
Your CryptoACL's are only encrypting data to/from those networks, so your
EIGRP data is just in GRE over the tunnel, while your Data between this
network is IPSec protected over the GRE tunnels. ( is it worth mentioning
that the mask of the ACL's don't match the mask of the
Interface?)
What is worse is that your Multicast/broadcast traffic between these
networks still isn't going to cross the link.
Perhaps it would be better labeled as "concurrent GRE/IPSec tunnels with
IPSec protection of Data Flows" which is what they are really doing...
Thanks
Larry
This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:24 GMT-3