From: Shafi, Shahid (sshafi@qualcomm.com)
Date: Sat Sep 06 2003 - 19:30:10 GMT-3
Yeah exactly this was my point. I am paying $75 for a book which is over
1000 pages and I am hardly getting 150 pages of original material that
too is full of mistakes!!! And rest is all copy and paste from cco!
Duh!!!
Yeah no more emails after that!! We'll discuss it offline ;-)
-----Original Message-----
From: Roberts, Larry [mailto:Larry.Roberts@expanets.com]
Sent: Saturday, September 06, 2003 3:28 PM
To: Shafi, Shahid; ccielab@groupstudy.com
Subject: RE: CCIE Practical Studies:Security Case Study
Perhaps I should have used the word "suspected plagiarism".
Several chapters appear to be a merged version of 2 separate documents
public ally available. If I'm going to pay $75 for a book, I don't
expect the author to cut-and-paste critical chapters from a document on
the web. I have already read those documents, so don't make me pay to
read them again!
If it is in fact "permitted" to cut-and-paste from another document,
then at least notate that you did in fact do that. And proper journalism
also dictates that you at least credit the original author's, which I
don't see.
I'm feeling like I'm getting off topic for the list, so lets take this
off-line for additional comments.
I don't want to start another CCIE:Written thingy again.
:)
Thanks
Larry
-----Original Message-----
From: Shafi, Shahid [mailto:sshafi@qualcomm.com]
Sent: Saturday, September 06, 2003 5:17 PM
To: Roberts, Larry; MMoniz; ccielab@groupstudy.com
Subject: RE: CCIE Practical Studies:Security Case Study
I am interested in knowing where you found shades of plagirism? I went
through some of the early chapters including 3550 and they all are
rehash/copied from doc cd. You read SAFE paeprs and then read ISP
Essentials, most of the paragraphs are even same. I think Cisco authors
allow each other to copy their material and that's what we people need:
All info at one place and no searching from doc cd!!
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Roberts, Larry
Sent: Saturday, September 06, 2003 3:06 PM
To: 'MMoniz'; ccielab@groupstudy.com
Subject: RE: CCIE Practical Studies:Security Case Study
I'm more miffed about how the author states that he is doing "X" when he
is in fact doing "Y". In the 20-1 scenario, I would have just added the
networks to OSPF and removed all the GRE tunnel info. I mean, why add
that extra overhead? The configuration is simpler, you can still do the
IPSec encapsulation , however now you only apply your map to the Serial
Interface.
I'm reading the Lab 20-2 now, and getting even more miffed....
I have 4 pages of errors that I have sent to Cisco Press and even a
notification of plagiarism. I have yet to get an answer.
I'm really afraid to trust ANYTHING that is in this book. Its become
more of an outline on what to study.
I think I gave up when the author implied that the OSPF process ID's
needed to match on all routers in an AS...
(The note on Pg 280 for those playing at home ..)
Thanks
Larry
-----Original Message-----
From: MMoniz [mailto:ccie2002@tampabay.rr.com]
Sent: Saturday, September 06, 2003 4:56 PM
To: Roberts, Larry; ccielab@groupstudy.com
Subject: RE: CCIE Practical Studies:Security Case Study
Well I have tried something similar. Never was the routing traffic
itself encrypted, in fact never matched on the acl for the crypto map.
I don't think it is possible to actually encrypt the routing traffic
with IPSEC. Even when it was uni-cast traffic defined by neighbor
statements.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Roberts, Larry
Sent: Saturday, September 06, 2003 5:42 PM
To: Ccielab Mailing List (ccielab@groupstudy.com)
Subject: CCIE Practical Studies:Security Case Study
OK,
Just curious if anyone else has looked at Case Study 20-1? They claim
that the configuration is Dynamic routing information over an IPSec VPN.
I have reviewed it a BUNCH and I don't think that this is what they are
doing at all. If you review, you will see that the private networks
12.12.12.12/32
13.13.13.13/32
14.14.14.14/32
Are all learned over the GRE Tunnels.
Your CryptoACL's are only encrypting data to/from those networks, so
your EIGRP data is just in GRE over the tunnel, while your Data between
this network is IPSec protected over the GRE tunnels. ( is it worth
mentioning that the mask of the ACL's don't match the mask of the
Interface?)
What is worse is that your Multicast/broadcast traffic between these
networks still isn't going to cross the link.
Perhaps it would be better labeled as "concurrent GRE/IPSec tunnels with
IPSec protection of Data Flows" which is what they are really doing...
Thanks
Larry
This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:24 GMT-3