|
Table Of Contents
Release Notes for Management Center for Firewalls 1.3 on Windows 2000
Obtaining Technical Assistance
Obtaining Additional Publications and Information
Release Notes for Management Center for Firewalls 1.3 on Windows 2000
These release notes are for use with the CiscoWorks Management Center for Firewalls (Firewall MC) 1.3. Firewall MC is a web-based interface that enables you to configure new PIX Firewalls and Firewall Services Modules (FWSMs) and import configurations from existing firewalls. You can configure firewall device settings, access rules, and translations rules, and deploy these configurations to your network. Firewall MC also provides a powerful tool for controlling changes made to your network, showing configuration and status changes.
These release notes contain:
• Obtaining Technical Assistance
• Obtaining Additional Publications and Information
New Features
If you are a previous user of Firewall MC and you upgraded to Firewall MC 1.3, you will notice the following new design enhancements and features:
•You can now create or edit building blocks for network objects, service definitions, and service groups from Access Rule tables.
•You can now define these additional web filter rules: Filter Java, Filter ActiveX, Filter HTTPS, Filter FTP, and Filter URL Except. With the addition of Filter Java and Filter ActiveX, support for working with N2H2 URL servers has also been added. We also now support the long-url option for Filter URL and you can define actions to be taken based on the type of traffic for specific filter rules.
•Support for dynamic and static policy NAT—You can now define policy translation rules that match on the source and destination conditions of network packets. Although these rules are not visible in the Firewall MC GUI (by default), you can change the default setting to display the rules in the translation tables.
In addition, the order of evaluation has changed. Previous versions of Firewall MC optimized translation rules around a "best match" scheme. As of this release (1.3) Firewall MC defaults to the firewall device logic, which uses a "first match" scheme for all rule types other than dynamic NAT.
•Easy VPN Server—The Easy VPN Server feature allows you to configure a PIX Firewall to operate as an Easy VPN Server that can push a VPN configuration to any Easy VPN Remote device, greatly simplifying configuration and administration. The Easy VPN Server feature is available with software PIX OS Version 6.2 and later.
•IPSec tunnels—You can use Firewall MC to configure and manage the IPSec features of Cisco PIX Firewalls to create VPN tunnels for site-to-site and remote user access.
•Extended ACLs—Support has been added for "Extended ACL" for version checking during configuration generation. The keyword "extended" is supported from the CLI. OSPF ACLs are now augmented with a classification keyword "standard" in the CLI, but are still sent as ending commands in Firewall MC.
•Object grouping—You can specify how Firewall MC handles object groups during device import and configuration generation.
•Syslog by ACL is supported—Logging options can be specified in the GUI. ACL logging global parameters deny-flow-max and alert-interval are also supported.
•Logging message levels—You can now disable logging for an individual message, and the logging level for a certain message can now be customized.
•AAA local database—You can now add users to a local database on a firewall device to be used for AAA authentication.
•Failover—The Failover GUI has been modified to reflect failover requirements based on firewall device OS version being recognized.
•Management access—You can now enable or disable the Management Access feature for a single interface.
•Feature tracking—You can specify how Firewall MC handles commands for features that are not supported by the OS version running on a specific device.
•Taking over changes feature—You can now take over a lock held by another user when workflow is disabled.
•New Telnet timeouts have been added.
–1-60 for PIX Firewalls
–1-1440 for FWSMs
•New timeouts have been added:
–Timeout ICMP
–Timeout H225 (migrated from PIX Firewall)
–MGCP (migrated from PIX Firewall)
•New fixups have been added:
–Fixup ICMP error
–MGCP
–TFTP
–DNS
–Fixup RPC (supported as an ending command)
An update to Firewall MC 1.3 will be required to support the forthcoming Firewall Services Module 2.2 release. The following features are available for early field trial customers only and not recommended for production use:
•FWSM Security Context (virtual firewall support)—You can now configure a single FWSM to behave as multiple virtual firewalls.
•Standby option for IP addresses—The failover standby IP addresses configured through a security context CLI do not trigger an import error in Firewall MC; they are ignored.
•Transparent firewall—You can now define a Virtual Local Area Network (VLAN) interface in transparent mode (L2 Mode). When the FWSM is in transparent mode, it acts as a Layer 2 firewall.
•You can now configure access rules to filter traffic according to the value in the ethertype field of a Layer 2 packet. This applies to FWSM in transparent mode.
•VLAN alias—The new FWSM 2.1 alias feature for developing portable VLAN-based ACLs is now supported.
•Layer 2 (transparent mode) and Layer 3 (routed mode) firewall support—You can now enable traffic between firewall devices located in different networks (routed mode) and within the same subnet or bridged network (transparent mode).
•Same security interfaces—You can now enable traffic between interfaces that are configured with the same security level.
The following features are not supported in this release and related commands can be moved to the ending commands section:
•Outbound ACLs—The "out" keyword in the access-group command is not currently supported.
•Ability to create and delete security contexts—Use CLI, PIX Device Manager (PDM), or CiscoView to create and delete security contexts.
•Transparent mode firewall support—Platform support for this feature does not currently exist. Support will be provided in the forthcoming Firewall Services Module 2.2 release. While all attempts have been made to ensure Firewall MC 1.3 compatibility with FWSM 2.2, refer to the release notes for FWSM 2.2 to determine actual compatibility.
•Split around—In Firewall MC 1.0-1.2.2, Firewall MC provided a split-around feature for NAT rules to avoid overlapping addresses. As of this release (1.3), this feature is no longer supported. Instead, a warning message is issued for overlapping addresses.
Product Documentation
Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.
Table 1 describes the product documentation that is available.
Table 1 Product Documentation
Document Title Available FormatsInstalling Management Center for Firewalls 1.3 on Windows 2000
•PDF on the product CD-ROM.
• On Cisco.com at http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/mgt_pix/fwmc_1_3/index.htm.
•Printed document available by order (part number DOC-7816034=).1
Using Management Center for Firewalls 1.3
•PDF on the product CD-ROM.
• On Cisco.com at http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/mgt_pix/fwmc_1_3/index.htm.
•Printed document available by order (part number DOC-7816035=). 1
Supported Devices, OS Versions, and Commands for Management Center for Firewalls 1.3.
On Cisco.com at http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/mgt_pix/fwmc_1_3/index.htm.
Context-sensitive online help
•Select an option from the navigation tree, then click Help.
•Click the Help button in the dialog box.
1 See Obtaining Documentation.
Related Documentation
Product support documentation is located in the Documentation subdirectory (fwmc\documentation) on the product CD-ROM.
Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.
The following additional documentation is available:
Quick Start Guide for VPN/Security Management Solution 2.2
This document describes the basic tasks involved in preparing and configuring network devices using Management Centers. It is available in the following formats:
•On Cisco.com at http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_b/vpnman/vms_2_2/index.htm.
•Printed document available by order.
Installation and Setup Guide for CiscoWorks Common Services 2.2 (includes CiscoView 5.5) on Windows
This document describes the basic tasks involved in installing and configuring CiscoWorks Common Services 2.2. It is available in the following formats:
•On Cisco.com at http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_d/comser22/ig_wincv/index.htm.
•Printed document available by order.
User Guide for CiscoWorks Common Services 2.2
This document describes how to use CiscoWorks Common Services 2.2. It is available in the following formats:
• On Cisco.com at http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_d/comser22/usrguide/index.htm.
•Printed document available by order.
Release Notes for CiscoWorks Common Services 2.2 on Windows 2000
This document contains information on issues that affect Firewall MC. It is available on Cisco.com at http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_d/comser22/rel_note/index.htm.
Resolved Problems
Table 2 lists problems resolved since the last release of Firewall MC.
Known Problems
This section contains the following problems known to exist in this release:
Caution Undoing activities in which you have moved a device or group can cause undesired results, such as locked activities and lost data. For more information, see CSCsa10912 and CSCsa11632 in Table 4.
• Security Context Known Problems, Table 3
• Activity Management Known Problems, Table 4
• Authentication Known Problems, Table 5
• Configuration Known Problems, Table 6
• Database Known Problems, Table 7
• Deployment Known Problems, Table 8
• Import Known Problems, Table 10
• Installation and Upgrade Known Problems, Table 11
• Reporting Known Problems, Table 12
• Firewall MC Server Known Problems, Table 13
• Known Problems with VMS that Affect Firewall MC, Table 14
Note•The problems in the following tables are known to affect Firewall MC 1.3. However, some of the problems were found in earlier releases of the product, so they might contain references to PIX MC and CiscoWorks2000. Any such references apply to Firewall MC and CiscoWorks as well.
•To obtain more information about known problems, go to the Cisco Software Bug Toolkit at http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl. (You will be prompted to log into Cisco.com.)
Table 6 Configuration Known Problems
Bug ID Summary Additional InformationCSCed75282
Failover enabled without correct IPs on each interface errors.
When the failover IP address is not on the same subnet as the interface IP address, a generate error occurs. When you click the View Errors link, you will not see any error messages in the generated configuration.
To work around this problem, specify a failover IP address that is on the same subnet as the interface.
CSCsa11048
Different pre-shared key policies with same key not permitted/generated.
In some cases, it is possible to get errors while generating ISAKMP Preshared keys in a configuration even though the Tunnel Consistency panel in the GUI says the keys match on both ends of the tunnel.
Specifically, if there is a tunnel between peers A and B, and A has a default preshared-key policy and B has a user-defined key for A's IP address, when you generate commands for A and B, Firewall MC will incorrectly generate errors saying there is no valid key present for the respective peer even if A's default keystring is identical to B's user-defined keystring for A. However, the Tunnel Consistency check panel for this tunnel will indicate there is no key mismatch.
To work around this problem, set the same pre-shared key policy on both A and B. Either have user-defined keys on both ends, or have default keys on both ends.
CSCed65717
ICMP messages not optimized out.
The optimization code in Firewall MC 1.3 is not able to combine two ACEs when one has service icmp all and the other has service icmp <icmp-type>. Prior versions of Firewall MC were able to combine such ACEs into a single icmp all ACE. This will result in rules that are not optimized as well as they could be. However, the resulting rule set is still correct.
There is no workaround.
CSCsa08680
There is no warning that vpnclient won't work when vpngroup missing.
Deploying partially configured Easy VPN Remote settings to a device does not issue a warning and the Easy VPN Remote is disabled on the device. The deployment transcript will show a message from the device that reads "Warning: No router certificate for key exchange. PIX Easy VPN
Remote disabled."To work around this problem, make sure that the Group Name is entered on the Configuration > VPN > Remote Access > Easy VPN Remote.
CSCsa09822
Deleting firewall rules does not remove auto nat & static cmds - no edit.
If you set Identity Address Translation Rules to "Only" or "On" (Configuration > MC Settings > Management), Firewall MC will generate NAT or Static commands corresponding to addresses in both AAA rules and Firewall rules.
To work around this problem, turn off Identity Address Translation Rules, which will also eliminate the generation of Identity Address Translation Rules for Firewall rules.
CSCsa09926
Interface wizard fails to detect if no password is entered for PPPoE.
When enabling PPPoE for the outside interface, the GUI fails to recognize the lack of a password. Upon generation, the command will be generated as vpdn username <username> password invalid-password.
To work around this problem, edit the settings for the interface to include a user password.
CSCsa10157
Second level Group doesn't allow both to Inherit and to Enforce/Mandate.
On any Configuration > Device Settings page, the Inherit Settings and Enforce/Mandate check boxes cannot both be selected at the same time. When one check box is selected, the other one is disabled. Because of this limitation, you cannot inherit settings on a particular group while mandating that all children of that group use the same settings.
There is currently no workaround.
CSCsa10862
Object groups still refer to deleted objects.
When you delete an object (service, service group, or network object) references to that object are not automatically removed from other object group definitions. If an object group with reference to a deleted object is used in a rule, generating a configuration that uses the rule results in a generation error.
To work around this problem, manually remove all references to deleted objects.
CSCsa09481
Cannot turn off failover on interface.
If you define a failover IP address for an interface, but failover is not enabled, the generated commands will include the failover IP address. Some failover commands will always show up in the generated configuration, because the Failover page does not have a means to delete these failover IP addresses from the generated configuration.
These commands will not affect the device's behavior when failover is disabled. On a device without a failover license, deploying failover commands will not cause a deployment error. The device ignores the commands.
There is no workaround.
CSCsa04493
AAA Rules permits LOCAL authorization/accounting for invalid services.
AAA authorization and accounting using the LOCAL protocol is only permitted for console, cut-through authentication, and command authorization services. The LOCAL AAA protocol is only supported in PIX Firewall OS 6.3 and later.
Services such as HTTP, FTP, and Telnet (cut-through proxy) can only be enabled for LOCAL AAA authentication and not for authorization and accounting and should not be enabled within Configuration > Access Rules > AAA Rules.
CSCsa06605
Deleting or renaming interface causes generation errors.
Some settings that refer to interface names cause generation errors when the interface is renamed or removed. These settings must be deleted or changed to reference the new name.
The following settings refer to interfaces and must be changed to use the new name:
•Failover
•Static Routes
•RIP
•Proxy Arp
•HTTPS (SSL)
•Telnet
•Secure Shell
•SNMP
•ICMP Interface Rules
•Syslog
•URL Filter Server
•TFTP Server
•IDS Policy
•Anti-spoofing
•Fragment
To work around this problem, delete the settings resulting in generation errors or modify the settings to reflect the new interface name.
CSCsa04486
Fixup protocol esp-ike & isakmp enable <interface_name> cannot co-exist.
The following commands cannot coexist on the same firewall device:
•fixup protocol esp-ike
•isakmp enable <interface_name>
However, Firewall MC allows you to configure both commands without generating an error.
The error will be caught at the device and the deployment will fail with an error saying "PAT for ESP cannot be enabled since ISAKMP is enabled".
To work around this problem, do not place these two commands in the same configuration.
CSCea14915
Deploy fails if number of interfaces in GUI and device differ.
When working in the Firewall MC GUI, sometimes the number of interfaces or their respective hardware IDs do not match those on the physical device. An example of this would be if you were to define only ethernet0 and ethernet1 in the GUI, when the device also has ethernet2. During deployment, Firewall MC would attempt to remove all configuration settings for the undefined interface, such as its IP address, which causes deployment errors and possibly traffic flow failure on that interface, depending on the settings you established regarding error handling.
To work around this problem, make sure the interface configuration in the GUI matches the configuration on the device. This includes the number of interfaces and their hardware IDs.
CSCsa07223
Spoke-grp two S2S tunnels to Hub-dvc same intf unsupported auto-gen key.
When you have multiple tunnels between a pair of devices where the same interface is used as the endpoint on one of the two devices, Firewall MC will not accurately create pre-shared keys for automatically generated and default key policies.
For example, consider two devices (A and B) with two tunnels (Tunnel-1 and Tunnel-2) between them:
Tunnel-1: A:inside <------> B:outside
Tunnel-2: A:outside <-----> B:outside
In this example, both tunnels end on the same interface of device B, while ending on different interfaces on device A. In such cases, Firewall MC will automatically generate keys for one of the two tunnels, but not for both.
To work around this problem, specify user-defined keys on both devices (A and B). On device A, specify a single key for B:outside. On device B, specify two keys, one for A:inside and one A:outside. All three key values should be identical.
CSCsa06656
Auto NAT settings can impact dual dynamic NAT.
PIX Firewall and FWSM implemented dual-NAT differently. Firewall MC follows the FWSM semantics.
On the PIX Firewall, if a dynamic NAT rule is applied to an interface with a lower security level, then you must define static translation rules to enable outgoing traffic from all other networks attached to that interface.
On FWSM, adding a dynamic translation rule does not require static translation rules to be defined for all other outgoing traffic (high to low security level interface traffic).
Firewall MC does not allow you to use the Identity Address Translation feature to auto generate statics for outbound traffic when a dynamic translation rule exits on a lower security interface in a PIX Firewall configuration. You must manually define any such identity statics
CSCsa06655
For FWSM, all policy statics are higher priority than all old statics.
The evaluation order of the static address translation rules differs between PIX OS 6.3.x and FWSM 2.x.
PIX OS 6.3.x evaluates in the following order:
1. Port-based statics (policy statics and original style statics intermixed)
2. Host-based statics (policy statics and original style statics intermixed)
FWSM 2.x evaluates in the following order:
1. Port-based policy statics
2. Host-based policy statics
3. Port-based original style statics
4. Host-based original style statics
Firewall MC models the PIX implementation. During import, Firewall MC assumes the PIX OS evaluation order. In most cases, this does not cause problems even for FWSM. If you view the existing configuration on a FWSM, all policy statics appear before the original style statics. In this case, as long as the port or host-based statics are not split between the two styles, Firewall MC accurately imports the static address translation rules.
On generate, this represents no problem. Firewall MC either generates only original-style statics or policy statics followed by original-style statics (if the Identity Address Translation feature is enabled).
CSCsa05925
Internet Explorer hangs when you click away from page with applet before certificate dialog.
The Firewall MC window and CiscoWorks Desktop window might become unresponsive if you access the Configuration tab, and then click the Firewall MC window again before the certificate dialog appears.
To work around this problem:
1. Open Windows Task Manager.
2. Click the Applications tab.
3. Select the Internet Explorer tasks that are not responding.
4. Click End Task.
5. Open a new browser, log in to CiscoWorks again, and then launch Firewall MC.
6. Click the Configuration tab, and then wait for the Certificate popup window to appear.
7. Accept the certificate.
CSCsa02803
View Config and Deploy Transcript displays preshared keys in clear text.
Pre-shared keys defined on the Configuration > VPN > IKE Options >Pre-shared Keys page are displayed in clear text in the View Config and View Transcript windows. Users with permission to view these pages can also view any pre-shared keys.
No workaround is currently available.
CSCsa02754
Local User password and Confirm password should get cleared on error.
If you enter different values in the Password and Confirm Password fields of the Add User Information dialog box, accessed from Configuration > Device Settings > Firewall Device Administration > User Accounts, Firewall MC returns an error stating that the Password and Confirm Password do not match, and then resets the fields to a default value. If you click OK on the Add User Information dialog box without reentering the password, the user account is created with this default password.
To work around this problem, delete the user, and then add the user again making sure the Password and Confirm Password fields match.
CSCsa02311
Failover settings cannot be inherited.
The Inheritance settings for the Failover Interfaces configuration table fails to display any inherited interfaces defined at the parent scope.
No workaround is currently available.
CSCed19812
Policy NAT ACL on PIX Firewall contains alias addresses.
When importing a PIX Firewall configuration that uses policy NAT rules that are not generated by Firewall MC, it is possible that the rules retained in the GUI do not match the intended rules.
No workaround is currently available.
CSCsa02734
Special characters are allowed in the IPSec Transform Set Name on the PIX Firewall, but Firewall MC returns an error when they are used.
If you are adding an IPSec Transform Set from Configuration > Building Blocks > IPSec Transform Sets and use certain special characters (&,<,>,",~,^,|) in the transform set name, Firewall MC returns an error saying that these characters are not allowed even though these characters are valid on the PIX Firewall.
To work around this problem, do not use these special characters in IPSec transform set names.
CSCdz39788
Include and exclude commands not supported.
Firewall MC does not support the forms of the AAA commands that use the keywords include and exclude. These commands cause an error whenever encountered regardless of how you indicated that Firewall MC should treat unknown commands.
For a list of PIX Firewall and Firewall Services Module (FWSM) CLI commands supported by Firewall MC 1.3, see Supported Devices, OS Versions and Commands for Management Center for Firewalls 1.3 at http://www.cisco.com/en/US/products/sw/cscowork/ps3992/products_device_support_tables_list.html.
To work around this problem, replace these commands with the match form of the commands.
CSCeb61418
Static port address translation (interface) not supported.
Firewall MC does not support the interface keyword in the static command.
To work around this problem, avoid using the interface keyword in the static command. Use the actual address instead of the interface keyword. In a situation where the address is not known because DHCP is providing the address, no workaround exists.
CSCdz48293
PIX Interface command accepts VLAN as hardware ID.
When importing from file, Firewall MC allows the command interface vlan<n> [[<hw_speed> [shutdown]] to be issued or imported for PIX Firewall versions earlier than version 6.3 even though the VLAN is valid only for FWSMs and PIX Firewalls version 6.3 and later.
To work around this problem, make sure the VLAN hardware identifier is used only for FWSMs and PIX Firewalls version 6.3 and later.
CSCea27335
Firewall MC limits DHCP server to inside interface only.
In PIX Firewall versions earlier than version 6.3, the dhcpd enable <intf> command accepts only the inside interface as an argument. PIX Firewall versions 6.3 and later do not have this restriction. However, Firewall MC will not allow you to enable the DHCP server on other interfaces. Importing the dhcp enable command for an interface other than inside causes an error.
No work around is currently available.
Table 8 Deployment Known Problems
Bug ID Summary Additional InformationCSCsa11422
Difference report shows repeated differences in access rules.
When you view a difference report (Configuration > View Config > Generate and View Difference With Last Deployed Config or Configuration > View Config > Generate and View Difference With Running Config), differences in access-list commands may appear twice.
There is no workaround.
CSCsa09742
Deploying no isakmp client configuration address-pool local reboots PIX.
Deploying no isakmp client configuration address-pool local <poolname> <pifname> causes a PIX Firewall running 6.3(x) to crash and reboot.
This is a problem with the PIX hardware. To obtain more information about this problem, go to the Cisco Software Bug Toolkit at http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl and refer to bug ID CSCed57964. (You will be prompted to log into Cisco.com.)
The affect on Firewall MC is that the deployment will not complete.
Unfortunately, there is no workaround other than to do a clear isakmp on the device before deploying, and to configure Firewall MC to overwrite external changes by setting the Action on External Change to Device Config setting to Overwrite (Configuration > MC Settings > Management). However, this REMOVES all isakmp commands, both isakmp and isakmp policy, which will cause a temporary network outage. Firewall MC will reapply these commands.
CSCsa08905
Part of the deploy transcript is out of order.
The deploy transcript is out of order with version and checksum information. This might cause confusion when viewing the transcript. The checksum is actually obtained when the configuration is retrieved from the device before the deployment happens.
No workaround is currently available.
CSCsa03828
Unable to stop deployment when deploying to one device.
Clicking Stop does not cancel a deployment.
No workaround is currently available.
CSCdy29184
Misleading error during deploy to AUS without correct privileges.
If the AUS (Auto Update Server) user account on PIX MC does not have the API_View or API_Write privilege required to deploy to the AUS server, an error stating
STATUS_FAILED authentication failed!
appears when you deploy to AUS.CSCea17787
AAA match statements are type dependent.
Deploying a AAA match statement might result in a deployment error if the ACL used in the match statement is not valid for AAA. For example, if the ACL used in a AAA accounting match command is
permit ip any any
, the deployment might result in an error state. The reason is thatip any any
includes ICMP, which cannot be accounted for.To work around this problem, make sure the ACL used in AAA match statements is of the appropriate type.
Table 14 Known Problems with VMS that Affect Firewall MC
Bug ID SummaryThe following problems have been seen during Firewall MC testing. More information is available in the Release Notes for CiscoWorks Common Services at http://www.cisco.com/en/US/products/sw/cscowork/ps3996/prod_release_notes_list.html. Specific details are available from the Cisco Software Bug Toolkit at http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl. (You will be prompted to log into Cisco.com.)
CSCin69274
CSA Agent queries upgrade of FWMC from 1.2.2 to 1.3
CSCdx74061
Scheduling future Backups and Compacts requires two steps.
CSCdx74308
Services do not start after reboot during installation.
CSCdy02949
Difficulty browsing CiscoWorks2000 desktop from server machine.
CSCdy06590
Restoring during scheduled backup requires reboot.
CSCdy25551
MDCSupport utility does not erase its temporary directory.
CSCdy26688
Cannot launch CW2K desktop after Common Services installed on system with netForensics.
CSCdy28951
Licensing error when SQL service is not started
CSCdy31988
Sybase service problem on Win2K server with Terminal Services on.
CSCeb11926
Hour and minute are not working for repeat backup database
CSCin11975
Changing the Windows password causes service startup to fail.
CSCin14028
CiscoWorks links do not work due to change in server IP address.
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation on the World Wide Web at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
International Cisco websites can be accessed from this URL:
http://www.cisco.com/public/countries_languages.shtml
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:
http://www.cisco.com/en/US/partner/ordering/index.shtml
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).
Documentation Feedback
You can submit e-mail comments about technical documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour-a-day, award-winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance. If you do not hold a valid Cisco service contract, please contact your reseller.
Cisco TAC Website
The Cisco TAC website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year. The Cisco TAC website is located at this URL:
Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL:
http://tools.cisco.com/RPF/register/register.do
Opening a TAC Case
Using the online TAC Case Open Tool is the fastest way to open P3 and P4 cases. (P3 and P4 cases are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using the recommended resources, your case will be assigned to a Cisco TAC engineer. The online TAC Case Open Tool is located at this URL:
http://www.cisco.com/tac/caseopen
For P1 or P2 cases (P1 and P2 cases are those in which your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.
To open a case by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447For a complete listing of Cisco TAC contacts, go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
TAC Case Priority Definitions
To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.
Priority 1 (P1)—Your network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Priority 3 (P3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Go to this URL to visit the company store:
http://www.cisco.com/go/marketplace/
•The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:
http://cisco.com/univercd/cc/td/doc/pcat/
•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press online at this URL:
•Packet magazine is the Cisco quarterly publication that provides the latest networking trends, technology breakthroughs, and Cisco products and solutions to help industry professionals get the most from their networking investment. Included are networking deployment and troubleshooting tips, configuration examples, customer case studies, tutorials and training, certification information, and links to numerous in-depth online resources. You can access Packet magazine at this URL:
•iQ Magazine is the Cisco bimonthly publication that delivers the latest information about Internet business strategies for executives. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
•Training—Cisco offers world-class networking training. Current offerings in network training are listed at this URL:
http://www.cisco.com/en/US/learning/index.html
This document is to be used in conjunction with the documents listed in the "Product Documentation" section.
Copyright © 2003, Cisco Systems, Inc.
All rights reserved.
Posted: Thu Dec 30 05:39:53 PST 2004
All contents are Copyright © 1992--2004 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.