Accounting on PIX

Similar Questions

• Configuration of RADIUS and accounting AAA + PIX-515E

  Dear All;

  I want to put the accounting of PIX.

  Here is the composition of the equipment.

  ACS SE: 4.1.1.23.5

  PIX 515E: 7.0 (6)

  PIX of setting is as follows.

  GANYMEDE + Protocol Ganymede + AAA-server

  AAA-server GANYMEDE + host xx.xx.xx.xx

  key xxxxx

  order of accounting AAA GANYMEDE +.

  Console telnet accounting AAA GANYMEDE +.

  Thus, the configuration setting was written in ACS.

  But the user name is enable_15. (attached 1.jpg)

  Is it a restriction?

  Kind regards

  Reiji

  Hi Marilou,

  Looks like we have the authority to command configured on the pix. You must enable authentication configured on the RADIUS server then only we would get username is accounting, unlike pix Device IOS doesn't send user name to the RADIUS server, he would send enable_15 as username for all users.

  Configure the following command to make it work.

  AAA authentication enable console LOCAL + Ganymede

  HTH

  -Philou

• PIX 6.3, aaa accounting

  Hello

  I'm trying to understand how the following command:

  "accounting aaa include tcp/0 inside 1.1.1.1 255.255.255.255 2.2.2.2 255.255.255.255 GANYMEDE +".

  (1.1.1.1 is a former host, 2.2.2.2 is the PIX)

  I think I get 'include' (create a new rule) & "tcp/0"(the rule specifies all tcp ports).

  But 1.1.1.1 (including pix 6.3 ios doc called local_ip-"host or network of hosts that you want to be authenticated or authorized")-I think it would be customers. Is this fair?

  And 2.2.2.2 (called foreign_ip) is not clear at all - the doc called this foreign_ip - "hosts you want to access the address local_ip. As I have defined 2.2.2.2 as the PIX, it seems to the PIX to access customers. Yet if I flip the IP addresses, I get the PIX box I want to have authenticated, that does not seem fair...

  I am missing probably completely what circumstances this would be used for. On my network, to present all we use AAA for UAL telnet is in features and commands that are run on the devices, but I know that AAA is also used to allow users access to various things...

  (doc, that I'm looking is http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a3.html#wp1073208)

  TIA - Linnea

  You guessed it!

• PIX VPN accounts

  Hello

  Is it possible to get the PIX to do accounting for VPN connections. I currently have it configured for authentication via radius, but once VPN authenticates it, nothing is sent by the pix via the port of RADIUS-acct (1813) to indicate the success or failure etc. I know that you can count other services such as ssh/telnet/http connections FOR the pix, itself or through. I tried "rigging" by the accounting of all connections to udp/4500, but that doesn't seem to work. It doesn't seem to be a command to activate vpn accounting, at least not that I could find. If anyone has any ideas it would be appreciated. I am running a PIX 515e w/6.3 and using Freeradius on Linux.

  Thank you.

  -John

  John,

  Unfortunately, what you're trying to collect is not possible at the moment. Thank you

  Renault

• Accounting on my PIX command failed

  Hello

  I'm setting up my PIX ver 7.2 (2) for accounting command using the command 'aaa accounting command', but I am not able to see any accounting information on my ACS 4.1 build 23 Server!

  Although authentication for this PIX works very well and the accounting also works perfectly for other IOS devices, accounting for the PIX does not work when you browse the administration GANYMEDE page +!

  I write the show-tech for your referecne PIX!

  Appreciate your support here!

  BR,

  Haitham

  Recommend you to take a look at this CSCsg97429bug.

  ~ Rohit

• Administrator command accounting Pix 515

  Hello

  Is there a way to connect firewall admin commands issued to the firewall? As for example, send to a GANYMEDE Server +?

  Thanks for the help.

  Hello noipt,

  Accounting command can be configured ONLY in PIX v7.x. In addition, looks not - show only orders will be sent.

  By the order No.

  Accounting messages to the GANYMEDE + accounting server when you enter one command other display commands in the CLI, use the command of control accounting aaa in global configuration mode.

  AAA accounting command

  http://www.Cisco.com/univercd/CC/TD/doc/product/multisec/asa_sw/v_7_2/cmd_ref/a1_711.htm#wp1428200

  For version 6.x.

  Authentication and authorization in order for PIX 6.2

  http://www.Cisco.com/warp/public/110/pix_command.shtml#accounting

  There is no command available real accounts, but in having enabled on the PIX of syslog, you can see what steps have been made, as shown in this example:

  307002: allows connection of the 172.18.124.111 Telnet session

  111006: connection to pixtest to the console console

  611103: user disconnected: Uname: pixtest

  307002: allows connection of the 172.18.124.111 Telnet session

  111006: connection to pixtest to the console console

  502103: user priv level changed: Uname: pixtest of: 1:15

  111008: user 'pixtest' command 'enable '.

  111007: configuration Begin: 172.18.124.111 reading of the terminal

  111008: user 'pixtest' run the command "configure t."

  111008: user 'pixtest' run the command "write t.

  I hope this helps! If Yes, please rate.

  Thank you

• Accounting customer VPN on PIX 515 worm problem. 6.3

  Hello everyone! Is it possible to configure PIX 515 worm. 6.3 to send logs to the RADIUS to break when a VPN Client user loggs in and outside loggs? I can't find any aaa accounting command which allows this.

  Hello

  Accounting of VPN was added in PIX 7.x. It is not available with 6.x

  Kind regards

  Vivek

• Palm Pixi (Sprint) problems

  I tried to get on Live Chat, but it seems to be declining.  I'll try to be brief and detailed.

  I got a Pixi just over a week.  From the word go it seemed really slow.  When I press on an application, the lighted icon is sitting there for at least 3 seconds and then the app delay following charge.  If I have 2 loading apps it gets almost insensitive.  I restored the Pixi with webOS Doctor and the problem still persists.

  This sounds like a hardware problem?  Is there anything else I can do to isolate S/W or H/W?

  What accounts you have synchronized with the pixi? (google, facebook, yahoo, Exchange, etc.) ? I would start all first remove those if you had several to see if its related to one of them.

• "Security error" when setting 'Microsoft Exchange Hosted Services' Exchange account (user in company)

  I am a user in a company with a very large company that actually uses Microsoft Hosted Exchange services hosted by Microsoft employees in their facilities.  I called Palm support and they were clueless and zero help.  The lady pointed me to some Palm article I had already read and only remotely had nothing to do with my problem.  I don't see anything about this error message in the forums and google searches. Sprint has even replaced my other reasons palm pre, and the same error occurs once I configured the exchange account. I also see the error when I set up my account on my pixi nine wives. Our pre and pixi have already exchange accounts set up with success on our phones that are hosted by sherweb. Sherweb's exchange accounts work fine. I tried to set up this account of microsoft hosted exchange 5 - 6 times with the same result. He accepts my configuration information and adds to the list of email accounts available in the meadow. However, it keeps popping up the message stating "error of security policy:"Exchange..." Tap for details"(with a yellow exclamation point). Then he said "Security policy error" the Exchange (first part of my email address) account is disabled because it is impossible to define security policies. "'Leave this option disabled' or 'delete account '. I know that something does not work because it applied a policy of password or PIN on my phone which is not necessary, unless the account has been added. I can also see it in the "Mobile devices" section of outlook web when I login. This is the place in web outlook where you can see the last time the device synchronized, if remote, you can wipe the phone etc. If anyone has an idea how to solve my problem please post. Any ideas? I'm fresh out of ideas on this issue and very frustrated by the Palm developers. Just another example of evil-development and practical tests by Palm. I hope they correct this problem on later versions, but I'm only slightly optimistic that they will never get this medium of exchange e-mail at the level necessary for the support of large corporations. What I know is that my Microsoft Hosted Exchange account works fine on a Windows Mobile phone and an iPhone 3GS (confirmed by the other coworks who have set up their phones using our Exchange services). Accordingly, I have no choice but Palm to blame for this problem instead of Microsoft. Please, Palm fully support microsoft exchange e-mail users!

  After a lot of research on the subject, here is my point of view on the State of support for MS Exchange @ Palm and other companies.

  Unfortunately, Palm Pre and Pixi, WebOS is not fully supported Microsoft Exchange.  This has led to numerous reports of frustrated customers and countless hours of time wasted by consumers and technical support trying to figure out how to connect these Palm devices to the MS Exchange e-mail servers.  Way to go Palm!  Provide support for all the free email accounts worldwide and decide not to develop a product that is able to support your most rich and more influential-based email clients.  These are the people who are most likely able to spend more money on your mobile products or make decisions for companies that are able to buy huge amounts of smart phones.  Way to go guys!  Penny wise and dollar foolish if you ask me!  Palm supports only partially a handful of MS Exchange security policies.  They document what they take in charge, but they do a very poor job of documenting or even explain the limitations of the software.  Their States of documentation that the security policies that are not supported will not be applied and that users will still be able to connect to the exchange server.  This is certainly not true based on the reported error and other similar user reports.  Here is how iPhone and Palm compare in regards to the support of MS exchange security policy.  Notice in the quotes below the iPhone supports the policy of 'require the encryption of devices' which is very probably used by your greater and more security conscious companies or Government institutions.  I'm sure that Palm's inability to support "device encryption" is why I get this error, even if I have really no way to prove it at the present time.  Come on Palm, if you go to support full POP3 and IMAP, you must provide the full support of the binding protocol and political security by Microsoft Exchange product.  Here is the comparison between iPhone and Palm WebOS:

  ' Said the site of Apple, the iPhone supports the camera allow, password enabled, allow a Simple password, alphanumeric password, Password Expiration, history of password, Maximum password attempts failed, minimum password length, maximum idle lock, policy, Minimum refresh interval complex character devices. ", require manual synchronization while roaming and - in iPhone OS 3.1 only - require Device Encryption". (13 security policies)

  "Palm Web site says its WebOS 1.1 and later support active password, alphanumeric password, password history, Maximum password attempts failed, maximum length password, lock of inactivity maximum, Minimum peripheral characters complex and Password Recovery." (8 security policies)

   

  Windows Mobile 6.1 supports all THE policies.

  BlackBerry does not support the EAS (MS Exchange)

  Google's Android is not compatible EAS (they may have recently released some support but not full)

  Conclusion: If you want a mobile device that fully supports MS Exchange, buy something that is running Windows Mobile 6.1 (or higher) or even an iPhone 3 g (or more).  At least, until Palm decides they want to throw a development more $$ to support Microsoft Exchange E-mail to enhance their level of support.

  Reference: "how to avoid the lie of the foreign exchange policy by smartphone' http://www.infoworld.com/d/mobilize/how-avoid-smartphone-exchange-policy-lie-004?page=0, 1

  Message edited by morgan1112 on 12/01/2010 15:00

• Total connection time how to account with GANYMEDE.

  Hi, we have the following scenario, this company uses two methods for remote access (for employees only): through RAS connections, or by using VPN clients to connect to a 535 PIX over the Internet. We need to do accounting for the total connection time, in the case of RAS connections is easy, we run AAA GANYMEDE + between the RA and the ACS (ver 2.1) and check the start/end time. But with the Internet connection start/stop time reflects the total time for each connection by user i.e. telnet, snmp, ftp, etc. but what connections can be simultaneous (or not), so we can not just add every time total of connections to a single user, it could be greater than the actual time that this user has been really connected. So how could account us for in this case total connection time?

  Thanks in advance for your recommendations

  Unfortunately you don't have. Accounting for users in the PIX VPN is on the Board to design for some time now, but so far has not been implemented. You can check the status on bug ID CSCdu01327 for other updates.

• Customer Pix unit inside and dmz networks

  Are there problems that prohibit a client to the unit to start connections to hosts on pix dmz networks and pix inside at the same time?

  You can provide a link that describes the side PIX of the two networks not only inside network access configuration?

  Oops, yes sorry, brain fade from me, do not take into account my first email. Your configuration would look like this:

  IP address inside 10.1.1.1 255.255.255.0

  IP dmz 172.16.1.1 255.255.255.0

  IP local pool vpnpool 192.168.1.1 - 192.168.1.254

  NAT (inside) 0-list of access nonatinside

  NAT (dmz) 0-list of access nonatdmz

  permit the 10.1.1.0 ip access list nonatinside 255.255.255.0 192.168.1.0 255.255.255.0

  permit ip 172.16.1.0 access list nonatdmz 255.255.255.0 192.168.1.0 255.255.255.0

  Hope that helps.

• VPN to Pix problem

  It seems that I have problems similar to many others in the connection of remote clients to a PIX 515E.

  Currently, I have tried both the client VPN Cisco 3.6 and 4.03 without success. Users are authenticated very well and the customer, you can see that their assigned an address etc but they are unable to access the internal network. The crypto ipsec his watch HS no encrypted traffic has affected the Pix as its...

  within the State of the customer etc., it shows that packets are encrypted so I'm at a bit of a loss.

  I have also a problem with pptp connections - this seems to differ between the BONES on the client but Win2K machines can connect and get checked etc but again failed to connect within the networks. These could be linked?

  My current config is: (change of address, etc.)

  SH run

  : Saved

  :

  PIX Version 6.2 (1)

  ethernet0 nameif outside security0

  nameif ethernet1 inside the security100

  nameif ethernet2 security10 intf2

  enable password xxxx

  passwd xxxx

  hostname fw

  domain name

  fixup protocol ftp 21

  fixup protocol http 80

  fixup protocol h323 h225 1720

  fixup protocol h323 ras 1718-1719

  fixup protocol they 389

  fixup protocol rsh 514

  fixup protocol rtsp 554

  fixup protocol smtp 25

  fixup protocol sqlnet 1521

  fixup protocol 2000 skinny

  No fixup protocol sip 5060

  names of

  name Inside_All 10.0.0.0

  name 10.30.1.0 Ireland1_LAN

  name 159.135.101.34 Ireland1_VPN

  name 213.95.227.137 IrelandSt1_VPN

  name 10.30.2.0 Cardiff_LAN

  name 82.69.56.30 Cardiff_VPN

  access-list 101 permit ip Inside_All 255.0.0.0 10.1.1.88 255.255.255.248

  access-list 101 permit ip Ireland1_LAN 255.255.255.0 255.0.0.0 Inside_All

  access-list 101 permit ip Cardiff_LAN 255.255.255.0 255.0.0.0 Inside_All

  access-list 101 permit ip Inside_All 255.0.0.0 10.30.3.0 255.255.255.0

  access-list 101 permit ip Inside_All 255.0.0.0 192.168.253.0 255.255.255.0

  outside_interface list access permit icmp any any echo

  outside_interface list access permit icmp any any echo response

  outside_interface list of access permit icmp any any traceroute

  outside_interface list access permit tcp any host 212.36.237.99 eq smtp

  outside_interface ip access list allow any host 212.36.237.100

  access-list permits outside_interface tcp host 212.241.168.236 host 212.36.237.101 eq telnet

  outside_interface list of access permitted tcp 192.188.69.0 255.255.255.0 host 212.36.237.101 eq telnet

  outside_interface list access permit tcp any any eq telnet

  allow the ip host 82.69.108.125 access list outside_interface a

  access-list 102 permit ip 10.1.1.0 255.255.255.0 Ireland1_LAN 255.255.255.0

  access-list 103 allow ip 10.1.1.0 255.255.255.0 Cardiff_LAN 255.255.255.0

  access-list 104. allow ip 10.1.1.0 255.255.255.0 10.30.3.0 255.255.255.0

  pager lines 24

  opening of session

  recording of debug console

  monitor debug logging

  interface ethernet0 10baset

  interface ethernet1 10baset

  Automatic stop of interface ethernet2

  Outside 1500 MTU

  Within 1500 MTU

  intf2 MTU 1500

  IP outdoor 212.36.237.98 255.255.255.240

  IP address inside 10.1.1.250 255.255.255.0

  intf2 IP address 127.0.0.1 255.255.255.255

  alarm action IP verification of information

  alarm action attack IP audit

  IP local pool ippool 10.1.1.88 - 10.1.1.95

  IP local pool mspool 10.7.1.1 - 10.7.1.50

  IP local pool mspools 192.168.253.1 - 192.168.253.50

  location of PDM Inside_All 255.255.255.0 inside

  location of PDM 82.69.108.125 255.255.255.255 outside

  location of PDM 10.55.1.0 255.255.255.0 inside

  PDM logging 100 information

  history of PDM activate

  ARP timeout 14400

  Global 1 interface (outside)

  (Inside) NAT 0-list of access 101

  NAT (inside) 1 0.0.0.0 0.0.0.0 0 0

  public static 212.36.237.100 (Interior, exterior) 10.1.1.50 netmask 255.255.255.255 0 0

  public static 212.36.237.101 (Interior, exterior) 10.1.1.254 netmask 255.255.255.255 0 0

  public static 212.36.237.99 (Interior, exterior) 10.1.1.208 netmask 255.255.255.255 0 0

  Access-group outside_interface in interface outside

  Route outside 0.0.0.0 0.0.0.0 212.36.237.97 1

  Route inside Inside_All 255.255.255.0 10.1.1.254 1

  Route inside 10.2.1.0 255.255.255.0 10.1.1.254 1

  Route inside 10.3.1.0 255.255.255.0 10.1.1.254 1

  Route inside 10.4.1.0 255.255.255.0 10.1.1.254 1

  Route inside 10.5.1.0 255.255.255.0 10.1.1.254 1

  Route inside 10.6.1.0 255.255.255.0 10.1.1.254 1

  Route inside 10.7.1.0 255.255.255.0 10.1.1.254 1

  Route inside 10.8.1.0 255.255.255.0 10.1.1.254 1

  Route inside 10.9.1.0 255.255.255.0 10.1.1.254 1

  Route inside 10.10.1.0 255.255.255.0 10.1.1.254 1

  Route inside 10.11.1.0 255.255.255.0 10.1.1.253 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0: 10:00 udp 0:02:00 CPP 0: h323 from 10:00 0:05:00 sip 0:30:00 sip_media 0:02:00

  Timeout uauth 0:00:00 uauth absolute 0:30:00 inactivity

  GANYMEDE + Protocol Ganymede + AAA-server

  RADIUS Protocol RADIUS AAA server

  AAA-server local LOCAL Protocol

  AAA-server AuthInOut Protocol Ganymede +.

  AAA-server AuthInOut (inside) host 10.1.1.203 Kinder timeout 10

  the AAA authentication include http outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 AuthInOut

  the AAA authentication include http inside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 AuthInOut

  AAA accounting include http outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 AuthInOut

  AAA accounting include http inside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 AuthInOut

  Enable http server

  http 82.69.108.125 255.255.255.255 outside

  http 10.1.1.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  Server SNMP community xxx

  No trap to activate snmp Server

  enable floodguard

  Permitted connection ipsec sysopt

  Sysopt connection permit-pptp

  Sysopt route dnat

  Crypto ipsec transform-set esp - esp-md5-hmac VPNAccess

  Crypto ipsec transform-set esp-3des esp-md5-hmac VPNAccess2

  Crypto-map dynamic dynmap 10 game of transformation-VPNAccess2

  card crypto home 9 ipsec-isakmp dynamic dynmap

  card crypto ipsec-isakmp 10 home

  address of 10 home game card crypto 102

  set of 10 House card crypto peer IrelandSt1_VPN

  House 10 game of transformation-VPNAccess crypto card

  card crypto ipsec-isakmp 15 home

  address of home 15 game card crypto 103

  set of 15 home map crypto peer Cardiff_VPN

  House 15 game of transformation-VPNAccess crypto card

  card crypto ipsec-isakmp 30 home

  address of 30 home game card crypto 104

  crypto home 30 card set peer 212.242.143.147

  House 30 game of transformation-VPNAccess crypto card

  interface card crypto home outdoors

  ISAKMP allows outside

  ISAKMP key * address IrelandSt1_VPN netmask 255.255.255.255

  ISAKMP key * address Cardiff_VPN netmask 255.255.255.255

  ISAKMP key * address 212.242.143.147 netmask 255.255.255.255

  ISAKMP identity address

  part of pre authentication ISAKMP policy 5

  ISAKMP strategy 5 3des encryption

  ISAKMP strategy 5 md5 hash

  5 2 ISAKMP policy group

  ISAKMP life duration strategy 5 86400

  part of pre authentication ISAKMP policy 7

  ISAKMP strategy 7 3des encryption

  ISAKMP strategy 7 sha hash

  7 2 ISAKMP policy group

  ISAKMP strategy 7 life 28800

  part of pre authentication ISAKMP policy 10

  encryption of ISAKMP policy 10

  ISAKMP policy 10 md5 hash

  10 1 ISAKMP policy group

  ISAKMP policy 10 life 85000

  part of pre authentication ISAKMP policy 20

  encryption of ISAKMP policy 20

  ISAKMP policy 20 md5 hash

  20 2 ISAKMP policy group

  ISAKMP duration strategy of life 20 85000

  vpngroup client address mspools pool

  vpngroup dns-server 194.153.0.18 client

  vpngroup wins client-server 10.155.1.16

  vpngroup idle time 1800 customer

  vpngroup customer password *.

  Telnet 82.69.108.125 255.255.255.255 outside

  Telnet 10.55.1.0 255.255.255.0 inside

  Telnet 10.1.1.0 255.255.255.0 inside

  Telnet timeout 15

  SSH 82.69.108.125 255.255.255.255 outside

  SSH timeout 15

  VPDN Group 6 accept dialin pptp

  PAP VPDN Group 6 ppp authentication

  VPDN Group 6 chap for ppp authentication

  VPDN Group 6 ppp mschap authentication

  VPDN Group 6 ppp encryption mppe auto

  VPDN Group 6 client configuration address local mspools

  VPDN Group 6 pptp echo 60

  local 6 VPDN Group client authentication

  VPDN username xxxx password *.

  VPDN username password xxx *.

  VPDN username password xxx *.

  VPDN username password xxx *.

  VPDN username xxxx password *.

  VPDN allow outside

  username xxx pass xxx

  Terminal width 80

  Cryptochecksum:8f8ceca91c6652e3cc8086edc8ed62fa

  : end

  If you do not see decrypts side Pix while my thoughts are (for IPSEC) ESP and GRE (for PPTP) do not get to your Pix (blocks perhaps of ISP or other devices).

  If you do a "capture" of the packets on the external interface you see all traffic ESP or GRE? Where the customer? If this isn't the case, dialup is ESP or permitted GRE?

• Prévilige level of Cisco Pix

  Hello

  I wanted to give access to the firewall based on the privilege level pix. By default, it is at level 15. Then, I created a database of aaa

  AAA-server local LOCAL Protocol

  Console Telnet AAA authentication local

  AAA authentication enable console local

  Then I created a username as

  username password for the privileged comments 9

  By default there is no privilege survey for 9. Then to meant to test, I added only the privilege to see the single clock, as the

  privileged view level 9 control clock

  After that that I'm connected using the host account both telnet and enable but I could do all the task as a person with access to level 15. Can advice me how to set the level of privilege based on users and restrict their access to the firewall. As guest connect you can see that the version of the pix and should not be able to go the config t and any static or access list.

  Thanks in advance

  Here is the url that speaks exactly that.

  http://www.Cisco.com/warp/public/110/pix_command.shtml

  PL. see 'Privilege of understanding settings' on this url

• Backup AAA for PIX

  I have a PIX with the following configuration:

  GANYMEDE + Protocol Ganymede + AAA-server

  AAA-server GANYMEDE + (inside) host 192.168.1.1 77777 timeout 5

  RADIUS Protocol RADIUS AAA server

  AAA-RADIUS (inside) host 192.168.1.1 Server 77777 timeout 10

  AAA-server local LOCAL Protocol

  AAA authentication GANYMEDE serial console +.

  AAA authentication enable console GANYMEDE +.

  order of AAA for authorization GANYMEDE +.

  AAA accounting correspond to aaa_acl inside RADIUS

  Everything works fine when the RADIUS server is available. When he is not available, I can log in with the username "PIX" and "password". The problem is, once I connected, I can't get permission to execute orders. Does anyone know of a command that is similar to the "if-certified" for routers that I can use?

  There is no method of backup for authorization for the PIX. As you know, if the RADIUS server is down, you can connect with "pix" and the password enable, but it doesn't help a permission. The only thing you can do is wait the GANYMEDE server back to the top. I'm sorry.

• Next version of FOS PIX?

  Cisco Announces again when it's released the next version of the PIX OS or what will be in it?

  Hello

  The next version will be version 7.0, but we do not have a firm date committed at that time for the release date. It takes some time in 2004, but certainly not in the January/February period. I don't think regarding the features in this release, we have released this information publicly at this point. I would contact the local Cisco account team and see if they can share that info with you after you have signed a Non Disclosure Agreement form. Sorry for the lack of definitive information, but I hope you understand the reasoning for this.

  Scott