Re: [OSL | CCIE_Security] CTP-Auth Proxy Tricky questions.

Sun, 10 Jun 2012 14:16:12 -0700 

Hello Kings,

Thanks, but as Eugene stated, is not which feature to use rather than what to 
allow on the trigger ACL, for example on the router, I can use a trigger ACL on 
the interface to catch the traffic to be authenticated, if No ACLs applied that 
would be Easy cake, but on the ASA? I mean I need to allow traffic, which 
traffic and to where should I allow? As well on the router, what if there is an 
acl on the interface? I need allow specific traffic in order to accomplish the 
auth-proxy question. 

In my first attempt I didnt get any of this, I am just taking precautions :D. 

Mike 

Date: Sun, 10 Jun 2012 12:52:33 +0530
Subject: Re: [OSL | CCIE_Security] CTP-Auth Proxy Tricky questions.
From: kingsley.char...@gmail.com
To: mike_c...@hotmail.com
CC: ccie_security@onlinestudylist.com

virtual telnet and http is required for non-telnet/http/ftp applications. 

Auth-proxy, mostly that is the way it will be asked.

With regards
Kings


On Sun, Jun 10, 2012 at 6:52 AM, Mike Rojas <mike_c...@hotmail.com> wrote:





Hello All, 

I have a mayor doubt in regards when you have to configure either CTP or 
Auth-Proxy. I've seen the question formulated 10 thousand times, but they all 
differ in the solution and on the  methods to accomplish it. For example, when 
they ask you to do things like: 


1-Make sure that the client authenticates before gathering access to the 
internal network (CTP) 
  Now, I can use either Virtual HTTP, Virtual Telnet or Match command... which 
one do I use? 

On this same one, if using match command, I need to allow something in within 
the interesting traffic so CTP can catch it right?  If so, which traffic any 
http? To specific one host? 


2-Allow traffic after being authenticated to the Network x and y (Auth-Proxy) 
 I've seen many exercises when they put an ACL on the interface denying all the 
traffic and just permitting one specific type of traffic in order to trigger 
the Auth-proxy, shall I use this approach or match the traffic they ask using a 
triggering acl? 


Thanks in advanced. 

Mike 
                                          

_______________________________________________

For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com



Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

                                          
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to